From dd75060932d476320b72113ee9f6527aac36a357 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Sun, 30 Aug 2020 12:25:15 +0200
Subject: Fixed false positive in suspicous user agent Optimized stddev
 calculation

---
 src/lib/ndpi_main.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'src/lib/ndpi_main.c')

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 5ee124ac7..de95726ef 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -55,7 +55,7 @@ extern u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev);
 
 static int _ndpi_debug_callbacks = 0;
 
-/* #define DGA_DEBUG 1   */
+/* #define DGA_DEBUG 1 */
 /* #define MATCH_DEBUG 1 */
 
 /* ****************************************** */
@@ -6644,7 +6644,12 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
     char tmp[128], *word, *tok_tmp;
 
     len = snprintf(tmp, sizeof(tmp)-1, "%s", name);
-    if(len < 0) return(0);
+    if(len < 0) {
+#ifdef DGA_DEBUG
+      printf("[DGA] Too short");
+#endif
+      return(0);
+    }
 
     for(i=0, j=0; (i<len) && (j<(sizeof(tmp)-1)); i++) {
 	tmp[j] = tolower(name[i]);
@@ -6709,6 +6714,9 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
        || (max_domain_element_len >= 19 /* word too long. Example bbcbedxhgjmdobdprmen.com */)
        ) {
       if(flow) NDPI_SET_BIT(flow->risk, NDPI_SUSPICIOUS_DGA_DOMAIN);
+#ifdef DGA_DEBUG
+      printf("[DGA] Found!");
+#endif
       return(1);
     }
 
@@ -6801,5 +6809,9 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
 #endif
   }
 
+#ifdef DGA_DEBUG
+  printf("[DGA] Result: %u", rc);
+#endif
+
   return(rc);
 }
-- 
cgit v1.2.3