diff options
Diffstat (limited to 'common/VIL/alg')
-rw-r--r-- | common/VIL/alg/lib_ftp_alg.c | 69 | ||||
-rw-r--r-- | common/VIL/alg/lib_sip_alg.c | 23 |
2 files changed, 58 insertions, 34 deletions
diff --git a/common/VIL/alg/lib_ftp_alg.c b/common/VIL/alg/lib_ftp_alg.c index 7e8e43f1..f653de8b 100644 --- a/common/VIL/alg/lib_ftp_alg.c +++ b/common/VIL/alg/lib_ftp_alg.c @@ -174,7 +174,13 @@ populate_ftp_alg_entry(uint32_t ipaddr, uint8_t portid) return; } new_alg_data = (struct ftp_alg_table_entry *) - malloc(sizeof(new_alg_data)); + malloc(sizeof(struct ftp_alg_table_entry)); + + if (!new_alg_data) { + printf("new_alg_data could not be allocated\n"); + return; + } + //new_alg_data->status = INCOMPLETE; new_alg_data->l4port = rte_bswap16(portid); new_alg_data->ip_address = rte_bswap32(ipaddr); @@ -482,18 +488,18 @@ void ftp_alg_dpi( uint16_t private_port_number; uint16_t public_port_number; uint16_t ip1, ip2, ip3, ip4, port1, port2; - int16_t tcpSeqdiff; + int16_t tcpSeqdiff = 0; int16_t ackSeqdiff, ackAdjust; uint32_t private_address; uint32_t public_address; uint8_t *bptr_private_address; /* also for PASV string */ - char port_string[FTP_MAXIMUM_PORT_STRING_LENGTH]; + char port_string[65]; char port_string_translated[FTP_MAXIMUM_PORT_STRING_LENGTH]; - int16_t new_port_string_length; + int16_t new_port_string_length = 0; int16_t old_port_string_length; int dummy_value; - struct cgnapt_table_entry *egress_entry, *ingress_entry; + struct cgnapt_table_entry *egress_entry = NULL, *ingress_entry; uint32_t ct_key[10]; uint8_t key_direction; /*Since v6 is not supported now*/ @@ -597,7 +603,7 @@ void ftp_alg_dpi( &ip1, &ip2, &ip3, &ip4, &port1, &port2) == FTP_PASV_PARAMETER_COUNT){ - sprintf (port_string, FTP_PASV_PARAMETER_STRING, FTP_PASV_RETURN_CODE, + snprintf (port_string, sizeof(port_string), FTP_PASV_PARAMETER_STRING, FTP_PASV_RETURN_CODE, ip1, ip2, ip3, ip4, port1, port2); int i = 0; @@ -672,22 +678,25 @@ void ftp_alg_dpi( ((thdr->data_off & 0xf0) >> 2) - ip_hdr_size_bytes; cgnat_cnxn_tracker->hash_table_entries[ct_position]. tcp_payload_size = tmp_tcp_paylod_size; + if(egress_entry) { - /*Adding ALG entry , params to be derived from egress entry*/ - populate_ftp_alg_entry(egress_entry->data.pub_ip, - egress_entry->data.pub_port); - /* payload modification */ - new_port_string_length = ftp_alg_modify_payload(egress_entry, - port_string, - port_string_translated, 1); - strncpy(tcp_header_end, port_string_translated, - strlen(port_string_translated)); - tcpSeqdiff = ftp_alg_delta_tcp_sequence( pkt, port_string, + /*Adding ALG entry , params to be derived from egress entry*/ + populate_ftp_alg_entry(egress_entry->data.pub_ip, + egress_entry->data.pub_port); + + /* payload modification */ + new_port_string_length = ftp_alg_modify_payload(egress_entry, + port_string, + port_string_translated, 1); + strncpy(tcp_header_end, port_string_translated, + strlen(port_string_translated)); + tcpSeqdiff = ftp_alg_delta_tcp_sequence( pkt, port_string, cgnat_cnxn_tracker->hash_table_entries [ct_position].tcpSeqdiff, old_port_string_length, new_port_string_length); + } /* same as rte_synproxy_adjust_pkt_length() in ct */ ftp_alg_modify_pkt_len(pkt); /* @@ -822,19 +831,21 @@ void ftp_alg_dpi( tcp_payload_size = tmp_tcp_paylod_size; /*ALG entry add, params to be derived from egress entry*/ - populate_ftp_alg_entry(egress_entry->data.pub_ip, - egress_entry->data.pub_port); - /* payload modification */ - new_port_string_length = ftp_alg_modify_payload(egress_entry, - port_string, - port_string_translated, 0); - strncpy(tcp_header_end, port_string_translated, - strlen(port_string_translated)); - tcpSeqdiff = ftp_alg_delta_tcp_sequence( pkt, port_string, - cgnat_cnxn_tracker->hash_table_entries - [ct_position].tcpSeqdiff, - old_port_string_length, - new_port_string_length); + if(egress_entry) { + populate_ftp_alg_entry(egress_entry->data.pub_ip, + egress_entry->data.pub_port); + /* payload modification */ + new_port_string_length = ftp_alg_modify_payload(egress_entry, + port_string, + port_string_translated, 0); + strncpy(tcp_header_end, port_string_translated, + strlen(port_string_translated)); + tcpSeqdiff = ftp_alg_delta_tcp_sequence( pkt, port_string, + cgnat_cnxn_tracker->hash_table_entries + [ct_position].tcpSeqdiff, + old_port_string_length, + new_port_string_length); + } /* same as rte_synproxy_adjust_pkt_length() in ct */ ftp_alg_modify_pkt_len(pkt); diff --git a/common/VIL/alg/lib_sip_alg.c b/common/VIL/alg/lib_sip_alg.c index 9940d59a..0e281200 100644 --- a/common/VIL/alg/lib_sip_alg.c +++ b/common/VIL/alg/lib_sip_alg.c @@ -162,6 +162,7 @@ void lib_sip_alg_init(void) } char *itoa(long n); +char itoa_buf[25]; char *itoa(long n) { int len = n == 0 ? 1 : floor(log10l(labs(n))) + 1; @@ -169,10 +170,8 @@ char *itoa(long n) if (n < 0) len++; /* room for negative sign '-' */ - char *buf = calloc(sizeof(char), len + 1); // +1 for null - if(buf != NULL) - snprintf(buf, len + 1, "%ld", n); - return buf; + snprintf(itoa_buf, len + 1, "%ld", n); + return (char *)&itoa_buf; } struct sip_alg_table_entry *retrieve_sip_alg_entry( @@ -340,6 +339,10 @@ int sip_alg_dpi(struct rte_mbuf *pkt, enum pkt_dir pkt_direction, sip_call_id = getSipCallIdStr(pSipMsg + pos + TAG_TO_DATAPOS(SIP_ALG_CALLID)); + if (!sip_call_id) { + printf("sip_call_id returned is NULL\n"); + return 0; + } if (ALG_DEBUG) printf("sipalgdpi: %d call id %s\n", __LINE__, @@ -572,6 +575,9 @@ char *sip_alg_process(struct rte_mbuf *pkt, uint16_t pkt_direction, int sipMsgLen = (pTmpSipMsg - pSipMsg); + if ((sipMsgLen + sdpDataLen) > strlen(pSipMsg)) + return NULL; + char *pSipMsgEnd = pSipMsg + sipMsgLen + sdpDataLen; if (ALG_DEBUG) @@ -1889,7 +1895,11 @@ SipMsgAdvance2: sdpMsgLen += sdpDataLen; tmpSdpLen = itoa(sdpMsgLen); - int tmpStrLen = strlen(tmpSdpLen); + int tmpStrLen; + if (tmpSdpLen) + tmpStrLen = strlen(tmpSdpLen); + else + tmpStrLen = 0; /* move to Content length field & change the length to sipMsgLen */ if (natSipAlgMsgFieldPos(pSipMsg, SIP_ALG_CONTENT_LEN, &pos, 0) @@ -2225,6 +2235,9 @@ char *natSipAlgModifyPayloadAddrPort( if (newStrLen > oldStrLen) *diffLen = newStrLen - oldStrLen; + if (tmpPort) + free(tmpPort); + return pSipMsg; /* modified SIP Msg */ } |