From fb3fc0c6de201a2ab34b6f7ce4d5dfc2c54c3b5e Mon Sep 17 00:00:00 2001 From: theirix Date: Tue, 12 Apr 2016 22:08:30 +0300 Subject: Fixed buffer overflows with safe str search 1. Detected a lot of memory errors using address sanitizer and ndpi-scapy tool. 2. Added ndpi_match_prefix function that compares strings with taking care of payload packet len. Almost drop-in replacement for match_first_bytes function. 3. Replaced unsafe match_first_bytes usage with a ndpi_match_prefix and additional length checks. --- src/lib/ndpi_main.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src/lib/ndpi_main.c') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 845c56c63..8fe3a54d7 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4339,6 +4339,16 @@ char* ndpi_strnstr(const char *s, const char *find, size_t slen) { /* ****************************************************** */ +int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len, + const char *str, size_t str_len) +{ + return str_len <= payload_len + ? memcmp(payload, str, str_len) == 0 + : 0; +} + +/* ****************************************************** */ + int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *string_to_match, u_int string_to_match_len, u_int8_t is_host_match) { -- cgit v1.2.3