diff options
| author | Luca Deri <lucaderi@users.noreply.github.com> | 2018-04-16 14:16:09 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-04-16 14:16:09 +0200 |
| commit | 8a59581668047ec0a8c9d5ed778476c398ab7f89 (patch) | |
| tree | b5e1dee3ea7d0892b87108264811863a07105842 /src/lib | |
| parent | d8e4111a9d4158af8246d66d4ab82cbcd990ea6a (diff) | |
| parent | 5950ad7ef82c329c56d17c11e9b34810180a7c16 (diff) | |
Merge pull request #547 from zyingp/free-after-detect
Fix several bugs found by Address Sanitizer (ASan)
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/protocols/http.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/msn.c | 7 | ||||
| -rw-r--r-- | src/lib/protocols/tor.c | 2 |
3 files changed, 6 insertions, 5 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index ed8d0cd13..7332c5e04 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -663,7 +663,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /* Check for additional field introduced by Steam */ int x = 1; - if((memcmp(packet->line[x].ptr, "x-steam-sid", 11)) == 0) { + if(packet->line[x].len >= 11 && (memcmp(packet->line[x].ptr, "x-steam-sid", 11)) == 0) { NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_STEAM); check_content_type_and_change_protocol(ndpi_struct, flow); diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c index 4c5b73dcd..ec090cf00 100644 --- a/src/lib/protocols/msn.c +++ b/src/lib/protocols/msn.c @@ -442,15 +442,16 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct } NDPI_LOG_DBG(ndpi_struct, "msn 7\n"); - if (flow->packet_counter <= MAX_PACKETS_FOR_MSN) { - if (memcmp(&packet->payload[0], "MSG ", 4) == 0 + if (flow->packet_counter <= MAX_PACKETS_FOR_MSN) { + if (packet->payload_packet_len >=4 && (memcmp(&packet->payload[0], "MSG ", 4) == 0 || memcmp(&packet->payload[0], "PNG", 3) == 0 || memcmp(&packet->payload[0], "QNG ", 4) == 0 || memcmp(&packet->payload[0], "OUT", 3) == 0 || memcmp(&packet->payload[0], "RNG ", 4) == 0 || memcmp(&packet->payload[0], "NLN ", 4) == 0 || memcmp(&packet->payload[0], "UBX ", 4) == 0 - || memcmp(&packet->payload[0], "XFR ", 4) == 0) { + || memcmp(&packet->payload[0], "XFR ", 4) == 0) + ){ ndpi_int_msn_add_connection(ndpi_struct, flow); NDPI_LOG_INFO(ndpi_struct, "found MSN\n"); diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c index 21fc0cf52..462833db0 100644 --- a/src/lib/protocols/tor.c +++ b/src/lib/protocols/tor.c @@ -31,7 +31,7 @@ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, len = strlen(certificate); /* Check if it ends in .com or .net */ - if(strcmp(&certificate[len-4], ".com") && strcmp(&certificate[len-4], ".net")) + if(len>=4 && strcmp(&certificate[len-4], ".com") && strcmp(&certificate[len-4], ".net")) return(0); if((len < 6) |