diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-02-09 09:20:02 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-09 09:20:02 +0100 |
| commit | f352e4f77b4f9523a8722b9a1702377cc0375c16 (patch) | |
| tree | 2b49ba7594f5e49e2e98a02613f563defe2ab340 /src/lib | |
| parent | 2abb68c8caf02ddfceb687ba097b996a855abc69 (diff) | |
Improve normalization of `flow->host_server_name` (#2310)
Follow-up of 4543385d107fcc5a7e8632e35d9a60bcc40cb4f4
Remove trailing spaces for any HTTP header (we already remove leading
spaces)
We want:
* a "normalized" string in `flow->host_server_name`, but
* to parse the original string for flow risk checking
`ndpi_hostname_sni_set()` is a private function, so there is no need to
export its flags.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_main.c | 7 | ||||
| -rw-r--r-- | src/lib/protocols/fastcgi.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/quic.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 2 |
5 files changed, 14 insertions, 7 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c6aec46e7..a99f6530d 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -8698,6 +8698,13 @@ static void parse_single_packet_line(struct ndpi_detection_module_struct *ndpi_s if(h->line->len == 0) h->line->ptr = NULL; + /* Stripping trailing spaces */ + while(h->line->len > 0 && h->line->ptr[h->line->len - 1] == ' ') { + h->line->len--; + } + if(h->line->len == 0) + h->line->ptr = NULL; + break; } } diff --git a/src/lib/protocols/fastcgi.c b/src/lib/protocols/fastcgi.c index 6ccd96d43..6a1baa758 100644 --- a/src/lib/protocols/fastcgi.c +++ b/src/lib/protocols/fastcgi.c @@ -213,8 +213,8 @@ static void ndpi_search_fastcgi(struct ndpi_detection_module_struct *ndpi_struct &ret_match, NDPI_PROTOCOL_FASTCGI); ndpi_check_dga_name(ndpi_struct, flow, flow->host_server_name, 1, 0); - if(ndpi_is_valid_hostname(flow->host_server_name, - strlen(flow->host_server_name)) == 0) { + if(ndpi_is_valid_hostname((char *)packet->host_line.ptr, + packet->host_line.len) == 0) { char str[128]; snprintf(str, sizeof(str), "Invalid host %s", flow->host_server_name); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 2516f8158..8e4c60a5f 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -958,8 +958,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ hostname_just_set = 1; - if(ndpi_is_valid_hostname(flow->host_server_name, - strlen(flow->host_server_name)) == 0) { + if(ndpi_is_valid_hostname((char *)packet->host_line.ptr, + packet->host_line.len) == 0) { char str[128]; snprintf(str, sizeof(str), "Invalid host %s", flow->host_server_name); diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 6e40a21c5..89a6730e7 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -1465,8 +1465,8 @@ void process_chlo(struct ndpi_detection_module_struct *ndpi_struct, ndpi_check_dga_name(ndpi_struct, flow, flow->host_server_name, 1, 0); - if(ndpi_is_valid_hostname(flow->host_server_name, - strlen(flow->host_server_name)) == 0) { + if(ndpi_is_valid_hostname((char *)&crypto_data[tag_offset_start + prev_offset], + len) == 0) { char str[128]; snprintf(str, sizeof(str), "Invalid host %s", flow->host_server_name); diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index d12aacd75..ee5cfdc12 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -2258,7 +2258,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, #ifdef DEBUG_TLS printf("[TLS] SNI: [%s]\n", sni); #endif - if(ndpi_is_valid_hostname(sni, sni_len) == 0) { + if(ndpi_is_valid_hostname((char *)&packet->payload[offset+extension_offset+5], len) == 0) { ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS, sni); /* This looks like an attack */ |