Danos ndpi updated with libndpi 3.4 (stable)

.appveyor.yml

@@ -0,0 +1,17 @@
+version: 3.1.{build}
+branches:
+  only:
+    - dev
+environment:
+  matrix:
+    - COMPILER: mingw
+      MINGW_DIR: c:\msys64\mingw32
+
+before_build:
+  - set Path=%MINGW_DIR%\bin;%Path%
+
+build_script:
+  - set Path=%MINGW_DIR%\bin;c:\msys64\usr\bin;
+  - bash autogen.sh
+  - cd src/lib
+  - make

.gitignore

@@ -54,3 +54,6 @@ stamp-h1
 *.swp
 /test-driver
 /tests/Makefile
+/fuzz/.deps/
+/src/include/ndpi_api.h
+/src/include/Makefile.am

.lgtm/cpp-queries/packet-payload-integer-arithmetic.ql

@@ -0,0 +1,83 @@
+/** 
+* @name Suspicious packet->payload based integer arithmetic
+* @description An arithmetic operation influenced array access is suspicious 
+* if it uses an integer value that is likely to be network-controlled, and
+* may require a closer manual audit.
+* @kind problem
+* @problem.severity warning
+* @id cpp/packet-payload-integer-arithmetic
+* @tags audit security
+*/
+
+import cpp
+
+import semmle.code.cpp.dataflow.TaintTracking
+import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
+
+/** A source of an integer value that is likely to come from the network.
+ * This is produced by an invocation of a macro of the form `ntoh*` or `get_u_int*_t`,
+ * called with `packet->payload` as an argument.
+ */
+
+class NetworkMacro extends Macro {
+  NetworkMacro() { this.getName().regexpMatch("^ntoh(ll|l|s)") }
+}
+
+class NetworkIntegerSource extends Expr {
+  NetworkIntegerSource() {
+    exists(MacroInvocation mi |
+      this = mi.getExpr() and
+      mi.getUnexpandedArgument(0).regexpMatch(".*packet->payload.*") |
+      // catch all get_u_int*_t(x)
+      mi.getMacroName().regexpMatch("^get_u_int(64|32|16|8)_t") and
+      // dedup ntoh*(get_u_int*_t(x)) since we'll catch those in the next case
+      not mi.getOutermostMacroAccess().getMacro() instanceof NetworkMacro
+      or
+      // catch all ntoh*(x) ... this will also catch the nested cases
+      mi.getMacro() instanceof NetworkMacro
+    )
+  }
+}
+
+class ArithmeticOperation extends Operation {
+  ArithmeticOperation() {
+    this instanceof UnaryArithmeticOperation or this instanceof BinaryArithmeticOperation
+  }
+}
+
+class NetworkToArrayAccess extends TaintTracking::Configuration {
+  NetworkToArrayAccess() { this = "NetworkToArrayAccess" }
+
+  override predicate isSource(DataFlow::Node source) {
+    source.asExpr() instanceof NetworkIntegerSource
+  }
+
+  override predicate isSink(DataFlow::Node sink) {
+    exists(ArrayExpr ae | sink.asExpr() = ae.getArrayOffset())
+  }
+}
+
+class NetworkToArithmetic extends TaintTracking::Configuration {
+  NetworkToArithmetic() { this = "NetworkToArithmetic" }
+
+  override predicate isSource(DataFlow::Node source) {
+       source.asExpr() instanceof NetworkIntegerSource
+  }
+
+  override predicate isSink(DataFlow::Node sink) {
+    exists (Assignment assign |
+        sink.asExpr() = assign.getRValue().(ArithmeticOperation) or
+        sink.asExpr() = assign.(AssignArithmeticOperation) 
+    ) or
+    exists(LocalVariable var | 
+      sink.asExpr() = var.getInitializer().getExpr().(ArithmeticOperation)
+    )
+  }  
+}
+
+// find audit candidates based on suspicious network integer use
+from NetworkIntegerSource source, Expr sink1, Expr sink2, NetworkToArithmetic config1, NetworkToArrayAccess config2
+where config1.hasFlow(DataFlow::exprNode(source), DataFlow::exprNode(sink1))
+      // or this if you want integer arithmeric _OR_ array accesses
+      and config2.hasFlow(DataFlow::exprNode(source), DataFlow::exprNode(sink2))
+select source, "Suspicious use of network integer arithmetic."

.travis.yml

@@ -7,20 +7,74 @@ matrix:
 
     - os: linux
       compiler: gcc
+      dist: bionic
       addons:
         apt:
           packages:
             - libpcap-dev
+            - libgcrypt20-dev
+            - libjson-c-dev
             - autogen
 
     - os: linux
       compiler: clang
+      dist: bionic
       addons:
         apt:
           packages:
             - libpcap-dev
+            - libgcrypt20-dev
+            - libjson-c-dev
             - autogen
 
+    - os: linux
+      compiler: gcc
+      dist: bionic
+      arch: arm64
+      addons:
+        apt:
+          packages:
+            - libpcap-dev
+            - libgcrypt20-dev
+            - libjson-c-dev
+            - autogen
+
+    - os: linux
+      compiler: clang
+      dist: bionic
+      arch: arm64
+      addons:
+        apt:
+          packages:
+            - libpcap-dev
+            - libgcrypt20-dev
+            - libjson-c-dev
+            - autogen
+
+# Targets below have been disabled as we have no way
+# to debug on tsuch platforms at the moment
+#    - os: linux
+#      compiler: gcc
+#      dist: bionic
+#      arch: s390x
+#      addons:
+#        apt:
+#          packages:
+#            - libpcap-dev
+#            - libjson-c-dev
+#            - autogen
+#
+#    - os: linux
+#      compiler: clang
+#      dist: bionic
+#      arch: s390x
+#      addons:
+#        apt:
+#          packages:
+#            - libpcap-dev
+#            - libjson-c-dev
+#            - autogen
+
     - os: linux
       compiler: gcc-8
       addons:
@@ -30,9 +84,11 @@ matrix:
           packages:
             - g++-8
             - libpcap-dev
+            - libgcrypt20-dev
+            - libjson-c-dev
             - autogen
       env:
-        - MATRIX_EVAL="CC=gcc-8 && CXX=g++-8"
+        - MATRIX_EVAL="CC=gcc-8"
 
     - os: linux
       compiler: gcc-9
@@ -43,9 +99,11 @@ matrix:
           packages:
             - g++-9
             - libpcap-dev
+            - libgcrypt20-dev
+            - libjson-c-dev
             - autogen
       env:
-        - MATRIX_EVAL="CC=gcc-9 && CXX=g++-9"
+        - MATRIX_EVAL="CC=gcc-9"
 
     - os: linux
       compiler: clang-8
@@ -57,9 +115,11 @@ matrix:
           packages:
             - clang-8
             - libpcap-dev
+            - libgcrypt20-dev
+            - libjson-c-dev
             - autogen
       env:
-        - MATRIX_EVAL="CC=clang-8 && CXX=clang++-8"
+        - MATRIX_EVAL="CC=clang-8"
 
     - os: linux
       compiler: clang-7
@@ -71,26 +131,73 @@ matrix:
           packages:
             - clang-7
             - libpcap-dev
+            - libgcrypt20-dev
+            - libjson-c-dev
             - autogen
       env:
-        - MATRIX_EVAL="CC=clang-7 && CXX=clang++-7"
+        - MATRIX_EVAL="CC=clang-7"
 
+    - name: fuzza
+      env: CXXFLAGS="-g3 -O0 -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize=fuzzer-no-link" CFLAGS="-g3 -O0 -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize=fuzzer-no-link" LDFLAGS="-g3 -O0 -fsanitize=address" QA_FUZZ=asan CC=clang-7 && CXX=clang++-7 ASAN_SYMBOLIZER_PATH=/usr/local/clang-7.0.0/bin/llvm-symbolizer
+      os: linux
+      compiler: clang-7
+      addons:
+        apt:
+          sources:
+            - ubuntu-toolchain-r-test
+            - llvm-toolchain-trusty-7
+          packages:
+            - clang-7
+            - libpcap-dev
+            - libgcrypt20-dev
+            - libjson-c-dev
+            - autogen
+    - name: fuzzm
+      env: CXXFLAGS="-g3 -O0 -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=memory -fsanitize=fuzzer-no-link" CFLAGS="-g3 -O0 -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=memory -fsanitize=fuzzer-no-link" LDFLAGS="-g3 -O0 -fsanitize=memory" QA_FUZZ=msan CC=clang && CXX=clang++
+      os: linux
+      compiler: clang
+      dist: bionic
+      addons:
+        apt:
+          packages:
+            - libpcap-dev
+            - libgcrypt20-dev
+            - libjson-c-dev
+            - autogen
+    - name: fuzzu
+      env: CXXFLAGS="-g3 -Og -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=undefined -fsanitize=fuzzer-no-link -fno-sanitize=alignment" CFLAGS="-g3 -Og -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=undefined -fno-sanitize-recover=undefined,integer -fsanitize=fuzzer-no-link -fno-sanitize=alignment" LDFLAGS="-g3 -Og -fsanitize=undefined -fno-sanitize=alignment" QA_FUZZ=ubsan CC=clang-7 && CXX=clang++-7
+      os: linux
+      compiler: clang-7
+      addons:
+        apt:
+          sources:
+            - ubuntu-toolchain-r-test
+            - llvm-toolchain-trusty-7
+          packages:
+            - clang-7
+            - libpcap-dev
+            - libgcrypt20-dev
+            - libjson-c-dev
+            - autogen
 
 
-  before_install:
+before_install:
   - eval "${MATRIX_EVAL}"
 
 before_script:
   - ./autogen.sh
 #  - lcov --directory . --zerocounters
 
 script:
-  - ./configure
+  - if [ -n "$QA_FUZZ" ]; then ./configure --enable-fuzztargets ; else ./configure ; fi
   - make
+  - make -C example ndpiSimpleIntegration
+  - make dist
 
 #after_script:
   - cd tests
   - ./do.sh
+  - ./do-unit.sh
 
 #after_success:
 #- cd ${TRAVIS_BUILD_DIR}