diff options
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/dns.c | 29 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 14 |
2 files changed, 32 insertions, 11 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index a326b8b68..98c6bf142 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -433,6 +433,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st } } /* for */ + u_int8_t hostname_is_valid = 1; while((j < max_len) && (off < packet->payload_packet_len) && (packet->payload[off] != '\0')) { uint8_t c, cl = packet->payload[off++]; @@ -444,14 +445,26 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st if(j && (j < max_len)) flow->host_server_name[j++] = '.'; - while((j < max_len) && (cl != 0)) { - u_int32_t shift; - - c = packet->payload[off++]; - shift = ((u_int32_t) 1) << (c & 0x1f); - flow->host_server_name[j++] = tolower((dns_validchar[c >> 5] & shift) ? c : '_'); - cl--; - } + while((j < max_len) && (cl != 0)) { + u_int32_t shift; + + c = packet->payload[off++]; + shift = ((u_int32_t) 1) << (c & 0x1f); + if ((dns_validchar[c >> 5] & shift)) { + flow->host_server_name[j++] = tolower(c); + } else { + if (isprint(c) == 0) { + hostname_is_valid = 0; + flow->host_server_name[j++] = '?'; + } else { + flow->host_server_name[j++] = '_'; + } + } + cl--; + } + } + if (hostname_is_valid == 0) { + ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS); } flow->host_server_name[j] = '\0'; diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index d5fa5db1b..aafa89048 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -391,8 +391,12 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi printf("[TLS] %s() IssuerDN [%s]\n", __FUNCTION__, rdnSeqBuf); #endif - if(rdn_len && (flow->protos.tls_quic_stun.tls_quic.issuerDN == NULL)) + if(rdn_len && (flow->protos.tls_quic_stun.tls_quic.issuerDN == NULL)) { flow->protos.tls_quic_stun.tls_quic.issuerDN = ndpi_strdup(rdnSeqBuf); + if (ndpi_is_printable_string(rdnSeqBuf, rdn_len) == 0) { + ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS); + } + } rdn_len = 0; /* Reset buffer */ } @@ -513,7 +517,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi packet->payload_packet_len-i-len); #endif if (ndpi_is_printable_string(dNSName, len) == 0) { - ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_SUSPICIOUS_EXTENSION); + ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS); } if(matched_name == 0) { @@ -565,6 +569,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi #if DEBUG_TLS printf("[TLS] Leftover %u bytes", packet->payload_packet_len - i); #endif + ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_SUSPICIOUS_EXTENSION); break; } } else { @@ -1396,6 +1401,9 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, #ifdef DEBUG_TLS printf("Server TLS [ALPN: %s][len: %u]\n", alpn_str, alpn_str_len); #endif + if (ndpi_is_printable_string(alpn_str, alpn_str_len) == 0) + ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS); + if(flow->protos.tls_quic_stun.tls_quic.alpn == NULL) flow->protos.tls_quic_stun.tls_quic.alpn = ndpi_strdup(alpn_str); @@ -1718,7 +1726,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, #endif if (ndpi_is_printable_string(buffer, len) == 0) { - ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_SUSPICIOUS_EXTENSION); + ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS); } if(!is_quic) { |