From fb64346e28633055dac543bc0ef6f3c406d5bbd5 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Thu, 14 May 2020 09:49:47 +0200
Subject: Code clenup for PR #902

---
 src/lib/protocols/http.c | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 1e50f67f1..48dab0d38 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -85,10 +85,17 @@ static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_mo
     u_int app_len = sizeof("application");
 
     if(packet->content_line.len > app_len) {
-      if(ndpi_strncasestr((const char *)&packet->content_line.ptr[app_len], "mpeg",
-			  packet->content_line.len-app_len) != NULL) {
+      const char *app = (const char *)&packet->content_line.ptr[app_len];
+      u_int app_len_avail =  packet->content_line.len-app_len;
+       
+      if(ndpi_strncasestr(app, "mpeg", app_len_avail) != NULL) {
 	flow->guessed_category = flow->category = NDPI_PROTOCOL_CATEGORY_STREAMING;
 	return(flow->category);
+      } else if(ndpi_strncasestr(app, "exe", app_len_avail) != NULL) {
+	flow->guessed_category = flow->category = NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT;
+	NDPI_SET_BIT_16(flow->risk, NDPI_BINARY_APPLICATION_TRANSFER); 
+	NDPI_LOG_INFO(ndpi_struct, "found executable HTTP transfer\n");
+	return(flow->category);
       }
     }
 
@@ -412,16 +419,6 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
     NDPI_LOG_DBG2(ndpi_struct, "Content Type line found %.*s\n",
 		  packet->content_line.len, packet->content_line.ptr);
 
-    /*check for potentially dangerous http traffic and flag it*/
-    u_int app_len = sizeof("application");
-    if(packet->content_line.len > app_len) {
-      if(ndpi_strncasestr((const char *)&packet->content_line.ptr[app_len], "exe",
-        packet->content_line.len-app_len) != NULL) {
-          NDPI_SET_BIT_16(flow->risk, NDPI_BINARY_APPLICATION_TRANSFER); 
-          NDPI_LOG_INFO(ndpi_struct, "found executable HTTP transfer\n");
-      }
-    }
-
     if((flow->http.content_type == NULL) && (packet->content_line.len > 0)) {
       int len = packet->content_line.len + 1;
 
-- 
cgit v1.2.3