diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2020-03-27 10:59:40 +0100 |
|---|---|---|
| committer | Nardi Ivan <nardi.ivan@gmail.com> | 2020-03-27 11:09:53 +0100 |
| commit | 817aa54214a2c2a48d08afc0d1b5476802b3326d (patch) | |
| tree | cfabffc2d364555eddbec3375836aec3244738ad /src/lib/protocols/telnet.c | |
| parent | 97fc94c7e83dc2f40760b0b769cc347e8615c89a (diff) | |
telnet: fix heap-overflow error
There is some boilerplate since I removed an if branch and I had to reindent
the code
Diffstat (limited to 'src/lib/protocols/telnet.c')
| -rw-r--r-- | src/lib/protocols/telnet.c | 85 |
1 files changed, 41 insertions, 44 deletions
diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c index dfccd904e..1f34cab56 100644 --- a/src/lib/protocols/telnet.c +++ b/src/lib/protocols/telnet.c @@ -36,71 +36,68 @@ static int search_telnet_again(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + int i; #ifdef TELNET_DEBUG printf("==> %s() [%s][direction: %u]\n", __FUNCTION__, packet->payload, packet->packet_direction); #endif - if (packet->payload == NULL) + if (packet->payload == NULL || packet->payload_packet_len == 0) return(1); if(packet->payload[0] == 0xFF) return(1); - if(packet->payload_packet_len > 0) { - int i; - - if(flow->protos.telnet.username_detected) { - if((!flow->protos.telnet.password_found) - && (packet->payload_packet_len > 6)) { - - if(strncasecmp((char*)packet->payload, "password:", 9) == 0) { - flow->protos.telnet.password_found = 1; - } + if(flow->protos.telnet.username_detected) { + if((!flow->protos.telnet.password_found) + && (packet->payload_packet_len > 6)) { - return(1); + if(strncasecmp((char*)packet->payload, "password:", 9) == 0) { + flow->protos.telnet.password_found = 1; } + + return(1); + } - if(packet->payload[0] == '\r') { - if(!flow->protos.telnet.password_found) - return(1); + if(packet->payload[0] == '\r') { + if(!flow->protos.telnet.password_found) + return(1); - flow->protos.telnet.password_detected = 1; - flow->protos.telnet.password[flow->protos.telnet.character_id] = '\0'; - return(0); - } + flow->protos.telnet.password_detected = 1; + flow->protos.telnet.password[flow->protos.telnet.character_id] = '\0'; + return(0); + } - if(packet->packet_direction == 0) /* client -> server */ { - for(i=0; i<packet->payload_packet_len; i++) { - if(flow->protos.telnet.character_id < (sizeof(flow->protos.telnet.password)-1)) - flow->protos.telnet.password[flow->protos.telnet.character_id++] = packet->payload[i]; - } + if(packet->packet_direction == 0) /* client -> server */ { + for(i=0; i<packet->payload_packet_len; i++) { + if(flow->protos.telnet.character_id < (sizeof(flow->protos.telnet.password)-1)) + flow->protos.telnet.password[flow->protos.telnet.character_id++] = packet->payload[i]; } - - return(1); } - - if((!flow->protos.telnet.username_found) - && (packet->payload_packet_len > 6)) { - if(strncasecmp((char*)packet->payload, "login:", 6) == 0) { - flow->protos.telnet.username_found = 1; - } + return(1); + } - return(1); - } + if((!flow->protos.telnet.username_found) + && (packet->payload_packet_len > 6)) { - if(packet->payload[0] == '\r') { - flow->protos.telnet.username_detected = 1; - flow->protos.telnet.username[flow->protos.telnet.character_id] = '\0'; - flow->protos.telnet.character_id = 0; - return(1); + if(strncasecmp((char*)packet->payload, "login:", 6) == 0) { + flow->protos.telnet.username_found = 1; } - for(i=0; i<packet->payload_packet_len; i++) { - if(packet->packet_direction == 0) /* client -> server */ { - if(flow->protos.telnet.character_id < (sizeof(flow->protos.telnet.username)-1)) - flow->protos.telnet.username[flow->protos.telnet.character_id++] = packet->payload[i]; - } + return(1); + } + + if(packet->payload[0] == '\r') { + flow->protos.telnet.username_detected = 1; + flow->protos.telnet.username[flow->protos.telnet.character_id] = '\0'; + flow->protos.telnet.character_id = 0; + return(1); + } + + for(i=0; i<packet->payload_packet_len; i++) { + if(packet->packet_direction == 0) /* client -> server */ { + if(flow->protos.telnet.character_id < (sizeof(flow->protos.telnet.username)-1)) + flow->protos.telnet.username[flow->protos.telnet.character_id++] = packet->payload[i]; } } |