CESNET
diff --git a/‎Makefile.am‎
Lines changed: 2 additions & 1 deletion b/‎Makefile.am‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎process/common.hpp‎
Lines changed: 90 additions & 0 deletions b/‎process/common.hpp‎
Lines changed: 90 additions & 0 deletions
diff --git a/‎process/http.cpp‎
Lines changed: 38 additions & 10 deletions b/‎process/http.cpp‎
Lines changed: 38 additions & 10 deletions
diff --git a/‎process/rtsp.cpp‎
Lines changed: 36 additions & 10 deletions b/‎process/rtsp.cpp‎
Lines changed: 36 additions & 10 deletions
@@ -121,7 +121,8 @@ ipfixprobe_process_src=\
 		process/stats.cpp \
 		process/stats.hpp \
 		process/md5.hpp \
-		process/md5.cpp
+		process/md5.cpp \
+		process/common.hpp
 
 if WITH_QUIC
 ipfixprobe_process_src+=\
 
@@ -0,0 +1,90 @@
+/**
+ * \file common.hpp
+ * \brief Common function for processing modules
+ * \author Pavel Siska <[email protected]>
+ * \date 2022
+ */
+/*
+ * Copyright (C) 2022 CESNET
+ *
+ * LICENSE TERMS
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name of the Company nor the names of its contributors
+ *    may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this
+ * product may be distributed under the terms of the GNU General Public
+ * License (GPL) version 2 or later, in which case the provisions
+ * of the GPL apply INSTEAD OF those given above.
+ *
+ * This software is provided ``as is'', and any express or implied
+ * warranties, including, but not limited to, the implied warranties of
+ * merchantability and fitness for a particular purpose are disclaimed.
+ * In no event shall the company or contributors be liable for any
+ * direct, indirect, incidental, special, exemplary, or consequential
+ * damages (including, but not limited to, procurement of substitute
+ * goods or services; loss of use, data, or profits; or business
+ * interruption) however caused and on any theory of liability, whether
+ * in contract, strict liability, or tort (including negligence or
+ * otherwise) arising in any way out of the use of this software, even
+ * if advised of the possibility of such damage.
+ *
+ */
+
+#ifndef IPXP_PROCESS_COMMON_HPP
+#define IPXP_PROCESS_COMMON_HPP
+
+#include <cstring>
+
+namespace ipxp {
+
+static inline bool check_payload_len(size_t payload_len, size_t required_len) noexcept
+{
+   return payload_len < required_len;
+}
+
+/**
+ * \brief Returns a pointer to the first occurrence of str2 in str1,
+ *        or a null pointer if str2 is not part of str1.
+ *
+ * \param str1 C string to be scanned.
+ * \param str2 C string containing the sequence of characters to match.
+ * \param len Number of bytes to be analyzed.
+ * 
+ * \return A pointer to the first occurrence of string in str1.
+ *         If the string is not found, the function returns a null pointer.
+ */
+static inline const char *
+strnstr(const char *str1, const char *str2, size_t len) noexcept
+{
+   char c, sc;
+   size_t slen;
+
+   if ((c = *str2++) != '\0') {
+      slen = strlen(str2);
+      do {
+         do {
+            if (len-- < 1 || (sc = *str1++) == '\0')
+               return (NULL);
+         } while (sc != c);
+         if (slen > len)
+            return (NULL);
+      } while (strncmp(str1, str2, slen) != 0);
+      str1--;
+   }
+   return ((char *)str1);
+}
+
+}
+
+#endif /* IPXP_PROCESS_COMMON_HPP */
@@ -50,6 +50,7 @@
 #include <unirec/unirec.h>
 #endif
 
+#include "common.hpp"
 #include "http.hpp"
 
 namespace ipxp {
@@ -224,6 +225,7 @@ static uint32_t s_requests = 0, s_responses = 0;
 bool HTTPPlugin::parse_http_request(const char *data, int payload_len, RecordExtHTTP *rec)
 {
    char buffer[64];
+   size_t remaining;
    const char *begin, *end, *keyval_delimiter;
 
    total++;
@@ -247,14 +249,21 @@ bool HTTPPlugin::parse_http_request(const char *data, int payload_len, RecordExt
     */
 
    /* Find begin of URI. */
-   begin = strchr(data, ' ');
+   begin = static_cast<const char *>(memchr(data, ' ', payload_len));
    if (begin == nullptr) {
       DEBUG_MSG("Parser quits:\tnot a http request header\n");
       return false;
    }
 
    /* Find end of URI. */
-   end = strchr(begin + 1, ' ');
+   if (check_payload_len(payload_len, (begin + 1) - data)) {
+      DEBUG_MSG("Parser quits:\tpayload end\n");
+      return false;
+   }
+
+   remaining = payload_len - ((begin + 1) - data);
+   end = static_cast<const char *>(memchr(begin + 1, ' ', remaining));
+
    if (end == nullptr) {
       DEBUG_MSG("Parser quits:\trequest is fragmented\n");
       return false;
@@ -281,7 +290,12 @@ bool HTTPPlugin::parse_http_request(const char *data, int payload_len, RecordExt
    DEBUG_MSG("\tURI: %s\n",      rec->uri);
 
    /* Find begin of next line after request line. */
-   begin = strstr(end, HTTP_LINE_DELIMITER);
+   if (check_payload_len(payload_len, end - data)) {
+      DEBUG_MSG("Parser quits:\tpayload end\n");
+      return false;
+   }
+   remaining = payload_len - (end - data);
+   begin = ipxp::strnstr(end, HTTP_LINE_DELIMITER, remaining);
    if (begin == nullptr) {
       DEBUG_MSG("Parser quits:\tNo line delim after request line\n");
       return false;
@@ -302,8 +316,10 @@ bool HTTPPlugin::parse_http_request(const char *data, int payload_len, RecordExt
    rec->referer[0] = 0;
    /* Process headers. */
    while (begin - data < payload_len) {
-      end = strstr(begin, HTTP_LINE_DELIMITER);
-      keyval_delimiter = strchr(begin, HTTP_KEYVAL_DELIMITER);
+
+      remaining = payload_len - (begin - data);
+      end = ipxp::strnstr(begin, HTTP_LINE_DELIMITER, remaining);
+      keyval_delimiter = static_cast<const char *>(memchr(begin, HTTP_KEYVAL_DELIMITER, remaining));
 
       if (end == nullptr) {
          DEBUG_MSG("Parser quits:\theader is fragmented\n");
@@ -356,6 +372,7 @@ bool HTTPPlugin::parse_http_response(const char *data, int payload_len, RecordEx
 {
    char buffer[64];
    const char *begin, *end, *keyval_delimiter;
+   size_t remaining;
    int code;
 
    total++;
@@ -385,14 +402,19 @@ bool HTTPPlugin::parse_http_response(const char *data, int payload_len, RecordEx
     */
 
    /* Find begin of status code. */
-   begin = strchr(data, ' ');
+   begin = static_cast<const char *>(memchr(data, ' ', payload_len));
    if (begin == nullptr) {
       DEBUG_MSG("Parser quits:\tnot a http response header\n");
       return false;
    }
 
    /* Find end of status code. */
-   end = strchr(begin + 1, ' ');
+   if (check_payload_len(payload_len, (begin + 1) - data)) {
+      DEBUG_MSG("Parser quits:\tpayload end\n");
+      return false;
+   }
+   remaining = payload_len - ((begin + 1) - data);
+   end = static_cast<const char *>(memchr(begin + 1, ' ', remaining));
    if (end == nullptr) {
       DEBUG_MSG("Parser quits:\tresponse is fragmented\n");
       return false;
@@ -416,7 +438,12 @@ bool HTTPPlugin::parse_http_response(const char *data, int payload_len, RecordEx
    rec->code = code;
 
    /* Find begin of next line after request line. */
-   begin = strstr(end, HTTP_LINE_DELIMITER);
+   if (check_payload_len(payload_len, end - data)) {
+      DEBUG_MSG("Parser quits:\tpayload end\n");
+      return false;
+   }
+   remaining = payload_len - (end - data);
+   begin = ipxp::strnstr(end, HTTP_LINE_DELIMITER, remaining);
    if (begin == nullptr) {
       DEBUG_MSG("Parser quits:\tNo line delim after request line\n");
       return false;
@@ -435,8 +462,9 @@ bool HTTPPlugin::parse_http_response(const char *data, int payload_len, RecordEx
    rec->content_type[0] = 0;
    /* Process headers. */
    while (begin - data < payload_len) {
-      end = strstr(begin, HTTP_LINE_DELIMITER);
-      keyval_delimiter = strchr(begin, HTTP_KEYVAL_DELIMITER);
+      remaining = payload_len - (begin - data);
+      end = ipxp::strnstr(begin, HTTP_LINE_DELIMITER, remaining);
+      keyval_delimiter = static_cast<const char *>(memchr(begin, HTTP_KEYVAL_DELIMITER, remaining));
 
       if (end == nullptr) {
          DEBUG_MSG("Parser quits:\theader is fragmented\n");
 
@@ -49,6 +49,7 @@
 #include <unirec/unirec.h>
 #endif
 
+#include "common.hpp"
 #include "rtsp.hpp"
 
 namespace ipxp {
@@ -204,6 +205,7 @@ bool RTSPPlugin::parse_rtsp_request(const char *data, int payload_len, RecordExt
    const char *begin;
    const char *end;
    const char *keyval_delimiter;
+   size_t remaining;
 
    total++;
 
@@ -226,14 +228,20 @@ bool RTSPPlugin::parse_rtsp_request(const char *data, int payload_len, RecordExt
     */
 
    /* Find begin of URI. */
-   begin = strchr(data, ' ');
+   begin = static_cast<const char *>(memchr(data, ' ', payload_len));
    if (begin == nullptr) {
       DEBUG_MSG("Parser quits:\tnot a rtsp request header\n");
       return false;
    }
 
    /* Find end of URI. */
-   end = strchr(begin + 1, ' ');
+   
+   if (check_payload_len(payload_len, (begin + 1) - data)) {
+      DEBUG_MSG("Parser quits:\tpayload end\n");
+      return false;
+   }
+   remaining = payload_len - ((begin + 1) - data);
+   end = static_cast<const char *>(memchr(begin + 1, ' ', remaining));
    if (end == nullptr) {
       DEBUG_MSG("Parser quits:\trequest is fragmented\n");
       return false;
@@ -260,7 +268,12 @@ bool RTSPPlugin::parse_rtsp_request(const char *data, int payload_len, RecordExt
    DEBUG_MSG("\tURI: %s\n",      rec->uri);
 
    /* Find begin of next line after request line. */
-   begin = strchr(end, RTSP_LINE_DELIMITER);
+   if (check_payload_len(payload_len, end - data)) {
+      DEBUG_MSG("Parser quits:\tpayload end\n");
+      return false;
+   }
+   remaining = payload_len - (end - data);
+   begin = static_cast<const char *>(memchr(end, RTSP_LINE_DELIMITER, remaining));
    if (begin == nullptr) {
       DEBUG_MSG("Parser quits:\tNo line delim after request line\n");
       return false;
@@ -279,8 +292,9 @@ bool RTSPPlugin::parse_rtsp_request(const char *data, int payload_len, RecordExt
    rec->user_agent[0] = 0;
    /* Process headers. */
    while (begin - data < payload_len) {
-      end = strchr(begin, RTSP_LINE_DELIMITER);
-      keyval_delimiter = strchr(begin, RTSP_KEYVAL_DELIMITER);
+      remaining = payload_len - (begin - data);
+      end = static_cast<const char *>(memchr(begin, RTSP_LINE_DELIMITER, remaining));
+      keyval_delimiter = static_cast<const char *>(memchr(begin, RTSP_KEYVAL_DELIMITER, remaining));
 
       int tmp = end - begin;
       if (tmp == 0 || tmp == 1) { /* Check for blank line with \r\n or \n ending. */
@@ -325,6 +339,7 @@ bool RTSPPlugin::parse_rtsp_response(const char *data, int payload_len, RecordEx
    const char *begin;
    const char *end;
    const char *keyval_delimiter;
+   size_t remaining;
    int code;
 
    total++;
@@ -354,14 +369,19 @@ bool RTSPPlugin::parse_rtsp_response(const char *data, int payload_len, RecordEx
     */
 
    /* Find begin of status code. */
-   begin = strchr(data, ' ');
+   begin = static_cast<const char *>(memchr(data, ' ', payload_len));
    if (begin == nullptr) {
       DEBUG_MSG("Parser quits:\tnot a rtsp response header\n");
       return false;
    }
 
    /* Find end of status code. */
-   end = strchr(begin + 1, ' ');
+   if (check_payload_len(payload_len, (begin + 1) - data)) {
+      DEBUG_MSG("Parser quits:\tpayload end\n");
+      return false;
+   }
+   remaining = payload_len - ((begin + 1) - data);
+   end = static_cast<const char *>(memchr(begin + 1, ' ', remaining));
    if (end == nullptr) {
       DEBUG_MSG("Parser quits:\tresponse is fragmented\n");
       return false;
@@ -385,7 +405,12 @@ bool RTSPPlugin::parse_rtsp_response(const char *data, int payload_len, RecordEx
    rec->code = code;
 
    /* Find begin of next line after request line. */
-   begin = strchr(end, RTSP_LINE_DELIMITER);
+   if (check_payload_len(payload_len, end - data)) {
+      DEBUG_MSG("Parser quits:\tpayload end\n");
+      return false;
+   }
+   remaining = payload_len - (end - data);
+   begin = static_cast<const char *>(memchr(end, RTSP_LINE_DELIMITER, remaining));
    if (begin == nullptr) {
       DEBUG_MSG("Parser quits:\tNo line delim after request line\n");
       return false;
@@ -404,8 +429,9 @@ bool RTSPPlugin::parse_rtsp_response(const char *data, int payload_len, RecordEx
    rec->content_type[0] = 0;
    /* Process headers. */
    while (begin - data < payload_len) {
-      end = strchr(begin, RTSP_LINE_DELIMITER);
-      keyval_delimiter = strchr(begin, RTSP_KEYVAL_DELIMITER);
+      remaining = payload_len - (begin - data);
+      end = static_cast<const char *>(memchr(begin, RTSP_LINE_DELIMITER, remaining));
+      keyval_delimiter = static_cast<const char *>(memchr(begin, RTSP_KEYVAL_DELIMITER, remaining));
 
       int tmp = end - begin;
       if (tmp == 0 || tmp == 1) { /* Check for blank line with \r\n or \n ending. */