TSG-8261,TSG-8291: 部分QUIC RFC9000未解析出SNI/User-Agent字段

2021-11-05 20:57:48 +03:00
parent eecd661b91
commit da000d2b4b
4 changed files with 97 additions and 2 deletions
--- a/src/gquic_process.cpp
+++ b/src/gquic_process.cpp
@@ -1318,7 +1318,7 @@ static int get_decrypt_payload(unsigned char * payload, int payload_len, unsigne
 			length=get_value(payload, used_len, 1);	// length=8bit
 		}

-		if((*join_payload_len)<join_length+length)
+		if((*join_payload_len)<join_length+length || offset<0 || offset>payload_len)
 		{
 			break;
 		}
@@ -1448,7 +1448,7 @@ int quic_process(struct streaminfo *pstream, struct _quic_context* _context, int
 				{
 					_context->is_decrypt=1;
 					ret=dissect_quic((char *)udp_detail->pdata, udp_detail->datalen, decrypt_payload, &decrypt_payload_len);
-					if(ret!=1)
+					if(ret!=1 || decrypt_payload_len>2048 || decrypt_payload_len<0)
 					{
 						return APP_STATE_GIVEME;
 					}
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -57,3 +57,4 @@ add_test(NAME IQUIC_PORT_8443_TEST COMMAND proto_test_main ${CMAKE_CURRENT_SOURC
 add_test(NAME QUIC_RFC9000 COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/rfc9000/${lib_name}_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/rfc9000/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR})
 add_test(NAME QUIC_RFC9000_FRAGMENT COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/rfc9000-fragment/${lib_name}_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/rfc9000-fragment/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR})
 add_test(NAME QUIC_RFC9000_SPECIAL COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/rfc9000-special/${lib_name}_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/rfc9000-special/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR})
+add_test(NAME QUIC_AIRPORT COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/airport/${lib_name}_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/airport -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR})
--- a/test/pcap/airport/Old-Airport-quic.pcap
+++ b/test/pcap/airport/Old-Airport-quic.pcap
--- a/test/pcap/airport/quic_result.json
+++ b/test/pcap/airport/quic_result.json
@@ -0,0 +1,94 @@
+[{
+		"Tuple4":	"10.56.160.76.47427>213.55.110.12.443",
+		"VERSION":	"Google QUIC 43",
+		"SNI":	"r1---sn-xuj-5qqz.googlevideo.com",
+		"UA":	"com.google.android.youtube Cronet/96.0.4655.4",
+		"name":	"QUIC_RESULT_1"
+	}, {
+		"Tuple4":	"10.56.160.76.38866>197.156.74.141.443",
+		"VERSION":	"Google QUIC 43",
+		"SNI":	"r2---sn-xuj-5qqs.googlevideo.com",
+		"UA":	"com.google.android.youtube Cronet/96.0.4655.4",
+		"name":	"QUIC_RESULT_2"
+	}, {
+		"Tuple4":	"10.56.160.76.44417>216.58.209.132.443",
+		"VERSION":	"IETF QUIC RFC9000",
+		"SNI":	"www.google.com",
+		"UA":	"com.google.android.googlequicksearchbox Cronet/96.0.4664.17",
+		"name":	"QUIC_RESULT_3"
+	}, {
+		"Tuple4":	"10.56.160.76.39996>142.250.185.33.443",
+		"VERSION":	"IETF QUIC RFC9000",
+		"SNI":	"yt3.ggpht.com",
+		"UA":	"com.google.android.youtube Cronet/96.0.4655.4",
+		"name":	"QUIC_RESULT_4"
+	}, {
+		"Tuple4":	"10.56.160.76.48527>216.58.209.130.443",
+		"VERSION":	"IETF QUIC RFC9000",
+		"SNI":	"www.googleadservices.com",
+		"UA":	"com.google.android.youtube Cronet/96.0.4655.4",
+		"name":	"QUIC_RESULT_5"
+	}, {
+		"Tuple4":	"10.56.160.76.43569>197.156.74.146.443",
+		"VERSION":	"Google QUIC 43",
+		"SNI":	"r7---sn-xuj-5qqs.googlevideo.com",
+		"UA":	"com.google.android.youtube Cronet/96.0.4655.4",
+		"name":	"QUIC_RESULT_6"
+	}, {
+		"Tuple4":	"10.56.160.76.52114>197.156.74.147.443",
+		"VERSION":	"Google QUIC 43",
+		"SNI":	"r8---sn-xuj-5qqs.googlevideo.com",
+		"UA":	"com.google.android.youtube Cronet/96.0.4655.4",
+		"name":	"QUIC_RESULT_7"
+	}, {
+		"Tuple4":	"10.56.160.76.59023>213.55.110.13.443",
+		"VERSION":	"Google QUIC 43",
+		"SNI":	"r2---sn-xuj-5qqz.googlevideo.com",
+		"UA":	"com.google.android.youtube Cronet/96.0.4655.4",
+		"name":	"QUIC_RESULT_8"
+	}, {
+		"Tuple4":	"10.56.160.76.46224>197.156.74.140.443",
+		"VERSION":	"Google QUIC 43",
+		"SNI":	"r1---sn-xuj-5qqs.googlevideo.com",
+		"UA":	"com.google.android.youtube Cronet/96.0.4655.4",
+		"name":	"QUIC_RESULT_9"
+	}, {
+		"Tuple4":	"10.56.160.76.54334>197.156.74.145.443",
+		"VERSION":	"Google QUIC 43",
+		"SNI":	"r6---sn-xuj-5qqs.googlevideo.com",
+		"UA":	"com.google.android.youtube Cronet/96.0.4655.4",
+		"name":	"QUIC_RESULT_10"
+	}, {
+		"Tuple4":	"10.56.160.76.41069>142.250.180.42.443",
+		"VERSION":	"IETF QUIC RFC9000",
+		"SNI":	"youtubei.googleapis.com",
+		"UA":	"com.google.android.youtube Cronet/96.0.4655.4",
+		"name":	"QUIC_RESULT_11"
+	}, {
+		"Tuple4":	"10.56.160.76.48756>213.55.110.14.443",
+		"VERSION":	"Google QUIC 43",
+		"SNI":	"r3---sn-xuj-5qqz.googlevideo.com",
+		"UA":	"com.google.android.youtube Cronet/96.0.4655.4",
+		"name":	"QUIC_RESULT_12"
+	}, {
+		"Tuple4":	"10.56.160.76.51113>142.250.180.54.443",
+		"VERSION":	"IETF QUIC RFC9000",
+		"SNI":	"i.ytimg.com",
+		"UA":	"com.google.android.youtube Cronet/96.0.4655.4",
+		"name":	"QUIC_RESULT_13"
+	}, {
+		"Tuple4":	"10.56.160.76.46131>196.188.31.18.443",
+		"VERSION":	"Facebook mvfst 02",
+		"SNI":	"video.fadd1-1.fna.fbcdn.net",
+		"name":	"QUIC_RESULT_14"
+	}, {
+		"Tuple4":	"10.56.160.76.40267>102.132.96.18.443",
+		"VERSION":	"Facebook mvfst 02",
+		"SNI":	"graph.facebook.com",
+		"name":	"QUIC_RESULT_15"
+	}, {
+		"Tuple4":	"10.56.160.76.46761>196.188.31.17.443",
+		"VERSION":	"Facebook mvfst 02",
+		"SNI":	"scontent.fadd1-1.fna.fbcdn.net",
+		"name":	"QUIC_RESULT_16"
+}]