From c809e7c0691a77e84036df78067e482700263c71 Mon Sep 17 00:00:00 2001
From: Vladimir Gavrilov <105977161+0xA50C1A1@users.noreply.github.com>
Date: Sun, 10 Dec 2023 14:10:50 +0300
Subject: Replace complicated TPKT header validation with an helper function
 (#2201)

* Replace complicated TPKT header validation with an helper function

* Move tpkt_verify_hdr function definition to ndpi_utils.c
---
 src/lib/protocols/rdp.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'src/lib/protocols/rdp.c')

diff --git a/src/lib/protocols/rdp.c b/src/lib/protocols/rdp.c
index e95c6e853..f641f7690 100644
--- a/src/lib/protocols/rdp.c
+++ b/src/lib/protocols/rdp.c
@@ -41,15 +41,13 @@ static void ndpi_int_rdp_add_connection(struct ndpi_detection_module_struct *ndp
 
 static void ndpi_search_rdp(struct ndpi_detection_module_struct *ndpi_struct,
 			    struct ndpi_flow_struct *flow) {
-  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
+  const struct ndpi_packet_struct * const packet = &ndpi_struct->packet;
 	
   NDPI_LOG_DBG(ndpi_struct, "search RDP\n");
 
   if (packet->tcp != NULL) {
     if(packet->payload_packet_len > 13 &&
-       /* TPKT */
-       packet->payload[0] == 0x03 && packet->payload[1] == 0x00 &&
-       ntohs(*(uint16_t *)&packet->payload[2]) == packet->payload_packet_len &&
+       tpkt_verify_hdr(packet) &&
        /* COTP */
        packet->payload[4] == packet->payload_packet_len - 5) {
 
-- 
cgit v1.2.3