"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/file-process/file_resume_block.c" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

file_resume_block.c  (snort-2.9.16.1):file_resume_block.c  (snort-2.9.17)
skipping to change at line 159 skipping to change at line 159
int ConsumeSSFileCache(const uint8_t *buf, uint32_t len) int ConsumeSSFileCache(const uint8_t *buf, uint32_t len)
{ {
FileHashKey *hk; FileHashKey *hk;
FileNode *hv; FileNode *hv;
SFXHASH_NODE *hash_node; SFXHASH_NODE *hash_node;
FileNode *node; FileNode *node;
if( !buf ) if( !buf )
{ {
FILE_ERROR("Side channel: No buffer"); LogMessage("Side channel: No buffer\n");
return -1; return -1;
} }
if( len < sizeof(*hk) + sizeof(*hv) ) if( len < sizeof(*hk) + sizeof(*hv) )
{ {
FILE_ERROR("Side channel: length too small"); LogMessage("Side channel: length too small\n");
return -1; return -1;
} }
hk = (FileHashKey *)buf; hk = (FileHashKey *)buf;
hv = (FileNode *)(buf + sizeof(*hk)); hv = (FileNode *)(buf + sizeof(*hk));
pthread_mutex_lock(&file_cache_mutex); pthread_mutex_lock(&file_cache_mutex);
hash_node = sfxhash_find_node(fileHash, hk); hash_node = sfxhash_find_node(fileHash, hk);
if (hash_node) if (hash_node)
{ {
if (!(node = hash_node->data)) if (!(node = hash_node->data))
skipping to change at line 195 skipping to change at line 195
node->expires = hv->expires ;/* 20 minuts timeout*/ node->expires = hv->expires ;/* 20 minuts timeout*/
updateFileNode(node, hv->verdict, hv->file_type_id, hv->sha256); updateFileNode(node, hv->verdict, hv->file_type_id, hv->sha256);
} }
else if (sfxhash_add(fileHash, hk, hv) != SFXHASH_OK) else if (sfxhash_add(fileHash, hk, hv) != SFXHASH_OK)
{ {
/* Uh, shouldn't get here... /* Uh, shouldn't get here...
* There is already a node or couldn't alloc space * There is already a node or couldn't alloc space
* for key. This means bigger problems, but fail * for key. This means bigger problems, but fail
* gracefully. * gracefully.
*/ */
FILE_ERROR("Side channel: Failed to add file node to hash table"); LogMessage("Failed to add file node to hash table\n");
pthread_mutex_unlock(&file_cache_mutex); pthread_mutex_unlock(&file_cache_mutex);
return -1; return -1;
} }
pthread_mutex_unlock(&file_cache_mutex); pthread_mutex_unlock(&file_cache_mutex);
LogMessage("consume verdict =%d file id =%d \n",hv->verdict,hv->file_type_id );
#ifdef REG_TEST #ifdef REG_TEST
LogMessage("consume verdict =%d file id =%d \n",hv->verdict,hv->file_type_id); file_sha256_print(hv->sha256);
file_sha256_print(hv->sha256); #endif /* REG_TEST */
#endif
FILE_DEBUG("Side channel: Consume verdict: %d file id: %d",hv->verdict,hv->fi
le_type_id);
return 0; return 0;
} }
#endif #endif
/** * /** *
* @param sip - source IP address * @param sip - source IP address
* @param dip - destination IP address * @param dip - destination IP address
* @param sport - server sport number * @param sport - server sport number
* @param file_sig - file signature * @param file_sig - file signature
skipping to change at line 365 skipping to change at line 364
* There is already a node or couldn't alloc space * There is already a node or couldn't alloc space
* for key. This means bigger problems, but fail * for key. This means bigger problems, but fail
* gracefully. * gracefully.
*/ */
FILE_ERROR("Resume block: Failed to add file node to hash table"); FILE_ERROR("Resume block: Failed to add file node to hash table");
pthread_mutex_unlock(&file_cache_mutex); pthread_mutex_unlock(&file_cache_mutex);
return -1; return -1;
} }
pthread_mutex_unlock(&file_cache_mutex); pthread_mutex_unlock(&file_cache_mutex);
} }
FILE_DEBUG("Resume block: Added file node with verdict: %d, file signature: if (signature)
%d, hash:" {
"%02X%02X %02X%02X %02X%02X %02X%02X" FILE_DEBUG("Resume block: Added file node with verdict: %d, file signatu
"%02X%02X %02X%02X %02X%02X %02X%02X " re: %d, hash:"
"%02X%02X %02X%02X %02X%02X %02X%02X " "%02X%02X %02X%02X %02X%02X %02X%02X"
"%02X%02X %02X%02X %02X%02X %02X%02X", "%02X%02X %02X%02X %02X%02X %02X%02X "
verdict, file_sig, "%02X%02X %02X%02X %02X%02X %02X%02X "
signature[0], signature[1], signature[2], signature[3], "%02X%02X %02X%02X %02X%02X %02X%02X",
signature[4], signature[5], signature[6], signature[7], verdict, file_sig,
signature[8], signature[9], signature[10], signature[11], signature[0], signature[1], signature[2], signature[3],
signature[12], signature[13], signature[14], signature[15], signature[4], signature[5], signature[6], signature[7],
signature[16], signature[17], signature[18], signature[19], signature[8], signature[9], signature[10], signature[11],
signature[20], signature[21], signature[22], signature[23], signature[12], signature[13], signature[14], signature[15],
signature[24], signature[25], signature[26], signature[27], signature[16], signature[17], signature[18], signature[19],
signature[28], signature[29], signature[30], signature[31]); signature[20], signature[21], signature[22], signature[23],
signature[24], signature[25], signature[26], signature[27],
signature[28], signature[29], signature[30], signature[31]);
}
else
{
FILE_DEBUG("Resume block: Added file node with verdict: %d, file signatu
re: %d",
verdict, file_sig);
}
return 0; return 0;
} }
static inline File_Verdict checkVerdict(Packet *p, FileNode *node, SFXHASH_NODE *hash_node) static inline File_Verdict checkVerdict(Packet *p, FileNode *node, SFXHASH_NODE *hash_node)
{ {
File_Verdict verdict = FILE_VERDICT_UNKNOWN; File_Verdict verdict = FILE_VERDICT_UNKNOWN;
FileContext *context = NULL; FileContext *context = NULL;
bool partialFile = false; bool partialFile = false;
/*Query the file policy in case verdict has been changed*/ /*Query the file policy in case verdict has been changed*/
 End of changes. 6 change blocks. 
23 lines changed or deleted 30 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)