Merge pull request #961 from lnslbrty/fix/ssl-version2str-race-condition

Fixed race condition in ndpi_ssl_version2str() caused by static quali…

4 files changed, 26 insertions, 8 deletions

diff --git a/src/include/ndpi_api.h.in b/src/include/ndpi_api.h.in
index 2476ed8fd..4b36fd3b2 100644
--- a/src/include/ndpi_api.h.in
+++ b/src/include/ndpi_api.h.in
@@ -897,7 +897,8 @@ extern "C" {
 				      char *buffer, u_int buffer_size,
 				      u_int8_t min_string_match_len, /* Will return 0 if no string > min_string_match_len have been found */
 				      char *outbuf, u_int outbuf_len);
-  char* ndpi_ssl_version2str(u_int16_t version, u_int8_t *unknown_tls_version);
+  char* ndpi_ssl_version2str(struct ndpi_flow_struct *flow,
+                             u_int16_t version, u_int8_t *unknown_tls_version);
   void ndpi_patchIPv6Address(char *str);
   void ndpi_user_pwd_payload_copy(u_int8_t *dest, u_int dest_len, u_int offset,
 				  const u_int8_t *src, u_int src_len);
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index e0b338345..765aa2c3b 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1211,6 +1211,7 @@ struct ndpi_flow_struct {
 
     struct {
       struct {
+        char ssl_version_str[12];
 	u_int16_t ssl_version, server_names_len;
 	char client_requested_server_name[64], *server_names,
 	  *alpn, *tls_supported_versions, *issuerDN, *subjectDN;
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 708ac38a0..50cf1099f 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -714,9 +714,8 @@ int ndpi_has_human_readeable_string(struct ndpi_detection_module_struct *ndpi_st
 
 /* ********************************** */
 
-char* ndpi_ssl_version2str(u_int16_t version, u_int8_t *unknown_tls_version) {
-  static char v[12];
-
+char* ndpi_ssl_version2str(struct ndpi_flow_struct *flow,
+                           u_int16_t version, u_int8_t *unknown_tls_version) {
   *unknown_tls_version = 0;
 
   switch(version) {
@@ -728,15 +727,32 @@ char* ndpi_ssl_version2str(u_int16_t version, u_int8_t *unknown_tls_version) {
   case 0XFB1A: return("TLSv1.3 (Fizz)"); /* https://engineering.fb.com/security/fizz/ */
   case 0XFEFF: return("DTLSv1.0");
   case 0XFEFD: return("DTLSv1.2");
+  case 0x0A0A:
+  case 0x1A1A:
+  case 0x2A2A:
+  case 0x3A3A:
+  case 0x4A4A:
+  case 0x5A5A:
+  case 0x6A6A:
+  case 0x7A7A:
+  case 0x8A8A:
+  case 0x9A9A:
+  case 0xAAAA:
+  case 0xBABA:
+  case 0xCACA:
+  case 0xDADA:
+  case 0xEAEA:
+  case 0xFAFA: return("GREASE");
   }
 
   if((version >= 0x7f00) && (version <= 0x7fff))
     return("TLSv1.3 (draft)");
 
   *unknown_tls_version = 1;
-  snprintf(v, sizeof(v), "TLS (%04X)", version);
+  snprintf(flow->protos.stun_ssl.ssl.ssl_version_str,
+           sizeof(flow->protos.stun_ssl.ssl.ssl_version_str), "TLS (%04X)", version);
 
-  return(v);
+  return(flow->protos.stun_ssl.ssl.ssl_version_str);
 }
 
 /* ***************************************************** */
@@ -1066,7 +1082,7 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct,
       struct tm a, b, *before = NULL, *after = NULL;
       u_int i, off;
       u_int8_t unknown_tls_version;
-      char *version = ndpi_ssl_version2str(flow->protos.stun_ssl.ssl.ssl_version, &unknown_tls_version);
+      char *version = ndpi_ssl_version2str(flow, flow->protos.stun_ssl.ssl.ssl_version, &unknown_tls_version);
 
       if(flow->protos.stun_ssl.ssl.notBefore)
         before = gmtime_r((const time_t *)&flow->protos.stun_ssl.ssl.notBefore, &a);
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 830232554..d938d53e9 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1263,7 +1263,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 		      int rc = snprintf(&version_str[version_str_len],
 					sizeof(version_str) - version_str_len, "%s%s",
 					(version_str_len > 0) ? "," : "",
-					ndpi_ssl_version2str(tls_version, &unknown_tls_version));
+					ndpi_ssl_version2str(flow, tls_version, &unknown_tls_version));
 		      if(rc <= 0)
 			break;
 		      else