From afc2b641eb9cf5035b5147e78030bafe0b40dd87 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Mon, 15 Nov 2021 16:20:57 +0100
Subject: Fix writes to `flow->protos` union fields (#1354)

We can write to `flow->protos` only after a proper classification.

This issue has been found in Kerberos, DHCP, HTTP, STUN, IMO, FTP,
SMTP, IMAP and POP code.
There are two kinds of fixes:
 * write to `flow->protos` only if a final protocol has been detected
 * move protocol state out of `flow->protos`
The hard part is to find, for each protocol, the right tradeoff between
memory usage and code complexity.

Handle Kerberos like DNS: if we find a request, we set the protocol
and an extra callback to further parsing the reply.

For all the other protocols, move the state out of `flow->protos`. This
is an issue only for the FTP/MAIL stuff.

Add DHCP Class Identification value to the output of ndpiReader and to
the Jason serialization.

Extend code coverage of fuzz tests.

Close #1343
Close #1342
---
 src/lib/protocols/rtp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/protocols/rtp.c')

diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c
index 24f92afe2..2d5ad5981 100644
--- a/src/lib/protocols/rtp.c
+++ b/src/lib/protocols/rtp.c
@@ -84,7 +84,7 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct,
   if((payload_len < 2)
      || (d_port == 5355 /* LLMNR_PORT */)
      || (d_port == 5353 /* MDNS_PORT */)     
-     || flow->protos.tls_quic_stun.stun.num_binding_requests
+     || flow->stun.num_binding_requests
      ) {
     NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
     return;
-- 
cgit v1.2.3