From b1d25193d221be8fd6c0a51059b06a8d313774f7 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 11 Jul 2023 22:49:06 +0200 Subject: Minor code cleanup --- src/lib/protocols/http.c | 77 +++++++++++++++++++++++++----------------------- 1 file changed, 40 insertions(+), 37 deletions(-) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index f54c3e077..926b7f032 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -290,33 +290,36 @@ static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_mo if(packet->content_disposition_line.len > attachment_len) { u_int8_t filename_len = packet->content_disposition_line.len - attachment_len; int i; - - if(packet->content_disposition_line.ptr[attachment_len] == '\"'){ - if(packet->content_disposition_line.ptr[packet->content_disposition_line.len-1] != '\"'){ - //case: filename="file_name - flow->http.filename = ndpi_malloc(filename_len); - if(flow->http.filename != NULL){ - flow->http.filename = strncpy(flow->http.filename, (char*)packet->content_disposition_line.ptr+attachment_len+1, filename_len-1); - flow->http.filename[filename_len-1] = '\0'; - } - } - else{ - //case: filename="file_name" - flow->http.filename = ndpi_malloc(filename_len-1); - if(flow->http.filename != NULL){ - flow->http.filename = strncpy(flow->http.filename, (char*)packet->content_disposition_line.ptr+attachment_len+1, filename_len-2); - flow->http.filename[filename_len-2] = '\0'; - } - } - } - else{ - //case: filename=file_name - flow->http.filename = ndpi_malloc(filename_len+1); - if(flow->http.filename != NULL){ - flow->http.filename = strncpy(flow->http.filename, (char*)packet->content_disposition_line.ptr+attachment_len, filename_len); - flow->http.filename[filename_len] = '\0'; - } - } + + if(packet->content_disposition_line.ptr[attachment_len] == '\"') { + if(packet->content_disposition_line.ptr[packet->content_disposition_line.len-1] != '\"') { + //case: filename="file_name + flow->http.filename = ndpi_malloc(filename_len); + if(flow->http.filename != NULL) { + strncpy(flow->http.filename, (char*)packet->content_disposition_line.ptr+attachment_len+1, filename_len-1); + flow->http.filename[filename_len-1] = '\0'; + } + } + else{ + //case: filename="file_name" + flow->http.filename = ndpi_malloc(filename_len-1); + + if(flow->http.filename != NULL) { + strncpy(flow->http.filename, (char*)packet->content_disposition_line.ptr+attachment_len+1, + filename_len-2); + flow->http.filename[filename_len-2] = '\0'; + } + } + } + else{ + //case: filename=file_name + flow->http.filename = ndpi_malloc(filename_len+1); + + if(flow->http.filename != NULL) { + strncpy(flow->http.filename, (char*)packet->content_disposition_line.ptr+attachment_len, filename_len); + flow->http.filename[filename_len] = '\0'; + } + } if(filename_len > ATTACHMENT_LEN) { attachment_len += filename_len-ATTACHMENT_LEN-1; @@ -444,7 +447,7 @@ static void ndpi_http_parse_subprotocol(struct ndpi_detection_module_struct *ndp flow->host_server_name, strlen(flow->host_server_name)); } - + if(flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN && packet->http_origin.len > 0) { ndpi_protocol_match_result ret_match; @@ -533,8 +536,8 @@ static void ndpi_check_user_agent(struct ndpi_detection_module_struct *ndpi_stru char *double_slash; if((!ua) || (ua[0] == '\0')) - return; - + return; + if (ua_len > 12) { size_t i, upper_case_count = 0; @@ -740,7 +743,7 @@ static void ndpi_check_http_server(struct ndpi_detection_module_struct *ndpi_str const char *server, u_int server_len) { if(server_len > 7) { u_int off; - + if((strncasecmp(server, "Apache/", off = 7) == 0) /* X.X.X */ || (strncasecmp(server, "nginx/", off = 6) == 0) /* X.X.X */) { u_int i, j, a, b, c; @@ -748,12 +751,12 @@ static void ndpi_check_http_server(struct ndpi_detection_module_struct *ndpi_str for(i=off, j=0; (iserver_line.ptr != NULL) ndpi_check_http_server(ndpi_struct, flow, (const char *)packet->server_line.ptr, packet->server_line.len); - + if(packet->user_agent_line.ptr != NULL) { http_process_user_agent(ndpi_struct, flow, packet->user_agent_line.ptr, packet->user_agent_line.len); } @@ -1039,14 +1042,14 @@ static const char* suspicious_http_header_keys_T[] = { "TLS_version", NULL}; static const char* suspicious_http_header_keys_U[] = { "Uuid", NULL}; static const char* suspicious_http_header_keys_X[] = { "X-Hire-Me", NULL}; -static int is_a_suspicious_header(const char* suspicious_headers[], struct ndpi_int_one_line_struct packet_line){ +static int is_a_suspicious_header(const char* suspicious_headers[], struct ndpi_int_one_line_struct packet_line) { int i; unsigned int header_len; const u_int8_t* header_limit; if((header_limit = memchr(packet_line.ptr, ':', packet_line.len))) { header_len = header_limit - packet_line.ptr; - for(i=0; suspicious_headers[i] != NULL; i++){ + for(i=0; suspicious_headers[i] != NULL; i++) { if(!strncasecmp((const char*) packet_line.ptr, suspicious_headers[i], header_len)) return 1; @@ -1066,7 +1069,7 @@ static void ndpi_check_http_header(struct ndpi_detection_module_struct *ndpi_str for(i=0; (i < packet->parsed_lines) && (packet->line[i].ptr != NULL) && (packet->line[i].len > 0); i++) { - switch(packet->line[i].ptr[0]){ + switch(packet->line[i].ptr[0]) { case 'A': if(is_a_suspicious_header(suspicious_http_header_keys_A, packet->line[i])) { char str[64]; -- cgit v1.2.3