aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_domains.c
Commit message (Collapse)AuthorAge
* Implemented ndpi_strrstr()Luca Deri2024-09-19
| | | | Fixed bug in ndpi_get_host_domain
* Fix a memory access error and some leaks (#2425)Ivan Nardi2024-05-08
| | | | | | | | | | | | | | | | | | | | | ``` SCARINESS: 12 (1-byte-read-heap-buffer-overflow) #0 0x557f3a5b5100 in ndpi_get_host_domain /src/ndpi/src/lib/ndpi_domains.c:158:8 #1 0x557f3a59b561 in ndpi_check_dga_name /src/ndpi/src/lib/ndpi_main.c:10412:17 #2 0x557f3a51163a in process_chlo /src/ndpi/src/lib/protocols/quic.c:1467:7 #3 0x557f3a469f4b in LLVMFuzzerTestOneInput /src/ndpi/fuzz/fuzz_quic_get_crypto_data.c:44:7 #4 0x557f3a46abc8 in NaloFuzzerTestOneInput (/out/fuzz_quic_get_crypto_data+0x4cfbc8) ``` Some notes about the leak: if the insertion into the uthash fails (because of an allocation failure), we need to free the just allocated entry. But the only way to check if the `HASH_ADD_*` failed, is to perform a new lookup: a bit costly, but we don't use that code in the fast-path. See also efb261a95c5a Credits for finding the issues to Philippe Antoine (@catenacyber) and his `nallocfuzz` fuzzing engine See: https://github.com/catenacyber/nallocfuzz See: https://github.com/google/oss-fuzz/pull/9902
* Fix parameters checkNardi Ivan2024-04-21
| | | | | | | | | | | | | | | ``` ==17==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000546050 bp 0x7fff113c82a0 sp 0x7fff113c7a58 T0) ==17==The signal is caused by a READ memory access. ==17==Hint: address points to the zero page. SCARINESS: 10 (null-deref) #0 0x546050 in __sanitizer::internal_strlen(char const*) /src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_libc.cpp:167:10 #1 0x4c6ba5 in __interceptor_strrchr /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:740:5 #2 0x5fb9b9 in ndpi_get_host_domain_suffix /src/ndpi/src/lib/ndpi_domains.c:105:20 #3 0x578058 in LLVMFuzzerTestOneInput /src/ndpi/fuzz/fuzz_config.cpp:503:3 ``` Found while fuzzing
* Domain Classification Improvements (#2396)Luca Deri2024-04-18
| | | | | | | | | | | | | | | | | | | * Added size_t ndpi_compress_str(const char * in, size_t len, char * out, size_t bufsize); size_t ndpi_decompress_str(const char * in, size_t len, char * out, size_t bufsize); used to compress short strings such as domain names. This code is based on https://github.com/Ed-von-Schleck/shoco * Major code rewrite for ndpi_hash and ndpi_domain_classify * Improvements to make sure custom categories are loaded and enabled * Fixed string encoding * Extended SalesForce/Cloudflare domains list
* Invalid initializationLuca Deri2024-04-15
|
* Fixed minor glitchesLuca Deri2024-04-15
|
* Fix function parameters check on domain code (#2296)Ivan Nardi2024-02-01
| | | Found while fuzzing fuzz_config
* Fixed warningLuca Deri2024-01-27
|
* Fixed loading of non-ICANN domains that caused false positives with ↵Luca Deri2024-01-27
| | | | | | ndpi_load_domain_suffixes Minor hash optimization
* fuzz: fuzz_config: we need bigegr inputs (#2285)Ivan Nardi2024-01-25
|
* fuzz: extend fuzzing coverage (#2281)Ivan Nardi2024-01-24
|
* Added ndpi_get_host_domain() for returning the host domainLuca2024-01-16
| | | | vs ndpi_get_host_domain_prefix() that instead returnd the host TLD
* Added ndpi tracingLuca2024-01-15
|
* Added new API callsLuca2024-01-15
- ndpi_load_domain_suffixes() - ndpi_get_host_domain_suffix() whose goal is to find the domain name of a hostname. Example: www.bbc.co.uk -> co.uk mail.apple.com -> com
Powered by cgit, Themed by Ted Yin.