From 2ab0433aca70bf591941df946f7605306bd0d407 Mon Sep 17 00:00:00 2001
From: Luca <deri@ntop.org>
Date: Thu, 31 Oct 2019 09:31:26 +0100
Subject: Updated content-type parsing

---
 src/lib/ndpi_main.c                  | 4 ++--
 tests/result/KakaoTalk_talk.pcap.out | 3 +--
 tests/result/anyconnect-vpn.pcap.out | 5 +----
 tests/result/netflix.pcap.out        | 4 +---
 4 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 7a2d5a01e..e71ca668e 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -5096,10 +5096,10 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_str,
 	int i;
 
 	for(i=0; separator[i] != '\0'; i++) {	
-	  char *c = strchr((char*)packet->content_line.ptr, separator[i]);
+	  char *c = memchr((char*)packet->content_line.ptr, separator[i], packet->content_line.len);
 	  
 	  if(c != NULL)
-	  packet->content_line.len = c - (char*)packet->content_line.ptr;
+	    packet->content_line.len = c - (char*)packet->content_line.ptr;
 	}
       }
       
diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out
index 065143677..897b19d73 100644
--- a/tests/result/KakaoTalk_talk.pcap.out
+++ b/tests/result/KakaoTalk_talk.pcap.out
@@ -20,8 +20,7 @@ JA3 Host Stats:
 	5	TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][15 pkts/2932 bytes <-> 14 pkts/1092 bytes][bytes ratio: 0.457 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 140.8/117.3 494/295 163.1/91.9][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 195.5/78.0 735/189 228.1/34.6][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 07dddc59e60135c7b479d39c3ae686af][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA]
 	6	UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][12 pkts/1692 bytes <-> 10 pkts/1420 bytes][bytes ratio: 0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1062/3176 4202.8/4246.6 4716/5160 1130.8/719.3][Pkt Len c2s/s2c min/avg/max/stddev: 122/142 141.0/142.0 150/142 6.1/0.0]
 	7	UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][11 pkts/1542 bytes <-> 11 pkts/1542 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1105/1052 4266.5/3766.4 4903/4991 1244.7/1143.7][Pkt Len c2s/s2c min/avg/max/stddev: 122/122 140.2/140.2 142/142 5.7/5.7]
-	8	TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com][bytes ratio: 0.294 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/51 406.0/438.7 2019/1166 732.2/514.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 139.6/87.1 665/262 198.8/71.4][URL: hkminorshort.weixin.qq.comhttp://hkminorshort.weixin.qq.com/cgi-bin/micromsg-bin/rtkvreport][StatusCode: 200][ContentType: application/octet-stream
-Content-Disposition: attachment][UserAgent: MicroMessenger Client][PLAIN TEXT (POST http)]
+	8	TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com][bytes ratio: 0.294 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/51 406.0/438.7 2019/1166 732.2/514.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 139.6/87.1 665/262 198.8/71.4][URL: hkminorshort.weixin.qq.comhttp://hkminorshort.weixin.qq.com/cgi-bin/micromsg-bin/rtkvreport][StatusCode: 200][ContentType: application/octet-stream][UserAgent: MicroMessenger Client][PLAIN TEXT (POST http)]
 	9	TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][cat: Web/5][6 pkts/543 bytes <-> 5 pkts/945 bytes][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 77/47 4920.2/8061.3 17431/17434 6679.4/7162.9][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 90.5/189.0 130/504 24.3/164.1]
 	10	TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][cat: Web/5][3 pkts/1044 bytes <-> 2 pkts/154 bytes]
 	11	TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][cat: Web/5][2 pkts/225 bytes <-> 2 pkts/171 bytes][PLAIN TEXT (xiaomi.com)]
diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out
index 887b740b7..9a97186a2 100644
--- a/tests/result/anyconnect-vpn.pcap.out
+++ b/tests/result/anyconnect-vpn.pcap.out
@@ -31,10 +31,7 @@ JA3 Host Stats:
 	8	ICMPV6 [fe80::2e7e:81ff:feb0:4aa1]:0 -> [ff02::1]:0 [proto: 102/ICMPV6][cat: Network/14][16 pkts/2784 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2867/0 3027.8/0.0 3072/0 84.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 174.0/0.0 174/0 0.0/0.0]
 	9	TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][cat: Web/5][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Host: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4.0/3.7 9/6 3.2/1.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108.3/333.6 308/1206 89.4/442.2][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][ContentType: text/xml][UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)]
 	10	TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][cat: Web/5][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Host: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694.2/6150.7 10081/10078 4344.1/4052.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 162.7/258.0 368/450 145.3/192.0][URL: detectportal.firefox.com/success.txt][StatusCode: 200][ContentType: ][UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)]
-	11	TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 7/HTTP][cat: Web/5][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Host: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2.3/3.0 6/3 2.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131.8/467.0 317/1261 107.1/561.5][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 200][ContentType: application/xml
-
-<?xml version="1.0"?>
-<root xmlns="urn:sche][UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][PLAIN TEXT (HGET /ssdp/device)]
+	11	TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 7/HTTP][cat: Web/5][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Host: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2.3/3.0 6/3 2.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131.8/467.0 317/1261 107.1/561.5][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 200][ContentType: application/xml][UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][PLAIN TEXT (HGET /ssdp/device)]
 	12	UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][9 pkts/1628 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174.0/0.0 11263/0 3646.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 180.9/0.0 206/0 23.9/0.0][PLAIN TEXT (companion)]
 	13	UDP 10.0.0.227:137 -> 10.0.0.255:137 [proto: 10/NetBIOS][cat: System/18][15 pkts/1542 bytes -> 0 pkts/0 bytes][Host: lp-rkerur-osx][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 464.8/0.0 1499/0 677.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 102.8/0.0 110/0 8.8/0.0][PLAIN TEXT ( EMFACNFCELEFFC)]
 	14	TCP 10.0.0.227:56914 <-> 52.37.243.173:443 [proto: 91.178/TLS.Amazon][cat: Web/5][8 pkts/847 bytes <-> 7 pkts/651 bytes][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/1 3340.0/2604.6 9634/9670 4129.5/3611.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 105.9/93.0 131/129 30.9/31.2]
diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out
index d8f56eed5..755c76a9b 100644
--- a/tests/result/netflix.pcap.out
+++ b/tests/result/netflix.pcap.out
@@ -26,9 +26,7 @@ JA3 Host Stats:
 	15	TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Host: art-1.nflximg.net][bytes ratio: -0.942 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 27.5/35.1 45/81 10.3/18.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101.8/1414.4 311/1514 64.1/365.9][URL: art-1.nflximg.net/8b1fa/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /8b)]
 	16	TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 267.2/77.0 1392/465 371.7/115.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83.7/1294.6 424/1514 62.8/489.1][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=114897][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (czGET /range/0)]
 	17	TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Host: art-1.nflximg.net][bytes ratio: -0.911 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 166.5/93.7 1389/1416 393.8/299.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97.4/1336.5 311/1514 80.8/428.1][URL: art-1.nflximg.net/4e36d/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /4e)]
-	18	TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Host: appboot.netflix.com][bytes ratio: -0.781 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3092.2/20.9 30728/135 9212.0/28.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241.7/1136.3 1514/1514 404.6/584.3][URL: appboot.netflix.com/appboot/NFAPPL-02-][StatusCode: 200][ContentType: application/x-msl+json
-Date: Fri, 13 Jan 2017 14:50:48 GMT
-Se][UserAgent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][PLAIN TEXT (POST /appboot/NFAPPL)]
+	18	TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Host: appboot.netflix.com][bytes ratio: -0.781 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3092.2/20.9 30728/135 9212.0/28.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241.7/1136.3 1514/1514 404.6/584.3][URL: appboot.netflix.com/appboot/NFAPPL-02-][StatusCode: 200][ContentType: application/x-msl+json][UserAgent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][PLAIN TEXT (POST /appboot/NFAPPL)]
 	19	TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 253.5/199.3 1162/1131 295.3/282.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.8/1202.6 424/1514 61.0/563.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=420981][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /range/0)]
 	20	TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/4 245.2/164.8 985/775 248.3/180.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.0/1202.6 423/1514 71.0/563.7][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /range/0)]
 	21	TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2571 bytes <-> 22 pkts/28042 bytes][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 264.6/325.6 1355/1382 336.5/386.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.9/1274.6 423/1514 62.5/516.6][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /range/0)]
-- 
cgit v1.2.3