Merge pull request #134260 from risicle/ris-ndpi-CVE-2021-36082-r21.05

[21.05] ndpi: add patch for CVE-2021-36082
2021-08-24 15:08:44 +02:00 · 2021-08-24 15:08:44 +02:00 · b2c5035d6e
parent f0a1234576 7b11c26712
commit b2c5035d6e
2 changed files with 105 additions and 0 deletions
--- a/pkgs/development/libraries/ndpi/3.4-CVE-2021-36082.patch
+++ b/pkgs/development/libraries/ndpi/3.4-CVE-2021-36082.patch
@ -0,0 +1,101 @@
+Based on upstream https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3
+adapted by ris to apply to ndpi 3.4
+
+diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c
+index 1f3850cb..0d3b705f 100644
+--- a/src/lib/protocols/netbios.c
+++ b/src/lib/protocols/netbios.c
+@@ -42,7 +42,7 @@ int ndpi_netbios_name_interpret(char *in, size_t inlen, char *out, u_int out_len
+   int ret = 0, len, idx = inlen;
+   char *b;
+ 
+-  len = (*in++)/2;
+  len = (*in++)/2, inlen--;
+   b  = out;
+   *out = 0;
+ 
+ 
+diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
+index 5b572cae..304d5799 100644
+--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
+@@ -994,21 +994,23 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
+ 	i += 4 + extension_len, offset += 4 + extension_len;
+       }
+ 
+-      ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version);
+      ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version);
+ 
+-      for(i=0; i<ja3.num_cipher; i++) {
+-	rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]);
+      for(i=0; (i<ja3.num_cipher) && (JA3_STR_LEN > ja3_str_len); i++) {
+	rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]);
+ 
+ 	if(rc <= 0) break; else ja3_str_len += rc;
+       }
+ 
+-      rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
+      if(JA3_STR_LEN > ja3_str_len) {
+      rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
+       if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
+      }
+ 
+       /* ********** */
+ 
+-      for(i=0; i<ja3.num_tls_extension; i++) {
+-	int rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]);
+      for(i=0; (i<ja3.num_tls_extension) && (JA3_STR_LEN > ja3_str_len); i++) {
+	int rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]);
+ 
+ 	if(rc <= 0) break; else ja3_str_len += rc;
+       }
+@@ -1443,41 +1445,41 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
+ 	      int rc;
+ 
+ 	    compute_ja3c:
+-	      ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version);
+	      ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version);
+ 
+ 	      for(i=0; i<ja3.num_cipher; i++) {
+-		rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
+		rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
+ 			      (i > 0) ? "-" : "", ja3.cipher[i]);
+ 		if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
+ 	      }
+ 
+-	      rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
+	      rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
+ 	      if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
+ 
+ 	      /* ********** */
+ 
+ 	      for(i=0; i<ja3.num_tls_extension; i++) {
+-		rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
+		rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
+ 			      (i > 0) ? "-" : "", ja3.tls_extension[i]);
+ 		if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
+ 	      }
+ 
+-	      rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
+	      rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
+ 	      if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
+ 
+ 	      /* ********** */
+ 
+ 	      for(i=0; i<ja3.num_elliptic_curve; i++) {
+-		rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
+		rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
+ 			      (i > 0) ? "-" : "", ja3.elliptic_curve[i]);
+ 		if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
+ 	      }
+ 
+-	      rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
+	      rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
+ 	      if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
+ 
+ 	      for(i=0; i<ja3.num_elliptic_curve_point_format; i++) {
+-		rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
+		rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
+ 			      (i > 0) ? "-" : "", ja3.elliptic_curve_point_format[i]);
+ 		if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
+ 	      }
--- a/pkgs/development/libraries/ndpi/default.nix
+++ b/pkgs/development/libraries/ndpi/default.nix
@ -14,6 +14,10 @@ stdenv.mkDerivation {
    sha256 = "0xjh9gv0mq0213bjfs5ahrh6m7l7g99jjg8104c0pw54hz0p5pq1";
  };

+  patches = [
+    ./3.4-CVE-2021-36082.patch
+  ];
+
  configureScript = "./autogen.sh";

  nativeBuildInputs = [which autoconf automake libtool];