diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_api.h | 8 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 19 | ||||
| -rw-r--r-- | src/lib/protocols/ssl.c | 42 |
3 files changed, 52 insertions, 17 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index fd1f5bb83..a459f63f6 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -33,6 +33,14 @@ extern "C" { #endif /** + * This function check if a string is encoded with punycode + + * ( https://tools.ietf.org/html/rfc3492 ) + * @return 1 if the string is punycoded; else 0 + */ + int check_punycode_string(char * buff , int len); + + /** * This function returns the size of the flow struct * @return the size of the flow struct */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 1b9d4c1f6..bafada4d4 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -38,6 +38,25 @@ #include "third_party/include/ndpi_patricia.h" #include "third_party/src/ndpi_patricia.c" + +/* implementation of the punycode check function */ +int check_punycode_string(char * buffer , int len) +{ + int i = 0; + + while(i++ < len) + { + if( buffer[i] == 'x' && + buffer[i+1] == 'n' && + buffer[i+2] == '-' && + buffer[i+3] == '-' ) + // is a punycode string + return 1; + } + // not a punycode string + return 0; +} + /* ftp://ftp.cc.uoc.gr/mirrors/OpenBSD/src/lib/libc/stdlib/tsearch.c */ /* find or insert datum into search tree */ void * diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index bc0aa4f3c..2269ae782 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -92,11 +92,12 @@ static void ndpi_int_ssl_add_connection(struct ndpi_detection_module_struct *ndp ((ch) >= '{' && (ch) <= '~')) static void stripCertificateTrailer(char *buffer, int buffer_len) { - int i; + + int i, is_puny; // printf("->%s<-\n", buffer); - for(i=0; i<buffer_len; i++) { + for(i = 0; i < buffer_len; i++) { // printf("%c [%d]\n", buffer[i], buffer[i]); if((buffer[i] != '.') @@ -110,21 +111,28 @@ static void stripCertificateTrailer(char *buffer, int buffer_len) { } } - if(i > 0) i--; - - while(i > 0) { - if(!ndpi_isalpha(buffer[i])) { - buffer[i] = '\0'; - buffer_len = i; - i--; - } else - break; - } - - for(i=buffer_len; i>0; i--) { - if(buffer[i] == '.') break; - else if(ndpi_isdigit(buffer[i])) - buffer[i] = '\0', buffer_len = i; + /* check for punycode encoding */ + is_puny = check_punycode_string(buffer, buffer_len); + + // not a punycode string - need more checks + if(is_puny == 0) { + + if(i > 0) i--; + + while(i > 0) { + if(!ndpi_isalpha(buffer[i])) { + buffer[i] = '\0'; + buffer_len = i; + i--; + } else + break; + } + + for(i = buffer_len; i > 0; i--) { + if(buffer[i] == '.') break; + else if(ndpi_isdigit(buffer[i])) + buffer[i] = '\0', buffer_len = i; + } } } |