aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Kerberos: fix some memory access errors (#1514)Ivan Nardi2022-04-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ``` ==19724==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60e00000045e at pc 0x5620b8b3d3cc bp 0x7ffe0fda6b50 sp 0x7ffe0fda6310 READ of size 2 at 0x60e00000045e thread T0 #0 0x5620b8b3d3cb in __interceptor_strncpy (/home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet_with_main+0x63f3cb) (BuildId: ee53ff920c8cd4c226d8520a0d4846d8864726b6) #1 0x5620b8d9b69c in strncpy_lower /home/ivan/svnrepos/nDPI/src/lib/protocols/kerberos.c:208:4 #2 0x5620b8d995a0 in krb_parse /home/ivan/svnrepos/nDPI/src/lib/protocols/kerberos.c:316:5 #3 0x5620b8d97a90 in ndpi_search_kerberos /home/ivan/svnrepos/nDPI/src/lib/protocols/kerberos.c:687:12 #4 0x5620b8bcef35 in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:4996:4 #5 0x5620b8bd1be8 in check_ndpi_udp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5072:10 #6 0x5620b8bd159c in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5105:12 #7 0x5620b8be323a in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5924:15 #8 0x5620b8b8f7e0 in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:24:3 #9 0x5620b8b8fd1b in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:84:17 #10 0x7f45b32b90b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 #11 0x5620b8acf47d in _start (/home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet_with_main+0x5d147d) (BuildId: ee53ff920c8cd4c226d8520a0d4846d8864726b6) 0x60e00000045e is located 0 bytes to the right of 158-byte region [0x60e0000003c0,0x60e00000045e) allocated by thread T0 here: #0 0x5620b8b5283e in malloc (/home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet_with_main+0x65483e) (BuildId: ee53ff920c8cd4c226d8520a0d4846d8864726b6) #1 0x5620b8b8fc86 in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:70:17 #2 0x7f45b32b90b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 ``` ``` protocols/kerberos.c:79:52: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' ``` Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46670 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46636
* Extended list of cybersecurity domainsLuca Deri2022-04-13
|
* fix(ndpi_main):Fix memory leak about ndpi_str; (#1513)Wayne2022-04-12
| | | Co-authored-by: 林文烽 <wenfeng.lin@baishan.com>
* TINC: fix invalid memory read (#1512)Ivan Nardi2022-04-10
| | | | | | | | | | | | | | | | | | | | | | | | | ``` ================================================================= ==19324==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60600061be96 at pc 0x55b4a4cb4460 bp 0x7ffc7b461a70 sp 0x7ffc7b461a68 READ of size 1 at 0x60600061be96 thread T0 #0 0x55b4a4cb445f in ndpi_check_tinc /home/ivan/svnrepos/nDPI/src/lib/protocols/tinc.c:105:9 #1 0x55b4a4cb1888 in ndpi_search_tinc /home/ivan/svnrepos/nDPI/src/lib/protocols/tinc.c:135:5 #2 0x55b4a4b4a6e1 in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5013:6 #3 0x55b4a4b4c2d4 in check_ndpi_tcp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5084:12 #4 0x55b4a4b4bf77 in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5103:12 #5 0x55b4a4b5dcca in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5924:15 #6 0x55b4a4a87734 in packet_processing /home/ivan/svnrepos/nDPI/example/reader_util.c:1519:31 #7 0x55b4a4a80761 in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/example/reader_util.c:2093:10 #8 0x55b4a4a39c8d in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:107:7 #9 0x55b4a4a3a46b in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:179:17 #10 0x7f69c63760b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 #11 0x55b4a497954d in _start (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader_with_main+0x61654d) (BuildId: 705ebc5c412d267294a65cb01f03a1f012aeaf20) 0x60600061be96 is located 0 bytes to the right of 54-byte region [0x60600061be60,0x60600061be96) allocated by thread T0 here: [...] ``` Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46499
* Improved ASN.1 parsing for Keberos. Fixes #1492. (#1497)Toni2022-04-10
| | | | | | * This is a quick fix, the Kerberos protocol dissector requires some refactoring effort. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> Signed-off-by: lns <matzeton@googlemail.com>
* QUIC: handle retransmissions and overlapping fragments in reassembler ↵Vinicius Silva Nogueira2022-04-07
| | | | | | | | | | | | | | | | | | | | | (#1195) (#1498) * QUIC: handle retransmissions and overlapping fragments in reassembler * Trigger CI * minor fix: parentheses * Changing ndpi_malloc to ndpi_calloc * fix memory leak * quic_reasm_buf calloc to malloc * change order of is_ch_complete && is_reasm_buf_complete call * is_reasm_buf_complete: added handling for case where frame size is not multiple of 8 * add extra check
* Fix JSON-C.aouinizied2022-04-07
|
* Python bindings fix.aouinizied2022-04-07
|
* Added ndpi_find_outliers() API call using Z-ScoreLuca Deri2022-04-04
|
* Added -z flagLuca Deri2022-04-03
|
* ndpiReader: fix compilation (#1510)Ivan Nardi2022-04-01
| | | | Not sure why Windows started complaining... anyway, the fixes has been taken from https://github.com/ntop/nDPI/pull/1491: credits to @lnslbrty
* Removed un-necessary guess in miningLuca Deri2022-04-01
|
* updateLuca Deri2022-04-01
|
* Fixed incompatibilities due to https://github.com/ntop/nDPI/pull/1509Luca Deri2022-04-01
|
* DGA improvementsLuca Deri2022-04-01
|
* Waring fixesLuca Deri2022-04-01
|
* ndpireader: add json output back. (#1509)Vitaliy Ivanov2022-04-01
| | | | | | | | | | | | | | | | - partial revert of: commit 51cfdfb0d80a7bbcc11bc3b95d1696d8dae900c2 Author: Luca Deri <deri@ntop.org> Date: Sun Nov 17 17:51:45 2019 +0100 Removed unused JSON-C code - Json option is changed from 'j' to 'k' as it's used in the new codebase. - use HAVE_LIBJSON_C instead of HAVE_JSON_C. - tabs vs spaces clean ups. Signed-off-by: Vitaliy Ivanov <vitaliyi@interfacemasters.com> Conflicts: example/ndpiReader.c
* Improvements for CUSTOM_NDPI_PROTOCOLSLuca Deri2022-04-01
|
* Moved geneated file to a separate folderLuca Deri2022-04-01
|
* Improved twitter detectionLuca Deri2022-04-01
|
* Removed SRV record from suspicious DNS trafficLuca Deri2022-03-31
|
* Improved DGA detectionLuca Deri2022-03-31
|
* [autoconf] Fixed .git submodule detection test. (#1507)Darryl Sokoloski2022-03-31
| | | Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
* Added code for identifiying anomalies with metrics stored in InfluxDBLuca Deri2022-03-30
|
* reader_util: add support for userAgent in SSDP (#1502)Ivan Nardi2022-03-28
| | | | Update unit tests results Follow-up of d668ab4b
* Add support for Pluralsight site (#1503)Ivan Nardi2022-03-27
|
* Fix CI tests results (#1504)Ivan Nardi2022-03-27
| | | CI integration is failing since 856d7d2.
* Reducing the size of the ndpi_detection_module_struct structure. (#1490)Vitaly Lavrov2022-03-27
| | | | | | | | | | | | | | The ndpi_detection_module_struct structure contains 5 arrays "struct ndpi_call_function_struct" size 286*144=41 kB size, which are occupied by a small number of elements. At the moment we have callback_buffer_size = 172, tcp_with_payload=114, tcp_no_payload=8, udp=93, other 8. NDPI_MAX_SUPPORTED_PROTOCOLS = 285. Size of struct ndpi_detection_module_struct is 253136 bytes. Size of all structs ndpi_call_function_struct 5*286*144=205920 bytes. Real use memory size for struct ndpi_call_function_struct is (173+224)*144=57168 bytes.
* [SSDP] Extract HTTP user-agent when available. (#1500)Darryl Sokoloski2022-03-27
| | | | | | [SSDP] Added capture file with UA header. [SSDP] Added pcap test output log file. Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
* Improved DGA detection skipping names containign at least 3 consecutive ↵Luca Deri2022-03-26
| | | | digits in the first word
* QUIC: add support for version 2 draft 01 (#1493)Ivan Nardi2022-03-25
| | | | | | Support for v2-00 has been removed (it has never been used in real networks and it is incompatible with v2-01). Chrome already supports v2-01 in latest versions in Chrome Beta channel.
* Mining: cleanup registration (#1496)Ivan Nardi2022-03-25
| | | | | Use the same pattern of all the other dissectors: one registration and one callback. Spotted by @dsokoloski
* Trying to improve QUIC reassembler (#1195) (#1489)Vinicius Silva Nogueira2022-03-24
| | | | | | | | | | | * handling QUIC out-of-order fragments * minor fix * updated quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out * quic test: buf_len + last_pos * QUIC: comment update in __reassemble function and minor change is_ch_complete function
* Update Python bindings guide.aouinizied2022-03-22
|
* Fix typo.aouinizied2022-03-22
|
* Add HOWTO Python.aouinizied2022-03-22
|
* Fix python bindings CI.aouinizied2022-03-22
|
* Complete rework of nDPI Python bindings (cffi API, automatic generation, ↵aouinizied2022-03-22
| | | | packaging and CI integration)
* Extended the list of cybersecurity protocolLuca Deri2022-03-21
|
* Bug fixing. (#1487)Vitaly Lavrov2022-03-15
| | | Using the protocol_id instead of its index.
* QUIC: convert logs to standard mechanism (#1485)Ivan Nardi2022-03-15
|
* QUIC: fix dissection of draft-34 (#1484)dev-1Ivan Nardi2022-03-09
| | | | QUIC-34 is probably not used in production, but fixing it is trivial and it doesn't add any noise to the already complex QUIC code.
* Extend tests coverage (#1476)Ivan Nardi2022-03-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now there is at least one flow under `tests/pcap` for 249 protocols out of the 284 ones supported by nDPI. The 35 protocols without any tests are: * P2P/sharing protocols: DIRECT_DOWNLOAD_LINK, OPENFT, FASTTRACK, EDONKEY, SOPCAST, THUNDER, APPLEJUICE, DIRECTCONNECT, STEALTHNET * games: CSGO, HALFLIFE2, ARMAGETRON, CROSSFIRE, DOFUS, FIESTA, FLORENSIA, GUILDWARS, MAPLESTORY, WORLD_OF_KUNG_FU * voip/streaming: VHUA, ICECAST, SHOUTCAST, TVUPLAYER, TRUPHONE * other: AYIYA, SOAP, TARGUS_GETDATA, RPC, ZMQ, REDIS, VMWARE, NOE, LOTUS_NOTES, EGP, SAP Most of these protocols (expecially the P2P and games ones) have been inherited by OpenDPI and have not been updated since then: even if they are still used, the detection rules might be outdated. However code coverage (of `lib/protocols`) only increases from 65.6% to 68.9%. Improve Citrix, Corba, Fix, Aimini, Megaco, PPStream, SNMP and Some/IP dissection. Treat IPP as a HTTP sub protocol. Fix Cassandra false positives. Remove `NDPI_PROTOCOL_QQLIVE` and `NDPI_PROTOCOL_REMOTE_SCAN`: these protocol ids are defined but they are never used. Remove Collectd support: its code has never been called. If someone is really interested in this protocol, we can re-add it later, updating the dissector. Add decoding of PPI (Per-Packet Information) data link type.
* Improved ASN/IP update scripts and CI integration. (#1474)Toni2022-03-09
| | | | | * CI will print a warning if ASN/IP addresses changed. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Implement CI on Windows. (#1483)Zied Aouini2022-03-09
| | | | * Switch fail fast to True. * Windows CI.
* Some small fixes (#1481)Ivan Nardi2022-03-08
| | | | | | FTP: if the authentication fails, stop analyzing the flow WSD: call the initialization routine; the dissector code has never been triggered MINING: fix dissection
* Extracting the Azure Origin url from the download link (#1480)sharonenoch2022-03-08
| | | | | | | * Extracting the Azure Origin url from the download link * Response code check to address double quotes Co-authored-by: Sharon Enoch <sharone@amzetta.com>
* Errors fixed (#1482)Vitaly Lavrov2022-03-08
| | | | | | | | | | | | | | | Fixed errors for bigendian platforms in ndpiReader. All address and port comparisons and hash calculations are done with endian in mind. The get_ndpi_flow_info() function searched for an existing flow for the forward and reverse direction of the packet. The ndpi_workflow_node_cmp() function looked for a flow regardless of the packet's direction. This is what led to an error in determining the direction of transmission of the packet. Fixed error in "synscan" test: the number of packets in the forward and reverse direction is incorrectly defined (verified via tcpdump). Fixed bug with icmp protocol checksum check for big endian platforms.
* EthernetIP: fix integer conversion on big-endian archs (#1477)Ivan Nardi2022-03-05
|
* Fixed a bug for BE architectures (#1478)Vitaly Lavrov2022-03-05
| | | Fixed a bug in the internal implementation of libgcrypt for bigendian architectures
Powered by cgit, Themed by Ted Yin.