Added fix for better handling exceptions rollback in case of later match

author: Luca Deri <deri@ntop.org> 2023-03-06 17:33:08 +0100
committer: Luca Deri <deri@ntop.org> 2023-03-06 17:33:08 +0100
commit: d398f232beca613b16cb6cb26214c8fc917a7d17 (patch)
tree: f62a55065dea0f74382084206f50008fd5c7ce52 /src
parent: 89cae9ddf257e156e3973270aacea51dad2c8662 (diff)
2 files changed, 54 insertions, 8 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 6c7ba2e15..f678416a8 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -2953,6 +2953,8 @@ static void ndpi_add_domain_risk_exceptions(struct ndpi_detection_module_struct
   u_int i;
   ndpi_risk mask = ((ndpi_risk)-1);
 
+  if(!ndpi_str) return;
+  
   for(i=0; risks_to_mask[i] != NDPI_NO_RISK; i++)
     mask &= ~(1ULL << risks_to_mask[i]);
 
@@ -8041,6 +8043,9 @@ ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_st
 
 char *ndpi_get_proto_name(struct ndpi_detection_module_struct *ndpi_str,
 			  u_int16_t proto_id) {
+
+  if(!ndpi_str) return("Unknown");
+  
   if((proto_id >= ndpi_str->ndpi_num_supported_protocols)
      || (!ndpi_is_valid_protoId(proto_id))
      || (ndpi_str->proto_defaults[proto_id].protoName == NULL))
@@ -8053,6 +8058,9 @@ char *ndpi_get_proto_name(struct ndpi_detection_module_struct *ndpi_str,
 
 ndpi_protocol_breed_t ndpi_get_proto_breed(struct ndpi_detection_module_struct *ndpi_str,
 					   u_int16_t proto_id) {
+
+  if(!ndpi_str) return(NDPI_PROTOCOL_UNRATED);
+  
   if((proto_id >= ndpi_str->ndpi_num_supported_protocols) ||
      (!ndpi_is_valid_protoId(proto_id)) ||
      (ndpi_str->proto_defaults[proto_id].protoName == NULL))
@@ -8092,6 +8100,8 @@ char *ndpi_get_proto_breed_name(struct ndpi_detection_module_struct *ndpi_str,
 int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_str, char *proto) {
   int i;
 
+  if(!ndpi_str) return(-1);
+  
   for(i = 0; i < (int) ndpi_str->ndpi_num_supported_protocols; i++)
     if(ndpi_str->proto_defaults[i].protoName &&
        strcasecmp(proto, ndpi_str->proto_defaults[i].protoName) == 0)
@@ -8105,6 +8115,8 @@ int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_str, char *pr
 int ndpi_get_category_id(struct ndpi_detection_module_struct *ndpi_str, char *cat) {
   int i;
 
+  if(!ndpi_str) return(-1);
+  
   for(i = 0; i < NDPI_PROTOCOL_NUM_CATEGORIES; i++) {
     const char *name = ndpi_category_get_name(ndpi_str, i);
 
@@ -8120,6 +8132,8 @@ int ndpi_get_category_id(struct ndpi_detection_module_struct *ndpi_str, char *ca
 void ndpi_dump_protocols(struct ndpi_detection_module_struct *ndpi_str) {
   int i;
 
+  if(!ndpi_str) return;
+  
   for(i = 0; i < (int) ndpi_str->ndpi_num_supported_protocols; i++)
     printf("%3d %-22s %-10s %-8s %-12s %s\n",
 	   i, ndpi_str->proto_defaults[i].protoName,
@@ -8275,6 +8289,8 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_str,
   ndpi_automa *automa = &ndpi_str->host_automa;
   int rc;
 
+  if(!ndpi_str) return(NDPI_PROTOCOL_UNKNOWN);
+  
   if((automa->ac_automa == NULL) || (string_to_match_len == 0))
     return(NDPI_PROTOCOL_UNKNOWN);
 
@@ -8315,6 +8331,8 @@ static u_int16_t ndpi_automa_match_string_subprotocol(struct ndpi_detection_modu
 						      ndpi_protocol_match_result *ret_match) {
   int matching_protocol_id;
 
+  if(!ndpi_str) return(NDPI_PROTOCOL_UNKNOWN);
+  
   matching_protocol_id =
     ndpi_match_string_subprotocol(ndpi_str, string_to_match, string_to_match_len, ret_match);
 
@@ -8369,6 +8387,9 @@ static u_int16_t ndpi_automa_match_string_subprotocol(struct ndpi_detection_modu
 
 void ndpi_check_subprotocol_risk(struct ndpi_detection_module_struct *ndpi_str,
 				 struct ndpi_flow_struct *flow, u_int16_t subprotocol_id) {
+
+  if(!ndpi_str) return;
+  
   switch(subprotocol_id) {
   case NDPI_PROTOCOL_ANYDESK:
     ndpi_set_risk(ndpi_str, flow, NDPI_DESKTOP_OR_FILE_SHARING_SESSION, "Found AnyDesk"); /* Remote assistance */
@@ -8386,6 +8407,8 @@ u_int16_t ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_
   u_int16_t rc;
   ndpi_protocol_category_t id;
 
+  if(!ndpi_str) return(-1);
+  
   memset(ret_match, 0, sizeof(*ret_match));
 
   rc = ndpi_automa_match_string_subprotocol(ndpi_str, flow,
@@ -8434,6 +8457,8 @@ int ndpi_match_hostname_protocol(struct ndpi_detection_module_struct *ndpi_struc
   u_int16_t subproto, what_len;
   char *what;
 
+  if(!ndpi_struct) return(0);
+  
   if((name_len > 2) && (name[0] == '*') && (name[1] == '.'))
     what = &name[1], what_len = name_len - 1;
   else
@@ -8455,14 +8480,17 @@ int ndpi_match_hostname_protocol(struct ndpi_detection_module_struct *ndpi_struc
 
 static inline int ndpi_match_xgram(unsigned int *map,unsigned int l,const char *str) {
   unsigned int i,c;
+  
   for(i=0,c=0; *str && i < l; i++) {
     unsigned char a = (unsigned char)(*str++);
     if(a < 'a' || a > 'z') return 0;
     c *= XGRAMS_C;
     c += a-'a';
   }
+  
   return (map[c >> 5] & (1u << (c & 0x1f))) != 0;
 }
+
 int ndpi_match_bigram(const char *str) {
   return ndpi_match_xgram(bigrams_bitmap, 2, str);
 }
@@ -8477,7 +8505,6 @@ int ndpi_match_trigram(const char *str) {
   return ndpi_match_xgram(trigrams_bitmap, 3, str);
 }
 
-
 /* ****************************************************** */
 
 void ndpi_free_flow(struct ndpi_flow_struct *flow) {
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 79138b8e2..5976de3d4 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -2416,6 +2416,23 @@ static void ndpi_handle_risk_exceptions(struct ndpi_detection_module_struct *ndp
     if(host && (host[0] != '\0')) {
       /* Check host exception */
       ndpi_check_hostname_risk_exception(ndpi_str, flow, host);
+
+      if(flow->risk_mask == 0) {
+	u_int i;
+	
+	/*
+	  Might be that the exception applied when some risks
+	  were already triggered: we need to clean them up
+	*/
+	for(i=0; i<flow->num_risk_infos; i++) {
+	  if(flow->risk_infos[i].info != NULL) {
+	    free(flow->risk_infos[i].info);
+	    flow->risk_infos[i].info = NULL;
+	  }
+	}
+	
+	flow->num_risk_infos = 0;
+      }
       
       /* Used to avoid double checks (e.g. in DNS req/rsp) */
       flow->host_risk_mask_evaluated = 1;
@@ -2449,14 +2466,16 @@ void ndpi_set_risk(struct ndpi_detection_module_struct *ndpi_str,
     
     ndpi_handle_risk_exceptions(ndpi_str, flow);
 
-    if(risk_message != NULL) {
-      if(flow->num_risk_infos < MAX_NUM_RISK_INFOS) {
-	char *s = ndpi_strdup(risk_message);
+    if(flow->risk != 0 /* check if it has been masked */) {
+      if(risk_message != NULL) {
+	if(flow->num_risk_infos < MAX_NUM_RISK_INFOS) {
+	  char *s = ndpi_strdup(risk_message);
 
-	if(s != NULL) {
-	  flow->risk_infos[flow->num_risk_infos].id = r;
-	  flow->risk_infos[flow->num_risk_infos].info = s;
-	  flow->num_risk_infos++;
+	  if(s != NULL) {
+	    flow->risk_infos[flow->num_risk_infos].id = r;
+	    flow->risk_infos[flow->num_risk_infos].info = s;
+	    flow->num_risk_infos++;
+	  }
 	}
       }
     }
author	Luca Deri <deri@ntop.org>	2023-03-06 17:33:08 +0100
committer	Luca Deri <deri@ntop.org>	2023-03-06 17:33:08 +0100
commit	d398f232beca613b16cb6cb26214c8fc917a7d17 (patch)
tree	f62a55065dea0f74382084206f50008fd5c7ce52 /src
parent	89cae9ddf257e156e3973270aacea51dad2c8662 (diff)