diff options
| author | Toni <matzeton@googlemail.com> | 2024-02-02 14:25:43 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-02 14:25:43 +0100 |
| commit | f8aa642c3cfad00abed77cd24b7c81f940f00c96 (patch) | |
| tree | 0f8aeabced9aa64a66c7435039e845d2d74dbd05 /src | |
| parent | 13212711ab85bb9e5b3dfdb51b8a0ba0b6b3fa32 (diff) | |
Simplify and fix JA4 string computation. (#2298)
* additional JA4 string buffer is not needed and may cause a string truncation warning
```
protocols/tls.c: In function ‘ndpi_compute_ja4’:
protocols/tls.c:1738:3: warning: ‘strncpy’ output may be truncated copying 36 bytes from a string of length 1023 [-Wstringop-truncation]
1738 | strncpy(flow->protos.tls_quic.ja4_client, ja_str, 36);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/tls.c | 37 |
1 files changed, 22 insertions, 15 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 87643abe8..9ae9b0af9 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1608,10 +1608,11 @@ static void ndpi_compute_ja4(struct ndpi_detection_module_struct *ndpi_struct, u_int8_t tmp_str[JA_STR_LEN]; u_int tmp_str_len, num_extn; u_int8_t sha_hash[NDPI_SHA256_BLOCK_SIZE]; - char ja_str[JA_STR_LEN]; u_int16_t ja_str_len, i; int rc; u_int16_t tls_handshake_version = ja->client.tls_handshake_version; + char * const ja_str = &flow->protos.tls_quic.ja4_client[0]; + const u_int16_t ja_max_len = sizeof(flow->protos.tls_quic.ja4_client); /* Compute JA4 TLS/QUIC client @@ -1639,42 +1640,50 @@ static void ndpi_compute_ja4(struct ndpi_detection_module_struct *ndpi_struct, switch(tls_handshake_version) { case 0x0304: /* TLS 1.3 = “13” */ - ja_str[1] = '1', ja_str[2] = '3'; + ja_str[1] = '1'; + ja_str[2] = '3'; break; case 0x0303: /* TLS 1.2 = “12” */ - ja_str[1] = '1', ja_str[2] = '2'; + ja_str[1] = '1'; + ja_str[2] = '2'; break; case 0x0302: /* TLS 1.1 = “11” */ - ja_str[1] = '1', ja_str[2] = '1'; + ja_str[1] = '1'; + ja_str[2] = '1'; break; case 0x0301: /* TLS 1.0 = “10” */ - ja_str[1] = '1', ja_str[2] = '0'; + ja_str[1] = '1'; + ja_str[2] = '0'; break; case 0x0300: /* SSL 3.0 = “s3” */ - ja_str[1] = 's', ja_str[2] = '3'; + ja_str[1] = 's'; + ja_str[2] = '3'; break; case 0x0200: /* SSL 2.0 = “s2” */ - ja_str[1] = 's', ja_str[2] = '2'; + ja_str[1] = 's'; + ja_str[2] = '2'; break; case 0x0100: /* SSL 1.0 = “s1” */ - ja_str[1] = 's', ja_str[2] = '3'; + ja_str[1] = 's'; + ja_str[2] = '3'; break; default: - ja_str[1] = '0', ja_str[2] = '0'; + ja_str[1] = '0'; + ja_str[2] = '0'; break; } ja_str[3] = ndpi_isset_risk(ndpi_struct, flow, NDPI_NUMERIC_IP_HOST) ? 'i' : 'd', ja_str_len = 4; /* JA4_a */ - rc = ndpi_snprintf(&ja_str[ja_str_len], JA_STR_LEN-ja_str_len, "%02u%02u%c%c_", + rc = ndpi_snprintf(&ja_str[ja_str_len], ja_max_len - ja_str_len, "%02u%02u%c%c_", ja->client.num_ciphers, ja->client.num_tls_extensions, (ja->client.alpn[0] == '\0') ? '0' : ja->client.alpn[0], (ja->client.alpn[0] == '\0') ? '0' : ja->client.alpn[1]); @@ -1693,7 +1702,7 @@ static void ndpi_compute_ja4(struct ndpi_detection_module_struct *ndpi_struct, ndpi_sha256(tmp_str, tmp_str_len, sha_hash); - rc = ndpi_snprintf(&ja_str[ja_str_len], JA_STR_LEN-ja_str_len, + rc = ndpi_snprintf(&ja_str[ja_str_len], ja_max_len - ja_str_len, "%02x%02x%02x%02x%02x%02x_", sha_hash[0], sha_hash[1], sha_hash[2], sha_hash[3], sha_hash[4], sha_hash[5]); @@ -1725,18 +1734,16 @@ static void ndpi_compute_ja4(struct ndpi_detection_module_struct *ndpi_struct, ndpi_sha256(tmp_str, tmp_str_len, sha_hash); - rc = ndpi_snprintf(&ja_str[ja_str_len], JA_STR_LEN-ja_str_len, + rc = ndpi_snprintf(&ja_str[ja_str_len], ja_max_len - ja_str_len, "%02x%02x%02x%02x%02x%02x", sha_hash[0], sha_hash[1], sha_hash[2], sha_hash[3], sha_hash[4], sha_hash[5]); if((rc > 0) && (ja_str_len + rc < JA_STR_LEN)) ja_str_len += rc; + ja_str[36] = 0; #ifdef DEBUG_JA printf("[JA4] %s [len: %lu]\n", ja_str, strlen(ja_str)); #endif - - strncpy(flow->protos.tls_quic.ja4_client, ja_str, 36); - flow->protos.tls_quic.ja4_client[36] = 0; } /* **************************************** */ |