"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/service_inspectors/http_inspect/http_msg_body.cc" between
snort3-3.1.28.0.tar.gz and snort3-3.1.29.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

http_msg_body.cc  (snort3-3.1.28.0):http_msg_body.cc  (snort3-3.1.29.0)
skipping to change at line 146 skipping to change at line 146
} }
int32_t& pub_depth_remaining = session_data->publish_depth_remaining[source_ id]; int32_t& pub_depth_remaining = session_data->publish_depth_remaining[source_ id];
if (pub_depth_remaining > 0) if (pub_depth_remaining > 0)
{ {
publish_length = (pub_depth_remaining > msg_text_new.length()) ? publish_length = (pub_depth_remaining > msg_text_new.length()) ?
msg_text_new.length() : pub_depth_remaining; msg_text_new.length() : pub_depth_remaining;
pub_depth_remaining -= publish_length; pub_depth_remaining -= publish_length;
} }
if (session_data->file_depth_remaining[source_id] > 0 or if (session_data->mime_state[source_id])
{
// FIXIT-M this interface does not convey any indication of end of messa
ge body. If the
// message body ends in the middle of a MIME message the partial file wi
ll not be flushed.
Packet* p = DetectionEngine::get_current_packet();
const uint8_t* const section_end = msg_text_new.start() + msg_text_new.l
ength();
const uint8_t* ptr = msg_text_new.start();
while (ptr < section_end)
{
// After process_mime_data(), ptr will point to the last byte proces
sed in the current
// MIME part
ptr = session_data->mime_state[source_id]->process_mime_data(p, ptr,
(section_end - ptr), true, SNORT_FILE_POSITION_UNKNOWN);
ptr++;
}
const BufferData& vba_buf = session_data->mime_state[source_id]->get_ole
_buf();
if (vba_buf.data_ptr())
ole_data.set(vba_buf.length(), vba_buf.data_ptr());
detect_data.set(msg_text.length(), msg_text.start());
}
else if (session_data->file_depth_remaining[source_id] > 0 or
session_data->detect_depth_remaining[source_id] > 0) session_data->detect_depth_remaining[source_id] > 0)
{ {
do_utf_decoding(msg_text_new, decoded_body); do_utf_decoding(msg_text_new, decoded_body);
if (session_data->file_depth_remaining[source_id] > 0) if (session_data->file_depth_remaining[source_id] > 0)
{ {
do_file_processing(decoded_body); do_file_processing(decoded_body);
} }
if (session_data->detect_depth_remaining[source_id] > 0) if (session_data->detect_depth_remaining[source_id] > 0)
skipping to change at line 220 skipping to change at line 244
memcpy(save_partial, decompressed->start(), decompressed->length ()); memcpy(save_partial, decompressed->start(), decompressed->length ());
partial_detect_buffer = save_partial; partial_detect_buffer = save_partial;
partial_detect_length = decompressed->length(); partial_detect_length = decompressed->length();
partial_js_detect_length = js_norm_body.length(); partial_js_detect_length = js_norm_body.length();
} }
// If this is a MIME upload, the MIME library sets the file_data buf fer to the // If this is a MIME upload, the MIME library sets the file_data buf fer to the
// file attachment body data. // file attachment body data.
// FIXIT-E currently the file_data buffer is set to the body of the last attachment per // FIXIT-E currently the file_data buffer is set to the body of the last attachment per
// message section. // message section.
if (!session_data->mime_state[source_id]) set_file_data(const_cast<uint8_t*>(detect_data.start()),
set_file_data(const_cast<uint8_t*>(detect_data.start()), (unsigned)detect_data.length());
(unsigned)detect_data.length());
} }
} }
body_octets += msg_text.length(); body_octets += msg_text.length();
partial_inspected_octets = session_data->partial_flush[source_id] ? msg_text .length() : 0; partial_inspected_octets = session_data->partial_flush[source_id] ? msg_text .length() : 0;
} }
void HttpMsgBody::do_utf_decoding(const Field& input, Field& output) void HttpMsgBody::do_utf_decoding(const Field& input, Field& output)
{ {
if ((session_data->mime_state[source_id] != nullptr) || if ((session_data->utf_state[source_id] == nullptr) || (input.length() == 0)
(session_data->utf_state[source_id] == nullptr) || (input.length() == 0) )
)
{ {
output.set(input); output.set(input);
return; return;
} }
if (session_data->utf_state[source_id]->is_utf_encoding_present()) if (session_data->utf_state[source_id]->is_utf_encoding_present())
{ {
int bytes_copied; int bytes_copied;
bool decoded; bool decoded;
uint8_t* buffer = new uint8_t[input.length()]; uint8_t* buffer = new uint8_t[input.length()];
skipping to change at line 286 skipping to change at line 308
{ {
ole_data.set(ole_len, ole_data_ptr, false); ole_data.set(ole_len, ole_data_ptr, false);
//Reset the ole data ptr once it is stored in msg body //Reset the ole data ptr once it is stored in msg body
session_data->fd_state[source_id]->ole_data_reset(); session_data->fd_state[source_id]->ole_data_reset();
} }
} }
void HttpMsgBody::do_file_decompression(const Field& input, Field& output) void HttpMsgBody::do_file_decompression(const Field& input, Field& output)
{ {
if ((session_data->mime_state[source_id] != nullptr) || if (session_data->fd_state[source_id] == nullptr)
session_data->fd_state[source_id] == nullptr)
{ {
output.set(input); output.set(input);
return; return;
} }
const uint32_t buffer_size = session_data->file_decomp_buffer_size_remaining [source_id]; const uint32_t buffer_size = session_data->file_decomp_buffer_size_remaining [source_id];
uint8_t* buffer = new uint8_t[buffer_size]; uint8_t* buffer = new uint8_t[buffer_size];
session_data->fd_alert_context[source_id].infractions = transaction->get_inf ractions(source_id); session_data->fd_alert_context[source_id].infractions = transaction->get_inf ractions(source_id);
session_data->fd_alert_context[source_id].events = session_data->events[sour ce_id]; session_data->fd_alert_context[source_id].events = session_data->events[sour ce_id];
session_data->fd_state[source_id]->Next_In = input.start(); session_data->fd_state[source_id]->Next_In = input.start();
session_data->fd_state[source_id]->Avail_In = (uint32_t)input.length(); session_data->fd_state[source_id]->Avail_In = (uint32_t)input.length();
skipping to change at line 425 skipping to change at line 446
else if (front) file_position = SNORT_FILE_START; else if (front) file_position = SNORT_FILE_START;
else if (back) file_position = SNORT_FILE_END; else if (back) file_position = SNORT_FILE_END;
else file_position = SNORT_FILE_MIDDLE; else file_position = SNORT_FILE_MIDDLE;
// Chunked body with nothing but the zero length chunk? // Chunked body with nothing but the zero length chunk?
if (front && (file_data.length() == 0)) if (front && (file_data.length() == 0))
{ {
return; return;
} }
if (!session_data->mime_state[source_id]) const int32_t fp_length = (file_data.length() <=
{ session_data->file_depth_remaining[source_id]) ?
const int32_t fp_length = (file_data.length() <= file_data.length() : session_data->file_depth_remaining[source_id];
session_data->file_depth_remaining[source_id]) ?
file_data.length() : session_data->file_depth_remaining[source_id];
FileFlows* file_flows = FileFlows::get_file_flows(flow); FileFlows* file_flows = FileFlows::get_file_flows(flow);
if (!file_flows) if (!file_flows)
return; return;
const FileDirection dir = source_id == SRC_SERVER ? FILE_DOWNLOAD : FILE _UPLOAD; const FileDirection dir = source_id == SRC_SERVER ? FILE_DOWNLOAD : FILE_UPL OAD;
const uint64_t file_index = get_header(source_id)->get_file_cache_index( ); const uint64_t file_index = get_header(source_id)->get_file_cache_index();
bool continue_processing_file = file_flows->file_process(p, file_index, bool continue_processing_file = file_flows->file_process(p, file_index, file
file_data.start(), _data.start(),
fp_length, session_data->file_octets[source_id], dir, fp_length, session_data->file_octets[source_id], dir,
get_header(source_id)->get_multi_file_processing_id(), file_position get_header(source_id)->get_multi_file_processing_id(), file_position);
); if (continue_processing_file)
if (continue_processing_file) {
{ session_data->file_depth_remaining[source_id] -= fp_length;
session_data->file_depth_remaining[source_id] -= fp_length;
// With the first piece of the file we must provide the filename and // With the first piece of the file we must provide the filename and URI
URI if (front)
if (front) {
if (request != nullptr)
{ {
if (request != nullptr) const uint8_t* filename_buffer;
{ const uint8_t* uri_buffer;
const uint8_t* filename_buffer; uint32_t filename_length;
const uint8_t* uri_buffer; uint32_t uri_length;
uint32_t filename_length; get_file_info(dir, filename_buffer, filename_length, uri_buffer,
uint32_t uri_length; uri_length);
get_file_info(dir, filename_buffer, filename_length, uri_buf
fer, uri_length); continue_processing_file = file_flows->set_file_name(filename_bu
ffer,
continue_processing_file = file_flows->set_file_name(filenam filename_length, 0,
e_buffer, get_header(source_id)->get_multi_file_processing_id(), uri_b
filename_length, 0, uffer,
get_header(source_id)->get_multi_file_processing_id(), u uri_length);
ri_buffer,
uri_length);
}
} }
} }
if (!continue_processing_file)
{
// file processing doesn't want any more data
session_data->file_depth_remaining[source_id] = 0;
}
session_data->file_octets[source_id] += fp_length;
} }
else if (!continue_processing_file)
{ {
// FIXIT-M this interface does not convey any indication of end of messa // file processing doesn't want any more data
ge body. If the session_data->file_depth_remaining[source_id] = 0;
// message body ends in the middle of a MIME message the partial file wi
ll not be flushed.
const uint8_t* const section_end = file_data.start() + file_data.length(
);
const uint8_t* ptr = file_data.start();
while (ptr < section_end)
{
// After process_mime_data(), ptr will point to the last byte proces
sed in the current
// MIME part
ptr = session_data->mime_state[source_id]->process_mime_data(p, ptr,
(section_end - ptr), true, SNORT_FILE_POSITION_UNKNOWN);
ptr++;
}
const BufferData& vba_buf = session_data->mime_state[source_id]->get_ole
_buf();
if (vba_buf.data_ptr())
ole_data.set(vba_buf.length(), vba_buf.data_ptr());
session_data->file_octets[source_id] += file_data.length();
} }
session_data->file_octets[source_id] += fp_length;
} }
// Parses out the filename and URI associated with this file. // Parses out the filename and URI associated with this file.
// For the filename, if the message has a Content-Disposition header with a file name attribute, // For the filename, if the message has a Content-Disposition header with a file name attribute,
// use that. Otherwise use the segment of the URI path after the last '/' but no t including the // use that. Otherwise use the segment of the URI path after the last '/' but no t including the
// query or fragment. For the uri, use the request raw uri. If there is no URI o r nothing in the // query or fragment. For the uri, use the request raw uri. If there is no URI o r nothing in the
// path after the last slash, the filename and uri buffers may be empty. The nor malized URI is used. // path after the last slash, the filename and uri buffers may be empty. The nor malized URI is used.
void HttpMsgBody::get_file_info(FileDirection dir, const uint8_t*& filename_buff er, void HttpMsgBody::get_file_info(FileDirection dir, const uint8_t*& filename_buff er,
uint32_t& filename_length, const uint8_t*& uri_buffer, uint32_t& uri_length) uint32_t& filename_length, const uint8_t*& uri_buffer, uint32_t& uri_length)
{ {
 End of changes. 15 change blocks. 
77 lines changed or deleted 71 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)