aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/include/ndpi_api.h3
-rw-r--r--src/lib/Makefile.in2
-rw-r--r--src/lib/ndpi_main.c2
-rw-r--r--src/lib/ndpi_utils.c11
-rw-r--r--src/lib/protocols/mail_smtp.c15
-rw-r--r--src/lib/protocols/tls.c14
6 files changed, 36 insertions, 11 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index 342a24ae7..c069b811d 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -982,6 +982,9 @@ extern "C" {
void ndpi_data_print_window_values(struct ndpi_analyze_struct *s); /* debug */
ndpi_url_risk ndpi_validate_url(char *url);
+
+ u_int8_t ndpi_is_protocol_detected(struct ndpi_detection_module_struct *ndpi_str,
+ ndpi_protocol proto);
#ifdef __cplusplus
}
#endif
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in
index 6be9d78e9..f69c81946 100644
--- a/src/lib/Makefile.in
+++ b/src/lib/Makefile.in
@@ -14,7 +14,7 @@ prefix = @prefix@
libdir = ${prefix}/lib
includedir = ${prefix}/include/ndpi
CC = @CC@
-CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -O2 -g -Wall @CUSTOM_NDPI@
+CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -Wall @CFLAGS@ @CUSTOM_NDPI@
LDFLAGS = @LDFLAGS@
RANLIB = ranlib
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 3b5d8e251..303497e62 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -2503,7 +2503,7 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_str) {
if(ndpi_str != NULL) {
int i;
- for(i=0; i<(int)ndpi_str->ndpi_num_supported_protocols; i++) {
+ for(i=0; i<(NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS); i++) {
if(ndpi_str->proto_defaults[i].protoName)
ndpi_free(ndpi_str->proto_defaults[i].protoName);
}
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 99571b2c6..1f57da19f 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1379,3 +1379,14 @@ ndpi_url_risk ndpi_validate_url(char *url) {
return(rc);
}
+/* ******************************************************************** */
+
+u_int8_t ndpi_is_protocol_detected(struct ndpi_detection_module_struct *ndpi_str,
+ ndpi_protocol proto) {
+ if((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN)
+ || (proto.app_protocol != NDPI_PROTOCOL_UNKNOWN)
+ || (proto.category != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED))
+ return(1);
+ else
+ return(0);
+}
diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c
index f839598d6..0b4c47be8 100644
--- a/src/lib/protocols/mail_smtp.c
+++ b/src/lib/protocols/mail_smtp.c
@@ -143,7 +143,7 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct,
u_char *out;
size_t out_len;
- ndpi_user_pwd_payload_copy(buf, sizeof(buf)-1, 0,
+ ndpi_user_pwd_payload_copy(buf, sizeof(buf), 0,
packet->line[a].ptr, packet->line[a].len);
#ifdef SMTP_DEBUG
@@ -153,8 +153,10 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct,
out = ndpi_base64_decode((const u_char*)buf, (size_t)strlen((const char*)buf), &out_len);
if(out) {
- snprintf(flow->protos.ftp_imap_pop_smtp.username,
- sizeof(flow->protos.ftp_imap_pop_smtp.username), "%s", out);
+ size_t len = ndpi_min(out_len, sizeof(flow->protos.ftp_imap_pop_smtp.username) - 1);
+
+ memcpy(flow->protos.ftp_imap_pop_smtp.username, out, len);
+ flow->protos.ftp_imap_pop_smtp.username[len] = '\0';
ndpi_free(out);
}
@@ -174,8 +176,11 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct,
out = ndpi_base64_decode((const u_char*)buf, (size_t)strlen((const char*)buf), &out_len);
if(out) {
- snprintf(flow->protos.ftp_imap_pop_smtp.password,
- sizeof(flow->protos.ftp_imap_pop_smtp.password), "%s", out);
+ size_t len = ndpi_min(out_len, sizeof(flow->protos.ftp_imap_pop_smtp.password) - 1);
+
+ memcpy(flow->protos.ftp_imap_pop_smtp.password, out, len);
+ flow->protos.ftp_imap_pop_smtp.password[len] = '\0';
+
ndpi_free(out);
}
} else {
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index b70538949..aa273f535 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -392,8 +392,10 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct,
if((packet->payload[4] != 0x0) || ((certificates_length+3) != length))
return(-2); /* Invalid length */
- if((flow->l4.tcp.tls.srv_cert_fingerprint_ctx = (void*)ndpi_malloc(sizeof(SHA1_CTX))) == NULL)
- return(-3); /* Not enough memory */
+ if(!flow->l4.tcp.tls.srv_cert_fingerprint_ctx) {
+ if((flow->l4.tcp.tls.srv_cert_fingerprint_ctx = (void*)ndpi_malloc(sizeof(SHA1_CTX))) == NULL)
+ return(-3); /* Not enough memory */
+ }
/* Now let's process each individual certificates */
while(certificates_offset < certificates_length) {
@@ -481,8 +483,12 @@ static int processTLSBlock(struct ndpi_detection_module_struct *ndpi_struct,
break;
case 0x0b: /* Certificate */
- processCertificate(ndpi_struct, flow);
- flow->l4.tcp.tls.certificate_processed = 1;
+ /* Important: populate the tls union fields only after
+ * ndpi_int_tls_add_connection has been called */
+ if(flow->l4.tcp.tls.hello_processed) {
+ processCertificate(ndpi_struct, flow);
+ flow->l4.tcp.tls.certificate_processed = 1;
+ }
break;
default:
Powered by cgit, Themed by Ted Yin.