From 5515c3a1091e4308467066c3cd58be59ff3d95d2 Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 18 Aug 2017 10:11:41 +0200 Subject: fix for https://github.com/ntop/nDPI/issues/437 --- src/lib/protocols/socks45.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c index 7ad0868d2..67cfab8b4 100644 --- a/src/lib/protocols/socks45.c +++ b/src/lib/protocols/socks45.c @@ -48,18 +48,15 @@ static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, /* Check if we so far detected the protocol in the request or not. */ if(flow->socks4_stage == 0) { NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage 0: \n"); - - /*Octets 3 and 4 contain the port number, port 80 and 25 for now. */ - if((payload_len == 9) && - (((packet->payload[0] == 0x04) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x50)) - || - ((packet->payload[0] == 0x04) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x19)))) { + + if(payload_len >= 9 && packet->payload[0] == 0x04 && + (packet->payload[1] == 0x01 || packet->payload[1] == 0x02) && + packet->payload[payload_len - 1] == 0x00) { NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Possible SOCKS4 request detected, we will look further for the response...\n"); - + /* TODO: check port and ip address is valid */ /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->socks4_stage = packet->packet_direction + 1; } - } else { NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage %u: \n", flow->socks4_stage); @@ -67,16 +64,14 @@ static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, if((flow->socks4_stage - packet->packet_direction) == 1) { return; } - /* This is a packet in another direction. Check if we find the proper response. */ - if(payload_len == 0) { + if(payload_len == 8 && packet->payload[0] == 0x00 && packet->payload[1] >= 0x5a && packet->payload[1] <= 0x5d) { NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Found SOCKS4.\n"); ndpi_int_socks_add_connection(ndpi_struct, flow); } else { NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to SOCKS4, resetting the stage to 0...\n"); flow->socks4_stage = 0; } - } } -- cgit v1.2.3