Fixes Stack-buffer-overflow READ {*} · check_content_type_and_change_protocol

author: Luca Deri <deri@ntop.org> 2022-10-06 09:16:02 +0200
committer: Luca Deri <deri@ntop.org> 2022-10-06 09:16:02 +0200
commit: 3c0021d6036532a6fdff9196b7ee7a614bdbd525 (patch)
tree: 73b13b4044376440db77c18e68231800eefd5ffa /src/lib/protocols
parent: fba926d6a441396baf65e7ff29cfbf76eff4d8df (diff)
1 files changed, 4 insertions, 6 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 34c6f5594..f26aeaa5c 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -653,20 +653,18 @@ static void ndpi_check_http_server(struct ndpi_detection_module_struct *ndpi_str
       u_int i, j, a, b, c;
       char buf[16] = { '\0' };
 
-      for(i=off, j=0; (i<server_len) && (server[i] != ' ') && (j<sizeof(buf)); i++)
+      for(i=off, j=0; (i<server_len) && (j<sizeof(buf))
+	    && (isdigit(server[i]) || (server[i] == '.')); i++)
 	buf[j++] = server[i];      
 
       if(sscanf(buf, "%d.%d.%d", &a, &b, &c) == 3) {
 	u_int32_t version = (a * 1000000) + (b * 1000) + c;
-
+	char msg[64];
+	
 	if((off == 7) && (version < MIN_APACHE_VERSION)) {
-	  char msg[64];
-
 	  snprintf(msg, sizeof(msg), "Obsolete Apache server %s", buf);
 	  ndpi_set_risk(ndpi_struct, flow, NDPI_HTTP_OBSOLETE_SERVER, msg);
 	} else if((off == 6) && (version < MIN_NGINX_VERSION)) {
-	  char msg[64];
-
 	  snprintf(msg, sizeof(msg), "Obsolete nginx server %s", buf);
 	  ndpi_set_risk(ndpi_struct, flow, NDPI_HTTP_OBSOLETE_SERVER, msg);
 	}
author	Luca Deri <deri@ntop.org>	2022-10-06 09:16:02 +0200
committer	Luca Deri <deri@ntop.org>	2022-10-06 09:16:02 +0200
commit	3c0021d6036532a6fdff9196b7ee7a614bdbd525 (patch)
tree	73b13b4044376440db77c18e68231800eefd5ffa /src/lib/protocols
parent	fba926d6a441396baf65e7ff29cfbf76eff4d8df (diff)