diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 3 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 3 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 43 |
3 files changed, 39 insertions, 10 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 35feb6de5..98b8ccf8e 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1232,7 +1232,8 @@ struct ndpi_flow_struct { struct { struct { u_int16_t ssl_version, server_names_len; - char client_requested_server_name[64], *server_names, server_organization[64], *alpn; + char client_requested_server_name[64], *server_names, server_organization[64], + *alpn, *tls_supported_versions; u_int32_t notBefore, notAfter; char ja3_client[33], ja3_server[33]; u_int16_t server_cipher; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index acb04b8bc..3b5d8e251 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -6443,6 +6443,9 @@ void ndpi_free_flow(struct ndpi_flow_struct *flow) { if(flow->protos.stun_ssl.ssl.alpn) ndpi_free(flow->protos.stun_ssl.ssl.alpn); + if(flow->protos.stun_ssl.ssl.tls_supported_versions) + ndpi_free(flow->protos.stun_ssl.ssl.tls_supported_versions); + if(flow->l4.tcp.tls.srv_cert_fingerprint_ctx) ndpi_free(flow->l4.tcp.tls.srv_cert_fingerprint_ctx); } diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index ab425ce41..b70538949 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1064,7 +1064,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, while(s_offset < tot_alpn_len) { u_int8_t alpn_i, alpn_len = packet->payload[s_offset++]; - if((s_offset + alpn_len) < tot_alpn_len) { + if((s_offset + alpn_len) <= tot_alpn_len) { #ifdef DEBUG_TLS printf("Client SSL [ALPN: %u]\n", alpn_len); #endif @@ -1093,21 +1093,46 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, if(flow->protos.stun_ssl.ssl.alpn == NULL) flow->protos.stun_ssl.ssl.alpn = ndpi_strdup(alpn_str); } else if(extension_id == 43 /* supported versions */) { - u_int8_t version_len = packet->payload[offset+4]; - - if(version_len == (extension_len-1)) { + u_int16_t s_offset = offset+extension_offset; + u_int8_t version_len = packet->payload[s_offset]; + char version_str[256]; + u_int8_t version_str_len = 0; + #ifdef DEBUG_TLS + printf("Client SSL [TLS version len: %u]\n", version_len); +#endif + + if(version_len == (extension_len-1)) { u_int8_t j; + s_offset++; + for(j=0; j<version_len; j += 2) { - u_int16_t tls_version = ntohs(*((u_int16_t*)&packet->payload[offset+5+j])); - - printf("Client SSL [TLS version: 0x%04X]\n", tls_version); + u_int16_t tls_version = ntohs(*((u_int16_t*)&packet->payload[s_offset+j])); + u_int8_t unknown_tls_version; + +#ifdef DEBUG_TLS + printf("Client SSL [TLS version: %s/0x%04X]\n", + ndpi_ssl_version2str(tls_version, &unknown_tls_version), tls_version); +#endif + + if((version_str_len+8) < sizeof(version_str)) { + int rc = snprintf(&version_str[version_str_len], + sizeof(version_str) - version_str_len, "%s%s", + (version_str_len > 0) ? "," : "", + ndpi_ssl_version2str(tls_version, &unknown_tls_version)); + if(rc <= 0) + break; + else + version_str_len += rc; + } } -#endif } - } + if(flow->protos.stun_ssl.ssl.tls_supported_versions == NULL) + flow->protos.stun_ssl.ssl.tls_supported_versions = ndpi_strdup(version_str); + } + extension_offset += extension_len; #ifdef DEBUG_TLS |