TLS: avoid sub-classification for RDP flows (#2769)

These flows are already classified as TLS.RDP. This change also fix a memory leak ``` Direct leak of 62 byte(s) in 1 object(s) allocated from: #0 0x5883d762429f in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 #1 0x5883d76fe46a in ndpi_malloc ndpi/src/lib/ndpi_memory.c:57:46 #2 0x5883d76fe46a in ndpi_strdup ndpi/src/lib/ndpi_memory.c:110:13 #3 0x5883d77adcd6 in ndpi_compute_ja4 ndpi/src/lib/protocols/tls.c:2298:46 #4 0x5883d77ab2ec in processClientServerHello ndpi/src/lib/protocols/tls.c:3314:10 #5 0x5883d77a4c51 in processTLSBlock ndpi/src/lib/protocols/tls.c:1319:5 ``` Found by oss-fuzz. See: https://oss-fuzz.com/testcase-detail/5244512192757760
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2025-03-14 15:13:29 +0100
committer: GitHub <noreply@github.com> 2025-03-14 15:13:29 +0100
commit: 0fe81c842f355b81ac48aa5f999ebf6760483e12 (patch)
tree: 389a875b146edabcbabe63dab24aac62d4d8fab2 /src/lib/protocols/tls.c
parent: 5d28c48b160f1b8c875da85f1b890f3ed0e807bf (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 1dcae22c4..c45d42de1 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1087,7 +1087,8 @@ void processCertificateElements(struct ndpi_detection_module_struct *ndpi_struct
 		    }
 
 		    if(ndpi_struct->cfg.tls_subclassification_enabled &&
-		       !flow->protos.tls_quic.subprotocol_detected) {
+		       !flow->protos.tls_quic.subprotocol_detected &&
+		       !flow->tls_quic.from_rdp) { /* No (other) sub-classification; we will have TLS.RDP anyway */
 		      if(ndpi_match_hostname_protocol(ndpi_struct, flow, __get_master(ndpi_struct, flow), dNSName, dNSName_len)) {
 			flow->protos.tls_quic.subprotocol_detected = 1;
 		        ndpi_unset_risk(ndpi_struct, flow, NDPI_NUMERIC_IP_HOST);
@@ -2855,10 +2856,14 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 
 		    if(!is_quic) {
 		      if(ndpi_struct->cfg.tls_subclassification_enabled &&
+		         flow->protos.tls_quic.subprotocol_detected == 0 &&
+		         !flow->tls_quic.from_rdp && /* No (other) sub-classification; we will have TLS.RDP anyway */
 		         ndpi_match_hostname_protocol(ndpi_struct, flow, __get_master(ndpi_struct, flow), sni, sni_len))
 		        flow->protos.tls_quic.subprotocol_detected = 1;
 		    } else {
 		      if(ndpi_struct->cfg.quic_subclassification_enabled &&
+		         flow->protos.tls_quic.subprotocol_detected == 0 &&
+		         !flow->tls_quic.from_rdp && /* No (other) sub-classification; we will have TLS.RDP anyway */
 		         ndpi_match_hostname_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, sni, sni_len))
 		        flow->protos.tls_quic.subprotocol_detected = 1;
 		    }
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2025-03-14 15:13:29 +0100
committer	GitHub <noreply@github.com>	2025-03-14 15:13:29 +0100
commit	0fe81c842f355b81ac48aa5f999ebf6760483e12 (patch)
tree	389a875b146edabcbabe63dab24aac62d4d8fab2 /src/lib/protocols/tls.c
parent	5d28c48b160f1b8c875da85f1b890f3ed0e807bf (diff)