diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2021-11-15 16:20:57 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-15 16:20:57 +0100 |
| commit | afc2b641eb9cf5035b5147e78030bafe0b40dd87 (patch) | |
| tree | 99cf853d219ae6004819d2564f4cabd29c487cf6 /src/lib/protocols/stun.c | |
| parent | da47357762746c7fc5c537b575b5b56f252320a5 (diff) | |
Fix writes to `flow->protos` union fields (#1354)
We can write to `flow->protos` only after a proper classification.
This issue has been found in Kerberos, DHCP, HTTP, STUN, IMO, FTP,
SMTP, IMAP and POP code.
There are two kinds of fixes:
* write to `flow->protos` only if a final protocol has been detected
* move protocol state out of `flow->protos`
The hard part is to find, for each protocol, the right tradeoff between
memory usage and code complexity.
Handle Kerberos like DNS: if we find a request, we set the protocol
and an extra callback to further parsing the reply.
For all the other protocols, move the state out of `flow->protos`. This
is an issue only for the FTP/MAIL stuff.
Add DHCP Class Identification value to the output of ndpiReader and to
the Jason serialization.
Extend code coverage of fuzz tests.
Close #1343
Close #1342
Diffstat (limited to 'src/lib/protocols/stun.c')
| -rw-r--r-- | src/lib/protocols/stun.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index e1d8f11c8..f0884fae3 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -164,7 +164,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * } else if(payload_length < sizeof(struct stun_packet_header)) { /* This looks like an invalid packet */ - if(flow->protos.tls_quic_stun.stun.num_udp_pkts > 0) { + if(flow->stun.num_udp_pkts > 0) { // flow->guessed_host_protocol_id = NDPI_PROTOCOL_WHATSAPP_CALL; return(NDPI_IS_STUN); } else @@ -260,7 +260,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * } if(msg_type == 0x01 /* Binding Request */) { - flow->protos.tls_quic_stun.stun.num_binding_requests++; + flow->stun.num_binding_requests++; if(!msg_len && flow->guessed_host_protocol_id == NDPI_PROTOCOL_GOOGLE) flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; @@ -268,7 +268,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; if(!msg_len) { - /* flow->protos.tls_quic_stun.stun.num_udp_pkts++; */ + /* flow->stun.num_udp_pkts++; */ return(NDPI_IS_NOT_STUN); /* This to keep analyzing STUN instead of giving up */ } } @@ -278,13 +278,13 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * return(NDPI_IS_NOT_STUN); } - flow->protos.tls_quic_stun.stun.num_udp_pkts++; + flow->stun.num_udp_pkts++; if((payload[0] == 0x80 && payload_length < 512 && ((msg_len+20) <= payload_length))) { flow->guessed_host_protocol_id = NDPI_PROTOCOL_WHATSAPP_CALL; return(NDPI_IS_STUN); /* This is WhatsApp Call */ } else if((payload[0] == 0x90) && (((msg_len+11) == payload_length) || - (flow->protos.tls_quic_stun.stun.num_binding_requests >= 4))) { + (flow->stun.num_binding_requests >= 4))) { flow->guessed_host_protocol_id = NDPI_PROTOCOL_WHATSAPP_CALL; return(NDPI_IS_STUN); /* This is WhatsApp Call */ } @@ -462,14 +462,14 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * } } - if((flow->protos.tls_quic_stun.stun.num_udp_pkts > 0) && (msg_type <= 0x00FF)) { + if((flow->stun.num_udp_pkts > 0) && (msg_type <= 0x00FF)) { flow->guessed_host_protocol_id = NDPI_PROTOCOL_WHATSAPP_CALL; return(NDPI_IS_STUN); } else return(NDPI_IS_NOT_STUN); udp_stun_found: - flow->protos.tls_quic_stun.stun.num_processed_pkts++; + flow->stun.num_processed_pkts++; #ifdef DEBUG_STUN printf("==>> NDPI_PROTOCOL_WHATSAPP_CALL\n"); @@ -480,7 +480,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * else if(is_google_ip_address(ntohl(packet->iph->saddr)) || is_google_ip_address(ntohl(packet->iph->daddr))) flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; - rc = (flow->protos.tls_quic_stun.stun.num_udp_pkts < MAX_NUM_STUN_PKTS) ? NDPI_IS_NOT_STUN : NDPI_IS_STUN; + rc = (flow->stun.num_udp_pkts < MAX_NUM_STUN_PKTS) ? NDPI_IS_NOT_STUN : NDPI_IS_STUN; return rc; } @@ -532,7 +532,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n return; } - if(flow->protos.tls_quic_stun.stun.num_udp_pkts >= MAX_NUM_STUN_PKTS) + if(flow->stun.num_udp_pkts >= MAX_NUM_STUN_PKTS) NDPI_EXCLUDE_PROTO(ndpi_struct, flow); if(flow->packet_counter > 0) { |