aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols/h323.c
diff options
context:
space:
mode:
authorLuca Deri <deri@ntop.org>2020-05-19 08:31:05 +0200
committerLuca Deri <deri@ntop.org>2020-05-19 08:31:05 +0200
commitb7e666e465f138ae48ab81976726e67deed12701 (patch)
treede50c1d17857a146bcd8845c641c53956d1c6f99 /src/lib/protocols/h323.c
parent3d9285f1be84db7ecec821b75f67964dc4773a65 (diff)
Added fix to avoid potential heap buffer overflow in H.323 dissector
Modified HTTP report information to make it closer to the HTTP field names
Diffstat (limited to 'src/lib/protocols/h323.c')
-rw-r--r--src/lib/protocols/h323.c91
1 files changed, 44 insertions, 47 deletions
diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c
index 21ab1c472..13ec9d364 100644
--- a/src/lib/protocols/h323.c
+++ b/src/lib/protocols/h323.c
@@ -1,7 +1,7 @@
/*
* h323.c
*
- * Copyright (C) 2015-18 ntop.org
+ * Copyright (C) 2015-20 ntop.org
* Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
*
*/
@@ -36,37 +36,37 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n
if(packet->payload_packet_len >= 4
&& (packet->payload[0] == 0x03)
&& (packet->payload[1] == 0x00)) {
- struct tpkt *t = (struct tpkt*)packet->payload;
- u_int16_t len = ntohs(t->len);
-
- if(packet->payload_packet_len == len) {
- /*
- We need to check if this packet is in reality
- a RDP (Remote Desktop) packet encapsulated on TPTK
- */
-
- if(packet->payload[4] == (packet->payload_packet_len - sizeof(struct tpkt) - 1)) {
- /* ISO 8073/X.224 */
- if((packet->payload[5] == 0xE0 /* CC Connect Request */)
- || (packet->payload[5] == 0xD0 /* CC Connect Confirm */)) {
- NDPI_LOG_INFO(ndpi_struct, "found RDP\n");
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RDP, NDPI_PROTOCOL_UNKNOWN);
- return;
- }
+ struct tpkt *t = (struct tpkt*)packet->payload;
+ u_int16_t len = ntohs(t->len);
+
+ if(packet->payload_packet_len == len) {
+ /*
+ We need to check if this packet is in reality
+ a RDP (Remote Desktop) packet encapsulated on TPTK
+ */
+
+ if(packet->payload[4] == (packet->payload_packet_len - sizeof(struct tpkt) - 1)) {
+ /* ISO 8073/X.224 */
+ if((packet->payload[5] == 0xE0 /* CC Connect Request */)
+ || (packet->payload[5] == 0xD0 /* CC Connect Confirm */)) {
+ NDPI_LOG_INFO(ndpi_struct, "found RDP\n");
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RDP, NDPI_PROTOCOL_UNKNOWN);
+ return;
}
+ }
- flow->l4.tcp.h323_valid_packets++;
+ flow->l4.tcp.h323_valid_packets++;
- if(flow->l4.tcp.h323_valid_packets >= 2) {
- NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n");
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN);
- }
- } else {
- /* This is not H.323 */
- NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
- return;
+ if(flow->l4.tcp.h323_valid_packets >= 2) {
+ NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n");
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN);
}
+ } else {
+ /* This is not H.323 */
+ NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+ return;
}
+ }
} else if(packet->udp != NULL) {
sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest);
NDPI_LOG_DBG2(ndpi_struct, "calculated dport over udp\n");
@@ -80,28 +80,25 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n
return;
}
/* H323 */
- if(sport == 1719 || dport == 1719)
- {
- if(packet->payload[0] == 0x16 && packet->payload[1] == 0x80 && packet->payload[4] == 0x06 && packet->payload[5] == 0x00)
- {
- NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n");
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN);
- return;
- }
- else if(packet->payload_packet_len >= 20 && packet->payload_packet_len <= 117)
- {
- NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n");
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN);
- return;
- }
- else
- {
- NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
- return;
- }
+ if(sport == 1719 || dport == 1719) {
+ if((packet->payload_packet_len >= 5)
+ && (packet->payload[0] == 0x16)
+ && (packet->payload[1] == 0x80)
+ && (packet->payload[4] == 0x06)
+ && (packet->payload[5] == 0x00)) {
+ NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n");
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN);
+ return;
+ } else if(packet->payload_packet_len >= 20 && packet->payload_packet_len <= 117) {
+ NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n");
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN);
+ return;
+ } else {
+ NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+ return;
}
+ }
}
-
}
void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
Powered by cgit, Themed by Ted Yin.