diff options
| -rw-r--r-- | src/include/ndpi_private.h | 4 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 5 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 7 | ||||
| -rw-r--r-- | src/lib/protocols/fastcgi.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/quic.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 2 |
7 files changed, 18 insertions, 12 deletions
diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h index e0cd1c207..25a62cbab 100644 --- a/src/include/ndpi_private.h +++ b/src/include/ndpi_private.h @@ -397,6 +397,10 @@ struct ndpi_detection_module_struct { #define NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS (-1) #define NDPI_PROTOCOL_MATCHED_BY_CONTENT (-2) +#define NDPI_HOSTNAME_NORM_LC 1 +#define NDPI_HOSTNAME_NORM_REPLACE_IC 2 +#define NDPI_HOSTNAME_NORM_STRIP_EOLSP 4 +#define NDPI_HOSTNAME_NORM_ALL (NDPI_HOSTNAME_NORM_LC | NDPI_HOSTNAME_NORM_REPLACE_IC | NDPI_HOSTNAME_NORM_STRIP_EOLSP) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index a5f9a8f50..ee3128360 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -263,11 +263,6 @@ typedef u_int32_t ndpi_ndpi_mask; #define NDPI_NUM_FDS_BITS 16 #endif -#define NDPI_HOSTNAME_NORM_LC 1 -#define NDPI_HOSTNAME_NORM_REPLACE_IC 2 -#define NDPI_HOSTNAME_NORM_STRIP_EOLSP 4 -#define NDPI_HOSTNAME_NORM_ALL (NDPI_HOSTNAME_NORM_LC | NDPI_HOSTNAME_NORM_REPLACE_IC | NDPI_HOSTNAME_NORM_STRIP_EOLSP) - typedef struct ndpi_protocol_bitmask_struct { ndpi_ndpi_mask fds_bits[NDPI_NUM_FDS_BITS]; } ndpi_protocol_bitmask_struct_t; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c6aec46e7..a99f6530d 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -8698,6 +8698,13 @@ static void parse_single_packet_line(struct ndpi_detection_module_struct *ndpi_s if(h->line->len == 0) h->line->ptr = NULL; + /* Stripping trailing spaces */ + while(h->line->len > 0 && h->line->ptr[h->line->len - 1] == ' ') { + h->line->len--; + } + if(h->line->len == 0) + h->line->ptr = NULL; + break; } } diff --git a/src/lib/protocols/fastcgi.c b/src/lib/protocols/fastcgi.c index 6ccd96d43..6a1baa758 100644 --- a/src/lib/protocols/fastcgi.c +++ b/src/lib/protocols/fastcgi.c @@ -213,8 +213,8 @@ static void ndpi_search_fastcgi(struct ndpi_detection_module_struct *ndpi_struct &ret_match, NDPI_PROTOCOL_FASTCGI); ndpi_check_dga_name(ndpi_struct, flow, flow->host_server_name, 1, 0); - if(ndpi_is_valid_hostname(flow->host_server_name, - strlen(flow->host_server_name)) == 0) { + if(ndpi_is_valid_hostname((char *)packet->host_line.ptr, + packet->host_line.len) == 0) { char str[128]; snprintf(str, sizeof(str), "Invalid host %s", flow->host_server_name); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 2516f8158..8e4c60a5f 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -958,8 +958,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ hostname_just_set = 1; - if(ndpi_is_valid_hostname(flow->host_server_name, - strlen(flow->host_server_name)) == 0) { + if(ndpi_is_valid_hostname((char *)packet->host_line.ptr, + packet->host_line.len) == 0) { char str[128]; snprintf(str, sizeof(str), "Invalid host %s", flow->host_server_name); diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 6e40a21c5..89a6730e7 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -1465,8 +1465,8 @@ void process_chlo(struct ndpi_detection_module_struct *ndpi_struct, ndpi_check_dga_name(ndpi_struct, flow, flow->host_server_name, 1, 0); - if(ndpi_is_valid_hostname(flow->host_server_name, - strlen(flow->host_server_name)) == 0) { + if(ndpi_is_valid_hostname((char *)&crypto_data[tag_offset_start + prev_offset], + len) == 0) { char str[128]; snprintf(str, sizeof(str), "Invalid host %s", flow->host_server_name); diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index d12aacd75..ee5cfdc12 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -2258,7 +2258,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, #ifdef DEBUG_TLS printf("[TLS] SNI: [%s]\n", sni); #endif - if(ndpi_is_valid_hostname(sni, sni_len) == 0) { + if(ndpi_is_valid_hostname((char *)&packet->payload[offset+extension_offset+5], len) == 0) { ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS, sni); /* This looks like an attack */ |