aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols/http.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/protocols/http.c')
-rw-r--r--src/lib/protocols/http.c54
1 files changed, 32 insertions, 22 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 8885906d9..6951dd85c 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -741,28 +741,38 @@ static void ndpi_check_http_url(struct ndpi_detection_module_struct *ndpi_struct
static void ndpi_check_http_server(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
const char *server, u_int server_len) {
- if(server_len > 7) {
- u_int off;
-
- if((strncasecmp(server, "Apache/", off = 7) == 0) /* X.X.X */
- || (strncasecmp(server, "nginx/", off = 6) == 0) /* X.X.X */) {
- u_int i, j, a, b, c;
- char buf[16] = { '\0' };
-
- for(i=off, j=0; (i<server_len) && (j<sizeof(buf)-1)
- && (isdigit(server[i]) || (server[i] == '.')); i++)
- buf[j++] = server[i];
-
- if(sscanf(buf, "%d.%d.%d", &a, &b, &c) == 3) {
- u_int32_t version = (a * 1000000) + (b * 1000) + c;
- char msg[64];
-
- if((off == 7) && (version < MIN_APACHE_VERSION)) {
- snprintf(msg, sizeof(msg), "Obsolete Apache server %s", buf);
- ndpi_set_risk(ndpi_struct, flow, NDPI_HTTP_OBSOLETE_SERVER, msg);
- } else if((off == 6) && (version < MIN_NGINX_VERSION)) {
- snprintf(msg, sizeof(msg), "Obsolete nginx server %s", buf);
- ndpi_set_risk(ndpi_struct, flow, NDPI_HTTP_OBSOLETE_SERVER, msg);
+ if(server[0] != '\0') {
+ if(server_len > 7) {
+ u_int off, i;
+
+ if((strncasecmp(server, "Apache/", off = 7) == 0) /* X.X.X */
+ || (strncasecmp(server, "nginx/", off = 6) == 0) /* X.X.X */) {
+ u_int j, a, b, c;
+ char buf[16] = { '\0' };
+
+ for(i=off, j=0; (i<server_len) && (j<sizeof(buf)-1)
+ && (isdigit(server[i]) || (server[i] == '.')); i++)
+ buf[j++] = server[i];
+
+ if(sscanf(buf, "%d.%d.%d", &a, &b, &c) == 3) {
+ u_int32_t version = (a * 1000000) + (b * 1000) + c;
+ char msg[64];
+
+ if((off == 7) && (version < MIN_APACHE_VERSION)) {
+ snprintf(msg, sizeof(msg), "Obsolete Apache server %s", buf);
+ ndpi_set_risk(ndpi_struct, flow, NDPI_HTTP_OBSOLETE_SERVER, msg);
+ } else if((off == 6) && (version < MIN_NGINX_VERSION)) {
+ snprintf(msg, sizeof(msg), "Obsolete nginx server %s", buf);
+ ndpi_set_risk(ndpi_struct, flow, NDPI_HTTP_OBSOLETE_SERVER, msg);
+ }
+ }
+ }
+
+ /* Check server content */
+ for(i=0; i<server_len; i++) {
+ if(!isprint(server[i])) {
+ ndpi_set_risk(ndpi_struct, flow, NDPI_HTTP_SUSPICIOUS_HEADER, "Suspicious Agent");
+ break;
}
}
}
Powered by cgit, Themed by Ted Yin.