diff options
| author | Toni <matzeton@googlemail.com> | 2022-05-30 14:54:27 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-30 14:54:27 +0200 |
| commit | 32750271c38ff754395e167c5a646172140aaf9f (patch) | |
| tree | 8644571e3f30066cbea7f93fed44b3bbf88203a0 /src | |
| parent | c4f50b2cdac989cc89930564a88a5caab85c7214 (diff) | |
Prohibit MPEG-DASH to set HTTP as application protocol. (#1560)
Signed-off-by: lns <matzeton@googlemail.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/http.c | 8 | ||||
| -rw-r--r-- | src/lib/protocols/mpegdash.c | 11 |
2 files changed, 13 insertions, 6 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index f30857577..88c207c9e 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -1110,10 +1110,10 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /* Let's check for Wordpress */ char *slash = strchr(flow->http.url, '/'); - if( - ((flow->http.method == NDPI_HTTP_METHOD_POST) && (strncmp(slash, "/wp-admin/", 10) == 0)) - || ((flow->http.method == NDPI_HTTP_METHOD_GET) && (strncmp(slash, "/wp-content/uploads/", 20) == 0)) - ) { + if(slash != NULL && + (((flow->http.method == NDPI_HTTP_METHOD_POST) && (strncmp(slash, "/wp-admin/", 10) == 0)) + || ((flow->http.method == NDPI_HTTP_METHOD_GET) && (strncmp(slash, "/wp-content/uploads/", 20) == 0)) + )) { /* Example of popular exploits https://www.wordfence.com/blog/2022/05/millions-of-attacks-target-tatsu-builder-plugin/ */ ndpi_set_risk(ndpi_struct, flow, NDPI_POSSIBLE_EXPLOIT, "Possible Wordpress Exploit"); } diff --git a/src/lib/protocols/mpegdash.c b/src/lib/protocols/mpegdash.c index 6be2c1fe5..0e2ac1944 100644 --- a/src/lib/protocols/mpegdash.c +++ b/src/lib/protocols/mpegdash.c @@ -31,8 +31,15 @@ static void ndpi_int_mpegdash_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, - NDPI_PROTOCOL_MPEGDASH, NDPI_CONFIDENCE_DPI); + if (flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN || + flow->guessed_host_protocol_id == NDPI_PROTOCOL_HTTP) + { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MPEGDASH, NDPI_PROTOCOL_HTTP, + NDPI_CONFIDENCE_DPI); + } else { + ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, NDPI_PROTOCOL_MPEGDASH, + NDPI_CONFIDENCE_DPI); + } } void ndpi_search_mpegdash_http(struct ndpi_detection_module_struct *ndpi_struct, |