diff options
| author | Luca Deri <deri@ntop.org> | 2020-04-30 19:58:07 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-04-30 19:58:07 +0200 |
| commit | 7344bf65bcd249d17415bdc9f084d4880570b23c (patch) | |
| tree | b981d6b632307fe27efd690f48e2d9d53682921c /src/lib/protocols/ssh.c | |
| parent | 6f79b78f7122f904d17709a800b59d60551c1bde (diff) | |
Minor cleanup
Diffstat (limited to 'src/lib/protocols/ssh.c')
| -rw-r--r-- | src/lib/protocols/ssh.c | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index 2b7e69aac..86ad970c0 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -94,11 +94,14 @@ static void ndpi_int_ssh_add_connection(struct ndpi_detection_module_struct /* ************************************************************************ */ static u_int16_t concat_hash_string(struct ndpi_packet_struct *packet, - char *buf, u_int8_t client_hash) { + char *buf, u_int8_t client_hash) { u_int32_t offset = 22, buf_out_len = 0; + int len; + if(offset+sizeof(u_int32_t) >= packet->payload_packet_len) goto invalid_payload; - u_int32_t len = ntohl(*(u_int32_t*)&packet->payload[offset]); + + len = ntohl(*(u_int32_t*)&packet->payload[offset]); offset += 4; /* -1 for ';' */ @@ -112,14 +115,17 @@ static u_int16_t concat_hash_string(struct ndpi_packet_struct *packet, if(offset+sizeof(u_int32_t) >= packet->payload_packet_len) goto invalid_payload; + /* ssh.server_host_key_algorithms [None] */ len = ntohl(*(u_int32_t*)&packet->payload[offset]); - if (len > UINT32_MAX - 8 - offset) + + if(len > UINT32_MAX - 8 - offset) goto invalid_payload; offset += 4 + len; if(offset+sizeof(u_int32_t) >= packet->payload_packet_len) goto invalid_payload; + /* ssh.encryption_algorithms_client_to_server [C] */ len = ntohl(*(u_int32_t*)&packet->payload[offset]); @@ -132,12 +138,14 @@ static u_int16_t concat_hash_string(struct ndpi_packet_struct *packet, buf_out_len += len; buf[buf_out_len++] = ';'; } - if (len > UINT32_MAX - 4 - offset) + + if(len > UINT32_MAX - 4 - offset) goto invalid_payload; offset += len; if(offset+sizeof(u_int32_t) >= packet->payload_packet_len) goto invalid_payload; + /* ssh.encryption_algorithms_server_to_client [S] */ len = ntohl(*(u_int32_t*)&packet->payload[offset]); @@ -150,7 +158,8 @@ static u_int16_t concat_hash_string(struct ndpi_packet_struct *packet, buf_out_len += len; buf[buf_out_len++] = ';'; } - if (len > UINT32_MAX - 4 - offset) + + if(len > UINT32_MAX - 4 - offset) goto invalid_payload; offset += len; @@ -168,7 +177,7 @@ static u_int16_t concat_hash_string(struct ndpi_packet_struct *packet, buf_out_len += len; buf[buf_out_len++] = ';'; } - if (len > UINT32_MAX - 4 - offset) + if(len > UINT32_MAX - 4 - offset) goto invalid_payload; offset += len; @@ -186,7 +195,8 @@ static u_int16_t concat_hash_string(struct ndpi_packet_struct *packet, buf_out_len += len; buf[buf_out_len++] = ';'; } - if (len > UINT32_MAX - 4 - offset) + + if(len > UINT32_MAX - 4 - offset) goto invalid_payload; offset += len; @@ -203,7 +213,8 @@ static u_int16_t concat_hash_string(struct ndpi_packet_struct *packet, strncpy(&buf[buf_out_len], (const char *)&packet->payload[offset], len); buf_out_len += len; } - if (len > UINT32_MAX - 4 - offset) + + if(len > UINT32_MAX - 4 - offset) goto invalid_payload; offset += len; @@ -220,7 +231,8 @@ static u_int16_t concat_hash_string(struct ndpi_packet_struct *packet, strncpy(&buf[buf_out_len], (const char *)&packet->payload[offset], len); buf_out_len += len; } - if (len > UINT32_MAX - offset) + + if(len > UINT32_MAX - offset) goto invalid_payload; offset += len; @@ -234,7 +246,7 @@ static u_int16_t concat_hash_string(struct ndpi_packet_struct *packet, return(buf_out_len); -invalid_payload: + invalid_payload: #ifdef SSH_DEBUG printf("[SSH] Invalid packet payload\n"); |