From 1df5b453cb20afa6fac0a3af4a59c03a71de5563 Mon Sep 17 00:00:00 2001
From: chiehminw <chiehminw@synology.com>
Date: Tue, 26 Mar 2019 11:46:57 +0800
Subject: Parse HTTP PATCH method

HTTP PATCH is introduced in RFC 5789 (https://tools.ietf.org/html/rfc5789)

Signed-off-by: chiehminw <chiehminw@synology.com>
---
 src/lib/protocols/http.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index fc392c2b7..86bfed87d 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -182,6 +182,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
 
         case 'P':
           switch(flow->packet.http_method.ptr[1]) {
+          case 'A': flow->http.method = NDPI_HTTP_METHOD_PATCH; break;
           case 'O': flow->http.method = NDPI_HTTP_METHOD_POST; break;
           case 'U': flow->http.method = NDPI_HTTP_METHOD_PUT; break;
           }
@@ -412,6 +413,7 @@ static struct l_string {
 		    STATIC_STRING_L("OPTIONS "),
 		    STATIC_STRING_L("HEAD "),
 		    STATIC_STRING_L("PUT "),
+		    STATIC_STRING_L("PATCH "),
 		    STATIC_STRING_L("DELETE "),
 		    STATIC_STRING_L("CONNECT "),
 		    STATIC_STRING_L("PROPFIND "),
-- 
cgit v1.2.3


From 7415af5086121c6196ad1dc9d0232b000f869ac0 Mon Sep 17 00:00:00 2001
From: Derrick Lyndon Pallas <derrick@argosylabs.com>
Date: Sat, 6 Apr 2019 00:29:00 +0000
Subject: csgo: fix invalid read on short packet

---
 src/lib/protocols/csgo.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/csgo.c b/src/lib/protocols/csgo.c
index 7f4479419..f316f96b7 100644
--- a/src/lib/protocols/csgo.c
+++ b/src/lib/protocols/csgo.c
@@ -30,6 +30,11 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n
   struct ndpi_packet_struct* packet = &flow->packet;
 
   if (packet->udp != NULL) {
+    if (packet->payload_packet_len < sizeof(uint32_t)) {
+      NDPI_LOG_DBG2(ndpi_struct, "Short csgo packet\n");
+      return;
+    }
+
     uint32_t w = htonl(get_u_int32_t(packet->payload, 0));
     NDPI_LOG_DBG2(ndpi_struct, "CSGO: word %08x\n", w);
 
-- 
cgit v1.2.3


From 74715b12b0770a3f724565633128f73396f0f792 Mon Sep 17 00:00:00 2001
From: Derrick Lyndon Pallas <derrick@argosylabs.com>
Date: Sat, 6 Apr 2019 01:00:25 +0000
Subject: memcached: fix invalid read on short packet

---
 src/lib/protocols/memcached.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/memcached.c b/src/lib/protocols/memcached.c
index e9deb5cc9..44a8b0858 100644
--- a/src/lib/protocols/memcached.c
+++ b/src/lib/protocols/memcached.c
@@ -89,7 +89,7 @@
 
 #define MEMCACHED_MIN_MATCH     2 /* Minimum number of command/responses required */
 
-#define MEMCACHED_MATCH(cr)     memcmp(offset, cr, cr ## _LEN)
+#define MEMCACHED_MATCH(cr)     (cr ## _LEN > length || memcmp(offset, cr, cr ## _LEN))
 
 static void ndpi_int_memcached_add_connection(struct ndpi_detection_module_struct
         *ndpi_struct, struct ndpi_flow_struct *flow)
@@ -105,6 +105,7 @@ void ndpi_search_memcached(
 {
     struct ndpi_packet_struct *packet = &flow->packet;
     const u_int8_t *offset = packet->payload;
+    const u_int16_t length = packet->payload_packet_len;
     u_int8_t *matches;
 
     NDPI_LOG_DBG(ndpi_struct, "search memcached\n");
-- 
cgit v1.2.3