Skip to content

Commit

Permalink
Replaced strncasecmp() with ndpi_strncasecmp().
Browse files Browse the repository at this point in the history 
 * Added `strncasecmp()` as forbidden symbol to `utils/check_symbols.sh`

Signed-off-by: Toni Uhlig <[email protected]>
  • Loading branch information
@utoni
utoni committed Jun 12, 2023
1 parent fec4e0f commit 14c1863
Show file tree
Hide file tree
Showing 8 changed files with 62 additions and 57 deletions.
60 changes: 30 additions & 30 deletions src/lib/ndpi_main.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7284,7 +7284,7 @@ void ndpi_parse_single_packet_line(struct ndpi_detection_module_struct *ndpi_str

/* First line of a HTTP response parsing. Expected a "HTTP/1.? ???" */
if(packet->parsed_lines == 0 && packet->line[0].len >= NDPI_STATICSTRING_LEN("HTTP/1.X 200 ") &&
strncasecmp((const char *) packet->line[0].ptr, "HTTP/1.", NDPI_STATICSTRING_LEN("HTTP/1.")) == 0 &&
ndpi_strncasestr((const char *) packet->line[0].ptr, "HTTP/1.", NDPI_STATICSTRING_LEN("HTTP/1.")) == 0 &&
packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.X ")] > '0' && /* response code between 000 and 699 */
packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.X ")] < '6') {
packet->http_response.ptr = &packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.1 ")];
Expand All @@ -7304,7 +7304,7 @@ void ndpi_parse_single_packet_line(struct ndpi_detection_module_struct *ndpi_str

/* "Server:" header line in HTTP response */
if(packet->line[packet->parsed_lines].len > NDPI_STATICSTRING_LEN("Server:") + 1 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr,
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr,
"Server:", NDPI_STATICSTRING_LEN("Server:")) == 0) {
// some stupid clients omit a space and place the servername directly after the colon
if(packet->line[packet->parsed_lines].ptr[NDPI_STATICSTRING_LEN("Server:")] == ' ') {
Expand All @@ -7320,7 +7320,7 @@ void ndpi_parse_single_packet_line(struct ndpi_detection_module_struct *ndpi_str
} else
/* "Host:" header line in HTTP request */
if(packet->line[packet->parsed_lines].len > 6 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Host:", 5) == 0) {
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Host:", 5) == 0) {
// some stupid clients omit a space and place the hostname directly after the colon
if(packet->line[packet->parsed_lines].ptr[5] == ' ') {
packet->host_line.ptr = &packet->line[packet->parsed_lines].ptr[6];
Expand All @@ -7333,7 +7333,7 @@ void ndpi_parse_single_packet_line(struct ndpi_detection_module_struct *ndpi_str
} else
/* "X-Forwarded-For:" header line in HTTP request. Commonly used for HTTP proxies. */
if(packet->line[packet->parsed_lines].len > 17 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "X-Forwarded-For:", 16) == 0) {
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "X-Forwarded-For:", 16) == 0) {
// some stupid clients omit a space and place the hostname directly after the colon
if(packet->line[packet->parsed_lines].ptr[16] == ' ') {
packet->forwarded_line.ptr = &packet->line[packet->parsed_lines].ptr[17];
Expand All @@ -7347,7 +7347,7 @@ void ndpi_parse_single_packet_line(struct ndpi_detection_module_struct *ndpi_str

/* "Authorization:" header line in HTTP. */
if(packet->line[packet->parsed_lines].len > 15 &&
(strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Authorization: ", 15) == 0)) {
(ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Authorization: ", 15) == 0)) {
packet->authorization_line.ptr = &packet->line[packet->parsed_lines].ptr[15];
packet->authorization_line.len = packet->line[packet->parsed_lines].len - 15;

Expand All @@ -7360,70 +7360,70 @@ void ndpi_parse_single_packet_line(struct ndpi_detection_module_struct *ndpi_str
} else
/* "Accept:" header line in HTTP request. */
if(packet->line[packet->parsed_lines].len > 8 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Accept: ", 8) == 0) {
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Accept: ", 8) == 0) {
packet->accept_line.ptr = &packet->line[packet->parsed_lines].ptr[8];
packet->accept_line.len = packet->line[packet->parsed_lines].len - 8;
packet->http_num_headers++;
} else
/* "Referer:" header line in HTTP request. */
if(packet->line[packet->parsed_lines].len > 9 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Referer: ", 9) == 0) {
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Referer: ", 9) == 0) {
packet->referer_line.ptr = &packet->line[packet->parsed_lines].ptr[9];
packet->referer_line.len = packet->line[packet->parsed_lines].len - 9;
packet->http_num_headers++;
} else
/* "User-Agent:" header line in HTTP request. */
if(packet->line[packet->parsed_lines].len > 12 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "User-agent: ", 12) == 0) {
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "User-agent: ", 12) == 0) {
packet->user_agent_line.ptr = &packet->line[packet->parsed_lines].ptr[12];
packet->user_agent_line.len = packet->line[packet->parsed_lines].len - 12;
packet->http_num_headers++;
} else
/* "Content-Encoding:" header line in HTTP response (and request?). */
if(packet->line[packet->parsed_lines].len > 18 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Content-Encoding: ", 18) == 0) {
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Content-Encoding: ", 18) == 0) {
packet->http_encoding.ptr = &packet->line[packet->parsed_lines].ptr[18];
packet->http_encoding.len = packet->line[packet->parsed_lines].len - 18;
packet->http_num_headers++;
} else
/* "Transfer-Encoding:" header line in HTTP. */
if(packet->line[packet->parsed_lines].len > 19 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Transfer-Encoding: ", 19) == 0) {
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Transfer-Encoding: ", 19) == 0) {
packet->http_transfer_encoding.ptr = &packet->line[packet->parsed_lines].ptr[19];
packet->http_transfer_encoding.len = packet->line[packet->parsed_lines].len - 19;
packet->http_num_headers++;
} else
/* "Content-Length:" header line in HTTP. */
if(packet->line[packet->parsed_lines].len > 16 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "content-length: ", 16) == 0) {
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "content-length: ", 16) == 0) {
packet->http_contentlen.ptr = &packet->line[packet->parsed_lines].ptr[16];
packet->http_contentlen.len = packet->line[packet->parsed_lines].len - 16;
packet->http_num_headers++;
} else
/* "Content-Disposition"*/
if(packet->line[packet->parsed_lines].len > 21 &&
((strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Content-Disposition: ", 21) == 0))) {
((ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Content-Disposition: ", 21) == 0))) {
packet->content_disposition_line.ptr = &packet->line[packet->parsed_lines].ptr[21];
packet->content_disposition_line.len = packet->line[packet->parsed_lines].len - 21;
packet->http_num_headers++;
} else
/* "Cookie:" header line in HTTP. */
if(packet->line[packet->parsed_lines].len > 8 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Cookie: ", 8) == 0) {
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Cookie: ", 8) == 0) {
packet->http_cookie.ptr = &packet->line[packet->parsed_lines].ptr[8];
packet->http_cookie.len = packet->line[packet->parsed_lines].len - 8;
packet->http_num_headers++;
} else
/* "Origin:" header line in HTTP. */
if(packet->line[packet->parsed_lines].len > 8 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Origin: ", 8) == 0) {
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Origin: ", 8) == 0) {
packet->http_origin.ptr = &packet->line[packet->parsed_lines].ptr[8];
packet->http_origin.len = packet->line[packet->parsed_lines].len - 8;
packet->http_num_headers++;
} else
/* "X-Session-Type:" header line in HTTP. */
if(packet->line[packet->parsed_lines].len > 16 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "X-Session-Type: ", 16) == 0) {
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "X-Session-Type: ", 16) == 0) {
packet->http_x_session_type.ptr = &packet->line[packet->parsed_lines].ptr[16];
packet->http_x_session_type.len = packet->line[packet->parsed_lines].len - 16;
packet->http_num_headers++;
Expand All @@ -7435,32 +7435,32 @@ void ndpi_parse_single_packet_line(struct ndpi_detection_module_struct *ndpi_str
* - https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
*/
if((packet->line[packet->parsed_lines].len > 6 &&
(strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Date: ", 6) == 0 ||
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Vary: ", 6) == 0 ||
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "ETag: ", 6) == 0)) ||
(ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Date: ", 6) == 0 ||
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Vary: ", 6) == 0 ||
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "ETag: ", 6) == 0)) ||
(packet->line[packet->parsed_lines].len > 8 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Pragma: ", 8) == 0) ||
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Pragma: ", 8) == 0) ||
(packet->line[packet->parsed_lines].len > 9 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Expires: ", 9) == 0) ||
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Expires: ", 9) == 0) ||
(packet->line[packet->parsed_lines].len > 12 &&
(strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Set-Cookie: ", 12) == 0 ||
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Keep-Alive: ", 12) == 0 ||
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Connection: ", 12) == 0)) ||
(ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Set-Cookie: ", 12) == 0 ||
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Keep-Alive: ", 12) == 0 ||
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Connection: ", 12) == 0)) ||
(packet->line[packet->parsed_lines].len > 15 &&
(strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Last-Modified: ", 15) == 0 ||
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Accept-Ranges: ", 15) == 0)) ||
(ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Last-Modified: ", 15) == 0 ||
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Accept-Ranges: ", 15) == 0)) ||
(packet->line[packet->parsed_lines].len > 17 &&
(strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Accept-Language: ", 17) == 0 ||
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Accept-Encoding: ", 17) == 0)) ||
(ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Accept-Language: ", 17) == 0 ||
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Accept-Encoding: ", 17) == 0)) ||
(packet->line[packet->parsed_lines].len > 27 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr,
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr,
"Upgrade-Insecure-Requests: ", 27) == 0)) {
/* Just count. In the future, if needed, this if can be splited to parse these headers */
packet->http_num_headers++;
} else
/* "Content-Type:" header line in HTTP. */
if(packet->line[packet->parsed_lines].len > 14 &&
strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Content-Type: ", 14) == 0 ) {
ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Content-Type: ", 14) == 0 ) {
packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[14];
packet->content_line.len = packet->line[packet->parsed_lines].len - 14;

Expand All @@ -7474,7 +7474,7 @@ void ndpi_parse_single_packet_line(struct ndpi_detection_module_struct *ndpi_str

/* "Content-Type:" header line in HTTP AGAIN. Probably a bogus response without space after ":" */
if((packet->content_line.len == 0) && (packet->line[packet->parsed_lines].len > 13) &&
(strncasecmp((const char *) packet->line[packet->parsed_lines].ptr, "Content-type:", 13) == 0)) {
(ndpi_strncasestr((const char *) packet->line[packet->parsed_lines].ptr, "Content-type:", 13) == 0)) {
packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[13];
packet->content_line.len = packet->line[packet->parsed_lines].len - 13;
packet->http_num_headers++;
Expand Down
2 changes: 1 addition & 1 deletion src/lib/protocols/avast_securedns.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ static void ndpi_search_avast_securedns(struct ndpi_detection_module_struct *ndp
return;
}

if (strncasecmp((char *)&packet->payload[15], "securedns", NDPI_STATICSTRING_LEN("securedns")) == 0)
if (ndpi_strncasestr((char *)&packet->payload[15], "securedns", NDPI_STATICSTRING_LEN("securedns")) == 0)
{
ndpi_int_avast_securedns_add_connection(ndpi_struct, flow);
return;
Expand Down
2 changes: 1 addition & 1 deletion src/lib/protocols/dnscrypt.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ static void ndpi_search_dnscrypt(struct ndpi_detection_module_struct *ndpi_struc
}
/* dnscrypt protocol version 1 and 2: resolver ping */
if (packet->payload_packet_len > 13 + strlen(dnscrypt_initial) &&
strncasecmp((char*)packet->payload + 13, dnscrypt_initial, strlen(dnscrypt_initial)) == 0)
ndpi_strncasestr((char*)packet->payload + 13, dnscrypt_initial, strlen(dnscrypt_initial)) == 0)
{
ndpi_int_dnscrypt_add_connection(ndpi_struct, flow);
return;
Expand Down
30 changes: 15 additions & 15 deletions src/lib/protocols/http.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_mo
const char *app = (const char *)&packet->content_line.ptr[app_len];
u_int app_len_avail = packet->content_line.len-app_len;

if(strncasecmp(app, "mpeg", app_len_avail) == 0) {
if(ndpi_strncasestr(app, "mpeg", app_len_avail) == 0) {
flow->guessed_category = flow->category = NDPI_PROTOCOL_CATEGORY_STREAMING;
return(flow->category);
} else {
Expand All @@ -248,7 +248,7 @@ static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_mo
u_int8_t i;

for(i = 0; cmp_mimes[i] != NULL; i++) {
if(strncasecmp(app, cmp_mimes[i], app_len_avail) == 0) {
if(ndpi_strncasestr(app, cmp_mimes[i], app_len_avail) == 0) {
flow->guessed_category = flow->category = NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT;
NDPI_LOG_INFO(ndpi_struct, "found executable HTTP transfer");
break;
Expand All @@ -269,7 +269,7 @@ static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_mo
u_int8_t i;

for(i = 0; cmp_mimes[i] != NULL; i++) {
if(strncasecmp(app, cmp_mimes[i], app_len_avail) == 0) {
if(ndpi_strncasestr(app, cmp_mimes[i], app_len_avail) == 0) {
char str[64];

snprintf(str, sizeof(str), "Found mime exe %s", cmp_mimes[i]);
Expand Down Expand Up @@ -316,13 +316,13 @@ static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_mo

switch(packet->content_line.ptr[0]) {
case 'a':
if(strncasecmp((const char *)packet->content_line.ptr, "audio",
if(ndpi_strncasestr((const char *)packet->content_line.ptr, "audio",
ndpi_min(packet->content_line.len, 5)) == 0)
flow->guessed_category = flow->category = NDPI_PROTOCOL_CATEGORY_MEDIA;
break;

case 'v':
if(strncasecmp((const char *)packet->content_line.ptr, "video",
if(ndpi_strncasestr((const char *)packet->content_line.ptr, "video",
ndpi_min(packet->content_line.len, 5)) == 0)
flow->guessed_category = flow->category = NDPI_PROTOCOL_CATEGORY_MEDIA;
break;
Expand Down Expand Up @@ -715,8 +715,8 @@ static void ndpi_check_http_server(struct ndpi_detection_module_struct *ndpi_str
if(server_len > 7) {
u_int off;

if((strncasecmp(server, "Apache/", off = 7) == 0) /* X.X.X */
|| (strncasecmp(server, "nginx/", off = 6) == 0) /* X.X.X */) {
if((ndpi_strncasestr(server, "Apache/", off = 7) == 0) /* X.X.X */
|| (ndpi_strncasestr(server, "nginx/", off = 6) == 0) /* X.X.X */) {
u_int i, j, a, b, c;
char buf[16] = { '\0' };

Expand Down Expand Up @@ -988,7 +988,7 @@ static u_int16_t http_request_url_offset(struct ndpi_detection_module_struct *nd
**/
for(i=0; i < sizeof(http_methods)/sizeof(http_methods[0]); i++) {
if(packet->payload_packet_len >= http_methods[i].len &&
strncasecmp((const char*)packet->payload,http_methods[i].str,http_methods[i].len) == 0) {
ndpi_strncasestr((const char*)packet->payload,http_methods[i].str,http_methods[i].len) == 0) {
size_t url_start = http_methods[i].len;
while (url_start < packet->payload_packet_len &&
url_start < http_methods[i].len + 2048 && /* We assume 2048 chars as maximum for URLs. */
Expand Down Expand Up @@ -1021,7 +1021,7 @@ static int is_a_suspicious_header(const char* suspicious_headers[], struct ndpi_
if((header_limit = memchr(packet_line.ptr, ':', packet_line.len))) {
header_len = header_limit - packet_line.ptr;
for(i=0; suspicious_headers[i] != NULL; i++){
if(!strncasecmp((const char*) packet_line.ptr,
if(!ndpi_strncasestr((const char*) packet_line.ptr,
suspicious_headers[i], header_len))
return 1;
}
Expand Down Expand Up @@ -1174,7 +1174,7 @@ static int is_request(struct ndpi_detection_module_struct *ndpi_struct,
filename_start = http_request_url_offset(ndpi_struct, flow);
/* This check is required as RTSP is pretty similiar to HTTP */
if(filename_start > 0 &&
strncasecmp((const char *)packet->payload + filename_start,
ndpi_strncasestr((const char *)packet->payload + filename_start,
"rtsp://", ndpi_min(7, packet->payload_packet_len - filename_start)) == 0)
return 0;
return filename_start;
Expand All @@ -1184,7 +1184,7 @@ static int is_response(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if(packet->payload_packet_len >= 7 &&
strncasecmp((const char *)packet->payload, "HTTP/1.", 7) == 0)
ndpi_strncasestr((const char *)packet->payload, "HTTP/1.", 7) == 0)
return 1;
return 0;
}
Expand All @@ -1201,12 +1201,12 @@ static void process_request(struct ndpi_detection_module_struct *ndpi_struct,

if(packet->parsed_lines == 0 ||
!(packet->line[0].len >= (9 + filename_start) &&
strncasecmp((const char *)&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0)) {
ndpi_strncasestr((const char *)&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0)) {
NDPI_LOG_DBG2(ndpi_struct, "Request with an incomplete or invalid first line\n");
/* Since we don't save data across different packets, we will never have
the complete url: we can't check for HTTP_PROXY */
if(filename_start == 8 &&
strncasecmp((const char *)packet->payload, "CONNECT ", 8) == 0) {
ndpi_strncasestr((const char *)packet->payload, "CONNECT ", 8) == 0) {
master_protocol = NDPI_PROTOCOL_HTTP_CONNECT;
}
} else {
Expand All @@ -1225,11 +1225,11 @@ static void process_request(struct ndpi_detection_module_struct *ndpi_struct,
flow->http.request_version = 0;

if(packet->http_url_name.len > 7 &&
!strncasecmp((const char*) packet->http_url_name.ptr, "http://", 7)) {
!ndpi_strncasestr((const char*) packet->http_url_name.ptr, "http://", 7)) {
master_protocol = NDPI_PROTOCOL_HTTP_PROXY;
}
if(filename_start == 8 &&
strncasecmp((const char *)packet->payload, "CONNECT ", 8) == 0) {
ndpi_strncasestr((const char *)packet->payload, "CONNECT ", 8) == 0) {
master_protocol = NDPI_PROTOCOL_HTTP_CONNECT;
}
}
Expand Down
Loading

0 comments on commit 14c1863

Please sign in to comment.