-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy pathnDPI-1.7-bugfixes.patch
90 lines (77 loc) · 3.34 KB
/
nDPI-1.7-bugfixes.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
diff --git a/configure.ac b/configure.ac
index ab32d67..b72ebd7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,7 @@
AC_INIT([libndpi], [1.7.0])
AC_CONFIG_MACRO_DIR([m4])
+AC_CONFIG_AUX_DIR([.])
AM_INIT_AUTOMAKE([foreign subdir-objects])
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index d73768f..e9d1402 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -911,7 +911,7 @@ typedef struct ndpi_flow_struct {
} ntp;
struct {
- char client_certificate[48], server_certificate[48];
+ char client_certificate[128], server_certificate[128];
} ssl;
} protos;
diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c
index b113bf1..f978de6 100644
--- a/src/lib/protocols/ssl.c
+++ b/src/lib/protocols/ssl.c
@@ -101,6 +101,7 @@ static void stripCertificateTrailer(char *buffer, int buffer_len) {
if((buffer[i] != '.')
&& (buffer[i] != '-')
+ && (buffer[i] != '_')
&& (buffer[i] != '*')
&& (!ndpi_isalpha(buffer[i]))
&& (!ndpi_isdigit(buffer[i]))) {
@@ -234,7 +235,7 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct,
extensions_len = packet->payload[offset];
if((extensions_len+offset) < total_len) {
- u_int16_t extension_offset = 1; /* Move to the first extension */
+ u_int extension_offset = 1; /* Move to the first extension */
while(extension_offset < extensions_len) {
u_int16_t extension_id, extension_len;
@@ -251,6 +252,12 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct,
u_int begin = 0,len;
char *server_name = (char*)&packet->payload[offset+extension_offset];
+ if(packet->payload[offset+extension_offset+2] == 0x00) // host_name
+ {
+
+ begin =+ 5;
+ }
+
while(begin < extension_len) {
if((!ndpi_isprint(server_name[begin]))
|| ndpi_ispunct(server_name[begin])
@@ -263,7 +270,7 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct,
len = (u_int)ndpi_min(extension_len-begin, buffer_len-1);
strncpy(buffer, &server_name[begin], len);
buffer[len] = '\0';
- stripCertificateTrailer(buffer, buffer_len);
+ //stripCertificateTrailer(buffer, buffer_len);
snprintf(flow->protos.ssl.client_certificate,
sizeof(flow->protos.ssl.client_certificate), "%s", buffer);
@@ -288,8 +295,6 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct,
int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
- if(!packet->iph /* IPv4 */) return(-1);
-
if((packet->payload_packet_len > 9)
&& (packet->payload[0] == 0x16 /* consider only specific SSL packets (handshake) */)) {
if((packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)
diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c
index 036162b..693661c 100644
--- a/src/lib/protocols/tor.c
+++ b/src/lib/protocols/tor.c
@@ -24,7 +24,7 @@ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct,
if((certificate == NULL)
|| (strlen(certificate) < 6)
- || strncmp(certificate, "www.", 4))
+ || !strncmp(certificate, "www.", 4))
return(0);
// printf("***** [SSL] %s(): %s\n", __FUNCTION__, certificate);