diff --git a/src/blackwhitelist.c b/src/blackwhitelist.c index a334cb4..e59b59d 100644 --- a/src/blackwhitelist.c +++ b/src/blackwhitelist.c @@ -70,8 +70,10 @@ int blackwhitelist_load_list(const char *filename) { line); continue; } - if (strlen(line) < 4) + if (strlen(line) < 3) { + printf("WARNING: host %s is less than 3 bytes, skipping\n", line); continue; + } if (add_hostname(line)) cnt++; } diff --git a/src/dnsredir.c b/src/dnsredir.c index dc53988..a63e074 100644 --- a/src/dnsredir.c +++ b/src/dnsredir.c @@ -44,7 +44,7 @@ static time_t last_cleanup = 0; static udp_connrecord_t *conntrack = NULL; void flush_dns_cache() { - long long int WINAPI (*DnsFlushResolverCache)(); + INT_PTR WINAPI (*DnsFlushResolverCache)(); HMODULE dnsapi = LoadLibrary("dnsapi.dll"); if (dnsapi == NULL) diff --git a/src/fakepackets.c b/src/fakepackets.c index 0609f98..214f575 100644 --- a/src/fakepackets.c +++ b/src/fakepackets.c @@ -120,7 +120,7 @@ static int send_fake_data(const HANDLE w_filter, } // Recalculate the checksum - WinDivertHelperCalcChecksums(packet_fake, packetLen_new, &addr_new, (UINT64)NULL); + WinDivertHelperCalcChecksums(packet_fake, packetLen_new, &addr_new, 0ULL); if (set_checksum) { // ...and damage it diff --git a/src/goodbyedpi.c b/src/goodbyedpi.c index 4c766af..e699594 100644 --- a/src/goodbyedpi.c +++ b/src/goodbyedpi.c @@ -89,7 +89,7 @@ WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pA } \ else if (http_fragment_size != (unsigned int)fragment_size) { \ printf( \ - "WARNING: HTTP fragment size is already set to %d, not changing.\n", \ + "WARNING: HTTP fragment size is already set to %u, not changing.\n", \ http_fragment_size \ ); \ } \ @@ -203,7 +203,7 @@ static void finalize_filter_strings() { } static char* dumb_memmem(const char* haystack, unsigned int hlen, - const char* needle, size_t nlen) + const char* needle, unsigned int nlen) { // naive implementation if (nlen > hlen) return NULL; @@ -337,11 +337,11 @@ static int find_header_and_get_info(const char *pktdata, unsigned int pktlen, /* Search for header end (\r\n) */ data_addr_rn = dumb_memmem(*hdrvalueaddr, - pktlen - (*hdrvalueaddr - pktdata), + pktlen - (uintptr_t)(*hdrvalueaddr - pktdata), "\r\n", 2); if (data_addr_rn) { - *hdrvaluelen = data_addr_rn - *hdrvalueaddr; - if (*hdrvaluelen > 0u && *hdrvaluelen <= 512u) + *hdrvaluelen = (uintptr_t)(data_addr_rn - *hdrvalueaddr); + if (*hdrvaluelen >= 3 && *hdrvaluelen <= HOST_MAXLEN) return TRUE; } return FALSE; @@ -352,10 +352,10 @@ static int find_header_and_get_info(const char *pktdata, unsigned int pktlen, */ static int extract_sni(const char *pktdata, unsigned int pktlen, char **hostnameaddr, unsigned int *hostnamelen) { - uint32_t ptr = 0; - unsigned char *d = (unsigned char*)pktdata; - unsigned char *hnaddr = 0; - unsigned int hnlen = 0; + unsigned int ptr = 0; + unsigned const char *d = (unsigned const char *)pktdata; + unsigned const char *hnaddr = 0; + int hnlen = 0; while (ptr + 8 < pktlen) { /* Search for specific Extensions sequence */ @@ -371,12 +371,12 @@ static int extract_sni(const char *pktdata, unsigned int pktlen, } hnaddr = &d[ptr+9]; hnlen = d[ptr+8]; - /* Limit hostname size up to 254 bytes */ - if (hnlen < 2 || hnlen > 254) { + /* Limit hostname size up to 253 bytes */ + if (hnlen < 3 || hnlen > HOST_MAXLEN) { return FALSE; } /* Validate that hostname has only ascii lowercase characters */ - for (unsigned int i=0; i= '1' && hnaddr[i] <= '9') || (hnaddr[i] >= 'a' && hnaddr[i] <= 'z') || hnaddr[i] == '.')) @@ -385,7 +385,7 @@ static int extract_sni(const char *pktdata, unsigned int pktlen, } } *hostnameaddr = (char*)hnaddr; - *hostnamelen = hnlen; + *hostnamelen = (unsigned int)hnlen; return TRUE; } ptr++; @@ -833,8 +833,8 @@ int main(int argc, char *argv[]) { if (!https_fragment_size) https_fragment_size = 2; - printf("Block passive: %d\nFragment HTTP: %d\nFragment persistent HTTP: %d\n" - "Fragment HTTPS: %d\nNative fragmentation (splitting): %d\n" + printf("Block passive: %d\nFragment HTTP: %u\nFragment persistent HTTP: %u\n" + "Fragment HTTPS: %u\nNative fragmentation (splitting): %d\n" "Fragments sending in reverse: %d\n" "hoSt: %d\nHost no space: %d\nAdditional space: %d\n" "Mix Host: %d\nHTTP AllPorts: %d\nHTTP Persistent Nowait: %d\n" @@ -980,7 +980,7 @@ int main(int argc, char *argv[]) { : 1) { #ifdef DEBUG - unsigned char lsni[256] = {0}; + char lsni[HOST_MAXLEN + 1] = {0}; extract_sni(packet_data, packet_dataLen, &host_addr, &host_len); memcpy(&lsni, host_addr, host_len); @@ -1021,7 +1021,7 @@ int main(int argc, char *argv[]) { host_addr = hdr_value_addr; host_len = hdr_value_len; #ifdef DEBUG - unsigned char lhost[256] = {0}; + char lhost[HOST_MAXLEN + 1] = {0}; memcpy(&lhost, host_addr, host_len); printf("Blocked HTTP website Host: %s\n", lhost); #endif @@ -1092,7 +1092,7 @@ int main(int argc, char *argv[]) { (size_t)(useragent_addr + useragent_len - host_addr)); host_addr -= 1; /* Put space in the end of User-Agent header */ - *(char*)((uint8_t*)useragent_addr + useragent_len - 1) = ' '; + *(char*)((unsigned char*)useragent_addr + useragent_len - 1) = ' '; should_recalc_checksum = 1; //printf("Replaced Host header!\n"); } @@ -1106,7 +1106,7 @@ int main(int argc, char *argv[]) { useragent_addr + useragent_len, (size_t)(host_addr - 1 - (useragent_addr + useragent_len))); /* Put space in the end of User-Agent header */ - *(char*)((uint8_t*)useragent_addr + useragent_len) = ' '; + *(char*)((unsigned char*)useragent_addr + useragent_len) = ' '; should_recalc_checksum = 1; //printf("Replaced Host header!\n"); } @@ -1255,7 +1255,7 @@ int main(int argc, char *argv[]) { if (should_reinject) { //printf("Re-injecting!\n"); if (should_recalc_checksum) { - WinDivertHelperCalcChecksums(packet, packetLen, &addr, (UINT64)NULL); + WinDivertHelperCalcChecksums(packet, packetLen, &addr, (UINT64)0LL); } WinDivertSend(w_filter, packet, packetLen, &addr, NULL); }