Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 0ca19ccf045e022d8a24d26afbf346ab7f2f519f / . / meta-openembedded / meta-networking / recipes-support / ntopng / files / CVE-2021-36082.patch
blob: 8fdd62d1867f65a71d88771b0bf2b2c9aaddb112 [file] [log] [blame]
Patrick Williams0ca19cc2021-08-16 14:03:13 -0500[diff] [blame^]1From 1ec621c85b9411cc611652fd57a892cfef478af3 Mon Sep 17 00:00:00 2001
2From: Luca Deri <deri@ntop.org>
3Date: Sat, 15 May 2021 19:53:46 +0200
4Subject: [PATCH] Added further checks
5
6Upstream-Status: Backport [https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3]
7CVE: CVE-2021-36082
8
9Signed-off-by: Changqing Li <changqing.li@windriver.com>
10
11---
12 src/lib/protocols/netbios.c | 2 +-
13 src/lib/protocols/tls.c | 32 +++++++++++++++++---------------
14 2 files changed, 18 insertions(+), 16 deletions(-)
15
16diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c
17index 1f3850cb..0d3b705f 100644
18--- a/src/lib/protocols/netbios.c
19+++ b/src/lib/protocols/netbios.c
20@@ -42,7 +42,7 @@ int ndpi_netbios_name_interpret(char *in, size_t inlen, char *out, u_int out_len
21 int ret = 0, len, idx = inlen;
22 char *b;
23
24- len = (*in++)/2;
25+ len = (*in++)/2, inlen--;
26 b = out;
27 *out = 0;
28
29diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
30index 5b572cae..c115ac08 100644
31--- a/src/lib/protocols/tls.c
32+++ b/src/lib/protocols/tls.c
33@@ -994,21 +994,23 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
34 i += 4 + extension_len, offset += 4 + extension_len;
35 }
36
37- ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version);
38+ ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version);
39
40- for(i=0; i<ja3.num_cipher; i++) {
41- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]);
42+ for(i=0; (i<ja3.num_cipher) && (JA3_STR_LEN > ja3_str_len); i++) {
43+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]);
44
45 if(rc <= 0) break; else ja3_str_len += rc;
46 }
47
48- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
49- if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
50+ if(JA3_STR_LEN > ja3_str_len) {
51+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
52+ if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
53+ }
54
55 /* ********** */
56
57- for(i=0; i<ja3.num_tls_extension; i++) {
58- int rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]);
59+ for(i=0; (i<ja3.num_tls_extension) && (JA3_STR_LEN-ja3_str_len); i++) {
60+ int rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]);
61
62 if(rc <= 0) break; else ja3_str_len += rc;
63 }
64@@ -1443,41 +1445,41 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
65 int rc;
66
67 compute_ja3c:
68- ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version);
69+ ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version);
70
71 for(i=0; i<ja3.num_cipher; i++) {
72- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
73+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
74 (i > 0) ? "-" : "", ja3.cipher[i]);
75 if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
76 }
77
78- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
79+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
80 if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
81
82 /* ********** */
83
84 for(i=0; i<ja3.num_tls_extension; i++) {
85- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
86+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
87 (i > 0) ? "-" : "", ja3.tls_extension[i]);
88 if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
89 }
90
91- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
92+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
93 if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
94
95 /* ********** */
96
97 for(i=0; i<ja3.num_elliptic_curve; i++) {
98- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
99+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
100 (i > 0) ? "-" : "", ja3.elliptic_curve[i]);
101 if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
102 }
103
104- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
105+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
106 if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
107
108 for(i=0; i<ja3.num_elliptic_curve_point_format; i++) {
109- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
110+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
111 (i > 0) ? "-" : "", ja3.elliptic_curve_point_format[i]);
112 if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
113 }
114--
1152.17.1
116