diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0a5958d7ec2..fdd6f00eadc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -89,7 +89,7 @@ jobs: nBPF: [""] lto_gold_linker: [""] include: - - compiler: "gcc-7" # "Oldest" gcc easily available + - compiler: "gcc-4.9" # "Oldest" gcc easily available. To simulate RHEL7 os: ubuntu-20.04 arch: "x86_64" gcrypt: "" @@ -97,7 +97,7 @@ jobs: maxminddb: "--with-maxminddb" msan: "--with-sanitizer" nBPF: "" - - compiler: "gcc-12" # "Newest" gcc easily available + - compiler: "gcc-13" # "Newest" gcc easily available os: ubuntu-22.04 arch: "x86_64" gcrypt: "" @@ -114,9 +114,9 @@ jobs: maxminddb: "--with-maxminddb" msan: "--with-sanitizer" nBPF: "" - - compiler: "clang-14" # "Newest" clang easily available - ar: "llvm-ar-14" - ranlib: "llvm-ranlib-14" + - compiler: "clang-17" # "Newest" clang easily available + ar: "llvm-ar-17" + ranlib: "llvm-ranlib-17" os: ubuntu-22.04 arch: "x86_64" gcrypt: "" @@ -141,7 +141,7 @@ jobs: maxminddb: "--with-maxminddb" msan: "--with-sanitizer" nBPF: "nBPF" - - compiler: "clang-14" + - compiler: "clang-17" os: ubuntu-22.04 arch: "x86_64" gcrypt: "" @@ -226,9 +226,22 @@ jobs: make cd - - name: Setup Ubuntu specified compiler - if: startsWith(matrix.os, 'ubuntu') && startsWith(matrix.arch, 'x86_64') && ! startsWith(matrix.compiler, 'cc') - run: | + if: startsWith(matrix.os, 'ubuntu') && startsWith(matrix.arch, 'x86_64') && ! startsWith(matrix.compiler, 'cc') && ! startsWith(matrix.compiler, 'clang-17') + run: | + #For gcc-4.9 (on ubuntu-20.04) + echo "deb http://dk.archive.ubuntu.com/ubuntu/ xenial main" | sudo tee -a /etc/apt/sources.list + echo "deb http://dk.archive.ubuntu.com/ubuntu/ xenial universe" | sudo tee -a /etc/apt/sources.list + sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5 + #For gcc-13 (on ubuntu-22.04) + sudo add-apt-repository ppa:ubuntu-toolchain-r/ppa + sudo apt-get update sudo apt-get install ${{ matrix.compiler }} + - name: Setup Ubuntu specified (newest) compiler + if: startsWith(matrix.os, 'ubuntu') && startsWith(matrix.arch, 'x86_64') && startsWith(matrix.compiler, 'clang-17') + run: | + wget https://apt.llvm.org/llvm.sh + chmod u+x llvm.sh + sudo ./llvm.sh 17 - name: Install Windows msys2 prerequisites if: startsWith(matrix.os, 'windows') uses: msys2/setup-msys2@v2 diff --git a/configure.ac b/configure.ac index a6d6fac4952..2c80140cbb1 100644 --- a/configure.ac +++ b/configure.ac @@ -64,8 +64,14 @@ AS_IF([test "${with_sanitizer+set}" = set -o "${with_thread_sanitizer+set}" = se ]) AS_IF([test "${with_sanitizer+set}" = set],[ - NDPI_CFLAGS="${NDPI_CFLAGS} -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fsanitize=leak -fno-omit-frame-pointer" - NDPI_LDFLAGS="${NDPI_LDFLAGS} -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fsanitize=leak" + NDPI_CFLAGS="${NDPI_CFLAGS} -fsanitize=address -fsanitize=undefined -fsanitize=leak -fno-omit-frame-pointer" + NDPI_LDFLAGS="${NDPI_LDFLAGS} -fsanitize=address -fsanitize=undefined -fsanitize=leak" + #Sanitizers should work on any compilers that we support (or that we test on CI, at least) + #Exception: "-fsanitize=alignment" is not supported in gcc 4.9 + AX_CHECK_COMPILE_FLAG([-fno-sanitize=alignment], [ + NDPI_CFLAGS="${NDPI_CFLAGS} -fno-sanitize=alignment" + NDPI_LDFLAGS="${NDPI_LDFLAGS} -fno-sanitize=alignment" + ]) ]) AS_IF([test "${with_thread_sanitizer+set}" = set],[ diff --git a/example/ndpiSimpleIntegration.c b/example/ndpiSimpleIntegration.c index 7ffa3e3edc3..d727d353ebc 100644 --- a/example/ndpiSimpleIntegration.c +++ b/example/ndpiSimpleIntegration.c @@ -230,6 +230,7 @@ static void ndpi_flow_info_freer(void * const node) static void free_workflow(struct nDPI_workflow ** const workflow) { struct nDPI_workflow * const w = *workflow; + size_t i; if (w == NULL) { return; @@ -243,7 +244,7 @@ static void free_workflow(struct nDPI_workflow ** const workflow) if (w->ndpi_struct != NULL) { ndpi_exit_detection_module(w->ndpi_struct); } - for(size_t i = 0; i < w->max_active_flows; i++) { + for(i = 0; i < w->max_active_flows; i++) { ndpi_tdestroy(w->ndpi_flows_active[i], ndpi_flow_info_freer); } ndpi_free(w->ndpi_flows_active); @@ -272,6 +273,7 @@ static int setup_reader_threads(char const * const file_or_device) { char * file_or_default_device; char pcap_error_buffer[PCAP_ERRBUF_SIZE]; + int i; if (reader_thread_count > MAX_READER_THREADS) { return 1; @@ -290,7 +292,7 @@ static int setup_reader_threads(char const * const file_or_device) } } - for (int i = 0; i < reader_thread_count; ++i) { + for (i = 0; i < reader_thread_count; ++i) { reader_threads[i].workflow = init_workflow(file_or_default_device); if (reader_threads[i].workflow == NULL) { @@ -500,8 +502,10 @@ static int ndpi_workflow_node_cmp(void const * const A, void const * const B) { static void check_for_idle_flows(struct nDPI_workflow * const workflow) { + size_t idle_scan_index; + if (workflow->last_idle_scan_time + IDLE_SCAN_PERIOD < workflow->last_time) { - for (size_t idle_scan_index = 0; idle_scan_index < workflow->max_active_flows; ++idle_scan_index) { + for (idle_scan_index = 0; idle_scan_index < workflow->max_active_flows; ++idle_scan_index) { ndpi_twalk(workflow->ndpi_flows_active[idle_scan_index], ndpi_idle_scan_walker, workflow); while (workflow->cur_idle_flows > 0) { @@ -530,7 +534,7 @@ static void ndpi_process_packet(uint8_t * const args, struct nDPI_reader_thread * const reader_thread = (struct nDPI_reader_thread *)args; struct nDPI_workflow * workflow; - struct nDPI_flow_info flow = {}; + struct nDPI_flow_info flow; size_t hashed_index; void * tree_result; @@ -551,6 +555,8 @@ static void ndpi_process_packet(uint8_t * const args, uint16_t type; uint32_t thread_index = INITIAL_THREAD_HASH; // generated with `dd if=/dev/random bs=1024 count=1 |& hd' + memset(&flow, '\0', sizeof(flow)); + if (reader_thread == NULL) { return; } @@ -1028,7 +1034,9 @@ static void * processing_thread(void * const ndpi_thread_arg) static int processing_threads_error_or_eof(void) { - for (int i = 0; i < reader_thread_count; ++i) { + int i; + + for (i = 0; i < reader_thread_count; ++i) { if (__sync_fetch_and_add(&reader_threads[i].workflow->error_or_eof, 0) == 0) { return 0; } @@ -1038,6 +1046,8 @@ static int processing_threads_error_or_eof(void) static int start_reader_threads(void) { + int i; + #ifndef WIN32 sigset_t thread_signal_set, old_signal_set; @@ -1050,7 +1060,7 @@ static int start_reader_threads(void) } #endif - for (int i = 0; i < reader_thread_count; ++i) { + for (i = 0; i < reader_thread_count; ++i) { reader_threads[i].array_index = i; if (reader_threads[i].workflow == NULL) { @@ -1076,6 +1086,7 @@ static int start_reader_threads(void) static int stop_reader_threads(void) { + int i; unsigned long long int total_packets_captured = 0; unsigned long long int total_packets_processed = 0; unsigned long long int total_l4_data_len = 0; @@ -1083,13 +1094,13 @@ static int stop_reader_threads(void) unsigned long long int total_flows_idle = 0; unsigned long long int total_flows_detected = 0; - for (int i = 0; i < reader_thread_count; ++i) { + for (i = 0; i < reader_thread_count; ++i) { break_pcap_loop(&reader_threads[i]); } printf("------------------------------------ Stopping reader threads\n"); - for (int i = 0; i < reader_thread_count; ++i) { + for (i = 0; i < reader_thread_count; ++i) { if (reader_threads[i].workflow == NULL) { continue; } @@ -1114,7 +1125,7 @@ static int stop_reader_threads(void) /* total packets captured: same value for all threads as packet2thread distribution happens later */ total_packets_captured = reader_threads[0].workflow->packets_captured; - for (int i = 0; i < reader_thread_count; ++i) { + for (i = 0; i < reader_thread_count; ++i) { if (reader_threads[i].workflow == NULL) { continue; } diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 3c7fb3f2535..f066a7ec369 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1708,9 +1708,9 @@ static int ndpi_is_xss_injection(char* query) { static void ndpi_compile_rce_regex() { PCRE2_UCHAR pcreErrorStr[128]; PCRE2_SIZE pcreErrorOffset; - int pcreErrorCode; + int i, pcreErrorCode = 0; - for(int i = 0; i < N_RCE_REGEX; i++) { + for(i = 0; i < N_RCE_REGEX; i++) { comp_rx[i] = (struct pcre2_struct*)ndpi_malloc(sizeof(struct pcre2_struct)); comp_rx[i]->compiled = pcre2_compile((PCRE2_SPTR)rce_regex[i], PCRE2_ZERO_TERMINATED, 0, &pcreErrorCode, @@ -1746,9 +1746,10 @@ static int ndpi_is_rce_injection(char* query) { } pcre2_match_data *pcreMatchData; - int pcreExecRet; + int i, pcreExecRet; + unsigned long j; - for(int i = 0; i < N_RCE_REGEX; i++) { + for(i = 0; i < N_RCE_REGEX; i++) { unsigned int length = strlen(query); pcreMatchData = pcre2_match_data_create_from_pattern(comp_rx[i]->compiled, NULL); @@ -1789,16 +1790,16 @@ static int ndpi_is_rce_injection(char* query) { size_t ushlen = sizeof(ush_commands) / sizeof(ush_commands[0]); - for(unsigned long i = 0; i < ushlen; i++) { - if(strstr(query, ush_commands[i]) != NULL) { + for(j = 0; j < ushlen; j++) { + if(strstr(query, ush_commands[j]) != NULL) { return 1; } } size_t pwshlen = sizeof(pwsh_commands) / sizeof(pwsh_commands[0]); - for(unsigned long i = 0; i < pwshlen; i++) { - if(strstr(query, pwsh_commands[i]) != NULL) { + for(j = 0; j < pwshlen; j++) { + if(strstr(query, pwsh_commands[j]) != NULL) { return 1; } }