From 41aa2f96b65754660699071f95028c8caa0bcd6b Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 21 Dec 2023 12:24:30 +0100 Subject: [PATCH] Various MDNS flow risks fixes --- src/lib/ndpi_main.c | 3 +++ src/lib/protocols/dns.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f590f2879cb..163983040a5 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -805,6 +805,8 @@ int ndpi_init_empty_app_protocol(ndpi_protocol_match const * const hostname_list return 0; } +/* ******************************************************************** */ + int ndpi_init_app_protocol(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol_match const * const match) { ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; @@ -6987,6 +6989,7 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s break; case NDPI_PROTOCOL_SYSLOG: + case NDPI_PROTOCOL_MDNS: if(flow->l4_proto == IPPROTO_UDP) ndpi_unset_risk(ndpi_str, flow, NDPI_UNIDIRECTIONAL_TRAFFIC); break; diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 2c7adac87b6..547da36c571 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -773,7 +773,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st if(dot) { uintptr_t first_element_len = dot - _hostname; - if(first_element_len > 32) { + if((first_element_len > 32) && (!is_mdns)) { /* The lenght of the first element in the query is very long and this might be an issue or indicate an exfiltration