diff options
| -rw-r--r-- | configure.seed | 13 | ||||
| -rw-r--r-- | example/ndpiReader.c | 3 | ||||
| -rw-r--r-- | m4/ax_check_compile_flag.m4 | 53 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 1 | ||||
| -rw-r--r-- | src/lib/protocols/fbzero.c | 5 | ||||
| -rw-r--r-- | tests/pcap/fbzero-missing-lengthcheck.pcap | bin | 0 -> 215 bytes | |||
| -rw-r--r-- | tests/result/fbzero-missing-lengthcheck.pcap.out | 3 | ||||
| -rwxr-xr-x | tests/vagrind_test.sh | 2 |
8 files changed, 72 insertions, 8 deletions
diff --git a/configure.seed b/configure.seed index 250a762b5..3c5602f2d 100644 --- a/configure.seed +++ b/configure.seed @@ -4,13 +4,11 @@ AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE([foreign subdir-objects]) -AC_ARG_WITH(llvm_sanitizer, [ --with-llvm-sanitizer Build with support for the LLVM address sanitizer]) +AC_ARG_WITH(sanitizer, [ --with-sanitizer Build with support for address, undefined and leak sanitizer]) -AS_IF([test "${with_llvm_sanitizer+set}" = set],[ - CFLAGS="${CFLAGS} -g -O2 -Wno-unused-value -fsanitize=address -fno-omit-frame-pointer" - LDFLAGS="${LDFLAGS} -fsanitize=address" - CC=clang - CXX=clang++ +AS_IF([test "${with_sanitizer+set}" = set],[ + CFLAGS="${CFLAGS} -g3 -O0 -Wno-unused-value -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fno-sanitize=shift -fsanitize=leak -fno-omit-frame-pointer" + LDFLAGS="${LDFLAGS} -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fno-sanitize=shift -fsanitize=leak" ]) LT_INIT @@ -130,6 +128,9 @@ AS_IF([test "x$enable_fuzztargets" = "xyes"], [ AC_PROG_CXX AC_LANG_PUSH(C++) tmp_saved_flags=$[]_AC_LANG_PREFIX[]FLAGS + AX_CHECK_COMPILE_FLAG([-fsanitize=fuzzer],, + [AC_MSG_ERROR([--enable-fuzztargets requires -fsanitize=fuzzer which is only supported by LLVM])], + [-Werror]) AS_IF([test "x$LIB_FUZZING_ENGINE" = "x"], [ LIB_FUZZING_ENGINE=-fsanitize=fuzzer AC_SUBST(LIB_FUZZING_ENGINE) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index a6b9ed992..a24756c7d 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -3141,7 +3141,8 @@ static void dgaUnitTest() { struct ndpi_detection_module_struct *ndpi_str = ndpi_init_detection_module(ndpi_no_prefs); assert(ndpi_str != NULL); - + + NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); ndpi_finalize_initalization(ndpi_str); diff --git a/m4/ax_check_compile_flag.m4 b/m4/ax_check_compile_flag.m4 new file mode 100644 index 000000000..bd753b34d --- /dev/null +++ b/m4/ax_check_compile_flag.m4 @@ -0,0 +1,53 @@ +# =========================================================================== +# https://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) +# +# DESCRIPTION +# +# Check whether the given FLAG works with the current language's compiler +# or gives an error. (Warnings, however, are ignored) +# +# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on +# success/failure. +# +# If EXTRA-FLAGS is defined, it is added to the current language's default +# flags (e.g. CFLAGS) when the check is done. The check is thus made with +# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to +# force the compiler to issue an error when a bad flag is given. +# +# INPUT gives an alternative input source to AC_COMPILE_IFELSE. +# +# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this +# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. +# +# LICENSE +# +# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de> +# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com> +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 6 + +AC_DEFUN([AX_CHECK_COMPILE_FLAG], +[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF +AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl +AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ + ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS + _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" + AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], + [AS_VAR_SET(CACHEVAR,[yes])], + [AS_VAR_SET(CACHEVAR,[no])]) + _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) +AS_VAR_IF(CACHEVAR,yes, + [m4_default([$2], :)], + [m4_default([$3], :)]) +AS_VAR_POPDEF([CACHEVAR])dnl +])dnl AX_CHECK_COMPILE_FLAGS diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index eec1156dd..82a77183a 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -9115,6 +9115,7 @@ static ndpi_protocol_match host_match[] = { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".hulustream.com", "Hulu", NDPI_PROTOCOL_HULU, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".hulu.com", "Hulu", NDPI_PROTOCOL_HULU, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, /* diff --git a/src/lib/protocols/fbzero.c b/src/lib/protocols/fbzero.c index 6c818e3c7..936d99e84 100644 --- a/src/lib/protocols/fbzero.c +++ b/src/lib/protocols/fbzero.c @@ -85,9 +85,12 @@ void ndpi_search_fbzero(struct ndpi_detection_module_struct *ndpi_struct, char *value = (char*)&packet->payload[data_offset + data_prev_offset]; u_int tag_len = t->tag_offset_len-data_prev_offset, max_len; ndpi_protocol_match_result ret_match; - + max_len = ndpi_min(tag_len, sizeof(flow->host_server_name)-1); + if (data_offset + data_prev_offset + max_len >= packet->payload_packet_len) { + return; + } strncpy((char*)flow->host_server_name, value, max_len); flow->host_server_name[max_len] = '\0'; diff --git a/tests/pcap/fbzero-missing-lengthcheck.pcap b/tests/pcap/fbzero-missing-lengthcheck.pcap Binary files differnew file mode 100644 index 000000000..32855cebc --- /dev/null +++ b/tests/pcap/fbzero-missing-lengthcheck.pcap diff --git a/tests/result/fbzero-missing-lengthcheck.pcap.out b/tests/result/fbzero-missing-lengthcheck.pcap.out new file mode 100644 index 000000000..ce990aca9 --- /dev/null +++ b/tests/result/fbzero-missing-lengthcheck.pcap.out @@ -0,0 +1,3 @@ +Facebook 1 175 1 + + 1 TCP 10.106.97.215:44933 -> 157.240.13.14:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][1 pkts/175 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][< 1 sec][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/vagrind_test.sh b/tests/vagrind_test.sh index aa04dab40..01d76e6a4 100755 --- a/tests/vagrind_test.sh +++ b/tests/vagrind_test.sh @@ -1,5 +1,7 @@ #!/bin/sh +cd "$(dirname "${0}")" + READER="valgrind -q --leak-check=full ../example/ndpiReader -p ../example/protos.txt -c ../example/categories.txt" RC=0 |