FlowTupleError port invalid for specific ports

[mintos5]

Hi, I started to experiment with community ID and pycommunityid and I think that I found a bug in function in_nbo(): https://github.com/corelight/pycommunityid/blob/b4467350446dde632eef59004a6b4e49cc55a85f/communityid/algo.py#L194-L213

• The problem is with the creation of the new FlowTuple at the end of function,
• exception will occur if sport or dport is from range 11569 - 11577: communityid.error.FlowTupleError: Destination port "b'-1'" invalid

You can test it with your sample application: $ community-id tcp 10.0.0.1 10.0.0.2 10 11569

Number 11569 in hex is 0x2D31 and that is '-1' in ASCII. I think the problem is with this line in function is_port(val): https://github.com/corelight/pycommunityid/blob/b4467350446dde632eef59004a6b4e49cc55a85f/communityid/algo.py#L249

• bytes value of number 11569 is decoded as -1 and that is wrong
• I think other big port numbers can be problematic because they can be represented as ASCII characters too
  • port with number 14392 is 0x3838 in hex and 88 in ASCII

I hope somebody will check this bug and will found a solution.

[ckreibich]

Thanks for the report! I'll take a look.

[ckreibich]

@mintos5 I love this find, thank you. Are you able to try out my fix in the fix-type-confusion branch? I'm hoping it'll resolve it.