diff --git a/mdig/mdig.c b/mdig/mdig.c index aa7abc5..92fd826 100644 --- a/mdig/mdig.c +++ b/mdig/mdig.c @@ -74,15 +74,16 @@ static const char* eai_str(int r) } } -bool dom_valid(char *dom) +static bool dom_valid(char *dom) { - if (!dom || *dom=='.') return false; - for (; *dom; dom++) - if (*dom < 0x20 || *dom>0x7F || !(*dom == '.' || *dom == '-' || *dom == '_' || *dom >= '0' && *dom <= '9' || *dom >= 'a' && *dom <= 'z' || *dom >= 'A' && *dom <= 'Z')) - return false; - return true; + if (!dom || *dom=='.') return false; + for (; *dom; dom++) + if (*dom < 0x20 || (*dom & 0x80) || !(*dom == '.' || *dom == '-' || *dom == '_' || (*dom >= '0' && *dom <= '9') || (*dom >= 'a' && *dom <= 'z') || (*dom >= 'A' && *dom <= 'Z'))) + return false; + return true; } -void invalid_domain_beautify(char *dom) + +static void invalid_domain_beautify(char *dom) { for (int i = 0; *dom && i < 64; i++, dom++) if (*dom < 0x20 || *dom>0x7F) *dom = '?'; @@ -159,14 +160,14 @@ static void stat_print(int ct, int ct_ok) } } -static void stat_plus(char is_ok) +static void stat_plus(bool is_ok) { int ct, ct_ok; if (glob.stats_every > 0) { pthread_mutex_lock(&glob.slock); ct = ++glob.stats_ct; - ct_ok = glob.stats_ct_ok += !!is_ok; + ct_ok = glob.stats_ct_ok += is_ok; pthread_mutex_unlock(&glob.slock); if (!(ct % glob.stats_every)) stat_print(ct, ct_ok); @@ -189,7 +190,8 @@ static void *t_resolver(void *arg) { int tid = (int)(size_t)arg; int i, r; - char dom[256], is_ok; + char dom[256]; + bool is_ok; struct addrinfo hints; struct addrinfo *result; @@ -201,9 +203,9 @@ static void *t_resolver(void *arg) while (interlocked_get_dom(dom, sizeof(dom))) { + is_ok = false; if (*dom) { - is_ok = 0; uint16_t family; char *s_mask, s_ip[sizeof(dom)]; @@ -213,7 +215,7 @@ static void *t_resolver(void *arg) family = GetAddrFamily(s_ip); if (family) { - if (family == AF_INET && (glob.family & FAMILY4) || family == AF_INET6 && (glob.family & FAMILY6)) + if ((family == AF_INET && (glob.family & FAMILY4)) || (family == AF_INET6 && (glob.family & FAMILY6))) { unsigned int mask; bool mask_needed = false; @@ -229,7 +231,7 @@ static void *t_resolver(void *arg) } } else - is_ok = 1; + is_ok = true; if (is_ok) interlocked_fprintf(stdout, mask_needed ? "%s/%u\n" : "%s\n", s_ip, mask); else @@ -252,7 +254,7 @@ static void *t_resolver(void *arg) { print_addrinfo(result); freeaddrinfo(result); - is_ok = 1; + is_ok = true; } break; } diff --git a/nfq/desync.c b/nfq/desync.c index 689a0c7..bd500c9 100644 --- a/nfq/desync.c +++ b/nfq/desync.c @@ -478,6 +478,9 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint { uint8_t verdict=VERDICT_PASS; + // additional safety check + if (!!ip != !!ip6hdr) return verdict; + t_ctrack *ctrack=NULL, *ctrack_replay=NULL; bool bReverse=false; @@ -600,15 +603,12 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint } } // !replay - if (params.desync_mode0!=DESYNC_NONE || params.desync_mode!=DESYNC_NONE) // save some cpu - { - ttl_fake = (ctrack_replay && ctrack_replay->autottl) ? ctrack_replay->autottl : (ip6hdr ? (params.desync_ttl6 ? params.desync_ttl6 : ttl_orig) : (params.desync_ttl ? params.desync_ttl : ttl_orig)); - flags_orig = *((uint8_t*)tcphdr+13); - scale_factor = tcp_find_scale_factor(tcphdr); - timestamps = tcp_find_timestamps(tcphdr); + ttl_fake = (ctrack_replay && ctrack_replay->autottl) ? ctrack_replay->autottl : (ip6hdr ? (params.desync_ttl6 ? params.desync_ttl6 : ttl_orig) : (params.desync_ttl ? params.desync_ttl : ttl_orig)); + flags_orig = *((uint8_t*)tcphdr+13); + scale_factor = tcp_find_scale_factor(tcphdr); + timestamps = tcp_find_timestamps(tcphdr); - extract_endpoints(ip, ip6hdr, tcphdr, NULL, &src, &dst); - } + extract_endpoints(ip, ip6hdr, tcphdr, NULL, &src, &dst); if (!replay) { @@ -955,6 +955,10 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint // this mode is final, no other options available return VERDICT_DROP; } + default: + // fix code analyzer warning + pkt1_len=0; + break; } if (b) @@ -1192,6 +1196,9 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint { uint8_t verdict=VERDICT_PASS; + // additional safety check + if (!!ip != !!ip6hdr) return verdict; + // no need to desync middle packets in reasm session if (reasm_offset) return verdict; @@ -1467,6 +1474,10 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint } desync_mode = params.desync_mode2; break; + default: + // fix code analyzer warning + pkt1_len=0; + break; } if (b) diff --git a/nfq/protocol.c b/nfq/protocol.c index c718c35..8c6470c 100644 --- a/nfq/protocol.c +++ b/nfq/protocol.c @@ -281,7 +281,7 @@ static bool TLSExtractHostFromExt(const uint8_t *ext, size_t elen, char *host, s size_t slen = pntoh16(ext + 3); ext += 5; elen -= 5; if (slen < elen) return false; - if (ext && len_host) + if (host && len_host) { if (slen >= len_host) slen = len_host - 1; for (size_t i = 0; i < slen; i++) host[i] = tolower(ext[i]); @@ -342,6 +342,8 @@ static uint8_t tvb_get_varint(const uint8_t *tvb, uint64_t *value) if (value) *value = pntoh64(tvb) & 0x3FFFFFFFFFFFFFFF; return 8; } + // impossible case + if (*value) *value = 0; return 0; } static uint8_t tvb_get_size(uint8_t tvb) diff --git a/tpws/protocol.c b/tpws/protocol.c index 9aff70f..9043dc1 100644 --- a/tpws/protocol.c +++ b/tpws/protocol.c @@ -271,7 +271,7 @@ static bool TLSExtractHostFromExt(const uint8_t *ext, size_t elen, char *host, s size_t slen = pntoh16(ext + 3); ext += 5; elen -= 5; if (slen < elen) return false; - if (ext && len_host) + if (host && len_host) { if (slen >= len_host) slen = len_host - 1; for (size_t i = 0; i < slen; i++) host[i] = tolower(ext[i]);