diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-01-12 13:30:43 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-12 13:30:43 +0100 |
| commit | dd8be1fcb11089b22ab5eb7332d5640b4cae80b0 (patch) | |
| tree | 775a44bbbaeced406a3df3931f5d786f7a517e15 /src/lib/protocols/http.c | |
| parent | 0aea509e23e0f0bd368f4796dcf0542d5c9108c7 (diff) | |
Fix some warnings reported by CODESonar (#2227)
Remove some unreached/duplicated code.
Add error checking for `atoi()` calls.
About `isdigit()` and similar functions. The warning reported is:
```
Negative Character Value help
isdigit() is invoked here with an argument of signed type char, but only
has defined behavior for int arguments that are either representable
as unsigned char or equal to the value of macro EOF(-1).
Casting the argument to unsigned char will avoid the undefined behavior.
In a number of libc implementations, isdigit() is implemented using lookup
tables (arrays): passing in a negative value can result in a read underrun.
```
Switching to our macros fix that.
Add a check to `check_symbols.sh` to avoid using the original functions
from libc.
Diffstat (limited to 'src/lib/protocols/http.c')
| -rw-r--r-- | src/lib/protocols/http.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 7943c1b15..b0bbd30ca 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -122,7 +122,7 @@ static int ndpi_search_http_tcp_again(struct ndpi_detection_module_struct *ndpi_ /* *********************************************** */ static int ndpi_http_is_print(char c) { - if(isprint(c) || (c == '\t') || (c == '\r') || (c == '\n')) + if(ndpi_isprint(c) || (c == '\t') || (c == '\r') || (c == '\n')) return(1); else return(0); @@ -568,11 +568,11 @@ static void ndpi_check_user_agent(struct ndpi_detection_module_struct *ndpi_stru * We assume at least one non alpha char. * e.g. ' ', '-' or ';' ... */ - if (isalpha(ua[i]) == 0) + if (ndpi_isalpha(ua[i]) == 0) { break; } - if (isupper(ua[i]) != 0) + if (isupper((unsigned char)ua[i]) != 0) { upper_case_count++; } @@ -771,7 +771,7 @@ static void ndpi_check_http_server(struct ndpi_detection_module_struct *ndpi_str char buf[16] = { '\0' }; for(i=off, j=0; (i<server_len) && (j<sizeof(buf)-1) - && (isdigit(server[i]) || (server[i] == '.')); i++) + && (ndpi_isdigit(server[i]) || (server[i] == '.')); i++) buf[j++] = server[i]; if(sscanf(buf, "%d.%d.%d", &a, &b, &c) == 3) { @@ -790,7 +790,7 @@ static void ndpi_check_http_server(struct ndpi_detection_module_struct *ndpi_str /* Check server content */ for(i=0; i<server_len; i++) { - if(!isprint(server[i])) { + if(!ndpi_isprint(server[i])) { ndpi_set_risk(ndpi_struct, flow, NDPI_HTTP_SUSPICIOUS_HEADER, "Suspicious Agent"); break; } @@ -816,7 +816,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ && (packet->host_line.len > 0)) { int len = packet->http_url_name.len + packet->host_line.len + 1; - if(isdigit(packet->host_line.ptr[0]) + if(ndpi_isdigit(packet->host_line.ptr[0]) && (packet->host_line.len < 21)) ndpi_check_numeric_ip(ndpi_struct, flow, (char*)packet->host_line.ptr, packet->host_line.len); |