diff options
| author | Luca Deri <deri@ntop.org> | 2023-07-14 19:52:34 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2023-07-14 19:52:34 +0200 |
| commit | fea09e825b8c3872ea54c8361242a9eff538222c (patch) | |
| tree | fc970a79bea3def70a0f42bf28e98b4c9c960ce1 /src/lib/protocols | |
| parent | abee1a2a6f1d8375831901e49ace85eaea0650e3 (diff) | |
Fixes risk mask exception handling while improving the overall performance
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/http.c | 54 |
1 files changed, 32 insertions, 22 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 8885906d9..6951dd85c 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -741,28 +741,38 @@ static void ndpi_check_http_url(struct ndpi_detection_module_struct *ndpi_struct static void ndpi_check_http_server(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, const char *server, u_int server_len) { - if(server_len > 7) { - u_int off; - - if((strncasecmp(server, "Apache/", off = 7) == 0) /* X.X.X */ - || (strncasecmp(server, "nginx/", off = 6) == 0) /* X.X.X */) { - u_int i, j, a, b, c; - char buf[16] = { '\0' }; - - for(i=off, j=0; (i<server_len) && (j<sizeof(buf)-1) - && (isdigit(server[i]) || (server[i] == '.')); i++) - buf[j++] = server[i]; - - if(sscanf(buf, "%d.%d.%d", &a, &b, &c) == 3) { - u_int32_t version = (a * 1000000) + (b * 1000) + c; - char msg[64]; - - if((off == 7) && (version < MIN_APACHE_VERSION)) { - snprintf(msg, sizeof(msg), "Obsolete Apache server %s", buf); - ndpi_set_risk(ndpi_struct, flow, NDPI_HTTP_OBSOLETE_SERVER, msg); - } else if((off == 6) && (version < MIN_NGINX_VERSION)) { - snprintf(msg, sizeof(msg), "Obsolete nginx server %s", buf); - ndpi_set_risk(ndpi_struct, flow, NDPI_HTTP_OBSOLETE_SERVER, msg); + if(server[0] != '\0') { + if(server_len > 7) { + u_int off, i; + + if((strncasecmp(server, "Apache/", off = 7) == 0) /* X.X.X */ + || (strncasecmp(server, "nginx/", off = 6) == 0) /* X.X.X */) { + u_int j, a, b, c; + char buf[16] = { '\0' }; + + for(i=off, j=0; (i<server_len) && (j<sizeof(buf)-1) + && (isdigit(server[i]) || (server[i] == '.')); i++) + buf[j++] = server[i]; + + if(sscanf(buf, "%d.%d.%d", &a, &b, &c) == 3) { + u_int32_t version = (a * 1000000) + (b * 1000) + c; + char msg[64]; + + if((off == 7) && (version < MIN_APACHE_VERSION)) { + snprintf(msg, sizeof(msg), "Obsolete Apache server %s", buf); + ndpi_set_risk(ndpi_struct, flow, NDPI_HTTP_OBSOLETE_SERVER, msg); + } else if((off == 6) && (version < MIN_NGINX_VERSION)) { + snprintf(msg, sizeof(msg), "Obsolete nginx server %s", buf); + ndpi_set_risk(ndpi_struct, flow, NDPI_HTTP_OBSOLETE_SERVER, msg); + } + } + } + + /* Check server content */ + for(i=0; i<server_len; i++) { + if(!isprint(server[i])) { + ndpi_set_risk(ndpi_struct, flow, NDPI_HTTP_SUSPICIOUS_HEADER, "Suspicious Agent"); + break; } } } |