Prohibit MPEG-DASH to set HTTP as application protocol. (#1560)

Signed-off-by: lns <matzeton@googlemail.com>
author: Toni <matzeton@googlemail.com> 2022-05-30 14:54:27 +0200
committer: GitHub <noreply@github.com> 2022-05-30 14:54:27 +0200
commit: 32750271c38ff754395e167c5a646172140aaf9f (patch)
tree: 8644571e3f30066cbea7f93fed44b3bbf88203a0 /src/lib/protocols/http.c
parent: c4f50b2cdac989cc89930564a88a5caab85c7214 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index f30857577..88c207c9e 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -1110,10 +1110,10 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
 	      /* Let's check for Wordpress */
 	      char *slash = strchr(flow->http.url, '/');
 
-	      if(
-		 ((flow->http.method == NDPI_HTTP_METHOD_POST) && (strncmp(slash, "/wp-admin/", 10) == 0))
-		 || ((flow->http.method == NDPI_HTTP_METHOD_GET) && (strncmp(slash, "/wp-content/uploads/", 20) == 0))
-		 ) {
+	      if(slash != NULL &&
+		 (((flow->http.method == NDPI_HTTP_METHOD_POST) && (strncmp(slash, "/wp-admin/", 10) == 0))
+		 || ((flow->http.method == NDPI_HTTP_METHOD_GET) && (strncmp(slash, "/wp-content/uploads/", 20) == 0))		 
+		 )) {
 		/* Example of popular exploits https://www.wordfence.com/blog/2022/05/millions-of-attacks-target-tatsu-builder-plugin/ */
 		ndpi_set_risk(ndpi_struct, flow, NDPI_POSSIBLE_EXPLOIT, "Possible Wordpress Exploit");
 	      }
author	Toni <matzeton@googlemail.com>	2022-05-30 14:54:27 +0200
committer	GitHub <noreply@github.com>	2022-05-30 14:54:27 +0200
commit	32750271c38ff754395e167c5a646172140aaf9f (patch)
tree	8644571e3f30066cbea7f93fed44b3bbf88203a0 /src/lib/protocols/http.c
parent	c4f50b2cdac989cc89930564a88a5caab85c7214 (diff)