From 0fe81c842f355b81ac48aa5f999ebf6760483e12 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Fri, 14 Mar 2025 15:13:29 +0100
Subject: TLS: avoid sub-classification for RDP flows (#2769)

These flows are already classified as TLS.RDP.
This change also fix a memory leak

```
Direct leak of 62 byte(s) in 1 object(s) allocated from:
   #0 0x5883d762429f in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3
   #1 0x5883d76fe46a in ndpi_malloc ndpi/src/lib/ndpi_memory.c:57:46
   #2 0x5883d76fe46a in ndpi_strdup ndpi/src/lib/ndpi_memory.c:110:13
   #3 0x5883d77adcd6 in ndpi_compute_ja4 ndpi/src/lib/protocols/tls.c:2298:46
   #4 0x5883d77ab2ec in processClientServerHello ndpi/src/lib/protocols/tls.c:3314:10
   #5 0x5883d77a4c51 in processTLSBlock ndpi/src/lib/protocols/tls.c:1319:5
```
Found by oss-fuzz.
See: https://oss-fuzz.com/testcase-detail/5244512192757760
---
 src/lib/protocols/rdp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/protocols/rdp.c')

diff --git a/src/lib/protocols/rdp.c b/src/lib/protocols/rdp.c
index 5831c01b7..23e50af63 100644
--- a/src/lib/protocols/rdp.c
+++ b/src/lib/protocols/rdp.c
@@ -91,7 +91,7 @@ static void ndpi_search_rdp(struct ndpi_detection_module_struct *ndpi_struct,
 	    if((rdp_requested_proto & 0x1) == 0x1) {
 	      /* RDP Response + Client Hello + Server hello */
 	      flow->max_extra_packets_to_check = 5;
-	      
+	      flow->tls_quic.from_rdp = 1;
 	      flow->extra_packets_func = ndpi_search_tls_over_rdp;
 	    }
 	  }
-- 
cgit v1.2.3