diff options
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/dns.c | 5 | ||||
| -rw-r--r-- | src/lib/protocols/stun.c | 10 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 17 |
3 files changed, 21 insertions, 11 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 3fbb39915..6ef1b9517 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -279,8 +279,11 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st if(j && j < max_len) flow->host_server_name[j++] = '.'; while(j < max_len && cl != 0) { + u_int32_t shift; + c = flow->packet.payload[off++]; - flow->host_server_name[j++] = tolower((dns_validchar[c >> 5] & (1 << (c & 0x1f))) ? c : '_'); + shift = 1 << (c & 0x1f); + flow->host_server_name[j++] = tolower((dns_validchar[c >> 5] & shift) ? c : '_'); cl--; } } diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index e95965f6b..d5114204f 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -350,9 +350,13 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * memset(flow->host_server_name, 0, sizeof(flow->host_server_name)); - for(j=0; j<i; j++) - flow->host_server_name[j] = payload[k++]; - + for(j=0; j<i; j++) { + if((k+i) < payload_length) + flow->host_server_name[j] = payload[k++]; + else + break; + } + #ifdef DEBUG_STUN printf("==> [%s]\n", flow->host_server_name); #endif diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index fb9ad4c45..f46686bb9 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -593,14 +593,17 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, len = (packet->payload[offset+extension_offset+3] << 8) + packet->payload[offset+extension_offset+4]; len = (u_int)ndpi_min(len, buffer_len-1); - strncpy(buffer, (char*)&packet->payload[offset+extension_offset+5], len); - buffer[len] = '\0'; - stripCertificateTrailer(buffer, buffer_len); - - if(!ndpi_struct->disable_metadata_export) { - snprintf(flow->protos.stun_ssl.ssl.client_certificate, - sizeof(flow->protos.stun_ssl.ssl.client_certificate), "%s", buffer); + if((offset+extension_offset+5+len) < packet->payload_packet_len) { + strncpy(buffer, (char*)&packet->payload[offset+extension_offset+5], len); + buffer[len] = '\0'; + + stripCertificateTrailer(buffer, buffer_len); + + if(!ndpi_struct->disable_metadata_export) { + snprintf(flow->protos.stun_ssl.ssl.client_certificate, + sizeof(flow->protos.stun_ssl.ssl.client_certificate), "%s", buffer); + } } } else if(extension_id == 10 /* supported groups */) { u_int16_t s_offset = offset+extension_offset + 2; |