diff options
| author | Luca Deri <deri@ntop.org> | 2024-09-15 20:21:32 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2024-09-15 20:21:32 +0200 |
| commit | b77d3e3ab6d216cda9a092794a5fb8b1eac86fe6 (patch) | |
| tree | 4acf88ed6aa948fab085db468078aa2c0ff3e870 /src/lib/protocols | |
| parent | fda3730cf0bdec6b4a1cd8e38d3a88c33f0d0ef1 (diff) | |
Enhanced DHCP fingerprint
Exported it with -E
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/dhcp.c | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index 092d5ce61..564e5e243 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -88,7 +88,7 @@ static void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struc && (packet->udp->source == htons(67) || packet->udp->source == htons(68)) && (packet->udp->dest == htons(67) || packet->udp->dest == htons(68)) && is_dhcp_magic(dhcp->magic)) { - u_int i = 0, foundValidMsgType = 0; + u_int i = 0, foundValidMsgType = 0, opt_offset = 0; u_int dhcp_options_size = ndpi_min(DHCP_VEND_LEN /* maximum size of options in struct dhcp_packet */, packet->payload_packet_len - 240); @@ -96,10 +96,10 @@ static void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struc /* Parse options in two steps (since we need first the message type and it seems there is no specific order in the options list) */ - + /* First iteration: search for the message type */ while(i + 1 /* for the len */ < dhcp_options_size) { - u_int8_t id = dhcp->options[i]; + u_int8_t id = dhcp->options[i]; if(id == 0xFF) break; @@ -142,6 +142,7 @@ static void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struc if(id == 0xFF) break; else { + int rc; /* Prevent malformed packets to cause out-of-bounds accesses */ u_int8_t len = ndpi_min(dhcp->options[i+1] /* len as found in the packet */, dhcp_options_size - (i+2) /* 1 for the type and 1 for the value */); @@ -149,20 +150,26 @@ static void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struc if(len == 0) break; + rc = ndpi_snprintf((char*)&flow->protos.dhcp.options[opt_offset], + sizeof(flow->protos.dhcp.options) - opt_offset, + "%s%u", (i > 0) ? "," : "", id); + + if(rc > 0) opt_offset += rc; + #ifdef DHCP_DEBUG NDPI_LOG_DBG2(ndpi_struct, "[DHCP] Id=%d [len=%d]\n", id, len); #endif if(id == 55 /* Parameter Request List / Fingerprint */) { - u_int idx, offset = 0; + u_int idx, fing_offset = 0; - for(idx = 0; idx < len && offset < sizeof(flow->protos.dhcp.fingerprint) - 2; idx++) { - int rc = ndpi_snprintf((char*)&flow->protos.dhcp.fingerprint[offset], - sizeof(flow->protos.dhcp.fingerprint) - offset, - "%s%u", (idx > 0) ? "," : "", - (unsigned int)dhcp->options[i+2+idx] & 0xFF); + for(idx = 0; idx < len && fing_offset < sizeof(flow->protos.dhcp.fingerprint) - 2; idx++) { + rc = ndpi_snprintf((char*)&flow->protos.dhcp.fingerprint[fing_offset], + sizeof(flow->protos.dhcp.fingerprint) - fing_offset, + "%s%u", (idx > 0) ? "," : "", + (unsigned int)dhcp->options[i+2+idx] & 0xFF); - if(rc < 0) break; else offset += rc; + if(rc < 0) break; else fing_offset += rc; } flow->protos.dhcp.fingerprint[sizeof(flow->protos.dhcp.fingerprint) - 1] = '\0'; |