From 3d76e02f104faa41404f2a1f055ac98603474f9f Mon Sep 17 00:00:00 2001
From: lns <matzeton@googlemail.com>
Date: Tue, 16 May 2023 15:07:43 +0200
Subject: [PATCH] Improved missing usage of nDPIs malloc wrapper. Fixes #1978.

 * added CI check

Signed-off-by: lns <matzeton@googlemail.com>
---
 .github/workflows/build.yml            | 7 ++++++-
 src/lib/ndpi_content_match.c.inc       | 1 +
 src/lib/ndpi_main.c                    | 2 +-
 src/lib/ndpi_serializer.c              | 4 ++--
 src/lib/ndpi_utils.c                   | 6 +++---
 src/lib/third_party/src/gcrypt/aesni.c | 2 +-
 src/lib/third_party/src/gcrypt_light.c | 2 +-
 7 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 20ddbeacd34..1d4f8bf19af 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -300,12 +300,17 @@ jobs:
       - name: Print nDPI long help
         if: startsWith(matrix.arch, 'x86_64') && !startsWith(matrix.os, 'windows')
         run: |
-         ./example/ndpiReader -H
+          ./example/ndpiReader -H
       - name: Install nDPI
         if: startsWith(matrix.arch, 'x86_64') && !startsWith(matrix.os, 'windows')
         run: |
           make install DESTDIR=$(realpath _install)
           ls -alhHR _install
+#      - name: Test nDPI [LIBRARY]
+#        if: !startsWith(matrix.os, 'windows')
+#        run: |
+#          echo 'Checking for malloc/calloc/free symbols..'
+#          test "$(nm -u src/lib/libndpi.a | grep 'U \(malloc\|calloc\|realloc\|free\)' | wc -l)" -eq 8 || echo "::error file=src/lib/libndpi.a::Unwanted libc symbols found."
       - name: Test nDPI [DIFF]
         if: startsWith(matrix.arch, 'x86_64') && !startsWith(matrix.os, 'windows')
         run: |
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index 01ef9199821..315f19e23ea 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -1164,6 +1164,7 @@ static ndpi_protocol_match host_match[] =
    { "zattosecurehd2-f.akamaihd.net",    "Zattoo", NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
 
    { "classroom.google.com",             "GoogleClassroom", NDPI_PROTOCOL_GOOGLE_CLASSROOM, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+   { "backup.googleapis.com",            "GoogleCloud", NDPI_PROTOCOL_GOOGLE_CLOUD, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
 
    { "fortinet.com",                     "Cybersec", NDPI_PROTOCOL_CYBERSECURITY, NDPI_PROTOCOL_CATEGORY_CYBERSECURITY, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
    { "sophos.com",                       "Cybersec", NDPI_PROTOCOL_CYBERSECURITY, NDPI_PROTOCOL_CATEGORY_CYBERSECURITY, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 0c9e2eca95b..d94542c2f94 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -3345,7 +3345,7 @@ static void free_ptree_data(void *data) {
   while(item != NULL) {
     struct patricia_uv16_list *next = item->next;
 
-    free(item);
+    ndpi_free(item);
     item = next;
   }
 }
diff --git a/src/lib/ndpi_serializer.c b/src/lib/ndpi_serializer.c
index 9d3fe98924d..08b7734f7d0 100644
--- a/src/lib/ndpi_serializer.c
+++ b/src/lib/ndpi_serializer.c
@@ -432,13 +432,13 @@ void ndpi_term_serializer(ndpi_serializer *_serializer) {
   ndpi_private_serializer *serializer = (ndpi_private_serializer*)_serializer;
 
   if(serializer->buffer.data) {
-    free(serializer->buffer.data);
+    ndpi_free(serializer->buffer.data);
     serializer->buffer.size = 0;
     serializer->buffer.data = NULL;
   }
 
   if(serializer->header.data) {
-    free(serializer->header.data);
+    ndpi_free(serializer->header.data);
     serializer->header.size = 0;
     serializer->header.data = NULL;
   }
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 8020ea54014..c527cefb14b 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1738,7 +1738,7 @@ static void ndpi_compile_rce_regex() {
 #endif
   }
 
-  free((void *)pcreErrorStr);
+  ndpi_free((void *)pcreErrorStr);
 }
 
 static int ndpi_is_rce_injection(char* query) {
@@ -2253,7 +2253,7 @@ void ndpi_hash_free(ndpi_str_hash **h, void (*cleanup_func)(ndpi_str_hash *h))
     {
       cleanup_func((ndpi_str_hash *)current);
     }
-    free(current);
+    ndpi_free(current);
   }
 
   *h = NULL;
@@ -2415,7 +2415,7 @@ static void ndpi_handle_risk_exceptions(struct ndpi_detection_module_struct *ndp
 	*/
 	for(i=0; i<flow->num_risk_infos; i++) {
 	  if(flow->risk_infos[i].info != NULL) {
-	    free(flow->risk_infos[i].info);
+	    ndpi_free(flow->risk_infos[i].info);
 	    flow->risk_infos[i].info = NULL;
 	  }
 	}
diff --git a/src/lib/third_party/src/gcrypt/aesni.c b/src/lib/third_party/src/gcrypt/aesni.c
index d1379de6f95..3ddf8cabe53 100644
--- a/src/lib/third_party/src/gcrypt/aesni.c
+++ b/src/lib/third_party/src/gcrypt/aesni.c
@@ -97,7 +97,7 @@ int mbedtls_aesni_has_support( unsigned int what )
 	  break; /* We giveup */
       }
 
-      free(line);
+      ndpi_free(line);
       fclose(fd);
 
       has_aesni_checked = 1;
diff --git a/src/lib/third_party/src/gcrypt_light.c b/src/lib/third_party/src/gcrypt_light.c
index 512f67bb5a1..5a4321e751e 100644
--- a/src/lib/third_party/src/gcrypt_light.c
+++ b/src/lib/third_party/src/gcrypt_light.c
@@ -22,7 +22,7 @@
 /****************************/
 
 #define mbedtls_calloc    ndpi_calloc
-#define mbedtls_free       ndpi_free
+#define mbedtls_free      ndpi_free
 
 #include "gcrypt_light.h"