Added fix to avoid potential heap buffer overflow in H.323 dissector

Modified HTTP report information to make it closer to the HTTP field names
author: Luca Deri <deri@ntop.org> 2020-05-19 08:31:05 +0200
committer: Luca Deri <deri@ntop.org> 2020-05-19 08:31:05 +0200
commit: b7e666e465f138ae48ab81976726e67deed12701 (patch)
tree: de50c1d17857a146bcd8845c641c53956d1c6f99 /src
parent: 3d9285f1be84db7ecec821b75f67964dc4773a65 (diff)
1 files changed, 44 insertions, 47 deletions
diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c
index 21ab1c472..13ec9d364 100644
--- a/src/lib/protocols/h323.c
+++ b/src/lib/protocols/h323.c
@@ -1,7 +1,7 @@
 /*
  * h323.c
  *
- * Copyright (C) 2015-18 ntop.org
+ * Copyright (C) 2015-20 ntop.org
  * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
  *
  */
@@ -36,37 +36,37 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n
     if(packet->payload_packet_len >= 4
        && (packet->payload[0] == 0x03)
        && (packet->payload[1] == 0x00)) {
-	struct tpkt *t = (struct tpkt*)packet->payload;
-	u_int16_t len = ntohs(t->len);
-
-	if(packet->payload_packet_len == len) {
-	  /*
-	    We need to check if this packet is in reality
-	    a RDP (Remote Desktop) packet encapsulated on TPTK
-	   */
-
-	  if(packet->payload[4] == (packet->payload_packet_len - sizeof(struct tpkt) - 1)) {
-	    /* ISO 8073/X.224 */
-	    if((packet->payload[5] == 0xE0 /* CC Connect Request */)
-	       || (packet->payload[5] == 0xD0 /* CC Connect Confirm */)) {
-	      NDPI_LOG_INFO(ndpi_struct, "found RDP\n");
-	      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RDP, NDPI_PROTOCOL_UNKNOWN);
-	      return;
-	    }
+      struct tpkt *t = (struct tpkt*)packet->payload;
+      u_int16_t len = ntohs(t->len);
+
+      if(packet->payload_packet_len == len) {
+	/*
+	  We need to check if this packet is in reality
+	  a RDP (Remote Desktop) packet encapsulated on TPTK
+	*/
+
+	if(packet->payload[4] == (packet->payload_packet_len - sizeof(struct tpkt) - 1)) {
+	  /* ISO 8073/X.224 */
+	  if((packet->payload[5] == 0xE0 /* CC Connect Request */)
+	     || (packet->payload[5] == 0xD0 /* CC Connect Confirm */)) {
+	    NDPI_LOG_INFO(ndpi_struct, "found RDP\n");
+	    ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RDP, NDPI_PROTOCOL_UNKNOWN);
+	    return;
 	  }
+	}
 
-	  flow->l4.tcp.h323_valid_packets++;
+	flow->l4.tcp.h323_valid_packets++;
 
-	  if(flow->l4.tcp.h323_valid_packets >= 2) {
-	    NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n");
-	    ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN);
-	  }
-	} else {
-	  /* This is not H.323 */
-	  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-	  return;
+	if(flow->l4.tcp.h323_valid_packets >= 2) {
+	  NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n");
+	  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN);
 	}
+      } else {
+	/* This is not H.323 */
+	NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+	return;
       }
+    }
   } else if(packet->udp != NULL) {
     sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest);
     NDPI_LOG_DBG2(ndpi_struct, "calculated dport over udp\n");
@@ -80,28 +80,25 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n
 	return;
       }
     /* H323  */
-    if(sport == 1719 || dport == 1719)
-      {
-        if(packet->payload[0] == 0x16 && packet->payload[1] == 0x80 && packet->payload[4] == 0x06 && packet->payload[5] == 0x00)
-	  {
-	    NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n");
-	    ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN);
-	    return;
-	  }
-        else if(packet->payload_packet_len >= 20 && packet->payload_packet_len <= 117)
-	  {
-	    NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n");
-	    ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN);
-	    return;
-	  }
-        else
-	  {
-	    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-	    return;
-	  }
+    if(sport == 1719 || dport == 1719) {
+      if((packet->payload_packet_len >= 5)
+	 && (packet->payload[0] == 0x16)
+	 && (packet->payload[1] == 0x80)
+	 && (packet->payload[4] == 0x06)
+	 && (packet->payload[5] == 0x00)) {
+	NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n");
+	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN);
+	return;
+      } else if(packet->payload_packet_len >= 20 && packet->payload_packet_len <= 117) {
+	NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n");
+	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN);
+	return;
+      } else {
+	NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+	return;
       }
+    }
   }
-
 }
 
 void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
author	Luca Deri <deri@ntop.org>	2020-05-19 08:31:05 +0200
committer	Luca Deri <deri@ntop.org>	2020-05-19 08:31:05 +0200
commit	b7e666e465f138ae48ab81976726e67deed12701 (patch)
tree	de50c1d17857a146bcd8845c641c53956d1c6f99 /src
parent	3d9285f1be84db7ecec821b75f67964dc4773a65 (diff)