From c1baf1516de5fc0cd122e4693f4774b0fd4b627b Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Wed, 15 Apr 2020 15:50:58 +0200 Subject: Adds bound check for TZSP --- example/reader_util.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'example/reader_util.c') diff --git a/example/reader_util.c b/example/reader_util.c index 97aa940bd..e5aa7478b 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1745,6 +1745,9 @@ ether_type_check: } } else if((sport == TZSP_PORT) || (dport == TZSP_PORT)) { /* https://en.wikipedia.org/wiki/TZSP */ + if (header->caplen < ip_offset + ip_len + sizeof(struct ndpi_udphdr) + 4) + return(nproto); /* Too short for TZSP*/ + u_int offset = ip_offset+ip_len+sizeof(struct ndpi_udphdr); u_int8_t version = packet[offset]; u_int8_t ts_type = packet[offset+1]; -- cgit v1.2.3 From cf47ba234a59db325a382db4bbdf10187f93eb9a Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Wed, 15 Apr 2020 16:19:57 +0200 Subject: Use ndpi_handle_ipv6_extension_headers in reader_util --- example/reader_util.c | 9 ++++----- src/include/ndpi_main.h | 4 ++++ src/lib/ndpi_main.c | 2 +- 3 files changed, 9 insertions(+), 6 deletions(-) (limited to 'example/reader_util.c') diff --git a/example/reader_util.c b/example/reader_util.c index e5aa7478b..8b7bc1c75 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1691,12 +1691,11 @@ ether_type_check: return(nproto); /* Too short for IPv6 header*/ iph6 = (struct ndpi_ipv6hdr *)&packet[ip_offset]; proto = iph6->ip6_hdr.ip6_un1_nxt; - ip_len = sizeof(struct ndpi_ipv6hdr); + ip_len = ntohs(iph6->ip6_hdr.ip6_un1_plen); - if(proto == IPPROTO_DSTOPTS /* IPv6 destination option */) { - u_int8_t *options = (u_int8_t*)&packet[ip_offset+ip_len]; - proto = options[0]; - ip_len += 8 * (options[1] + 1); + const u_int8_t *l4ptr = (((const u_int8_t *) iph6) + sizeof(struct ndpi_ipv6hdr)); + if(ndpi_handle_ipv6_extension_headers(NULL, &l4ptr, &ip_len, &proto) != 0) { + return(nproto); } iph = NULL; diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 9335f2151..f81e37c7c 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -150,6 +150,10 @@ extern "C" { #define ndpi_match_strprefix(payload, payload_len, str) \ ndpi_match_prefix((payload), (payload_len), (str), (sizeof(str)-1)) +#ifdef NDPI_DETECTION_SUPPORT_IPV6 + int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struct *ndpi_str, const u_int8_t ** l4ptr, u_int16_t * l4len, u_int8_t * nxt_hdr); +#endif + #ifdef __cplusplus } #endif diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 88b4fecaf..b0fbcf9b7 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3645,7 +3645,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n * nxt_hdr: protocol of the actual payload * returns 0 upon success and 1 upon failure */ -static int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struct *ndpi_str, const u_int8_t ** l4ptr, u_int16_t * l4len, u_int8_t * nxt_hdr) +int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struct *ndpi_str, const u_int8_t ** l4ptr, u_int16_t * l4len, u_int8_t * nxt_hdr) { while((*nxt_hdr == 0 || *nxt_hdr == 43 || *nxt_hdr == 44 || *nxt_hdr == 60 || *nxt_hdr == 135 || *nxt_hdr == 59)) { u_int16_t ehdr_len; -- cgit v1.2.3