Skip to content

ndpi

Jump to bottom
Suresoft-GLaDOS edited this page May 26, 2023 · 8 revisions

#1

Link : https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce
Description: Out-of-bounds Write
CVE Info: CVE-2020-15474

At src/lib/protocols/tls.c

@@ -243,7 +243,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
 				       u_int16_t p_offset, u_int16_t certificate_len) {
   struct ndpi_packet_struct *packet = &flow->packet;
   u_int num_found = 0, i;
+  char buffer[64] = { '\0' }, rdnSeqBuf[2048] = { '\0' };
-  char buffer[64] = { '\0' }, rdnSeqBuf[1024] = { '\0' };
   u_int rdn_len = 0;
 #ifdef DEBUG_TLS

Tags
#Memory-error #Single-line #Modified #CVE

#2

Link : https://github.com/ntop/nDPI/commit/b6eef17e54999586b6aef8f545c87de4d3ec0ab3
Description: avoid producing alerts for known protocol on unknown port when using TLS

At src/lib/ndpi_main.c

@@ -4687,7 +4687,6 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
        && (found->proto->protoId != ret.master_protocol)) {
       // printf("******** %u / %u\n", found->proto->protoId, ret.master_protocol);
+      if(!ndpi_check_protocol_port_mismatch_exceptions(ndpi_str, flow, found, &ret))
 	NDPI_SET_BIT(flow->risk, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT);
     } else if(default_ports && (default_ports[0] != 0)) {
       u_int8_t found = 0, i;

Tags
#Omission #Single-line #Added

#3

Link : https://github.com/ntop/nDPI/commit/0b3f8ed849cdf9971224c49a3958f0904a2bbbb5
Description: RSH vs Syslog may still happen for midstream traffic

At src/lib/protocols/syslog.c

@@ -73,8 +73,7 @@ void ndpi_search_syslog(struct ndpi_detection_module_struct
         if (ndpi_isalnum(packet->payload[i]) == 0)
         {
             if (packet->payload[i] == ' ' || packet->payload[i] == ':' ||
+                packet->payload[i] == '=' || packet->payload[i] == '[' ||
+                packet->payload[i] == '-')
-                packet->payload[i] == '=')
             {
                 break;
             }

Tags
#Invalid-condition #Multi-line #Modified

#4

Link : https://github.com/ntop/nDPI/commit/704920414ac12467d048bddf44e7ecf76936e90c
Description: Improved Xiaomi HTTP detection.

At src/lib/protocols/http.c

@@ -414,11 +414,6 @@ static void ndpi_http_parse_subprotocol(struct ndpi_detection_module_struct *ndp
       }
     }
+    if (flow->http.url != NULL &&
+        strstr(flow->http.url, "micloud.xiaomi.net") != NULL)
+    {
+      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_XIAOMI, NDPI_PROTOCOL_HTTP, NDPI_CONFIDENCE_DPI);
+    }
   }
 }

Tags
#Omission #Multi-line #Added

HOME

TAGS

Lines

Patch Type

Error Type

#CVE

#Address_Sanitizer

Clone this wiki locally