From 7c60ad3a7aead15a8816d21e80f12d1e23150d11 Mon Sep 17 00:00:00 2001 From: bol-van Date: Mon, 16 Feb 2026 10:47:50 +0300 Subject: [PATCH] AI fixes --- nfq2/conntrack.c | 2 +- nfq2/darkmagic.c | 8 ++++---- nfq2/desync.c | 12 ++++++------ nfq2/filter.c | 6 +++--- nfq2/helpers.c | 2 +- nfq2/ipset.c | 2 +- nfq2/lua.c | 11 ++++++----- nfq2/pools.c | 4 ++-- nfq2/protocol.c | 7 ++++--- 9 files changed, 28 insertions(+), 26 deletions(-) diff --git a/nfq2/conntrack.c b/nfq2/conntrack.c index d7156b2..806d43a 100644 --- a/nfq2/conntrack.c +++ b/nfq2/conntrack.c @@ -347,7 +347,7 @@ void ConntrackPoolDump(const t_conntrack *p) { t_conntrack_pool *t, *tmp; time_t tnow; - char sa1[40], sa2[40]; + char sa1[INET6_ADDRSTRLEN], sa2[INET6_ADDRSTRLEN]; if (!(tnow=boottime())) return; HASH_ITER(hh, p->pool, t, tmp) { diff --git a/nfq2/darkmagic.c b/nfq2/darkmagic.c index b906d77..0077b7d 100644 --- a/nfq2/darkmagic.c +++ b/nfq2/darkmagic.c @@ -285,7 +285,7 @@ void str_icmp_type_name(char *s, size_t s_len, bool v6, uint8_t type) static void str_srcdst_ip(char *s, size_t s_len, const void *saddr,const void *daddr) { - char s_ip[16],d_ip[16]; + char s_ip[INET_ADDRSTRLEN],d_ip[INET_ADDRSTRLEN]; *s_ip=*d_ip=0; inet_ntop(AF_INET, saddr, s_ip, sizeof(s_ip)); inet_ntop(AF_INET, daddr, d_ip, sizeof(d_ip)); @@ -306,7 +306,7 @@ void print_ip(const struct ip *ip) } void str_srcdst_ip6(char *s, size_t s_len, const void *saddr,const void *daddr) { - char s_ip[40],d_ip[40]; + char s_ip[INET6_ADDRSTRLEN],d_ip[INET6_ADDRSTRLEN]; *s_ip=*d_ip=0; inet_ntop(AF_INET6, saddr, s_ip, sizeof(s_ip)); inet_ntop(AF_INET6, daddr, d_ip, sizeof(d_ip)); @@ -314,14 +314,14 @@ void str_srcdst_ip6(char *s, size_t s_len, const void *saddr,const void *daddr) } void str_ip6hdr(char *s, size_t s_len, const struct ip6_hdr *ip6hdr, uint8_t proto) { - char ss[83],s_proto[16]; + char ss[100],s_proto[16]; str_srcdst_ip6(ss,sizeof(ss),&ip6hdr->ip6_src,&ip6hdr->ip6_dst); str_proto_name(s_proto,sizeof(s_proto),proto); snprintf(s,s_len,"%s proto=%s ttl=%u",ss,s_proto,ip6hdr->ip6_hlim); } void print_ip6hdr(const struct ip6_hdr *ip6hdr, uint8_t proto) { - char s[128]; + char s[132]; str_ip6hdr(s,sizeof(s),ip6hdr,proto); printf("%s",s); } diff --git a/nfq2/desync.c b/nfq2/desync.c index a348307..a28d2cc 100644 --- a/nfq2/desync.c +++ b/nfq2/desync.c @@ -289,11 +289,11 @@ static struct desync_profile *dp_find( struct desync_profile_list *dpl; if (params.debug) { - char s[40]; + char s[INET6_ADDRSTRLEN]; ntopa46(ip, ip6, s, sizeof(s)); if (ipr || ipr6) { - char sr[40]; + char sr[INET6_ADDRSTRLEN]; ntopa46(ipr, ipr6, sr, sizeof(sr)); DLOG("desync profile search for %s ip1=%s ip2=%s port=%u icmp=%u:%u l7proto=%s ssid='%s' hostname='%s'\n", proto_name(l3proto), s, sr, port, icmp_type, icmp_code, l7proto_str(l7proto), ssid ? ssid : "", hostname ? hostname : ""); @@ -737,7 +737,7 @@ static bool ipcache_get_hostname(const struct in_addr *a4, const struct in6_addr } if (params.debug) { - char s[40]; + char s[INET6_ADDRSTRLEN]; ntopa46(a4, a6, s, sizeof(s)); DLOG("ipcache hostname search for %s\n", s); } @@ -746,7 +746,7 @@ static bool ipcache_get_hostname(const struct in_addr *a4, const struct in6_addr { if (params.debug) { - char s[40]; + char s[INET6_ADDRSTRLEN]; ntopa46(a4, a6, s, sizeof(s)); DLOG("got cached hostname for %s : %s (is_ip=%u)\n", s, ipc->hostname, ipc->hostname_is_ip); } @@ -1137,7 +1137,7 @@ static void setup_direction( if (params.debug) { - char ip[40]; + char ip[INET6_ADDRSTRLEN]; ntopa46(*sdip4, *sdip6, ip, sizeof(ip)); DLOG("%s mode desync profile/ipcache search target ip=%s port=%u\n", params.server ? "server" : "client", ip, *sdport); } @@ -1676,7 +1676,7 @@ static bool feed_dns_response(const uint8_t *a, size_t len) // check of minimum header length and response flag uint16_t k, off, dlen, qcount = a[4]<<8 | a[5], acount = a[6]<<8 | a[7]; - char s_ip[40]; + char s_ip[INET6_ADDRSTRLEN]; const uint8_t *b = a, *p; const uint8_t *e = b + len; size_t nl; diff --git a/nfq2/filter.c b/nfq2/filter.c index 0e1e15e..4c736a1 100644 --- a/nfq2/filter.c +++ b/nfq2/filter.c @@ -173,7 +173,7 @@ bool packet_range_parse(const char *s, struct packet_range *range) void str_cidr4(char *s, size_t s_len, const struct cidr4 *cidr) { - char s_ip[16]; + char s_ip[INET_ADDRSTRLEN]; *s_ip=0; inet_ntop(AF_INET, &cidr->addr, s_ip, sizeof(s_ip)); snprintf(s,s_len,cidr->preflen<32 ? "%s/%u" : "%s", s_ip, cidr->preflen); @@ -186,14 +186,14 @@ void print_cidr4(const struct cidr4 *cidr) } void str_cidr6(char *s, size_t s_len, const struct cidr6 *cidr) { - char s_ip[40]; + char s_ip[INET6_ADDRSTRLEN]; *s_ip=0; inet_ntop(AF_INET6, &cidr->addr, s_ip, sizeof(s_ip)); snprintf(s,s_len,cidr->preflen<128 ? "%s/%u" : "%s", s_ip, cidr->preflen); } void print_cidr6(const struct cidr6 *cidr) { - char s[44]; + char s[INET_ADDRSTRLEN+4]; str_cidr6(s,sizeof(s),cidr); printf("%s",s); } diff --git a/nfq2/helpers.c b/nfq2/helpers.c index b8d3655..33513ff 100644 --- a/nfq2/helpers.c +++ b/nfq2/helpers.c @@ -246,7 +246,7 @@ void ntop46(const struct sockaddr *sa, char *str, size_t len) } void ntop46_port(const struct sockaddr *sa, char *str, size_t len) { - char ip[40]; + char ip[INET6_ADDRSTRLEN]; ntop46(sa, ip, sizeof(ip)); switch (sa->sa_family) { diff --git a/nfq2/ipset.c b/nfq2/ipset.c index 114db92..6fe9485 100644 --- a/nfq2/ipset.c +++ b/nfq2/ipset.c @@ -182,7 +182,7 @@ bool LoadAllIpsets() static bool SearchIpset(const ipset *ips, const struct in_addr *ipv4, const struct in6_addr *ipv6) { - char s_ip[40]; + char s_ip[INET6_ADDRSTRLEN]; bool bInSet=false; if (!!ipv4 != !!ipv6) diff --git a/nfq2/lua.c b/nfq2/lua.c index a9562dd..d56eb33 100644 --- a/nfq2/lua.c +++ b/nfq2/lua.c @@ -2813,7 +2813,7 @@ static int luacall_ntop(lua_State *L) { size_t l; const char *p; - char s[40]; + char s[INET6_ADDRSTRLEN]; int af=0; lua_check_argc(L,"ntop",1); @@ -2833,9 +2833,10 @@ static int luacall_ntop(lua_State *L) lua_pushnil(L); return 1; } - if (!inet_ntop(af,p,s,sizeof(s))) - luaL_error(L, "inet_ntop error"); - lua_pushstring(L,s); + if (inet_ntop(af,p,s,sizeof(s))) + lua_pushstring(L,s); + else + lua_pushnil(L); LUA_STACK_GUARD_RETURN(L,1) } @@ -3139,7 +3140,7 @@ static int lua_get_ifaddrs(lua_State *L) struct ifreq ifr; const char *ifname; #ifdef __CYGWIN__ - char ifname_buf[16]; + char ifname_buf[IFNAMSIZ]; #endif memset(&ifr,0,sizeof(ifr)); diff --git a/nfq2/pools.c b/nfq2/pools.c index dac832d..432ea4b 100644 --- a/nfq2/pools.c +++ b/nfq2/pools.c @@ -1033,7 +1033,7 @@ static ip_cache4 *ipcache4Add(ip_cache4 **ipcache, const struct in_addr *a, cons } static void ipcache4Print(ip_cache4 *ipcache) { - char s_ip[16]; + char s_ip[INET_ADDRSTRLEN]; time_t now; ip_cache4 *ipc, *tmp; @@ -1091,7 +1091,7 @@ static ip_cache6 *ipcache6Add(ip_cache6 **ipcache, const struct in6_addr *a, con } static void ipcache6Print(ip_cache6 *ipcache) { - char s_ip[40]; + char s_ip[INET6_ADDRSTRLEN]; time_t now; ip_cache6 *ipc, *tmp; diff --git a/nfq2/protocol.c b/nfq2/protocol.c index e5389ea..9646bb8 100644 --- a/nfq2/protocol.c +++ b/nfq2/protocol.c @@ -1198,12 +1198,13 @@ bool QUICDecryptInitial(const uint8_t *data, size_t data_len, uint8_t *clean, si uint64_t payload_len,token_len,pn_offset; pn_offset = 1 + 4 + 1 + data[5]; if (pn_offset >= data_len) return false; + // SCID length pn_offset += 1 + data[pn_offset]; - if ((pn_offset + tvb_get_size(data[pn_offset])) >= data_len) return false; + if (pn_offset >= data_len || (pn_offset + tvb_get_size(data[pn_offset])) >= data_len) return false; + // token length pn_offset += tvb_get_varint(data + pn_offset, &token_len); pn_offset += token_len; - if (pn_offset >= data_len) return false; - if ((pn_offset + tvb_get_size(data[pn_offset])) >= data_len) return false; + if (pn_offset >= data_len || (pn_offset + tvb_get_size(data[pn_offset])) >= data_len) return false; pn_offset += tvb_get_varint(data + pn_offset, &payload_len); if (payload_len<20 || (pn_offset + payload_len)>data_len) return false;