Fix some errors found by fuzzers (#2078)

Fix compilation on Windows. "dirent.h" file has been taken from https://github.com/tronkko/dirent/ Fix Python bindings Fix some warnings with x86_64-w64-mingw32-gcc: ``` protocols/dns.c: In function ‘ndpi_search_dns’: protocols/dns.c:775:41: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast] 775 | unsigned long first_element_len = (unsigned long)dot - (unsigned long)_hostname; | ^ protocols/dns.c:775:62: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast] 775 | unsigned long first_element_len = (unsigned long)dot - (unsigned long)_hostname; | ``` ``` In file included from ndpi_bitmap64.c:31: third_party/include/binaryfusefilter.h: In function ‘binary_fuse8_hash’: third_party/include/binaryfusefilter.h:160:32: error: left shift count >= width of type [-Werror=shift-count-overflow] 160 | uint64_t hh = hash & ((1UL << 36) - 1); ``` ``` In function ‘ndpi_match_custom_category’, inlined from ‘ndpi_fill_protocol_category.part.0’ at ndpi_main.c:7056:16: ndpi_main.c:3419:3: error: ‘strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=] 3419 | strncpy(buf, name, name_len); ```
ntop · Sep 10, 2023 · 2b883b9 · 2b883b9
1 parent 805df2e
commit 2b883b9
Show file tree

Hide file tree

Showing 13 changed files with 1,333 additions and 21 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -20,7 +20,7 @@ EXTRA_DIST = README.md README.fuzzer.md CHANGELOG.md CONTRIBUTING.md \
 		python/requirements.txt python/setup.py python/tests.py \
 	lists/107_gambling.list \
 	lists/107_gambling_custom.list \
-	lists/README.md
+	lists/README.md \
 	sonar-project.properties .github .ci-ignore
 
 doc:

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
@@ -625,6 +625,19 @@ struct ndpi_flow_input_info {
   unsigned char seen_flow_beginning;
 };
 
+/* Save memory limiting the key to 56 bit */
+//#define SAVE_BINARY_BITMAP_MEMORY
+
+PACK_ON
+struct ndpi_binary_bitmap_entry {
+#ifdef SAVE_BINARY_BITMAP_MEMORY
+  u_int64_t value:56, category:8;
+#else
+  u_int64_t value;
+  u_int8_t category;
+#endif
+} PACK_OFF;
+
 /* ******************* ********************* ****************** */
 /* ************************************************************ */
 
@@ -1180,19 +1193,6 @@ typedef void ndpi_bitmap;
 typedef void ndpi_bitmap64;
 typedef void ndpi_bitmap_iterator;
 typedef void ndpi_filter;
-
-/* Save memory limiting the key to 56 bit */
-//#define SAVE_BINARY_BITMAP_MEMORY
-
-PACK_ON
-struct ndpi_binary_bitmap_entry {
-#ifdef SAVE_BINARY_BITMAP_MEMORY
-  u_int64_t value:56, category:8;
-#else
-  u_int64_t value;
-  u_int8_t category;
-#endif
-} PACK_OFF;
 
 typedef struct {
   u_int32_t num_allocated_entries, num_used_entries;

diff --git a/src/lib/ndpi_bitmap64.c b/src/lib/ndpi_bitmap64.c
@@ -76,6 +76,9 @@ bool ndpi_bitmap64_compress(ndpi_bitmap64 *_b) {
   ndpi_bitmap64_t *b = (ndpi_bitmap64_t*)_b;
   u_int32_t i;
 
+  if(!b)
+    return(false);
+
   if(b->num_used_entries > 0) {
     if(b->num_used_entries > 1)
       qsort(b->entries, b->num_used_entries,
@@ -122,6 +125,9 @@ bool ndpi_bitmap64_compress(ndpi_bitmap64 *_b) {
 bool ndpi_bitmap64_set(ndpi_bitmap64 *_b, u_int64_t value) {
   ndpi_bitmap64_t *b = (ndpi_bitmap64_t*)_b;
 
+  if(!b)
+    return(false);
+
   if(b->is_compressed) {
     /*
       We need to discard the filter and start over as this
@@ -155,6 +161,9 @@ bool ndpi_bitmap64_set(ndpi_bitmap64 *_b, u_int64_t value) {
 bool ndpi_bitmap64_isset(ndpi_bitmap64 *_b, u_int64_t value) {
   ndpi_bitmap64_t *b = (ndpi_bitmap64_t*)_b;
 
+  if(!b)
+    return(false);
+
   if(!b->is_compressed) ndpi_bitmap64_compress(b);
 
   return(binary_fuse16_contain(value, &b->bitmap));
@@ -165,6 +174,9 @@ bool ndpi_bitmap64_isset(ndpi_bitmap64 *_b, u_int64_t value) {
 void ndpi_bitmap64_free(ndpi_bitmap64 *_b) {
   ndpi_bitmap64_t *b = (ndpi_bitmap64_t*)_b;
 
+  if(!b)
+    return;
+
   if(b->entries)        ndpi_free(b->entries);
 
   if(b->is_compressed)
@@ -178,5 +190,8 @@ void ndpi_bitmap64_free(ndpi_bitmap64 *_b) {
 u_int32_t ndpi_bitmap64_size(ndpi_bitmap64 *_b) {
   ndpi_bitmap64_t *b = (ndpi_bitmap64_t*)_b;
 
+  if(!b)
+    return(0);
+
   return(sizeof(ndpi_bitmap64) + binary_fuse16_size_in_bytes(&b->bitmap));
 }
diff --git a/src/lib/ndpi_domain_classify.c b/src/lib/ndpi_domain_classify.c
@@ -47,6 +47,9 @@ ndpi_domain_classify* ndpi_domain_classify_alloc() {
 void ndpi_domain_classify_free(ndpi_domain_classify *s) {
   u_int32_t i;
 
+  if(!s)
+    return;
+
   for(i=0; i<MAX_NUM_NDPI_DOMAIN_CLASSIFICATIONS; i++) {
     if(s->classes[i].domains != NULL) {
       ndpi_bitmap64_free(s->classes[i].domains);
@@ -90,6 +93,8 @@ bool ndpi_domain_classify_add(ndpi_domain_classify *s,
     } else if(s->classes[i].class_id == 0) {
       s->classes[i].class_id = class_id;
       s->classes[i].domains  = ndpi_bitmap64_alloc();
+      if(!s->classes[i].domains)
+        s->classes[i].class_id = 0;
       break;
     }
   }
@@ -117,6 +122,8 @@ u_int32_t ndpi_domain_classify_add_domains(ndpi_domain_classify *s,
     } else if(s->classes[i].class_id == 0) {
       s->classes[i].class_id = class_id;
       s->classes[i].domains  = ndpi_bitmap64_alloc();
+      if(!s->classes[i].domains)
+        s->classes[i].class_id = 0;
       break;
     }
   }

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
@@ -2669,7 +2669,8 @@ void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct *
 
 void set_ndpi_debug_function(struct ndpi_detection_module_struct *ndpi_str, ndpi_debug_function_ptr ndpi_debug_printf) {
 #ifdef NDPI_ENABLE_DEBUG_MESSAGES
-  ndpi_str->ndpi_debug_printf = ndpi_debug_printf;
+  if(ndpi_str)
+    ndpi_str->ndpi_debug_printf = ndpi_debug_printf;
 #endif
 }
 
@@ -3002,7 +3003,15 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs
     ac_automata_name(ndpi_str->custom_categories.hostnames_shadow.ac_automa, "ccat_sh", 0);
 #else
   ndpi_str->custom_categories.sc_hostnames        = ndpi_domain_classify_alloc();
+  if(!ndpi_str->custom_categories.sc_hostnames) {
+    ndpi_exit_detection_module(ndpi_str);
+    return(NULL);
+  }
   ndpi_str->custom_categories.sc_hostnames_shadow = ndpi_domain_classify_alloc();
+  if(!ndpi_str->custom_categories.sc_hostnames_shadow) {
+    ndpi_exit_detection_module(ndpi_str);
+    return(NULL);
+  }
 #endif
 
   ndpi_str->custom_categories.ipAddresses = ndpi_patricia_new(32 /* IPv4 */);
@@ -3407,7 +3416,7 @@ int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_str,
   u_int max_len = sizeof(buf)-1;
 
   if(name_len > max_len) name_len = max_len;
-  strncpy(buf, name, name_len);
+  memcpy(buf, name, name_len);
   buf[name_len] = '\0';
 
   if(ndpi_domain_classify_contains(ndpi_str->custom_categories.sc_hostnames,
@@ -6887,6 +6896,9 @@ int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_str,
 			       (AC_AUTOMATA_t *)ndpi_str->custom_categories.hostnames_shadow.ac_automa,
 			       name_to_add,category,category, 0, 0, 1); /* at_end */
 #else
+  if(ndpi_str->custom_categories.sc_hostnames_shadow == NULL)
+    return(-1);
+
   return(ndpi_domain_classify_add(ndpi_str->custom_categories.sc_hostnames_shadow,
 				  (u_int16_t)category, (char*)name_to_add) ? 0 : -1);
 #endif

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
@@ -772,7 +772,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
 
     dot = strchr(_hostname, '.');
     if(dot) {
-      unsigned long first_element_len = (unsigned long)dot - (unsigned long)_hostname;
+      uintptr_t first_element_len = dot - _hostname;
 
       if(first_element_len > 32) {
 	/*

diff --git a/src/lib/third_party/include/binaryfusefilter.h b/src/lib/third_party/include/binaryfusefilter.h
@@ -157,7 +157,7 @@ static inline uint32_t binary_fuse8_hash(int index, uint64_t hash,
     uint64_t h = binary_fuse_mulhi(hash, filter->SegmentCountLength);
     h += index * filter->SegmentLength;
     // keep the lower 36 bits
-    uint64_t hh = hash & ((1UL << 36) - 1);
+    uint64_t hh = hash & ((1ULL << 36) - 1);
     // index 0: right shift by 36; index 1: right shift by 18; index 2: no shift
     h ^= (size_t)((hh >> (36 - 18 * index)) & filter->SegmentLengthMask);
     return h;
@@ -477,7 +477,7 @@ static inline uint32_t binary_fuse16_hash(int index, uint64_t hash,
     uint64_t h = binary_fuse_mulhi(hash, filter->SegmentCountLength);
     h += index * filter->SegmentLength;
     // keep the lower 36 bits
-    uint64_t hh = hash & ((1UL << 36) - 1);
+    uint64_t hh = hash & ((1ULL << 36) - 1);
     // index 0: right shift by 36; index 1: right shift by 18; index 2: no shift
     h ^= (size_t)((hh >> (36 - 18 * index)) & filter->SegmentLengthMask);
     return h;
@@ -522,7 +522,7 @@ static inline bool binary_fuse16_allocate(uint32_t size,
   filter->ArrayLength =
       (filter->SegmentCount + arity - 1) * filter->SegmentLength;
   filter->SegmentCountLength = filter->SegmentCount * filter->SegmentLength;
-  filter->Fingerprints = (uint16_t*)ndpi_malloc(filter->ArrayLength * sizeof(uint16_t));
+  filter->Fingerprints = (uint16_t*)ndpi_calloc(filter->ArrayLength, sizeof(uint16_t));
   return filter->Fingerprints != NULL;
 }
 

diff --git a/tests/cfgs/default/pcap/bets.pcapng b/tests/cfgs/default/pcap/bets.pcapng
diff --git a/tests/cfgs/default/pcap/opera-vpn.pcapng b/tests/cfgs/default/pcap/opera-vpn.pcapng
diff --git a/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out b/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out
@@ -0,0 +1,30 @@
+Guessed flow protos:	0
+
+DPI Packets (TCP):	6	(6.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 1 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/2/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  2/2 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia protocols:   2/0 (search/found)
+
+TLS	50	8960	1
+
+JA3 Host Stats: 
+		 IP Address                  	 # JA3C     
+	1	 192.168.20.211           	 1      
+
+
+	1	TCP 192.168.20.211:44404 <-> 1.1.1.1:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][22 pkts/2595 bytes <-> 28 pkts/6365 bytes][Goodput ratio: 52/74][8.11 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.421 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 289/346 3093/3078 792/900][Pkt Len c2s/s2c min/avg/max/stddev: 56/62 118/227 317/1644 68/386][Risk: ** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 100][TLSv1.3][JA3C: 547df21d727c7b3a5dcb59aa0fd97c2c][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 26,0,11,26,0,3,14,0,7,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3]
diff --git a/windows/nDPI.vcxproj b/windows/nDPI.vcxproj
@@ -126,13 +126,16 @@
     <ClCompile Include="..\src\lib\ndpi_bitmap.c" />
     <ClCompile Include="..\src\lib\ndpi_classify.c" />
     <ClCompile Include="..\src\lib\ndpi_community_id.c" />
-    <ClCompile Include="..\src\lib\ndpi_domain_classify.c" />
     <ClCompile Include="..\src\lib\ndpi_geoip.c" />
     <ClCompile Include="..\src\lib\ndpi_main.c" />
     <ClCompile Include="..\src\lib\ndpi_filter.c" />
     <ClCompile Include="..\src\lib\ndpi_memory.c" />
     <ClCompile Include="..\src\lib\ndpi_serializer.c" />
     <ClCompile Include="..\src\lib\ndpi_utils.c" />
+    <ClCompile Include="..\src\lib\ndpi_binary_bitmap.c" />
+    <ClCompile Include="..\src\lib\ndpi_hash.c" />
+    <ClCompile Include="..\src\lib\ndpi_domain_classify.c" />
+    <ClCompile Include="..\src\lib\ndpi_bitmap64.c" />
     <ClCompile Include="..\src\lib\protocols\activision.c" />
     <ClCompile Include="..\src\lib\protocols\afp.c" />
     <ClCompile Include="..\src\lib\protocols\ajp.c" />
@@ -377,6 +380,7 @@
     </ClInclude>
     <ClInclude Include="src\ndpi_config.h" />
     <ClInclude Include="src\ndpi_define.h" />
+    <ClInclude Include="src\dirent.h" />
   </ItemGroup>
   <ItemGroup>
     <None Include="..\.github\workflows\build-msbuild.yml" />

diff --git a/windows/nDPI.vcxproj.filters b/windows/nDPI.vcxproj.filters
@@ -124,6 +124,10 @@
     <ClCompile Include="..\src\lib\ndpi_memory.c" />
     <ClCompile Include="..\src\lib\ndpi_serializer.c" />
     <ClCompile Include="..\src\lib\ndpi_utils.c" />
+    <ClCompile Include="..\src\lib\ndpi_binary_bitmap.c" />
+    <ClCompile Include="..\src\lib\ndpi_hash.c" />
+    <ClCompile Include="..\src\lib\ndpi_domain_classify.c" />
+    <ClCompile Include="..\src\lib\ndpi_bitmap64.c" />
     <ClCompile Include="..\src\lib\protocols\ajp.c" />
     <ClCompile Include="..\src\lib\protocols\amazon_video.c" />
     <ClCompile Include="..\src\lib\protocols\among_us.c" />
@@ -245,6 +249,7 @@
     <ClInclude Include="..\src\include\ndpi_win32.h" />
     <ClInclude Include="arpa\inet.h" />
     <ClInclude Include="src\getopt.h" />
+    <ClInclude Include="src\dirent.h" />
     <ClInclude Include="..\src\include\ndpi_encryption.h" />
     <ClInclude Include="..\src\include\ndpi_main.h" />
     <ClInclude Include="..\src\include\ndpi_utils.h" />