diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-11-01 13:11:06 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-01 13:11:06 +0100 |
| commit | a903932155a252f150da1d16552d1f2bbf67a9aa (patch) | |
| tree | b16b31390c69bacf2174a5837ad2d3b967e52503 /src/lib/protocols | |
| parent | 21c968f41459fb2d7125efbdd679e7d53799d966 (diff) | |
HTTP: fix leak and out-of-bound error on credential extraction (#2611)
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/http.c | 46 |
1 files changed, 24 insertions, 22 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 1c468165c..bdbd74f40 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -1027,29 +1027,31 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ NDPI_LOG_DBG2(ndpi_struct, "Authorization line found %.*s\n", packet->authorization_line.len, packet->authorization_line.ptr); - if((a = ndpi_strncasestr((const char*)packet->authorization_line.ptr, - "Basic", packet->authorization_line.len)) - || (b = ndpi_strncasestr((const char*)packet->authorization_line.ptr, - "Digest", packet->authorization_line.len))) { - size_t content_len; - u_int len = b ? 7 : 6; - u_char *content = ndpi_base64_decode((const u_char*)&packet->authorization_line.ptr[len], - packet->authorization_line.len - len, &content_len); - - if(content != NULL) { - char *double_dot = strchr((char*)content, ':'); - - if(double_dot) { - double_dot[0] = '\0'; - flow->http.username = ndpi_strdup((char*)content); - flow->http.password = ndpi_strdup(&double_dot[1]); - } - - ndpi_free(content); - } + if(flow->http.username == NULL && flow->http.password == NULL) { + if((a = ndpi_strncasestr((const char*)packet->authorization_line.ptr, + "Basic", packet->authorization_line.len)) + || (b = ndpi_strncasestr((const char*)packet->authorization_line.ptr, + "Digest", packet->authorization_line.len))) { + size_t content_len; + u_int len = b ? 7 : 6; + u_char *content = ndpi_base64_decode((const u_char*)&packet->authorization_line.ptr[len], + packet->authorization_line.len - len, &content_len); + + if(content != NULL) { + char *double_dot = strchr((char*)content, ':'); + + if(double_dot) { + double_dot[0] = '\0'; + flow->http.username = ndpi_strdup((char*)content); + flow->http.password = ndpi_strdup(&double_dot[1]); + } - ndpi_set_risk(flow, NDPI_CLEAR_TEXT_CREDENTIALS, - "Found credentials in HTTP Auth Line"); + ndpi_free(content); + } + + ndpi_set_risk(flow, NDPI_CLEAR_TEXT_CREDENTIALS, + "Found credentials in HTTP Auth Line"); + } } } |