diff options
| -rw-r--r-- | example/reader_util.c | 9 | ||||
| -rw-r--r-- | fuzz/fuzz_process_packet.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/dns.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/memcached.c | 3 |
4 files changed, 10 insertions, 8 deletions
diff --git a/example/reader_util.c b/example/reader_util.c index 8a6a0d637..2236f79d3 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -898,6 +898,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo ndpi_packet_tunnel tunnel_type, const struct ndpi_ipv6hdr *iph6, u_int16_t ip_offset, + u_int16_t ipsize, struct ndpi_tcphdr **tcph, struct ndpi_udphdr **udph, u_int16_t *sport, u_int16_t *dport, @@ -923,8 +924,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo } return(get_ndpi_flow_info(workflow, 6, vlan_id, tunnel_type, - &iph, iph6, ip_offset, - sizeof(struct ndpi_ipv6hdr), + &iph, iph6, ip_offset, ipsize, ntohs(iph6->ip6_hdr.ip6_un1_plen), tcph, udph, sport, dport, src, dst, proto, payload, @@ -1162,7 +1162,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, &payload, &payload_len, &src_to_dst_direction, when); else flow = get_ndpi_flow_info6(workflow, vlan_id, - tunnel_type, iph6, ip_offset, + tunnel_type, iph6, ip_offset, ipsize, &tcph, &udph, &sport, &dport, &src, &dst, &proto, &payload, &payload_len, &src_to_dst_direction, when); @@ -1603,7 +1603,8 @@ ether_type_check: if(iph->protocol == IPPROTO_IPV6) { ip_offset += ip_len; - goto iph_check; + if (ip_len > 0) + goto iph_check; } if((frag_off & 0x1FFF) != 0) { diff --git a/fuzz/fuzz_process_packet.c b/fuzz/fuzz_process_packet.c index 56cafd983..5af15afba 100644 --- a/fuzz/fuzz_process_packet.c +++ b/fuzz/fuzz_process_packet.c @@ -4,7 +4,6 @@ #include <stdio.h> struct ndpi_detection_module_struct *ndpi_info_mod = NULL; -struct ndpi_flow_struct *ndpi_flow; struct ndpi_id_struct *src; struct ndpi_id_struct *dst; @@ -14,15 +13,16 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { NDPI_PROTOCOL_BITMASK all; NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_info_mod, &all); - ndpi_flow = ndpi_flow_malloc(SIZEOF_FLOW_STRUCT); src = ndpi_malloc(SIZEOF_ID_STRUCT); dst = ndpi_malloc(SIZEOF_ID_STRUCT); } + struct ndpi_flow_struct *ndpi_flow = ndpi_flow_malloc(SIZEOF_FLOW_STRUCT); memset(ndpi_flow, 0, SIZEOF_FLOW_STRUCT); memset(src, 0, SIZEOF_ID_STRUCT); memset(dst, 0, SIZEOF_ID_STRUCT); ndpi_detection_process_packet(ndpi_info_mod, ndpi_flow, Data, Size, 0, src, dst); + ndpi_free_flow(ndpi_flow); return 0; } diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 49f856b41..473ff1753 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -282,7 +282,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st u_int32_t shift; c = flow->packet.payload[off++]; - shift = 1 << (c & 0x1f); + shift = ((u_int32_t) 1) << (c & 0x1f); flow->host_server_name[j++] = tolower((dns_validchar[c >> 5] & shift) ? c : '_'); cl--; } diff --git a/src/lib/protocols/memcached.c b/src/lib/protocols/memcached.c index 664fd195b..ef846c9e2 100644 --- a/src/lib/protocols/memcached.c +++ b/src/lib/protocols/memcached.c @@ -105,7 +105,7 @@ void ndpi_search_memcached( { struct ndpi_packet_struct *packet = &flow->packet; const u_int8_t *offset = packet->payload; - const u_int16_t length = packet->payload_packet_len; + u_int16_t length = packet->payload_packet_len; u_int8_t *matches; NDPI_LOG_DBG(ndpi_struct, "search memcached\n"); @@ -131,6 +131,7 @@ void ndpi_search_memcached( } offset += MEMCACHED_UDP_HDR_LEN; + length -= MEMCACHED_UDP_HDR_LEN; matches = &flow->l4.udp.memcached_matches; } else { |