From 580859a47d164b64c95de2da6df2d49332af4875 Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Wed, 2 Sep 2020 00:12:15 +0200
Subject: Fixed false positive detection for Skype.SkypeCall (affects at least
 Cisco HSRP and RADIUS).

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 src/lib/protocols/skype.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c
index dfc3f274f..01d93bda7 100644
--- a/src/lib/protocols/skype.c
+++ b/src/lib/protocols/skype.c
@@ -64,13 +64,14 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s
 		|| (((packet->payload[0] & 0xF0) >> 4) == 0x07 /* Skype */)
 		)
 	    && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */
-	    && (packet->payload[0] != 0x0)  /* Avoid invalid CAPWAP detection */
+	    && (packet->payload[0] != 0x00) /* Avoid invalid CAPWAP detection */
 	    && (packet->payload[2] == 0x02))) {
 
-	  if(is_port(sport, dport, 8801))
+	  if(is_port(sport, dport, 8801)) {
 	    ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZOOM, NDPI_PROTOCOL_UNKNOWN);
-	  else
+	  } else if (payload_len >= 16 && packet->payload[0] != 0x01) /* Avoid invalid Cisco HSRP detection / RADIUS */ {
 	    ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_CALL, NDPI_PROTOCOL_SKYPE);
+	  }
 	}
       }
       
-- 
cgit v1.2.3


From 7051acc0b5b8046b6415a454a2eff4fffa18396b Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Wed, 2 Sep 2020 07:37:26 +0200
Subject: Fixed off-by-one error in Kerberos protocol.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 src/lib/protocols/kerberos.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c
index 168586643..10c2b5a65 100644
--- a/src/lib/protocols/kerberos.c
+++ b/src/lib/protocols/kerberos.c
@@ -309,7 +309,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
 		printf("name_offset=%u [%02X %02X] [byte 0 must be 0x1b]\n", name_offset, packet->payload[name_offset], packet->payload[name_offset+1]);
 #endif
 
-		if(name_offset < (packet->payload_packet_len+1)) {
+		if(name_offset < (packet->payload_packet_len - 1)) {
 		  u_int realm_len;
 
 		  name_offset++;
-- 
cgit v1.2.3