"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/service_inspectors/http_inspect/http_msg_header.cc" between
snort3-3.1.28.0.tar.gz and snort3-3.1.29.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

[ To the main snort source changes report ]

http_msg_header.cc  (snort3-3.1.28.0):http_msg_header.cc  (snort3-3.1.29.0)
skipping to change at line 446 skipping to change at line 446
} }
else else
{ {
// Old-style response body runs to connection close // Old-style response body runs to connection close
session_data->type_expected[source_id] = SEC_BODY_OLD; session_data->type_expected[source_id] = SEC_BODY_OLD;
prepare_body(); prepare_body();
return; return;
} }
} }
// Common activities of preparing for upcoming regular body or chunked body // Common activities of preparing for upcoming body
void HttpMsgHeader::prepare_body() void HttpMsgHeader::prepare_body()
{ {
session_data->body_octets[source_id] = 0; session_data->body_octets[source_id] = 0;
const int64_t& depth = (source_id == SRC_CLIENT) ? params->request_depth : setup_mime();
params->response_depth; if (!session_data->mime_state[source_id])
session_data->detect_depth_remaining[source_id] = (depth != -1) ? depth : IN {
T64_MAX; const int64_t& depth = (source_id == SRC_CLIENT) ? params->request_depth
params->js_norm_param.js_norm->set_detection_depth(session_data->detect_dept :
h_remaining[source_id]); params->response_depth;
session_data->detect_depth_remaining[source_id] = (depth != -1) ? depth
: INT64_MAX;
params->js_norm_param.js_norm->set_detection_depth(session_data->detect_
depth_remaining[source_id]);
}
else
{
// File and decode depths are per attachment, so if either is greater th
an 0 we inspect the
// full message body. Currently the decode depths are not configurable f
or http_inspect so
// are always the default of unlimited, meaning for MIME we always inspe
ct the full message
// body
session_data->detect_depth_remaining[source_id] = INT64_MAX;
}
if ((source_id == SRC_CLIENT) and params->publish_request_body and session_d ata->for_http2) if ((source_id == SRC_CLIENT) and params->publish_request_body and session_d ata->for_http2)
{ {
session_data->publish_octets[source_id] = 0; session_data->publish_octets[source_id] = 0;
session_data->publish_depth_remaining[source_id] = REQUEST_PUBLISH_DEPTH ; session_data->publish_depth_remaining[source_id] = REQUEST_PUBLISH_DEPTH ;
} }
setup_file_processing(); setup_file_processing();
setup_encoding_decompression(); setup_encoding_decompression();
setup_utf_decoding(); setup_utf_decoding();
setup_file_decompression(); setup_file_decompression();
update_depth(); update_depth();
skipping to change at line 482 skipping to change at line 493
// Message bodies for CONNECT requests have no defined semantics // Message bodies for CONNECT requests have no defined semantics
if ((method_id == METH_CONNECT) && !session_data->for_http2) if ((method_id == METH_CONNECT) && !session_data->for_http2)
{ {
add_infraction(INF_CONNECT_REQUEST_BODY); add_infraction(INF_CONNECT_REQUEST_BODY);
create_event(EVENT_CONNECT_REQUEST_BODY); create_event(EVENT_CONNECT_REQUEST_BODY);
} }
} }
} }
void HttpMsgHeader::setup_file_processing() void HttpMsgHeader::setup_mime()
{ {
session_data->file_octets[source_id] = 0;
const int64_t max_file_depth = FileService::get_max_file_depth();
if (max_file_depth <= 0)
{
session_data->file_depth_remaining[source_id] = 0;
return;
}
// Generate the unique file id for multi file processing
set_multi_file_processing_id(get_transaction_id(), session_data->get_h2_stre
am_id());
// Do we meet all the conditions for MIME file processing? // Do we meet all the conditions for MIME file processing?
if (source_id == SRC_CLIENT) if (source_id == SRC_CLIENT)
{ {
const Field& content_type = get_header_value_raw(HEAD_CONTENT_TYPE); const Field& content_type = get_header_value_raw(HEAD_CONTENT_TYPE);
if (content_type.length() > 0) if (content_type.length() > 0)
{ {
if (boundary_present(content_type)) if (boundary_present(content_type))
{ {
// Generate the unique file id for multi file processing
set_multi_file_processing_id(get_transaction_id(), session_data-
>get_h2_stream_id());
Packet* p = DetectionEngine::get_current_packet(); Packet* p = DetectionEngine::get_current_packet();
const Field& uri = request->get_uri_norm_classic(); const Field& uri = request->get_uri_norm_classic();
if (uri.length() > 0) if (uri.length() > 0)
session_data->mime_state[source_id] = new MimeSession(p, session_data->mime_state[source_id] = new MimeSession(p,
&params->mime_decode_conf, &mime_conf, get_multi_file_pr ocessing_id(), params->mime_decode_conf, &mime_conf, get_multi_file_pro cessing_id(),
uri.start(), uri.length()); uri.start(), uri.length());
else else
session_data->mime_state[source_id] = new MimeSession(p, session_data->mime_state[source_id] = new MimeSession(p,
&params->mime_decode_conf, &mime_conf, get_multi_file_pr ocessing_id()); params->mime_decode_conf, &mime_conf, get_multi_file_pro cessing_id());
// Show file processing the Content-Type header as if it were re gular data. // Show file processing the Content-Type header as if it were re gular data.
// This will enable it to find the boundary string. // This will enable it to find the boundary string.
// FIXIT-L develop a proper interface for passing the boundary s tring. // FIXIT-L develop a proper interface for passing the boundary s tring.
// This interface is a leftover from when OHI pushed whole messa ges through // This interface is a leftover from when OHI pushed whole messa ges through
// this interface. // this interface.
session_data->mime_state[source_id]->process_mime_data(p, session_data->mime_state[source_id]->process_mime_data(p,
content_type.start(), content_type.length(), true, content_type.start(), content_type.length(), true,
SNORT_FILE_POSITION_UNKNOWN); SNORT_FILE_POSITION_UNKNOWN);
session_data->mime_state[source_id]->process_mime_data(p, session_data->mime_state[source_id]->process_mime_data(p,
(const uint8_t*)"\r\n", 2, true, SNORT_FILE_POSITION_UNKNOWN ); (const uint8_t*)"\r\n", 2, true, SNORT_FILE_POSITION_UNKNOWN );
session_data->file_depth_remaining[source_id] = INT64_MAX; session_data->file_depth_remaining[source_id] = INT64_MAX;
} }
} }
} }
}
// Otherwise do regular file processing void HttpMsgHeader::setup_file_processing()
if (session_data->mime_state[source_id] == nullptr) {
if (session_data->mime_state[source_id])
return;
session_data->file_octets[source_id] = 0;
const int64_t max_file_depth = FileService::get_max_file_depth();
if (max_file_depth <= 0)
{ {
session_data->file_depth_remaining[source_id] = max_file_depth; session_data->file_depth_remaining[source_id] = 0;
FileFlows* file_flows = FileFlows::get_file_flows(flow); return;
if (!file_flows)
session_data->file_depth_remaining[source_id] = 0;
} }
// Generate the unique file id for multi file processing
set_multi_file_processing_id(get_transaction_id(), session_data->get_h2_stre
am_id());
session_data->file_depth_remaining[source_id] = max_file_depth;
FileFlows* file_flows = FileFlows::get_file_flows(flow);
if (!file_flows)
session_data->file_depth_remaining[source_id] = 0;
} }
void HttpMsgHeader::setup_encoding_decompression() void HttpMsgHeader::setup_encoding_decompression()
{ {
if (!params->unzip) if (!params->unzip)
return; return;
CompressId& compression = session_data->compression[source_id]; CompressId& compression = session_data->compression[source_id];
// Search the Content-Encoding header to find the type of compression used. We detect and alert // Search the Content-Encoding header to find the type of compression used. We detect and alert
 End of changes. 11 change blocks. 
30 lines changed or deleted 50 lines changed or added
To the C++ Programs section of the snort source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)