diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-09-10 11:09:59 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-10 11:09:59 +0200 |
| commit | 2b883b93be5feef26469fb07ca126b7c13b2fd21 (patch) | |
| tree | 0f9bbcde2e9d41a86bdce1edfdab1588729c52ae /src | |
| parent | 805df2e5ceebf9252248ac4514d47ba8756c4042 (diff) | |
Fix some errors found by fuzzers (#2078)
Fix compilation on Windows.
"dirent.h" file has been taken from https://github.com/tronkko/dirent/
Fix Python bindings
Fix some warnings with x86_64-w64-mingw32-gcc:
```
protocols/dns.c: In function ‘ndpi_search_dns’:
protocols/dns.c:775:41: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
775 | unsigned long first_element_len = (unsigned long)dot - (unsigned long)_hostname;
| ^
protocols/dns.c:775:62: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
775 | unsigned long first_element_len = (unsigned long)dot - (unsigned long)_hostname;
|
```
```
In file included from ndpi_bitmap64.c:31:
third_party/include/binaryfusefilter.h: In function ‘binary_fuse8_hash’:
third_party/include/binaryfusefilter.h:160:32: error: left shift count >= width of type [-Werror=shift-count-overflow]
160 | uint64_t hh = hash & ((1UL << 36) - 1);
```
```
In function ‘ndpi_match_custom_category’,
inlined from ‘ndpi_fill_protocol_category.part.0’ at ndpi_main.c:7056:16:
ndpi_main.c:3419:3: error: ‘strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
3419 | strncpy(buf, name, name_len);
```
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 26 | ||||
| -rw-r--r-- | src/lib/ndpi_bitmap64.c | 15 | ||||
| -rw-r--r-- | src/lib/ndpi_domain_classify.c | 7 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 16 | ||||
| -rw-r--r-- | src/lib/protocols/dns.c | 2 | ||||
| -rw-r--r-- | src/lib/third_party/include/binaryfusefilter.h | 6 |
6 files changed, 53 insertions, 19 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 47e2b9897..d440a9e74 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -625,6 +625,19 @@ struct ndpi_flow_input_info { unsigned char seen_flow_beginning; }; +/* Save memory limiting the key to 56 bit */ +//#define SAVE_BINARY_BITMAP_MEMORY + +PACK_ON +struct ndpi_binary_bitmap_entry { +#ifdef SAVE_BINARY_BITMAP_MEMORY + u_int64_t value:56, category:8; +#else + u_int64_t value; + u_int8_t category; +#endif +} PACK_OFF; + /* ******************* ********************* ****************** */ /* ************************************************************ */ @@ -1180,19 +1193,6 @@ typedef void ndpi_bitmap; typedef void ndpi_bitmap64; typedef void ndpi_bitmap_iterator; typedef void ndpi_filter; - -/* Save memory limiting the key to 56 bit */ -//#define SAVE_BINARY_BITMAP_MEMORY - -PACK_ON -struct ndpi_binary_bitmap_entry { -#ifdef SAVE_BINARY_BITMAP_MEMORY - u_int64_t value:56, category:8; -#else - u_int64_t value; - u_int8_t category; -#endif -} PACK_OFF; typedef struct { u_int32_t num_allocated_entries, num_used_entries; diff --git a/src/lib/ndpi_bitmap64.c b/src/lib/ndpi_bitmap64.c index 1c8368b29..f254c1483 100644 --- a/src/lib/ndpi_bitmap64.c +++ b/src/lib/ndpi_bitmap64.c @@ -76,6 +76,9 @@ bool ndpi_bitmap64_compress(ndpi_bitmap64 *_b) { ndpi_bitmap64_t *b = (ndpi_bitmap64_t*)_b; u_int32_t i; + if(!b) + return(false); + if(b->num_used_entries > 0) { if(b->num_used_entries > 1) qsort(b->entries, b->num_used_entries, @@ -122,6 +125,9 @@ bool ndpi_bitmap64_compress(ndpi_bitmap64 *_b) { bool ndpi_bitmap64_set(ndpi_bitmap64 *_b, u_int64_t value) { ndpi_bitmap64_t *b = (ndpi_bitmap64_t*)_b; + if(!b) + return(false); + if(b->is_compressed) { /* We need to discard the filter and start over as this @@ -155,6 +161,9 @@ bool ndpi_bitmap64_set(ndpi_bitmap64 *_b, u_int64_t value) { bool ndpi_bitmap64_isset(ndpi_bitmap64 *_b, u_int64_t value) { ndpi_bitmap64_t *b = (ndpi_bitmap64_t*)_b; + if(!b) + return(false); + if(!b->is_compressed) ndpi_bitmap64_compress(b); return(binary_fuse16_contain(value, &b->bitmap)); @@ -165,6 +174,9 @@ bool ndpi_bitmap64_isset(ndpi_bitmap64 *_b, u_int64_t value) { void ndpi_bitmap64_free(ndpi_bitmap64 *_b) { ndpi_bitmap64_t *b = (ndpi_bitmap64_t*)_b; + if(!b) + return; + if(b->entries) ndpi_free(b->entries); if(b->is_compressed) @@ -178,5 +190,8 @@ void ndpi_bitmap64_free(ndpi_bitmap64 *_b) { u_int32_t ndpi_bitmap64_size(ndpi_bitmap64 *_b) { ndpi_bitmap64_t *b = (ndpi_bitmap64_t*)_b; + if(!b) + return(0); + return(sizeof(ndpi_bitmap64) + binary_fuse16_size_in_bytes(&b->bitmap)); } diff --git a/src/lib/ndpi_domain_classify.c b/src/lib/ndpi_domain_classify.c index fa866f32d..f1a319067 100644 --- a/src/lib/ndpi_domain_classify.c +++ b/src/lib/ndpi_domain_classify.c @@ -47,6 +47,9 @@ ndpi_domain_classify* ndpi_domain_classify_alloc() { void ndpi_domain_classify_free(ndpi_domain_classify *s) { u_int32_t i; + if(!s) + return; + for(i=0; i<MAX_NUM_NDPI_DOMAIN_CLASSIFICATIONS; i++) { if(s->classes[i].domains != NULL) { ndpi_bitmap64_free(s->classes[i].domains); @@ -90,6 +93,8 @@ bool ndpi_domain_classify_add(ndpi_domain_classify *s, } else if(s->classes[i].class_id == 0) { s->classes[i].class_id = class_id; s->classes[i].domains = ndpi_bitmap64_alloc(); + if(!s->classes[i].domains) + s->classes[i].class_id = 0; break; } } @@ -117,6 +122,8 @@ u_int32_t ndpi_domain_classify_add_domains(ndpi_domain_classify *s, } else if(s->classes[i].class_id == 0) { s->classes[i].class_id = class_id; s->classes[i].domains = ndpi_bitmap64_alloc(); + if(!s->classes[i].domains) + s->classes[i].class_id = 0; break; } } diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index ae3c4c200..c2a5b2f2f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2669,7 +2669,8 @@ void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct * void set_ndpi_debug_function(struct ndpi_detection_module_struct *ndpi_str, ndpi_debug_function_ptr ndpi_debug_printf) { #ifdef NDPI_ENABLE_DEBUG_MESSAGES - ndpi_str->ndpi_debug_printf = ndpi_debug_printf; + if(ndpi_str) + ndpi_str->ndpi_debug_printf = ndpi_debug_printf; #endif } @@ -3002,7 +3003,15 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs ac_automata_name(ndpi_str->custom_categories.hostnames_shadow.ac_automa, "ccat_sh", 0); #else ndpi_str->custom_categories.sc_hostnames = ndpi_domain_classify_alloc(); + if(!ndpi_str->custom_categories.sc_hostnames) { + ndpi_exit_detection_module(ndpi_str); + return(NULL); + } ndpi_str->custom_categories.sc_hostnames_shadow = ndpi_domain_classify_alloc(); + if(!ndpi_str->custom_categories.sc_hostnames_shadow) { + ndpi_exit_detection_module(ndpi_str); + return(NULL); + } #endif ndpi_str->custom_categories.ipAddresses = ndpi_patricia_new(32 /* IPv4 */); @@ -3407,7 +3416,7 @@ int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_str, u_int max_len = sizeof(buf)-1; if(name_len > max_len) name_len = max_len; - strncpy(buf, name, name_len); + memcpy(buf, name, name_len); buf[name_len] = '\0'; if(ndpi_domain_classify_contains(ndpi_str->custom_categories.sc_hostnames, @@ -6887,6 +6896,9 @@ int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_str, (AC_AUTOMATA_t *)ndpi_str->custom_categories.hostnames_shadow.ac_automa, name_to_add,category,category, 0, 0, 1); /* at_end */ #else + if(ndpi_str->custom_categories.sc_hostnames_shadow == NULL) + return(-1); + return(ndpi_domain_classify_add(ndpi_str->custom_categories.sc_hostnames_shadow, (u_int16_t)category, (char*)name_to_add) ? 0 : -1); #endif diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 1a318aa02..b518ba0f2 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -772,7 +772,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st dot = strchr(_hostname, '.'); if(dot) { - unsigned long first_element_len = (unsigned long)dot - (unsigned long)_hostname; + uintptr_t first_element_len = dot - _hostname; if(first_element_len > 32) { /* diff --git a/src/lib/third_party/include/binaryfusefilter.h b/src/lib/third_party/include/binaryfusefilter.h index 991e28c67..6e2498baa 100644 --- a/src/lib/third_party/include/binaryfusefilter.h +++ b/src/lib/third_party/include/binaryfusefilter.h @@ -157,7 +157,7 @@ static inline uint32_t binary_fuse8_hash(int index, uint64_t hash, uint64_t h = binary_fuse_mulhi(hash, filter->SegmentCountLength); h += index * filter->SegmentLength; // keep the lower 36 bits - uint64_t hh = hash & ((1UL << 36) - 1); + uint64_t hh = hash & ((1ULL << 36) - 1); // index 0: right shift by 36; index 1: right shift by 18; index 2: no shift h ^= (size_t)((hh >> (36 - 18 * index)) & filter->SegmentLengthMask); return h; @@ -477,7 +477,7 @@ static inline uint32_t binary_fuse16_hash(int index, uint64_t hash, uint64_t h = binary_fuse_mulhi(hash, filter->SegmentCountLength); h += index * filter->SegmentLength; // keep the lower 36 bits - uint64_t hh = hash & ((1UL << 36) - 1); + uint64_t hh = hash & ((1ULL << 36) - 1); // index 0: right shift by 36; index 1: right shift by 18; index 2: no shift h ^= (size_t)((hh >> (36 - 18 * index)) & filter->SegmentLengthMask); return h; @@ -522,7 +522,7 @@ static inline bool binary_fuse16_allocate(uint32_t size, filter->ArrayLength = (filter->SegmentCount + arity - 1) * filter->SegmentLength; filter->SegmentCountLength = filter->SegmentCount * filter->SegmentLength; - filter->Fingerprints = (uint16_t*)ndpi_malloc(filter->ArrayLength * sizeof(uint16_t)); + filter->Fingerprints = (uint16_t*)ndpi_calloc(filter->ArrayLength, sizeof(uint16_t)); return filter->Fingerprints != NULL; } |