Fixed buffer overflows with safe str search

1. Detected a lot of memory errors using address sanitizer and ndpi-scapy tool. 2. Added ndpi_match_prefix function that compares strings with taking care of payload packet len. Almost drop-in replacement for match_first_bytes function. 3. Replaced unsafe match_first_bytes usage with a ndpi_match_prefix and additional length checks.
author: theirix <theirix@gmail.com> 2016-04-12 22:08:30 +0300
committer: theirix <theirix@gmail.com> 2016-04-12 22:08:30 +0300
commit: fb3fc0c6de201a2ab34b6f7ce4d5dfc2c54c3b5e (patch)
tree: 668e579f3df572a36821500bfe80a60e42a10aab /src/lib/protocols/starcraft.c
parent: 5a37ee99764b7d262676b0ca052075c9c559c01d (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/src/lib/protocols/starcraft.c b/src/lib/protocols/starcraft.c
index f96853f23..760578563 100644
--- a/src/lib/protocols/starcraft.c
+++ b/src/lib/protocols/starcraft.c
@@ -49,9 +49,8 @@ u_int8_t ndpi_check_starcraft_tcp(struct ndpi_detection_module_struct* ndpi_stru
 {
   if (sc2_match_logon_ip(&flow->packet)
       && flow->packet.tcp->dest == htons(1119)	//bnetgame port
-      && flow->packet.payload_packet_len >= 10
-      && (match_first_bytes(flow->packet.payload, "\x4a\x00\x00\x0a\x66\x02\x0a\xed\x2d\x66") 
-	  || match_first_bytes(flow->packet.payload, "\x49\x00\x00\x0a\x66\x02\x0a\xed\x2d\x66")))
+      && (ndpi_match_strprefix(flow->packet.payload, flow->packet.payload_packet_len, "\x4a\x00\x00\x0a\x66\x02\x0a\xed\x2d\x66") 
+	  || ndpi_match_strprefix(flow->packet.payload, flow->packet.payload_packet_len, "\x49\x00\x00\x0a\x66\x02\x0a\xed\x2d\x66")))
     return 1;
   else
     return -1;
author	theirix <theirix@gmail.com>	2016-04-12 22:08:30 +0300
committer	theirix <theirix@gmail.com>	2016-04-12 22:08:30 +0300
commit	fb3fc0c6de201a2ab34b6f7ce4d5dfc2c54c3b5e (patch)
tree	668e579f3df572a36821500bfe80a60e42a10aab /src/lib/protocols/starcraft.c
parent	5a37ee99764b7d262676b0ca052075c9c559c01d (diff)