aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/include/ndpi_api.h2
-rw-r--r--src/include/ndpi_main.h4
-rw-r--r--src/lib/ndpi_main.c53
-rw-r--r--src/lib/ndpi_serializer.c2
-rw-r--r--src/lib/ndpi_utils.c5
5 files changed, 30 insertions, 36 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index a63e29c7f..dd065783d 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -896,7 +896,7 @@ extern "C" {
* @par The automata initialized with ndpi_init_automa();
* @par The (sub)string to search (malloc'ed memory)
* @par The number associated with this string
- * @return 0 in case of no error, or -1 if an error occurred.
+ * @return 0 in case of no error, or -2 if the string has been already addeed, or -1 if an error occurred.
*
*/
int ndpi_add_string_value_to_automa(void *_automa, char *str, u_int32_t num);
diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h
index 1337cc63f..4fd47d96c 100644
--- a/src/include/ndpi_main.h
+++ b/src/include/ndpi_main.h
@@ -95,7 +95,7 @@ extern "C" {
struct ndpi_flow_struct *flow);
extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow, u_int16_t counter);
+ u_int16_t counter);
extern void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
@@ -104,8 +104,6 @@ extern "C" {
extern void ndpi_set_proto_subprotocols(struct ndpi_detection_module_struct *ndpi_mod,
int protoId, ...);
- extern void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow);
-
extern int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip);
extern int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip);
extern void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip);
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 2df9dd0cc..89b9a585e 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -185,6 +185,13 @@ static ndpi_risk_info ndpi_known_risks[] = {
/* Leave this as last member */
{ NDPI_MAX_RISK, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_NO_ACCOUNTABILITY }
};
+#if !defined(NDPI_CFFI_PREPROCESSING) && defined(__linux__)
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+_Static_assert(sizeof(ndpi_known_risks) / sizeof(ndpi_risk_info) == NDPI_MAX_RISK + 1,
+ "Invalid risks length. Do you need to update 'ndpi_known_risks' array?");
+#endif
+#endif
+
/* ****************************************** */
@@ -998,7 +1005,7 @@ int ndpi_set_detection_preferences(struct ndpi_detection_module_struct *ndpi_str
/* ******************************************************************** */
static void ndpi_validate_protocol_initialization(struct ndpi_detection_module_struct *ndpi_str) {
- u_int i, val;
+ u_int i;
for(i = 0; i < ndpi_str->ndpi_num_supported_protocols; i++) {
if(ndpi_str->proto_defaults[i].protoName == NULL) {
@@ -1013,13 +1020,6 @@ static void ndpi_validate_protocol_initialization(struct ndpi_detection_module_s
}
}
}
-
- /* Sanity check for risks initialization */
- val = (sizeof(ndpi_known_risks) / sizeof(ndpi_risk_info)) - 1;
- if(val != NDPI_MAX_RISK) {
- NDPI_LOG_ERR(ndpi_str, "[NDPI] INTERNAL ERROR Invalid ndpi_known_risks[] initialization [%u != %u]\n", val, NDPI_MAX_RISK);
- exit(0);
- }
}
/* ******************************************************************** */
@@ -2094,7 +2094,7 @@ int ac_domain_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, AC_REP_t *match) {
AC_PATTERN_t *pattern = m->patterns;
int i,start,end = m->position;
- for(i=0; i < m->match_num; i++,pattern++) {
+ for(i=0; i < m->match_num && i < 32; i++,pattern++) {
/*
* See ac_automata_exact_match()
* The bit is set if the pattern exactly matches AND
@@ -2385,6 +2385,9 @@ int ndpi_load_ipv4_ptree(struct ndpi_detection_module_struct *ndpi_str,
int len;
u_int num_loaded = 0;
+ if(!ndpi_str || !path || !ndpi_str->protocols_ptree)
+ return(-1);
+
fd = fopen(path, "r");
if(fd == NULL) {
@@ -3062,7 +3065,7 @@ int ndpi_add_string_value_to_automa(void *_automa, char *str, u_int32_t num) {
ac_pattern.length = strlen(ac_pattern.astring);
rc = ac_automata_add(automa, &ac_pattern);
- return(rc == ACERR_SUCCESS || rc == ACERR_DUPLICATE_PATTERN ? 0 : -1);
+ return(rc == ACERR_SUCCESS ? 0 : (rc == ACERR_DUPLICATE_PATTERN ? -2 : -1));
}
/* ****************************************************** */
@@ -3139,7 +3142,9 @@ static int ndpi_match_string_common(AC_AUTOMATA_t *automa, char *string_to_match
}
if(automa->automata_open) {
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
printf("[%s:%d] [NDPI] Internal error: please call ndpi_finalize_initialization()\n", __FILE__, __LINE__);
+#endif
return(-1);
}
@@ -6306,13 +6311,13 @@ void* ndpi_find_ipv4_category_userdata(struct ndpi_detection_module_struct *ndpi
u_int32_t saddr) {
ndpi_patricia_node_t *node;
- if(saddr == 0)
+ if(saddr == 0 || !ndpi_str || !ndpi_str->custom_categories.ipAddresses)
node = NULL;
else {
ndpi_prefix_t prefix;
ndpi_fill_prefix_v4(&prefix, (struct in_addr *) &saddr, 32,
- ((ndpi_patricia_tree_t *) ndpi_str->protocols_ptree)->maxbits);
+ ((ndpi_patricia_tree_t *) ndpi_str->custom_categories.ipAddresses)->maxbits);
node = ndpi_patricia_search_best(ndpi_str->custom_categories.ipAddresses, &prefix);
}
@@ -6816,7 +6821,7 @@ u_int32_t ndpi_bytestream_to_number(const u_int8_t *str, u_int16_t max_chars_to_
val = 0;
// cancel if eof, ' ' or line end chars are reached
- while(*str >= '0' && *str <= '9' && max_chars_to_read > 0) {
+ while(max_chars_to_read > 0 && *str >= '0' && *str <= '9') {
val *= 10;
val += *str - '0';
str++;
@@ -7302,7 +7307,7 @@ void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_s
/* ********************************************************************************* */
-u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow,
+u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_str,
u_int16_t counter) {
struct ndpi_packet_struct *packet = &ndpi_str->packet;
@@ -7499,18 +7504,6 @@ void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_str, str
/* ********************************************************************************* */
-void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow) {
- if(flow) {
- int a;
-
- for(a = 0; a < NDPI_PROTOCOL_SIZE; a++)
- flow->detected_protocol_stack[a] = NDPI_PROTOCOL_UNKNOWN;
- flow->confidence = NDPI_CONFIDENCE_UNKNOWN;
- }
-}
-
-/* ********************************************************************************* */
-
void NDPI_PROTOCOL_IP_clear(ndpi_ip_addr_t *ip) {
memset(ip, 0, sizeof(ndpi_ip_addr_t));
}
@@ -8331,7 +8324,7 @@ u_int16_t ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_
}
/* Add punycode check */
- if(ndpi_strnstr(string_to_match, "xn--", string_to_match_len)) {
+ if(ndpi_check_punycode_string(string_to_match, string_to_match_len)) {
char str[64] = { '\0' };
strncpy(str, string_to_match, ndpi_min(string_to_match_len, sizeof(str)-1));
@@ -8452,15 +8445,15 @@ const char *ndpi_get_gcrypt_version(void) {
}
ndpi_proto_defaults_t *ndpi_get_proto_defaults(struct ndpi_detection_module_struct *ndpi_str) {
- return(ndpi_str->proto_defaults);
+ return(ndpi_str ? ndpi_str->proto_defaults : NULL);
}
u_int ndpi_get_ndpi_num_supported_protocols(struct ndpi_detection_module_struct *ndpi_str) {
- return(ndpi_str->ndpi_num_supported_protocols);
+ return(ndpi_str ? ndpi_str->ndpi_num_supported_protocols : 0);
}
u_int ndpi_get_ndpi_num_custom_protocols(struct ndpi_detection_module_struct *ndpi_str) {
- return(ndpi_str->ndpi_num_custom_protocols);
+ return(ndpi_str ? ndpi_str->ndpi_num_custom_protocols : 0);
}
u_int ndpi_get_ndpi_detection_module_size() {
diff --git a/src/lib/ndpi_serializer.c b/src/lib/ndpi_serializer.c
index 17231a83b..efae73b05 100644
--- a/src/lib/ndpi_serializer.c
+++ b/src/lib/ndpi_serializer.c
@@ -1650,6 +1650,7 @@ int ndpi_serialize_binary_uint32(ndpi_serializer *_serializer,
if(ndpi_serialize_json_post(_serializer) != 0)
return(-1);
} else if(serializer->fmt == ndpi_serialization_format_csv) {
+#ifndef OPTIMIZE_CSV_SERIALIZATION
if (ndpi_serializer_header_string(serializer, key, klen) < 0) return(-1);
ndpi_serialize_csv_pre(serializer);
buff_diff = serializer->buffer.size - serializer->status.buffer.size_used;
@@ -1659,6 +1660,7 @@ int ndpi_serialize_binary_uint32(ndpi_serializer *_serializer,
if(rc < 0 || (u_int)rc >= buff_diff)
return(-1);
serializer->status.buffer.size_used += rc;
+#endif
} else {
if(value <= 0xff) {
serializer->buffer.data[serializer->status.buffer.size_used++] = (ndpi_serialization_string << 4) | ndpi_serialization_uint8;
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 27a197d0f..53ed95939 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -91,7 +91,7 @@ _Static_assert(sizeof(struct ndpi_str_hash) == sizeof(struct ndpi_str_hash_priva
int ndpi_check_punycode_string(char * buffer , int len) {
int i = 0;
- while(i++ < len) {
+ while(i++ < len - 3) {
if((buffer[i] == 'x')
&& (buffer[i+1] == 'n')
&& (buffer[i+2] == '-')
@@ -2717,7 +2717,8 @@ u_int8_t ndpi_is_encrypted_proto(struct ndpi_detection_module_struct *ndpi_str,
void ndpi_set_tls_cert_expire_days(struct ndpi_detection_module_struct *ndpi_str,
u_int8_t num_days) {
- ndpi_str->tls_certificate_expire_in_x_days = num_days;
+ if(ndpi_str)
+ ndpi_str->tls_certificate_expire_in_x_days = num_days;
}
/* ******************************************* */
Powered by cgit, Themed by Ted Yin.