AI and manual fixes

nfq2/conntrack.c

@@ -140,8 +140,17 @@ static void ConntrackApplyPos(t_ctrack *t, bool bReverse, const struct dissect *
 
 	if (dis->ip6) direct->ip6flow = ntohl(dis->ip6->ip6_ctlun.ip6_un1.ip6_un1_flow);
 
-	scale = tcp_find_scale_factor(dis->tcp);
-	mss = tcp_find_mss(dis->tcp);
+	direct->winsize_calc = direct->winsize = ntohs(dis->tcp->th_win);
+	if (t->pos.state == SYN)
+	{
+		// scale and mss only valid in syn packets
+		scale = tcp_find_scale_factor(dis->tcp);
+		if (scale != SCALE_NONE) direct->scale = scale;
+		direct->mss = tcp_find_mss(dis->tcp);
+	}
+	else if (direct->scale != SCALE_NONE)
+		// apply scale only outside of the SYN stage
+		direct->winsize_calc <<= direct->scale;
 
 	direct->seq_last = ntohl(dis->tcp->th_seq);
 	direct->pos = direct->seq_last + dis->len_payload;
@@ -154,10 +163,6 @@ static void ConntrackApplyPos(t_ctrack *t, bool bReverse, const struct dissect *
 		if (!((direct->pos - direct->uppos) & 0x80000000))
 			direct->uppos = direct->pos;
 	}
-	direct->winsize_calc = direct->winsize = ntohs(dis->tcp->th_win);
-	if (scale != SCALE_NONE) direct->scale = scale;
-	if (direct->scale != SCALE_NONE) direct->winsize_calc <<= direct->scale;
-	if (mss && !direct->mss) direct->mss = mss;
 
 	if (!direct->rseq_over_2G && ((direct->seq_last - direct->seq0) & 0x80000000))
 		direct->rseq_over_2G = true;

nfq2/desync.c

@@ -1574,8 +1574,9 @@ static uint8_t dpi_desync_tcp_packet_play(
 				if (!bReqFull && ReasmIsEmpty(&ps.ctrack->reasm_client) && !is_retransmission(&ps.ctrack->pos.client))
 				{
 					// do not reconstruct unexpected large payload (they are feeding garbage ?)
+					// also do not reconstruct if server window size is low
 					if (!reasm_client_start(ps.ctrack, IPPROTO_TCP, TLSRecordLen(dis->data_payload), TCP_MAX_REASM, dis->data_payload, dis->len_payload))
-						goto pass_reasm_cancel;
+						goto rediscover;
 				}
 
 				if (!ReasmIsEmpty(&ps.ctrack->reasm_client))
@@ -1601,6 +1602,7 @@ static uint8_t dpi_desync_tcp_packet_play(
 		}
 	}
 
+rediscover:
 	if (!dp_rediscovery(&ps))
 		goto pass_reasm_cancel;
 
@@ -1661,7 +1663,8 @@ static const uint8_t *dns_extract_name(const uint8_t *a, const uint8_t *b, const
 	if (p>=e) return NULL;
 	for (nl=0; *p ;)
 	{
-		if ((p+*p+1)>=e || (*p+1)>=(name_size-nl)) return NULL;
+		// do not support mixed ptr+real
+		if ((*p & 0xC0) || (p+*p+1)>=e || (*p+1)>=(name_size-nl)) return NULL;
 		if (nl)	name[nl++] = '.';
 		memcpy(name + nl, p + 1, *p);
 		nl += *p;

nfq2/gzip.c

@@ -40,7 +40,8 @@ int z_readfile(FILE *F, char **buf, size_t *size, size_t extra_alloc)
 		}
 		zs.avail_in = rd;
 		zs.next_in = in;
-		do
+printf("\nCHUNK\n");
+		for(;;)
 		{
 			if ((bufsize - *size) < BUFMIN)
 			{
@@ -55,10 +56,23 @@ int z_readfile(FILE *F, char **buf, size_t *size, size_t extra_alloc)
 			}
 			zs.avail_out = bufsize - *size;
 			zs.next_out = (unsigned char*)(*buf + *size);
+
 			r = inflate(&zs, Z_NO_FLUSH);
-			if (r != Z_OK && r != Z_STREAM_END) goto zerr;
+
 			*size = bufsize - zs.avail_out;
-		} while (r == Z_OK && zs.avail_in);
+			if (r==Z_STREAM_END) break;
+			if (r==Z_BUF_ERROR)
+			{
+				if (zs.avail_in)
+					goto zerr;
+				else
+				{
+					r = Z_OK;
+					break;
+				}
+			}
+			if (r!=Z_OK) goto zerr;
+		}
 	} while (r == Z_OK);
 
 	if (*size < bufsize)
@@ -68,7 +82,7 @@ int z_readfile(FILE *F, char **buf, size_t *size, size_t extra_alloc)
 	}
 
 	inflateEnd(&zs);
-	return Z_OK;
+	return r;
 
 zerr:
 	inflateEnd(&zs);

nfq2/hostlist.c

@@ -60,7 +60,7 @@ bool AppendHostList(hostlist_pool **hostlist, const char *filename)
 	{
 		r = z_readfile(F,&zbuf,&zsize,0);
 		fclose(F);
-		if (r==Z_OK)
+		if (r==Z_STREAM_END)
 		{
 			DLOG_CONDUP("zlib compression detected. uncompressed size : %zu\n", zsize);
 

nfq2/ipset.c

@@ -77,7 +77,7 @@ static bool AppendIpset(ipset *ips, const char *filename)
 	{
 		r = z_readfile(F,&zbuf,&zsize,0);
 		fclose(F);
-		if (r==Z_OK)
+		if (r==Z_STREAM_END)
 		{
 			DLOG_CONDUP("zlib compression detected. uncompressed size : %zu\n", zsize);
 

nfq2/lua.c

@@ -1901,7 +1901,7 @@ static bool lua_reconstruct_ip6exthdr(lua_State *L, int idx, struct ip6_hdr *ip6
 				lua_getfield(L,-1, "data");
 				if (lua_type(L,-1)!=LUA_TSTRING) goto err;
 				if (!(p=(uint8_t*)lua_tolstring(L,-1,&l))) l=0;
-				if (!l || (l+2)>left || ((type==IPPROTO_AH) ? (l<6 || ((l+2) & 3)) : ((l+2) & 7))) goto err;
+				if (l<6 || (l+2)>left || (type==IPPROTO_AH ? (l>=1024 || ((l+2) & 3)) : (l>=2048 || ((l+2) & 7)))) goto err;
 				memcpy(data+2,p,l);
 				l+=2;
 				data[0] = next; // may be overwritten later
@@ -3470,7 +3470,7 @@ static int luacall_gunzip_inflate(lua_State *L)
 	size_t increment = bufchunk / 2;
 	if (increment < Z_INFL_BUF_INCREMENT) increment = Z_INFL_BUF_INCREMENT;
 
-	do
+	for(;;)
 	{
 		if ((bufsize - size) < BUFMIN)
 		{
@@ -3493,11 +3493,20 @@ static int luacall_gunzip_inflate(lua_State *L)
 		}
 		uzs->zs.avail_out = bufsize - size;
 		uzs->zs.next_out = buf + size;
-		r = inflate(&uzs->zs, Z_NO_FLUSH);
-		if (r != Z_OK && r != Z_STREAM_END) goto zerr;
-		size = bufsize - uzs->zs.avail_out;
-	} while (r == Z_OK && uzs->zs.avail_in);
 
+		r = inflate(&uzs->zs, Z_NO_FLUSH);
+
+		size = bufsize - uzs->zs.avail_out;
+		if (r==Z_STREAM_END) break;
+		if (r==Z_BUF_ERROR)
+		{
+			if (uzs->zs.avail_in)
+				goto zerr;
+			else
+				break; // OK
+		}
+		if (r!=Z_OK) goto zerr;
+	}
 	lua_pushlstring(L, (const char*)buf, size);
 	lua_pushboolean(L, r==Z_STREAM_END);
 end:
@@ -3571,7 +3580,7 @@ static int luacall_gzip_deflate(lua_State *L)
 
 	int argc=lua_gettop(L);
 	size_t l=0;
-	int r;
+	int r, flush;
 	size_t bufsize=0, size=0;
 	uint8_t *buf=NULL, *newbuf;
 	struct userdata_zs *uzs = lua_uzs(L, 1, false);
@@ -3584,7 +3593,8 @@ static int luacall_gzip_deflate(lua_State *L)
 	size_t increment = bufchunk / 2;
 	if (increment < Z_DEFL_BUF_INCREMENT) increment = Z_DEFL_BUF_INCREMENT;
 
-	do
+	flush = l ? Z_NO_FLUSH : Z_FINISH;
+	for(;;)
 	{
 		if ((bufsize - size) < BUFMIN)
 		{
@@ -3607,10 +3617,19 @@ static int luacall_gzip_deflate(lua_State *L)
 		}
 		uzs->zs.avail_out = bufsize - size;
 		uzs->zs.next_out = buf + size;
-		r = deflate(&uzs->zs, l ? Z_NO_FLUSH : Z_FINISH);
-		if (r != Z_OK && r != Z_STREAM_END) goto zerr;
+
+		r = deflate(&uzs->zs, flush);
+
 		size = bufsize - uzs->zs.avail_out;
-	} while (r == Z_OK && (uzs->zs.avail_in || !uzs->zs.avail_out));
+		if (r==Z_STREAM_END) break;
+		if (r==Z_OK)
+		{
+			if (uzs->zs.avail_out && !uzs->zs.avail_in && flush != Z_FINISH)
+				 break;
+		}
+		else
+			goto zerr;
+	}
 
 	lua_pushlstring(L, (const char*)buf, size);
 	lua_pushboolean(L, r==Z_STREAM_END);
@@ -3938,7 +3957,7 @@ static int luaL_doZfile(lua_State *L, const char *filename)
 			luaL_error(L, "could not open lua file '%s'", fname);
 		r = z_readfile(F, &buf, &size, 0);
 		fclose(F);
-		if (r != Z_OK)
+		if (r != Z_STREAM_END)
 			luaL_error(L, "could not unzip lua file '%s'", fname);
 		r = luaL_loadbuffer(L, buf, size, fname);
 		free(buf);

nfq2/protocol.c

@@ -145,7 +145,6 @@ bool posmarker_parse(const char *s, struct proto_pos *m)
 			m->pos = 0;
 	}
 	return true;
-	
 }
 bool posmarker_list_parse(const char *s, struct proto_pos *m, int *mct)
 {