"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/preprocessors/snort_httpinspect.c" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

snort_httpinspect.c  (snort-2.9.16.1):snort_httpinspect.c  (snort-2.9.17)
skipping to change at line 4252 skipping to change at line 4252
{ {
if(p->packet_flags & PKT_PDU_TAIL) if(p->packet_flags & PKT_PDU_TAIL)
file_data_position = SNORT_FILE_END; file_data_position = SNORT_FILE_END;
else if(processed_size) else if(processed_size)
file_data_position = SNORT_FILE_MIDDLE; file_data_position = SNORT_FILE_MIDDLE;
} }
} }
return file_data_position; return file_data_position;
} }
char *convert_range_flag_to_str(uint16_t range_flag)
{
switch (range_flag)
{
case HTTP_RESP_RANGE_NONE:
return "Range None";
case RANGE_WITH_RESP_FULL_CONTENT:
return "Full Content";
case RANGE_WITH_RESP_PARTIAL_CONTENT:
return "Partial Content";
case RANGE_WITH_RESP_ERROR:
return "Error in Range Field";
case RANGE_WITH_RESP_NON_BYTE:
return "Non-Byte unit";
case RANGE_WITH_UNKNOWN_CONTENT_RANGE:
return "Unknown Range Content";
case RANGE_WITH_RESP_UNKNOWN_CONTENT_SIZE:
return "Unknown Range Content Length";
default:
return "Skip Range";
}
}
/* /*
** NAME ** NAME
** SnortHttpInspect:: ** SnortHttpInspect::
*/ */
/** /**
** This function calls the HttpInspect function that processes an HTTP ** This function calls the HttpInspect function that processes an HTTP
** session. ** session.
** **
** We need to instantiate a pointer for the HI_SESSION that HttpInspect ** We need to instantiate a pointer for the HI_SESSION that HttpInspect
** fills in. Right now stateless processing fills in this session, which ** fills in. Right now stateless processing fills in this session, which
skipping to change at line 4413 skipping to change at line 4436
{ {
flow_depth = Session->server_conf->client_flow_depth; flow_depth = Session->server_conf->client_flow_depth;
ApplyClientFlowDepth(p, flow_depth); ApplyClientFlowDepth(p, flow_depth);
} }
else else
{ {
ApplyFlowDepth(Session->server_conf, p, hsd, 0, 1, GET_PKT_SEQ(p)); ApplyFlowDepth(Session->server_conf, p, hsd, 0, 1, GET_PKT_SEQ(p));
} }
p->packet_flags |= PKT_HTTP_DECODE; p->packet_flags |= PKT_HTTP_DECODE;
HttpLogFuncs(GlobalConf, hsd, p, iCallDetect);
if ( p->alt_dsize == 0 ) if ( p->alt_dsize == 0 )
{ {
DisableDetect( p ); DisableDetect( p );
EnablePreprocessor(p, PP_SDF); EnablePreprocessor(p, PP_SDF);
return 0; return 0;
} }
// see comments on call to Detect() below // see comments on call to Detect() below
PREPROC_PROFILE_START(hiDetectPerfStats); PREPROC_PROFILE_START(hiDetectPerfStats);
Detect(p); Detect(p);
skipping to change at line 4699 skipping to change at line 4723
ApplyClientFlowDepth(p, Session->server_conf->client_flow_depth) ; ApplyClientFlowDepth(p, Session->server_conf->client_flow_depth) ;
if( !GetHttpBufferMask() && (p->alt_dsize == 0) ) if( !GetHttpBufferMask() && (p->alt_dsize == 0) )
{ {
DisableDetect( p ); DisableDetect( p );
EnablePreprocessor(p, PP_SDF); EnablePreprocessor(p, PP_SDF);
return 0; return 0;
} }
} }
if (Session->client.request.range_flag != HTTP_RANGE_NONE)
{
if (Session->client.request.method != HI_GET_METHOD)
{
if (hi_eo_generate_event(Session, HI_EO_CLIENT_RANGE_NON_GET
_METHOD))
{
hi_eo_client_event_log(Session, HI_EO_CLIENT_RANGE_NON_G
ET_METHOD, NULL, NULL);
}
}
else
{
if (Session->client.request.range_flag == RANGE_WITH_REQ_ERR
OR)
{
if (hi_eo_generate_event(Session, HI_EO_CLIENT_RANGE_FIE
LD_ERROR))
{
hi_eo_client_event_log(Session, HI_EO_CLIENT_RANGE_F
IELD_ERROR, NULL, NULL);
}
}
}
}
} }
else /* Server mode */ else /* Server mode */
{ {
const HttpBuffer* hb; const HttpBuffer* hb;
/* /*
** We check here to see whether this was a server response ** We check here to see whether this was a server response
** header or not. If the header size is 0 then, we know that this ** header or not. If the header size is 0 then, we know that this
** is not the header and don't do any detection. ** is not the header and don't do any detection.
*/ */
skipping to change at line 4823 skipping to change at line 4867
#endif #endif
} }
if(Session->server.response.status_code) if(Session->server.response.status_code)
{ {
SetHttpBuffer( SetHttpBuffer(
HTTP_BUFFER_STAT_CODE, HTTP_BUFFER_STAT_CODE,
Session->server.response.status_code, Session->server.response.status_code,
Session->server.response.status_code_size); Session->server.response.status_code_size);
if (!strncmp((const char*)Session->server.response.status_code, "206", 3) && !hsd->resp_state.eoh_found) if (!strncmp((const char*)Session->server.response.status_code, "206", 3))
{ {
/* If status code 206 is seen but EOH is not seen, then look if ((Session->server.response.range_flag == RANGE_WITH_RESP
for partial content _ERROR) &&
* in subsequent packets hi_eo_generate_event(Session, HI_EO_SERVER_RANGE_FIELD_
*/ ERROR))
hsd->resp_state.look_for_partial_content = true; {
hi_eo_server_event_log(Session, HI_EO_SERVER_RANGE_FIEL
D_ERROR, NULL, NULL);
}
if (Session->server.response.range_flag == HTTP_RESP_RANGE_
NONE)
{
hsd->resp_state.look_for_partial_content = CONTENT_NONE
;
}
else if (Session->server.response.range_flag == RANGE_WITH_
RESP_FULL_CONTENT)
{
hsd->resp_state.look_for_partial_content = FULL_CONTENT
;
}
else
{
hsd->resp_state.look_for_partial_content = PARTIAL_CONT
ENT;
}
if ((Session->client.request.range_flag == HTTP_RANGE_WITH_
FULL_CONTENT_REQ) &&
((Session->server.response.range_flag == RANGE_WITH_RES
P_UNKNOWN_CONTENT_SIZE) ||
(Session->server.response.range_flag == RANGE_WITH_UNK
NOWN_CONTENT_RANGE) ||
(Session->server.response.range_flag == RANGE_WITH_RES
P_ERROR)))
{
hsd->resp_state.look_for_partial_content = FULL_CONTENT
;
}
} }
#ifdef DUMP_BUFFER #ifdef DUMP_BUFFER
dumpBuffer(STAT_CODE_DUMP, Session->server.response.status_code, Session->server.response.status_code_size); dumpBuffer(STAT_CODE_DUMP, Session->server.response.status_code, Session->server.response.status_code_size);
#endif #endif
} }
if(Session->server.response.status_msg) if(Session->server.response.status_msg)
{ {
SetHttpBuffer( SetHttpBuffer(
skipping to change at line 5085 skipping to change at line 5151
return 0; return 0;
} }
HttpSessionData * SetNewHttpSessionData(Packet *p, void *data) HttpSessionData * SetNewHttpSessionData(Packet *p, void *data)
{ {
HttpSessionData *hsd; HttpSessionData *hsd;
if (p->ssnptr == NULL) if (p->ssnptr == NULL)
return NULL; return NULL;
hi_stats.session_count++;
hsd = (HttpSessionData *)SnortAlloc(sizeof(HttpSessionData)); hsd = (HttpSessionData *)SnortAlloc(sizeof(HttpSessionData));
hi_stats.mem_used += (sizeof(HttpSessionData) + sizeof(DECOMPRESS_STATE) + s izeof(HTTP_LOG_STATE));
init_decode_utf_state(&hsd->utf_state); init_decode_utf_state(&hsd->utf_state);
session_api->set_application_data(p->ssnptr, PP_HTTPINSPECT, hsd, FreeHttpSe ssionData); session_api->set_application_data(p->ssnptr, PP_HTTPINSPECT, hsd, FreeHttpSe ssionData);
hsd->fd_state = (fd_session_p_t)NULL; hsd->fd_state = (fd_session_p_t)NULL;
hsd->resp_state.eoh_found = false; hsd->resp_state.eoh_found = false;
hsd->resp_state.look_for_partial_content = false; hsd->resp_state.look_for_partial_content = CONTENT_NONE;
hsd->resp_state.chunk_len_state = CHUNK_LEN_DEFAULT; hsd->resp_state.chunk_len_state = CHUNK_LEN_DEFAULT;
return hsd; return hsd;
} }
void FreeHttpSessionData(void *data) void FreeHttpSessionData(void *data)
{ {
HttpSessionData *hsd = (HttpSessionData *)data; HttpSessionData *hsd = (HttpSessionData *)data;
if (hsd == NULL) if (hsd == NULL)
return; return;
hi_stats.session_count--;
if (hsd->decomp_state != NULL) if (hsd->decomp_state != NULL)
{ {
inflateEnd(&(hsd->decomp_state->d_stream)); inflateEnd(&(hsd->decomp_state->d_stream));
mempool_free(hi_gzip_mempool, hsd->decomp_state->bkt); mempool_free(hi_gzip_mempool, hsd->decomp_state->bkt);
} }
if (hsd->log_state != NULL) if (hsd->log_state != NULL)
{ {
mempool_free(http_mempool, hsd->log_state->log_bucket); mempool_free(http_mempool, hsd->log_state->log_bucket);
skipping to change at line 5128 skipping to change at line 5198
deleteNode_tList(hsd); deleteNode_tList(hsd);
file_api->free_mime_session(hsd->mime_ssn); file_api->free_mime_session(hsd->mime_ssn);
if( hsd->fd_state != 0 ) if( hsd->fd_state != 0 )
{ {
File_Decomp_StopFree(hsd->fd_state); // Stop & Stop & Free fd session object File_Decomp_StopFree(hsd->fd_state); // Stop & Stop & Free fd session object
hsd->fd_state = NULL; // ...just for good measure hsd->fd_state = NULL; // ...just for good measure
} }
hi_stats.mem_used -= (sizeof(HttpSessionData) + sizeof(DECOMPRESS_STATE) + s izeof(HTTP_LOG_STATE));
free(hsd); free(hsd);
} }
int GetHttpTrueIP(void *data, uint8_t **buf, uint32_t *len, uint32_t *type) int GetHttpTrueIP(void *data, uint8_t **buf, uint32_t *len, uint32_t *type)
{ {
sfaddr_t *true_ip; sfaddr_t *true_ip;
true_ip = GetTrueIPForSession(data); true_ip = GetTrueIPForSession(data);
if(!true_ip) if(!true_ip)
return 0; return 0;
skipping to change at line 5412 skipping to change at line 5483
//Only for POST //Only for POST
flow_depth = serverConf->post_depth; flow_depth = serverConf->post_depth;
} }
else if( flags & PKT_FROM_SERVER ) else if( flags & PKT_FROM_SERVER )
{ {
flow_depth = serverConf->server_flow_depth; flow_depth = serverConf->server_flow_depth;
} }
return flow_depth; return flow_depth;
} }
bool isHttpRespPartialCont(void *data) uint8_t isHttpRespPartialCont(void *data)
{ {
HttpSessionData *hsd = NULL; HttpSessionData *hsd = NULL;
if (data == NULL) { if (data == NULL) {
return false; return CONTENT_NONE;
} }
hsd = (HttpSessionData *)session_api->get_application_data(data, PP_HTTPINSP ECT); hsd = (HttpSessionData *)session_api->get_application_data(data, PP_HTTPINSP ECT);
if (hsd == NULL) { if (hsd == NULL) {
return false; return CONTENT_NONE;
} }
return hsd->resp_state.look_for_partial_content; return hsd->resp_state.look_for_partial_content;
} }
 End of changes. 13 change blocks. 
10 lines changed or deleted 98 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)