Limit the size of base64 serialized raw packet data (8192 bytes per packet).

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2025-11-01 02:37:48 +00:00 · 2022-11-24 12:09:24 +01:00
parent ced5f5d4b4
commit d21a38cf02
4 changed files with 36 additions and 45 deletions
--- a/config.h
+++ b/config.h
@@ -36,6 +36,7 @@
 #define nDPId_UDP_IDLE_TIME TIME_S_TO_US(180u)               /* 180 sec */
 #define nDPId_TCP_POST_END_FLOW_TIME TIME_S_TO_US(120u)      /* 120 sec */
 #define nDPId_THREAD_DISTRIBUTION_SEED 0x03dd018b
+#define nDPId_PACKETS_PLEN_MAX (1024u * 8u)                  /* 8kB */
 #define nDPId_PACKETS_PER_FLOW_TO_SEND 15u
 #define nDPId_PACKETS_PER_FLOW_TO_PROCESS NDPI_DEFAULT_MAX_NUM_PKTS_PER_FLOW_TO_DISSECT
 #define nDPId_PACKETS_PER_FLOW_TO_ANALYZE 32u
--- a/nDPId.c
+++ b/nDPId.c
@@ -62,6 +62,10 @@
 #error "Invalid value for nDPId_FLOW_SCAN_INTERVAL"
 #endif

+#if (nDPId_PACKETS_PLEN_MAX * 3) /* base64 encoded! */ > NETWORK_BUFFER_MAX_SIZE
+#error "Invalid value for nDPId_PACKETS_PLEN_MAX"
+#endif
+
 /* MIPS* does not support Compare and Swap. Use traditional locking as fallback. */
 #if !defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4) || !defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
 #define MT_VALUE(name, type)                                                                                           \
@@ -2402,7 +2406,7 @@ static void base64encode(uint8_t const * const data_buf,
         * if we have one byte available, then its encoding is spread
         * out over two characters
         */
-        if (resultIndex + 1 >= *resultSize - padCount - 1)
+        if (resultIndex + 2 >= *resultSize - padCount - 1)
        {
            break;
        }
@@ -2415,7 +2419,7 @@ static void base64encode(uint8_t const * const data_buf,
         */
        if ((x + 1) < dataLength)
        {
-            if (resultIndex >= *resultSize - padCount - 1)
+            if (resultIndex + 1 >= *resultSize - padCount - 1)
            {
                break;
            }
@@ -2428,7 +2432,7 @@ static void base64encode(uint8_t const * const data_buf,
         */
        if ((x + 2) < dataLength)
        {
-            if (resultIndex >= *resultSize - padCount - 1)
+            if (resultIndex + 1 >= *resultSize - padCount - 1)
            {
                break;
            }
@@ -2599,11 +2603,7 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa
    ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "pkt_l4_len", pkt_l4_len);
    ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "thread_ts_usec", workflow->last_thread_time);

-    size_t const serializer_buffer_len = ndpi_serializer_get_buffer_len(&workflow->ndpi_serializer);
-    size_t const required_len = NETWORK_BUFFER_MAX_SIZE - nDPIsrvd_STRLEN_SZ("pkt") - sizeof(':') - sizeof('"') * 4;
-    if (serializer_buffer_len < required_len)
-    {
-        char base64_data[required_len - serializer_buffer_len];
+    char base64_data[nDPId_PACKETS_PLEN_MAX];
    size_t base64_data_len = sizeof(base64_data);
    base64encode(packet, header->caplen, base64_data, &base64_data_len);

@@ -2624,17 +2624,6 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa
               reader_thread->workflow->packets_captured,
               reader_thread->array_index);
    }
-    }
-    else
-    {
-        logger(1,
-               "[%8llu, %zu] Could not append base64 encoded raw packet data to the serializer (%zu bytes occupied), "
-               "because the network buffer (%zu bytes) is too small. Consider increasing NETWORK_BUFFER_MAX_SIZEK.",
-               reader_thread->workflow->packets_captured,
-               reader_thread->array_index,
-               serializer_buffer_len,
-               required_len);
-    }
    serialize_and_send(reader_thread);
 }

--- a/nDPIsrvd.c
+++ b/nDPIsrvd.c
@@ -1185,8 +1185,9 @@ static int handle_collector_protocol(int epollfd, struct remote_desc * const cur
    {
        logger_nDPIsrvd(current,
                        "BUG: Collector connection",
-                        "invalid JSON string: %.*s",
-                        (int)current->event_collector_un.json_bytes,
+                        "invalid JSON string: %.*s...",
+                        (int)current->event_collector_un.json_bytes > 512 ? 512
+                                                                          : (int)current->event_collector_un.json_bytes,
                        json_read_buffer->buf.ptr.text);
        disconnect_client(epollfd, current);
        return 1;
--- a/test/results/1kxun.pcap.out
+++ b/test/results/1kxun.pcap.out