nfqws: desync condition fix

mdig/mdig.c

@@ -74,15 +74,16 @@ static const char* eai_str(int r)
 	}
 }
 
-bool dom_valid(char *dom)
+static bool dom_valid(char *dom)
 {
 	if (!dom || *dom=='.') return false;
 	for (; *dom; dom++)
-		if (*dom < 0x20 || *dom>0x7F || !(*dom == '.' || *dom == '-' || *dom == '_' || *dom >= '0' && *dom <= '9' || *dom >= 'a' && *dom <= 'z' || *dom >= 'A' && *dom <= 'Z'))
+	if (*dom < 0x20 || (*dom & 0x80) || !(*dom == '.' || *dom == '-' || *dom == '_' || (*dom >= '0' && *dom <= '9') || (*dom >= 'a' && *dom <= 'z') || (*dom >= 'A' && *dom <= 'Z')))
-			return false;
+		return false;
 	return true;
 }
-void invalid_domain_beautify(char *dom)
+
+static void invalid_domain_beautify(char *dom)
 {
 	for (int i = 0; *dom && i < 64; i++, dom++)
 		if (*dom < 0x20 || *dom>0x7F) *dom = '?';
@@ -159,14 +160,14 @@ static void stat_print(int ct, int ct_ok)
 	}
 }
 
-static void stat_plus(char is_ok)
+static void stat_plus(bool is_ok)
 {
 	int ct, ct_ok;
 	if (glob.stats_every > 0)
 	{
 		pthread_mutex_lock(&glob.slock);
 		ct = ++glob.stats_ct;
-		ct_ok = glob.stats_ct_ok += !!is_ok;
+		ct_ok = glob.stats_ct_ok += is_ok;
 		pthread_mutex_unlock(&glob.slock);
 
 		if (!(ct % glob.stats_every)) stat_print(ct, ct_ok);
@@ -189,7 +190,8 @@ static void *t_resolver(void *arg)
 {
 	int tid = (int)(size_t)arg;
 	int i, r;
-	char dom[256], is_ok;
+	char dom[256];
+	bool is_ok;
 	struct addrinfo hints;
 	struct addrinfo *result;
 
@@ -201,9 +203,9 @@ static void *t_resolver(void *arg)
 
 	while (interlocked_get_dom(dom, sizeof(dom)))
 	{
+		is_ok = false;
 		if (*dom)
 		{
-			is_ok = 0;
 			uint16_t family;
 			char *s_mask, s_ip[sizeof(dom)];
 
@@ -213,7 +215,7 @@ static void *t_resolver(void *arg)
 			family = GetAddrFamily(s_ip);
 			if (family)
 			{
-				if (family == AF_INET && (glob.family & FAMILY4) || family == AF_INET6 && (glob.family & FAMILY6))
+				if ((family == AF_INET && (glob.family & FAMILY4)) || (family == AF_INET6 && (glob.family & FAMILY6)))
 				{
 					unsigned int mask;
 					bool mask_needed = false;
@@ -229,7 +231,7 @@ static void *t_resolver(void *arg)
 						}
 					}
 					else
-						is_ok = 1;
+						is_ok = true;
 					if (is_ok)
 						interlocked_fprintf(stdout, mask_needed ? "%s/%u\n" : "%s\n", s_ip, mask);
 					else
@@ -252,7 +254,7 @@ static void *t_resolver(void *arg)
 					{
 						print_addrinfo(result);
 						freeaddrinfo(result);
-						is_ok = 1;
+						is_ok = true;
 					}
 					break;
 				}

nfq/desync.c

@@ -478,6 +478,9 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 {
 	uint8_t verdict=VERDICT_PASS;
 
+	// additional safety check
+	if (!!ip == !!ip6hdr) return verdict;
+
 	t_ctrack *ctrack=NULL, *ctrack_replay=NULL;
 	bool bReverse=false;
 
@@ -600,15 +603,12 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 		}
 	} // !replay
 
-	if (params.desync_mode0!=DESYNC_NONE || params.desync_mode!=DESYNC_NONE) // save some cpu
+	ttl_fake = (ctrack_replay && ctrack_replay->autottl) ? ctrack_replay->autottl : (ip6hdr ? (params.desync_ttl6 ? params.desync_ttl6 : ttl_orig) : (params.desync_ttl ? params.desync_ttl : ttl_orig));
-	{
+	flags_orig = *((uint8_t*)tcphdr+13);
-		ttl_fake = (ctrack_replay && ctrack_replay->autottl) ? ctrack_replay->autottl : (ip6hdr ? (params.desync_ttl6 ? params.desync_ttl6 : ttl_orig) : (params.desync_ttl ? params.desync_ttl : ttl_orig));
+	scale_factor = tcp_find_scale_factor(tcphdr);
-		flags_orig = *((uint8_t*)tcphdr+13);
+	timestamps = tcp_find_timestamps(tcphdr);
-		scale_factor = tcp_find_scale_factor(tcphdr);
-		timestamps = tcp_find_timestamps(tcphdr);
 
-		extract_endpoints(ip, ip6hdr, tcphdr, NULL, &src, &dst);
+	extract_endpoints(ip, ip6hdr, tcphdr, NULL, &src, &dst);
-	}
 
 	if (!replay)
 	{
@@ -955,6 +955,10 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 					// this mode is final, no other options available
 					return VERDICT_DROP;
 				}
+			default:
+				// fix code analyzer warning
+				pkt1_len=0;
+				break;
 		}
 
 		if (b)
@@ -1192,6 +1196,9 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint
 {
 	uint8_t verdict=VERDICT_PASS;
 
+	// additional safety check
+	if (!!ip == !!ip6hdr) return verdict;
+
 	// no need to desync middle packets in reasm session
 	if (reasm_offset) return verdict;
 
@@ -1467,6 +1474,10 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint
 				}
 				desync_mode = params.desync_mode2;
 				break;
+			default:
+				// fix code analyzer warning
+				pkt1_len=0;
+				break;
 		}
 
 		if (b)

nfq/protocol.c

@@ -281,7 +281,7 @@ static bool TLSExtractHostFromExt(const uint8_t *ext, size_t elen, char *host, s
 	size_t slen = pntoh16(ext + 3);
 	ext += 5; elen -= 5;
 	if (slen < elen) return false;
-	if (ext && len_host)
+	if (host && len_host)
 	{
 		if (slen >= len_host) slen = len_host - 1;
 		for (size_t i = 0; i < slen; i++) host[i] = tolower(ext[i]);
@@ -342,6 +342,8 @@ static uint8_t tvb_get_varint(const uint8_t *tvb, uint64_t *value)
 		if (value) *value = pntoh64(tvb) & 0x3FFFFFFFFFFFFFFF;
 		return 8;
 	}
+	// impossible case
+	if (*value) *value = 0;
 	return 0;
 }
 static uint8_t tvb_get_size(uint8_t tvb)

tpws/protocol.c

@@ -271,7 +271,7 @@ static bool TLSExtractHostFromExt(const uint8_t *ext, size_t elen, char *host, s
 	size_t slen = pntoh16(ext + 3);
 	ext += 5; elen -= 5;
 	if (slen < elen) return false;
-	if (ext && len_host)
+	if (host && len_host)
 	{
 		if (slen >= len_host) slen = len_host - 1;
 		for (size_t i = 0; i < slen; i++) host[i] = tolower(ext[i]);