diff options
| author | lns <matzeton@googlemail.com> | 2022-06-03 16:13:36 +0200 |
|---|---|---|
| committer | lns <matzeton@googlemail.com> | 2022-06-03 17:16:31 +0200 |
| commit | b8366740ed5e5afdb9a4aff38063a9f357312bbb (patch) | |
| tree | dc9c09388cc8467768521e80aededcfad31e6094 /src/lib/protocols/tls.c | |
| parent | 00c62a7c3cbf9e6dbbdb22fcbb611f9f7cc19980 (diff) | |
Fixed syslog false positives.fix/syslog-false-positive
* syslog: removed unnecessary/unreliable printable string check
* added `ndpi_isalnum()`
* splitted `ndpi_is_printable_string()` into `ndpi_is_printable_buffer()` and `ndpi_normalize_printable_string()`
Signed-off-by: lns <matzeton@googlemail.com>
Diffstat (limited to 'src/lib/protocols/tls.c')
| -rw-r--r-- | src/lib/protocols/tls.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 3a02ad0b2..6c1d7be03 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -260,7 +260,7 @@ static int extractRDNSequence(struct ndpi_packet_struct *packet, buffer[len] = '\0'; // check string is printable - is_printable = ndpi_is_printable_string(buffer, len); + is_printable = ndpi_normalize_printable_string(buffer, len); if(is_printable) { int rc = ndpi_snprintf(&rdnSeqBuf[*rdnSeqBuf_offset], @@ -394,7 +394,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi if(rdn_len && (flow->protos.tls_quic.issuerDN == NULL)) { flow->protos.tls_quic.issuerDN = ndpi_strdup(rdnSeqBuf); - if(ndpi_is_printable_string(rdnSeqBuf, rdn_len) == 0) { + if(ndpi_normalize_printable_string(rdnSeqBuf, rdn_len) == 0) { char str[64]; snprintf(str, sizeof(str), "Invalid issuerDN %s", flow->protos.tls_quic.issuerDN); @@ -587,7 +587,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi We cannot use ndpi_is_valid_hostname() as we can have wildcards here that will create false positives */ - if(ndpi_is_printable_string(dNSName, dNSName_len) == 0) { + if(ndpi_normalize_printable_string(dNSName, dNSName_len) == 0) { ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS, dNSName); /* This looks like an attack */ @@ -1530,7 +1530,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, #ifdef DEBUG_TLS printf("Server TLS [ALPN: %s][len: %u]\n", alpn_str, alpn_str_len); #endif - if(ndpi_is_printable_string(alpn_str, alpn_str_len) == 0) + if(ndpi_normalize_printable_string(alpn_str, alpn_str_len) == 0) ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS, alpn_str); if(flow->protos.tls_quic.alpn == NULL) |