@@ -35,10 +35,14 @@
#define DEBUGP(format, args...)
#endif
-
#define PORT_POP3 110
#define PORT_FTP 21
+enum pwsniff_output_keys {
+ PWSNIFF_OUT_KEY_USER,
+ PWSNIFF_OUT_KEY_PASS,
+};
+
static uint16_t pwsniff_ports[] = {
PORT_POP3,
PORT_FTP,
@@ -93,11 +97,11 @@ static int interp_pwsniff(struct ulogd_pluginstance *pi)
return ULOGD_IRET_STOP;
DEBUGP("----> pwsniff detected, tcplen=%d, struct=%d, iphtotlen=%d, "
- "ihl=%d\n", tcplen, sizeof(struct tcphdr), ntohs(iph->tot_len),
- iph->ihl);
+ "ihl=%d\n", tcplen, sizeof(struct tcphdr), ntohs(iph->tot_len),
+ iph->ihl);
for (ptr = (unsigned char *) tcph + sizeof(struct tcphdr);
- ptr < (unsigned char *) tcph + tcplen; ptr++)
+ ptr < (unsigned char *) tcph + tcplen; ptr++)
{
if (!strncasecmp((char *)ptr, "USER ", 5)) {
begp = ptr+5;
@@ -108,7 +112,7 @@ static int interp_pwsniff(struct ulogd_pluginstance *pi)
if (!strncasecmp((char *)ptr, "PASS ", 5)) {
pw_begp = ptr+5;
pw_endp = _get_next_blank(pw_begp,
- (unsigned char *)tcph + tcplen);
+ (unsigned char *)tcph + tcplen);
if (pw_endp)
pw_len = pw_endp - pw_begp + 1;
}
@@ -116,21 +120,17 @@ static int interp_pwsniff(struct ulogd_pluginstance *pi)
if (len) {
char *ptr;
- ptr = (char *) malloc(len+1);
+ ptr = strndup((char *)begp, len);
if (!ptr)
return ULOGD_IRET_ERR;
- strncpy(ptr, (char *)begp, len);
- ptr[len] = '\0';
- okey_set_ptr(&ret[0], ptr);
+ okey_set_ptr(&ret[PWSNIFF_OUT_KEY_USER], ptr);
}
if (pw_len) {
char *ptr;
- ptr = (char *) malloc(pw_len+1);
+ ptr = strndup((char *)pw_begp, pw_len);
if (!ptr)
return ULOGD_IRET_ERR;
- strncpy(ptr, (char *)pw_begp, pw_len);
- ptr[pw_len] = '\0';
- okey_set_ptr(&ret[1], ptr);
+ okey_set_ptr(&ret[PWSNIFF_OUT_KEY_PASS], ptr);
}
return ULOGD_IRET_OK;
}
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> --- filter/ulogd_filter_PWSNIFF.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-)