diff options
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | fuzz/Makefile.am | 4 | ||||
| -rw-r--r-- | fuzz/fuzz_alg_hw_rsi_outliers_da.cpp | 2 | ||||
| -rw-r--r-- | fuzz/fuzz_alg_ses_des.cpp | 3 | ||||
| -rw-r--r-- | fuzz/fuzz_common_code.c | 5 | ||||
| -rw-r--r-- | fuzz/fuzz_config.cpp | 51 | ||||
| -rw-r--r-- | fuzz/fuzz_libinjection.c | 18 | ||||
| -rw-r--r-- | fuzz/fuzz_ndpi_reader.c | 2 | ||||
| -rw-r--r-- | src/include/ndpi_classify.h | 8 | ||||
| -rw-r--r-- | src/include/ndpi_main.h | 2 | ||||
| -rw-r--r-- | src/include/ndpi_protocols.h | 3 | ||||
| -rw-r--r-- | src/lib/ndpi_analyze.c | 7 | ||||
| -rw-r--r-- | src/lib/ndpi_classify.c | 6 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 12 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 20 |
15 files changed, 107 insertions, 38 deletions
diff --git a/.gitignore b/.gitignore index 1327386cd..b38f12103 100644 --- a/.gitignore +++ b/.gitignore @@ -72,6 +72,7 @@ /fuzz/fuzz_libinjection /fuzz/fuzz_tls_certificate /fuzz/fuzz_gcrypt_light +/fuzz/fuzz_ndpi_reader_payload_analyzer /fuzz/fuzz_ndpi_reader_alloc_fail_seed_corpus.zip /fuzz/fuzz_ndpi_reader_seed_corpus.zip /fuzz/fuzz_quic_get_crypto_data_seed_corpus.zip @@ -92,6 +93,7 @@ /fuzz/fuzz_ds_ahocorasick_seed_corpus.zip /fuzz/fuzz_libinjection_seed_corpus.zip /fuzz/fuzz_tls_certificate_seed_corpus.zip +/fuzz/fuzz_ndpi_reader_payload_analyzer_seed_corpus.zip /fuzz/fuzz_*.dict /influxdb/Makefile /install-sh diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index 3871faaa2..45efdbb3f 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -47,8 +47,8 @@ fuzz_ndpi_reader_alloc_fail_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAG $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ $(fuzz_ndpi_reader_alloc_fail_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ -fuzz_ndpi_reader_payload_analyzer_SOURCES = fuzz_ndpi_reader.c ../example/reader_util.c -fuzz_ndpi_reader_payload_analyzer_CFLAGS = -I../example/ @NDPI_CFLAGS@ $(CXXFLAGS) -DENABLE_PAYLOAD_ANALYZER +fuzz_ndpi_reader_payload_analyzer_SOURCES = fuzz_ndpi_reader.c fuzz_common_code.c ../example/reader_util.c +fuzz_ndpi_reader_payload_analyzer_CFLAGS = -I../example/ @NDPI_CFLAGS@ $(CXXFLAGS) -DENABLE_MEM_ALLOC_FAILURES -DENABLE_PAYLOAD_ANALYZER fuzz_ndpi_reader_payload_analyzer_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) fuzz_ndpi_reader_payload_analyzer_LDFLAGS = $(PCAP_LIB) $(LIBS) if HAS_FUZZLDFLAGS diff --git a/fuzz/fuzz_alg_hw_rsi_outliers_da.cpp b/fuzz/fuzz_alg_hw_rsi_outliers_da.cpp index 06274cdfe..3ea9551e4 100644 --- a/fuzz/fuzz_alg_hw_rsi_outliers_da.cpp +++ b/fuzz/fuzz_alg_hw_rsi_outliers_da.cpp @@ -81,6 +81,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_data_entropy(a); ndpi_reset_data_analysis(a); + ndpi_hw_reset(&hw); + /* Data ratio */ if (num_values > 1) ndpi_data_ratio2str(ndpi_data_ratio(values[0], values[1])); diff --git a/fuzz/fuzz_alg_ses_des.cpp b/fuzz/fuzz_alg_ses_des.cpp index 45c1f189e..b524d2fcb 100644 --- a/fuzz/fuzz_alg_ses_des.cpp +++ b/fuzz/fuzz_alg_ses_des.cpp @@ -45,5 +45,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_des_add_value(&d, value, &forecast, &confidence_band); } + ndpi_ses_reset(&s); + ndpi_des_reset(&d); + return 0; } diff --git a/fuzz/fuzz_common_code.c b/fuzz/fuzz_common_code.c index 30dc5baa7..88b7adf2d 100644 --- a/fuzz/fuzz_common_code.c +++ b/fuzz/fuzz_common_code.c @@ -38,19 +38,16 @@ void fuzz_init_detection_module(struct ndpi_detection_module_struct **ndpi_info_ { ndpi_init_prefs prefs = ndpi_enable_ja3_plus; NDPI_PROTOCOL_BITMASK all; + NDPI_PROTOCOL_BITMASK debug_bitmask; if(*ndpi_info_mod == NULL) { *ndpi_info_mod = ndpi_init_detection_module(prefs); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(*ndpi_info_mod, &all); -#if 0 - NDPI_PROTOCOL_BITMASK debug_bitmask; - NDPI_BITMASK_SET_ALL(debug_bitmask); ndpi_set_log_level(*ndpi_info_mod, 4); ndpi_set_debug_bitmask(*ndpi_info_mod, debug_bitmask); -#endif ndpi_load_protocols_file(*ndpi_info_mod, "protos.txt"); ndpi_load_categories_file(*ndpi_info_mod, "categories.txt", NULL); diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp index 8f98c5929..ceddaaf85 100644 --- a/fuzz/fuzz_config.cpp +++ b/fuzz/fuzz_config.cpp @@ -1,4 +1,5 @@ #include "ndpi_api.h" +#include "ndpi_classify.h" #include "fuzz_common_code.h" #include <stdint.h> @@ -25,6 +26,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { struct ndpi_flow_input_info input_info; ndpi_proto p, p2; char out[128]; + char log_ts[32]; if(fuzzed_data.remaining_bytes() < 4 + /* ndpi_init_detection_module() */ @@ -32,10 +34,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 1 + /* TLS cert expire */ 6 + /* files */ ((NDPI_LRUCACHE_MAX + 1) * 5) + /* LRU caches */ - 2 + 1 + 5 + /* ndpi_set_detection_preferences() */ + 2 + 1 + 4 + /* ndpi_set_detection_preferences() */ 7 + /* Opportunistic tls */ 2 + /* Pid */ 2 + /* Category */ + 1 + /* Tunnel */ 1 + /* Bool value */ 2 + /* input_info */ 21 /* Min real data: ip length + 1 byte of L4 header */) @@ -82,6 +85,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_get_lru_cache_ttl(ndpi_info_mod, static_cast<lru_cache_type>(i), &num); } + /* TODO: stub for geo stuff */ + ndpi_load_geoip(ndpi_info_mod, NULL, NULL); + if(fuzzed_data.ConsumeBool()) ndpi_set_detection_preferences(ndpi_info_mod, ndpi_pref_direction_detect_disable, fuzzed_data.ConsumeBool()); @@ -90,7 +96,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 0 /* unused */); if(fuzzed_data.ConsumeBool()) ndpi_set_detection_preferences(ndpi_info_mod, ndpi_pref_max_packets_to_process, - fuzzed_data.ConsumeIntegralInRange(0, (1 << 24))); + fuzzed_data.ConsumeIntegralInRange(0, (1 << 16))); ndpi_set_opportunistic_tls(ndpi_info_mod, NDPI_PROTOCOL_MAIL_SMTP, fuzzed_data.ConsumeBool()); ndpi_get_opportunistic_tls(ndpi_info_mod, NDPI_PROTOCOL_MAIL_SMTP); @@ -121,7 +127,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { } ndpi_set_proto_breed(ndpi_info_mod, pid, NDPI_PROTOCOL_SAFE); ndpi_set_proto_category(ndpi_info_mod, pid, NDPI_PROTOCOL_CATEGORY_MEDIA); - ndpi_is_subprotocol_informative(ndpi_info_mod, pid); /* Custom category configuration */ cat = fuzzed_data.ConsumeIntegralInRange(static_cast<int>(NDPI_PROTOCOL_CATEGORY_CUSTOM_1), @@ -131,20 +136,27 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_category_get_name(ndpi_info_mod, static_cast<ndpi_protocol_category_t>(cat)); ndpi_get_category_id(ndpi_info_mod, catname); + ndpi_tunnel2str(static_cast<ndpi_packet_tunnel>(fuzzed_data.ConsumeIntegralInRange(static_cast<int>(ndpi_no_tunnel), + static_cast<int>(ndpi_gre_tunnel + 1)))); /* + 1 to trigger invalid value */ + ndpi_get_num_supported_protocols(ndpi_info_mod); + ndpi_get_proto_defaults(ndpi_info_mod); ndpi_get_ndpi_num_custom_protocols(ndpi_info_mod); + ndpi_get_ndpi_num_supported_protocols(ndpi_info_mod); ndpi_self_check_host_match(stderr); /* Basic code to try testing this "config" */ bool_value = fuzzed_data.ConsumeBool(); - input_info.in_pkt_dir = !!fuzzed_data.ConsumeBool(); + input_info.in_pkt_dir = fuzzed_data.ConsumeIntegralInRange(0,2); input_info.seen_flow_beginning = !!fuzzed_data.ConsumeBool(); memset(&flow, 0, sizeof(flow)); std::vector<uint8_t>pkt = fuzzed_data.ConsumeRemainingBytes<uint8_t>(); assert(pkt.size() >= 21); /* To be sure check on fuzzed_data.remaining_bytes() at the beginning is right */ + ndpi_detection_process_packet(ndpi_info_mod, &flow, pkt.data(), pkt.size(), 0, &input_info); p = ndpi_detection_giveup(ndpi_info_mod, &flow, 1, &protocol_was_guessed); + assert(p.master_protocol == ndpi_get_flow_masterprotocol(ndpi_info_mod, &flow)); assert(p.app_protocol == ndpi_get_flow_appprotocol(ndpi_info_mod, &flow)); assert(p.category == ndpi_get_flow_category(ndpi_info_mod, &flow)); @@ -154,6 +166,13 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_get_flow_risk_info(&flow, out, sizeof(out), 1); ndpi_get_flow_ndpi_proto(ndpi_info_mod, &flow, &p2); ndpi_is_proto(p, NDPI_PROTOCOL_TLS); + ndpi_http_method2str(flow.http.method); + ndpi_get_l4_proto_name(ndpi_get_l4_proto_info(ndpi_info_mod, p.app_protocol)); + ndpi_is_subprotocol_informative(ndpi_info_mod, p.app_protocol); + ndpi_get_http_method(ndpi_info_mod, &flow); + ndpi_get_http_url(ndpi_info_mod, &flow); + ndpi_get_http_content_type(ndpi_info_mod, &flow); + ndpi_check_for_email_address(ndpi_info_mod, 0); /* ndpi_guess_undetected_protocol() is a "strange" function. Try fuzzing it, here */ if(!ndpi_is_protocol_detected(ndpi_info_mod, p)) { ndpi_guess_undetected_protocol(ndpi_info_mod, bool_value ? &flow : NULL, @@ -161,10 +180,24 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if(!flow.is_ipv6) { /* Another "strange" function (ipv4 only): fuzz it here, for lack of a better alternative */ ndpi_find_ipv4_category_userdata(ndpi_info_mod, flow.c_address.v4); + + ndpi_search_tcp_or_udp_raw(ndpi_info_mod, NULL, 0, ntohl(flow.c_address.v4), ntohl(flow.s_address.v4)); } /* Another "strange" function: fuzz it here, for lack of a better alternative */ ndpi_search_tcp_or_udp(ndpi_info_mod, &flow); } + if(!flow.is_ipv6) { + ndpi_network_ptree_match(ndpi_info_mod, (struct in_addr *)&flow.c_address.v4); + + ndpi_risk_params params[] = { { NDPI_PARAM_HOSTNAME, flow.host_server_name}, + { NDPI_PARAM_ISSUER_DN, flow.host_server_name}, + { NDPI_PARAM_HOST_IPV4, &flow.c_address.v4} }; + ndpi_check_flow_risk_exceptions(ndpi_info_mod, 3, params); + } + /* TODO: stub for geo stuff */ + ndpi_get_geoip_asn(ndpi_info_mod, NULL, NULL); + ndpi_get_geoip_country_continent(ndpi_info_mod, NULL, NULL, 0, NULL, 0); + ndpi_free_flow_data(&flow); /* Get some final stats */ @@ -180,6 +213,16 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_get_api_version(); ndpi_get_gcrypt_version(); + ndpi_get_ndpi_detection_module_size(); + ndpi_detection_get_sizeof_ndpi_flow_struct(); + ndpi_detection_get_sizeof_ndpi_flow_tcp_struct(); + ndpi_detection_get_sizeof_ndpi_flow_udp_struct(); + + ndpi_get_tot_allocated_memory(); + ndpi_log_timestamp(log_ts, sizeof(log_ts)); + + ndpi_free_geoip(ndpi_info_mod); + ndpi_exit_detection_module(ndpi_info_mod); return 0; diff --git a/fuzz/fuzz_libinjection.c b/fuzz/fuzz_libinjection.c index 9fd60107b..c878fe823 100644 --- a/fuzz/fuzz_libinjection.c +++ b/fuzz/fuzz_libinjection.c @@ -5,7 +5,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { char *query; - char fingerprint[8]; + struct libinjection_sqli_state state; /* No memory allocations involved */ @@ -15,11 +15,25 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { memcpy(query, data, size); query[size] = '\0'; - libinjection_sqli(query, strlen(query), fingerprint); + + libinjection_sqli_init(&state, query, strlen(query), 0); /* Default: FLAG_QUOTE_NONE | FLAG_SQL_ANSI */ + libinjection_is_sqli(&state); + libinjection_sqli_init(&state, query, strlen(query), FLAG_QUOTE_SINGLE | FLAG_SQL_ANSI); + libinjection_is_sqli(&state); + libinjection_sqli_init(&state, query, strlen(query), FLAG_QUOTE_DOUBLE | FLAG_SQL_ANSI); + libinjection_is_sqli(&state); + libinjection_sqli_init(&state, query, strlen(query), FLAG_QUOTE_NONE | FLAG_SQL_MYSQL); + libinjection_is_sqli(&state); + libinjection_sqli_init(&state, query, strlen(query), FLAG_QUOTE_SINGLE | FLAG_SQL_MYSQL); + libinjection_is_sqli(&state); + libinjection_sqli_init(&state, query, strlen(query), FLAG_QUOTE_DOUBLE | FLAG_SQL_MYSQL); + libinjection_is_sqli(&state); libinjection_xss(query, strlen(query)); free(query); + libinjection_version(); + return 0; } diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c index 252503d63..4ae6a8246 100644 --- a/fuzz/fuzz_ndpi_reader.c +++ b/fuzz/fuzz_ndpi_reader.c @@ -21,7 +21,7 @@ u_int8_t max_num_udp_dissected_pkts = 16 /* 8 is enough for most protocols, Sign ndpi_init_prefs init_prefs = ndpi_track_flow_payload | ndpi_enable_ja3_plus; int enable_malloc_bins = 1; int malloc_size_stats = 0; -int max_malloc_bins = 0; +int max_malloc_bins = 14; struct ndpi_bin malloc_bins; /* unused */ extern void ndpi_report_payload_stats(int print); diff --git a/src/include/ndpi_classify.h b/src/include/ndpi_classify.h index 0980985ef..2bd76df6a 100644 --- a/src/include/ndpi_classify.h +++ b/src/include/ndpi_classify.h @@ -45,6 +45,10 @@ #include "ndpi_includes.h" +#ifdef __cplusplus +extern "C" { +#endif + /* constants */ #define NUM_PARAMETERS_SPLT_LOGREG 208 #define NUM_PARAMETERS_BD_LOGREG 464 @@ -89,4 +93,8 @@ u_int64_t ndpi_timeval_to_milliseconds(pkt_timeval ts); u_int64_t ndpi_timeval_to_microseconds(pkt_timeval ts); void ndpi_log_timestamp(char *log_ts, u_int32_t log_ts_len); +#ifdef __cplusplus +} +#endif + #endif /* NDPI_CLASSIFY_H */ diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index c9d7ac3f9..b4ef20f5f 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -95,7 +95,7 @@ extern "C" { struct ndpi_flow_struct *flow); extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, - u_int16_t counter); + u_int16_t counter); extern void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 20804a632..b97726080 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -43,6 +43,9 @@ ndpi_port_range* ndpi_build_default_ports(ndpi_port_range *ports, u_int16_t portE); /* TCP/UDP protocols */ +#ifdef __cplusplus +extern "C" +#endif u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t protocol, diff --git a/src/lib/ndpi_analyze.c b/src/lib/ndpi_analyze.c index 178097b9f..346e65a48 100644 --- a/src/lib/ndpi_analyze.c +++ b/src/lib/ndpi_analyze.c @@ -1096,6 +1096,7 @@ int ndpi_hw_init(struct ndpi_hw_struct *hw, if((hw->s = (double*)ndpi_calloc(hw->params.num_season_periods, sizeof(double))) == NULL) { ndpi_free(hw->y); + hw->y = NULL; return(-1); } @@ -1213,8 +1214,10 @@ void ndpi_hw_reset(struct ndpi_hw_struct *hw) { hw->num_values = 0; hw->u = hw->v = hw->sum_square_error = 0; - memset(&hw->y, 0, (hw->params.num_season_periods * sizeof(u_int64_t))); - memset(&hw->s, 0, (hw->params.num_season_periods * sizeof(double))); + if(hw->y) + memset(hw->y, 0, (hw->params.num_season_periods * sizeof(u_int64_t))); + if(hw->s) + memset(hw->s, 0, (hw->params.num_season_periods * sizeof(double))); } /* ********************************************************************************* */ diff --git a/src/lib/ndpi_classify.c b/src/lib/ndpi_classify.c index f1037411d..3dba2207e 100644 --- a/src/lib/ndpi_classify.c +++ b/src/lib/ndpi_classify.c @@ -268,10 +268,12 @@ ndpi_merge_splt_arrays (const uint16_t *pkt_len, const pkt_timeval *pkt_time, uint16_t *merged_lens, uint16_t *merged_times) { int s,r; - pkt_timeval ts_start = { 0, 0 }; /* initialize to avoid spurious warnings */ + pkt_timeval ts_start; pkt_timeval tmp, tmp_r; pkt_timeval start_m; + ndpi_timer_clear(&ts_start); + if(r_idx + s_idx == 0) { return ; } else if(r_idx == 0) { @@ -677,7 +679,7 @@ ndpi_timeval_to_microseconds(pkt_timeval ts) { u_int64_t sec = ts.tv_sec; u_int64_t usec = ts.tv_usec; - return usec + sec * 1000 * 1000;; + return usec + sec * 1000 * 1000; } /* **************************************** */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 6b2210ec1..4d83def4d 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2287,7 +2287,7 @@ u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_str ndpi_prefix_t prefix; ndpi_patricia_node_t *node; - if(!ndpi_str->protocols_ptree) + if(!ndpi_str || !ndpi_str->protocols_ptree) return(NDPI_PROTOCOL_UNKNOWN); if(ndpi_str->ndpi_num_custom_protocols == 0) { @@ -2318,7 +2318,7 @@ u_int16_t ndpi_network_port_ptree_match(struct ndpi_detection_module_struct *ndp ndpi_prefix_t prefix; ndpi_patricia_node_t *node; - if(!ndpi_str->protocols_ptree) + if(!ndpi_str || !ndpi_str->protocols_ptree) return(NDPI_PROTOCOL_UNKNOWN); if(ndpi_str->ndpi_num_custom_protocols == 0) { @@ -7498,8 +7498,12 @@ void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_s u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_str, u_int16_t counter) { - struct ndpi_packet_struct *packet = &ndpi_str->packet; + struct ndpi_packet_struct *packet; + + if(!ndpi_str) + return(0); + packet = &ndpi_str->packet; NDPI_LOG_DBG2(ndpi_str, "called ndpi_check_for_email_address\n"); if(packet->payload_packet_len > counter && ((packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') || @@ -8983,7 +8987,7 @@ const char *ndpi_get_l4_proto_name(ndpi_l4_proto_info proto) { ndpi_l4_proto_info ndpi_get_l4_proto_info(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t ndpi_proto_id) { - if(ndpi_proto_id < ndpi_struct->ndpi_num_supported_protocols) { + if(ndpi_struct && ndpi_proto_id < ndpi_struct->ndpi_num_supported_protocols) { u_int16_t idx = ndpi_struct->proto_defaults[ndpi_proto_id].protoIdx; NDPI_SELECTION_BITMASK_PROTOCOL_SIZE bm = ndpi_struct->callback_buffer[idx].ndpi_selection_bitmask; diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 8f89ef7bf..343c5b0f0 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -2018,39 +2018,30 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) { case NDPI_POSSIBLE_EXPLOIT: return("Possible Exploit"); - break; case NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE: return("TLS Cert About To Expire"); - break; case NDPI_PUNYCODE_IDN: return("IDN Domain Name"); - break; case NDPI_ERROR_CODE_DETECTED: return("Error Code"); - break; case NDPI_HTTP_CRAWLER_BOT: return("Crawler/Bot"); - break; case NDPI_ANONYMOUS_SUBSCRIBER: return("Anonymous Subscriber"); - break; case NDPI_UNIDIRECTIONAL_TRAFFIC: return("Unidirectional Traffic"); - break; case NDPI_HTTP_OBSOLETE_SERVER: return("HTTP Obsolete Server"); - break; case NDPI_PERIODIC_FLOW: return("Periodic Flow"); - break; case NDPI_MINOR_ISSUES: return("Minor Issues"); @@ -2070,27 +2061,21 @@ const char* ndpi_severity2str(ndpi_risk_severity s) { switch(s) { case NDPI_RISK_LOW: return("Low"); - break; case NDPI_RISK_MEDIUM: return("Medium"); - break; case NDPI_RISK_HIGH: return("High"); - break; case NDPI_RISK_SEVERE: return("Severe"); - break; case NDPI_RISK_CRITICAL: return("Critical"); - break; case NDPI_RISK_EMERGENCY: return("Emergency"); - break; } return(""); @@ -2367,7 +2352,7 @@ static u_int8_t ndpi_check_hostname_risk_exception(struct ndpi_detection_module_ ndpi_automa *automa = &ndpi_str->host_risk_mask_automa; u_int8_t ret = 0; - if(automa->ac_automa) { + if(automa && automa->ac_automa) { AC_TEXT_t ac_input_text; AC_REP_t match; @@ -2880,6 +2865,9 @@ u_int8_t ndpi_check_flow_risk_exceptions(struct ndpi_detection_module_struct *nd ndpi_risk_params params[]) { u_int i; + if(!ndpi_str) + return(0); + for(i=0; i<num_params; i++) { switch(params[i].id) { case NDPI_PARAM_HOSTNAME: |