diff --git a/docs/changes.txt b/docs/changes.txt index 0f2dd83..0c21361 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -178,3 +178,8 @@ v0.8.1 * nfqws2: alternative representation of payload filter in execution_plan item * nfqws2: --payload-disable * nfqws2: gracefully shutdown on SIGINT and SIGTERM +* nfqws2: harden wireguard detection. do not detect if reserved bytes 1..3 != 0 + +0.8.5 + +* nfqws2: do not require / in the beginning of URI in http diff --git a/nfq2/protocol.c b/nfq2/protocol.c index 2464fcb..40be021 100644 --- a/nfq2/protocol.c +++ b/nfq2/protocol.c @@ -243,24 +243,38 @@ void ResolveMultiPos(const uint8_t *data, size_t sz, t_l7payload l7payload, cons } -const char *http_methods[] = { "GET /","POST /","HEAD /","OPTIONS ","PUT /","DELETE /","CONNECT ","TRACE /",NULL }; -const char *HttpMethod(const uint8_t *data, size_t len) +static const char *http_methods[] = { "GET ","POST ","HEAD ","OPTIONS ","PUT ","DELETE ","CONNECT ","TRACE ",NULL }; +static const char *HttpMethod(const uint8_t *data, size_t len) { const char **method; size_t method_len; - for (method = http_methods; *method; method++) + + if (len>=4) { - method_len = strlen(*method); - if (method_len <= len && !memcmp(data, *method, method_len)) - return *method; + for (method = http_methods; *method; method++) + { + method_len = strlen(*method); + if (method_len <= len && !memcmp(data, *method, method_len)) + return *method; + } } return NULL; } bool IsHttp(const uint8_t *data, size_t len) { - return !!HttpMethod(data,len); + if (!HttpMethod(data,len)) return false; + // GET /uri HTTP/1.1 + // skip method + for(; len && *data!=' ' && *data!='\t' && *data!='\r' && *data!='\n'; data++, len--); + if (!len || *data!=' ' && *data!='\t') return false; + for(; len && (*data==' '|| *data=='\t'); data++, len--); + // skip URI + for(; len && *data!=' ' && *data!='\t' && *data!='\r' && *data!='\n'; data++, len--); + if (!len || *data!=' ' && *data!='\t') return false; + for(; len && (*data==' '|| *data=='\t'); data++, len--); + if (len<10 || *data=='\r' || *data=='\n') return false; + return !memcmp(data,"HTTP/1.",7); } - static bool IsHostAt(const uint8_t *p) { return \ diff --git a/nfq2/protocol.h b/nfq2/protocol.h index 95cddac..cdcc655 100644 --- a/nfq2/protocol.h +++ b/nfq2/protocol.h @@ -90,8 +90,6 @@ ssize_t TLSPos(t_marker posmarker, int16_t pos, const uint8_t *data, size_t sz); ssize_t ResolvePos(const uint8_t *data, size_t sz, t_l7payload l7payload, const struct proto_pos *sp); void ResolveMultiPos(const uint8_t *data, size_t sz, t_l7payload l7payload, const struct proto_pos *marker, int marker_count, ssize_t *pos, int *pos_count); -extern const char *http_methods[9]; -const char *HttpMethod(const uint8_t *data, size_t len); bool IsHttp(const uint8_t *data, size_t len); bool HttpFindHost(uint8_t **pHost,uint8_t *buf,size_t bs); // header must be passed like this : "\nHost:"