"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/preprocessors/HttpInspect/client/hi_client.c" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

hi_client.c  (snort-2.9.16.1):hi_client.c  (snort-2.9.17)
skipping to change at line 87 skipping to change at line 87
#define HEADER_NAME__COOKIE "Cookie" #define HEADER_NAME__COOKIE "Cookie"
#define HEADER_LENGTH__COOKIE 6 #define HEADER_LENGTH__COOKIE 6
#define HEADER_NAME__CONTENT_LENGTH "Content-length" #define HEADER_NAME__CONTENT_LENGTH "Content-length"
#define HEADER_LENGTH__CONTENT_LENGTH 14 #define HEADER_LENGTH__CONTENT_LENGTH 14
#define HEADER_NAME__XFF HTTP_XFF_FIELD_X_FORWARDED_FOR #define HEADER_NAME__XFF HTTP_XFF_FIELD_X_FORWARDED_FOR
#define HEADER_LENGTH__XFF (sizeof(HEADER_NAME__XFF)-1) #define HEADER_LENGTH__XFF (sizeof(HEADER_NAME__XFF)-1)
#define HEADER_NAME__TRUE_IP HTTP_XFF_FIELD_TRUE_CLIENT_IP #define HEADER_NAME__TRUE_IP HTTP_XFF_FIELD_TRUE_CLIENT_IP
#define HEADER_LENGTH__TRUE_IP (sizeof(HEADER_NAME__TRUE_IP)-1) #define HEADER_LENGTH__TRUE_IP (sizeof(HEADER_NAME__TRUE_IP)-1)
#define HEADER_NAME__HOSTNAME "Host" #define HEADER_NAME__HOSTNAME "Host"
#define HEADER_LENGTH__HOSTNAME 4 #define HEADER_LENGTH__HOSTNAME 4
#define HEADER_NAME__RANGE "Range"
#define HEADER_LENGTH__RANGE 5
#define HEADER_NAME__TRANSFER_ENCODING "Transfer-encoding" #define HEADER_NAME__TRANSFER_ENCODING "Transfer-encoding"
#define HEADER_LENGTH__TRANSFER_ENCODING 17 #define HEADER_LENGTH__TRANSFER_ENCODING 17
#define HEADER_NAME__CONTENT_TYPE "Content-Type" #define HEADER_NAME__CONTENT_TYPE "Content-Type"
#define HEADER_LENGTH__CONTENT_TYPE 12 #define HEADER_LENGTH__CONTENT_TYPE 12
#define HEADER_NAME__CONTENT_DISP "Content-Disposition" #define HEADER_NAME__CONTENT_DISP "Content-Disposition"
#define HEADER_LENGTH__CONTENT_DISP 19 #define HEADER_LENGTH__CONTENT_DISP 19
#if defined(FEAT_OPEN_APPID) #if defined(FEAT_OPEN_APPID)
#define HEADER_NAME__USER_AGENT "User-Agent" #define HEADER_NAME__USER_AGENT "User-Agent"
#define HEADER_LENGTH__USER_AGENT sizeof(HEADER_NAME__USER_AGENT)-1 #define HEADER_LENGTH__USER_AGENT sizeof(HEADER_NAME__USER_AGENT)-1
#define HEADER_NAME__REFERER "Referer" #define HEADER_NAME__REFERER "Referer"
skipping to change at line 1818 skipping to change at line 1820
const u_char *extract_http_cookie(const u_char *p, const u_char *end, HEADER_PTR *header_ptr, const u_char *extract_http_cookie(const u_char *p, const u_char *end, HEADER_PTR *header_ptr,
HEADER_FIELD_PTR *header_field_ptr) HEADER_FIELD_PTR *header_field_ptr)
{ {
const u_char *crlf; const u_char *crlf;
const u_char *start; const u_char *start;
if (header_ptr->cookie.cookie) if (header_ptr->cookie.cookie)
{ {
/* unusal, multiple cookies... alloc new cookie pointer */ /* unusal, multiple cookies... alloc new cookie pointer */
COOKIE_PTR *extra_cookie = calloc(1, sizeof(COOKIE_PTR)); COOKIE_PTR *extra_cookie = calloc(1, sizeof(COOKIE_PTR));
hi_stats.mem_used += sizeof(COOKIE_PTR);
if (!extra_cookie) if (!extra_cookie)
{ {
/* Failure to allocate, stop where we are... */ /* Failure to allocate, stop where we are... */
header_ptr->header.uri_end = p; header_ptr->header.uri_end = p;
return p; return p;
} }
header_field_ptr->cookie->next = extra_cookie; header_field_ptr->cookie->next = extra_cookie;
header_field_ptr->cookie = extra_cookie; header_field_ptr->cookie = extra_cookie;
/* extra_cookie->next = NULL; */ /* removed, since calloc NULLs this. */ /* extra_cookie->next = NULL; */ /* removed, since calloc NULLs this. */
} }
skipping to change at line 1869 skipping to change at line 1872
header_ptr->header.uri_end = header_field_ptr->cookie->cookie_end = end; header_ptr->header.uri_end = header_field_ptr->cookie->cookie_end = end;
return end; return end;
} }
} }
return p; return p;
} }
Transaction* createNode_tList(sfaddr_t *tmp, uint8_t req_id) Transaction* createNode_tList(sfaddr_t *tmp, uint8_t req_id)
{ {
Transaction *tList_node = (Transaction*)SnortAlloc(sizeof(Transaction)); Transaction *tList_node = (Transaction*)SnortAlloc(sizeof(Transaction));
hi_stats.mem_used += sizeof(Transaction);
tList_node->true_ip = tmp; tList_node->true_ip = tmp;
tList_node->tID = req_id; tList_node->tID = req_id;
tList_node->next = NULL; tList_node->next = NULL;
return tList_node; return tList_node;
} }
void insertNode_tList(HttpSessionData* hsd, sfaddr_t *tmp) void insertNode_tList(HttpSessionData* hsd, sfaddr_t *tmp)
{ {
Transaction *tList_node = createNode_tList(tmp,hsd->http_req_id); Transaction *tList_node = createNode_tList(tmp,hsd->http_req_id);
if( hsd->tList_start == NULL && hsd->tList_end == NULL ) if( hsd->tList_start == NULL && hsd->tList_end == NULL )
skipping to change at line 2210 skipping to change at line 2214
} }
else else
{ {
header_ptr->header.uri_end = end; header_ptr->header.uri_end = end;
return end; return end;
} }
return p; return p;
} }
/* extract_http_range will extract "0-" and flag it as full
* content, when the unit is bytes. Otherwise flag error or
* partial content accordingly. Syntax as follows,
* Range: <units>=<ranges separated with ,>
*/
static const u_char *extract_http_range(HI_SESSION *Session,
const u_char *p, const u_char *start, const u_char *end,
HEADER_PTR *header_ptr)
{
u_char *crlf = NULL;
const u_char *unit_start = NULL;
const u_char *unit_end = NULL;
SkipBlankSpace(start,end,&p);
if (hi_util_in_bounds(start, end, p) && *p == ':')
{
p++;
CheckSkipAlertMultipleColon(Session, start, end, &p, HI_SI_CLIENT_MODE);
while (hi_util_in_bounds(start, end, p) && ( *p == ' ' || *p == '\t' ||
*p == '\n'))
{
p++;
}
if (hi_util_in_bounds(start, end, p))
{
/* extract units and look for '=' token */
unit_start = p;
while (hi_util_in_bounds(start, end, p) && ( *p != '='))
{
p++;
}
if (*p != '=')
{
if (hi_eo_generate_event(Session, HI_EO_CLIENT_INVALID_RANGE_UNI
T_FMT))
{
hi_eo_client_event_log(Session, HI_EO_CLIENT_INVALID_RANGE_U
NIT_FMT, NULL, NULL);
}
header_ptr->range_flag = RANGE_WITH_REQ_ERROR;
return end;
}
unit_end = (p - 1);
p++;
SkipBlankSpace(start,end,&p);
while (hi_util_in_bounds(start, end, p) && ( *p == ','))
{
p++;
}
SkipBlankSpace(start,end,&p);
if (hi_util_in_bounds(start, end, p))
{
/* Look for "0-" and unit as bytes, then set it as full content
*/
if (*p == '0')
{
p++;
if (hi_util_in_bounds(start, end, p))
{
if (*p == '-')
{
p++;
if (hi_util_in_bounds(start, end, p) && ( *p == '\r'
|| *p == '\n'))
{
if (((unit_end - unit_start) >= 5) &&
(!strncasecmp((const char *)unit_start, RANG
E_UNIT_BYTE, 5)))
{
header_ptr->range_flag = HTTP_RANGE_WITH_FUL
L_CONTENT_REQ;
}
else
{
header_ptr->range_flag = RANGE_WITH_PARTIAL_
CONTENT_REQ;
}
crlf = (u_char *)SnortStrnStr((const char *)p, e
nd - p, "\n");
if (crlf)
{
p = crlf;
return p;
}
else
{
header_ptr->header.uri_end = end;
return end;
}
}
}
}
}
crlf = (u_char *)SnortStrnStr((const char *)p, end - p, "\n");
if (crlf)
{
p = crlf;
header_ptr->range_flag = RANGE_WITH_PARTIAL_CONTENT_REQ;
return p;
}
else
{
header_ptr->header.uri_end = end;
header_ptr->range_flag = RANGE_WITH_REQ_ERROR;
return end;
}
}
}
}
header_ptr->range_flag = RANGE_WITH_REQ_ERROR;
crlf = (u_char *)SnortStrnStr((const char *)p, end - p, "\n");
if (crlf)
{
p = crlf;
return p;
}
else
{
header_ptr->header.uri_end = end;
return end;
}
}
const u_char *extract_http_content_length(HI_SESSION *Session, const u_char *extract_http_content_length(HI_SESSION *Session,
HTTPINSPECT_CONF *ServerConf, const u_char *p, const u_char *start, HTTPINSPECT_CONF *ServerConf, const u_char *p, const u_char *start,
const u_char *end, HEADER_PTR *header_ptr, HEADER_FIELD_PTR *header_fiel d_ptr, int iInspectMode) const u_char *end, HEADER_PTR *header_ptr, HEADER_FIELD_PTR *header_fiel d_ptr, int iInspectMode)
{ {
int num_spaces = 0; int num_spaces = 0;
const u_char *crlf; const u_char *crlf;
int space_present = 0; int space_present = 0;
if (header_ptr->content_len.cont_len_start) if (header_ptr->content_len.cont_len_start)
{ {
if(iInspectMode == HI_SI_SERVER_MODE) if(iInspectMode == HI_SI_SERVER_MODE)
skipping to change at line 2592 skipping to change at line 2718
else if(((p - offset) == 0) && ((*p == 'R') || (*p == 'r'))) else if(((p - offset) == 0) && ((*p == 'R') || (*p == 'r')))
{ {
if ((ServerConf->appid_enabled)) if ((ServerConf->appid_enabled))
{ {
if(IsHeaderFieldName(p, end, HEADER_NAME__REFERER, HEADER_LENGTH__RE FERER)) if(IsHeaderFieldName(p, end, HEADER_NAME__REFERER, HEADER_LENGTH__RE FERER))
{ {
p = p + HEADER_LENGTH__REFERER; p = p + HEADER_LENGTH__REFERER;
p = extract_http_client_header(Session, p, start, end, hdrs_args ->hdr_ptr, &hdrs_args->hdr_ptr->referer); p = extract_http_client_header(Session, p, start, end, hdrs_args ->hdr_ptr, &hdrs_args->hdr_ptr->referer);
} }
} }
if (IsHeaderFieldName(p, end, HEADER_NAME__RANGE, HEADER_LENGTH__RANGE))
{
p = p + HEADER_LENGTH__RANGE;
p = extract_http_range(Session, p, start, end, hdrs_args->hdr_ptr);
}
} }
else if(((p - offset) == 0) && ((*p == 'V') || (*p == 'v'))) else if(((p - offset) == 0) && ((*p == 'V') || (*p == 'v')))
{ {
if ((ServerConf->appid_enabled)) if ((ServerConf->appid_enabled))
{ {
if(IsHeaderFieldName(p, end, HEADER_NAME__VIA, HEADER_LENGTH__VIA)) if(IsHeaderFieldName(p, end, HEADER_NAME__VIA, HEADER_LENGTH__VIA))
{ {
p = p + HEADER_LENGTH__VIA; p = p + HEADER_LENGTH__VIA;
p = extract_http_client_header(Session, p, start, end, hdrs_args ->hdr_ptr, &hdrs_args->hdr_ptr->via); p = extract_http_client_header(Session, p, start, end, hdrs_args ->hdr_ptr, &hdrs_args->hdr_ptr->via);
} }
} }
} }
#else
else if (((p - offset) == 0) && ((*p == 'R') || (*p == 'r')))
{
if (IsHeaderFieldName(p, end, HEADER_NAME__RANGE, HEADER_LENGTH__RANGE))
{
p = p + HEADER_LENGTH__RANGE;
p = extract_http_range(Session, p, start, end, hdrs_args->hdr_ptr);
}
}
#endif /* defined(FEAT_OPEN_APPID) */ #endif /* defined(FEAT_OPEN_APPID) */
else if(((p - offset) == 0) && ((*p == 'H') || (*p == 'h'))) else if(((p - offset) == 0) && ((*p == 'H') || (*p == 'h')))
{ {
if(IsHeaderFieldName(p, end, HEADER_NAME__HOSTNAME, HEADER_LENGTH__HOSTN AME)) if(IsHeaderFieldName(p, end, HEADER_NAME__HOSTNAME, HEADER_LENGTH__HOSTN AME))
{ {
/* Alert when there are multiple host headers in one request */ /* Alert when there are multiple host headers in one request */
if(hdrs_args->hst_name_hdr) if(hdrs_args->hst_name_hdr)
{ {
if(hi_eo_generate_event(Session, HI_EO_CLIENT_MULTIPLE_HOST_HDRS )) if(hi_eo_generate_event(Session, HI_EO_CLIENT_MULTIPLE_HOST_HDRS ))
{ {
skipping to change at line 3217 skipping to change at line 3357
#endif /* defined(FEAT_OPEN_APPID) */ #endif /* defined(FEAT_OPEN_APPID) */
{ {
Client->request.method_raw = method_ptr.uri; Client->request.method_raw = method_ptr.uri;
Client->request.method_size = method_ptr.uri_end - method_ptr.uri; Client->request.method_size = method_ptr.uri_end - method_ptr.uri;
///XXX ///XXX
///Copy out the header into its own buffer..., ///Copy out the header into its own buffer...,
/// set ptr to end of header. /// set ptr to end of header.
// //
// uri_ptr.end points to end of URI & HTTP version identifier. // uri_ptr.end points to end of URI & HTTP version identifier.
if (hi_util_in_bounds(start, end, uri_ptr.uri_end + 1)) if (hi_util_in_bounds(start, end, uri_ptr.uri_end + 1))
{
header_ptr.range_flag = HTTP_RANGE_NONE;
ptr = hi_client_extract_header(Session, ServerConf, &header_ptr, uri _ptr.uri_end+1, end, hsd, stream_ins, p->ssnptr); ptr = hi_client_extract_header(Session, ServerConf, &header_ptr, uri _ptr.uri_end+1, end, hsd, stream_ins, p->ssnptr);
if (header_ptr.range_flag != HTTP_RANGE_NONE)
{
Client->request.range_flag = header_ptr.range_flag;
}
else
{
Client->request.range_flag = HTTP_RANGE_NONE;
}
}
if (header_ptr.header.uri) if (header_ptr.header.uri)
{ {
Client->request.header_raw = header_ptr.header.uri; Client->request.header_raw = header_ptr.header.uri;
Client->request.header_raw_size = header_ptr.header.uri_end - header _ptr.header.uri; Client->request.header_raw_size = header_ptr.header.uri_end - header _ptr.header.uri;
if(!Client->request.header_raw_size) if(!Client->request.header_raw_size)
{ {
CLR_HEADER(Client); CLR_HEADER(Client);
} }
else else
 End of changes. 8 change blocks. 
0 lines changed or deleted 160 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)