"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/service_inspectors/http_inspect/http_msg_header.cc" between
snort3-3.1.28.0.tar.gz and snort3-3.1.29.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

http_msg_header.cc  (snort3-3.1.28.0):http_msg_header.cc  (snort3-3.1.29.0)
skipping to change at line 446 skipping to change at line 446
} }
else else
{ {
// Old-style response body runs to connection close // Old-style response body runs to connection close
session_data->type_expected[source_id] = SEC_BODY_OLD; session_data->type_expected[source_id] = SEC_BODY_OLD;
prepare_body(); prepare_body();
return; return;
} }
} }
// Common activities of preparing for upcoming regular body or chunked body // Common activities of preparing for upcoming body
void HttpMsgHeader::prepare_body() void HttpMsgHeader::prepare_body()
{ {
session_data->body_octets[source_id] = 0; session_data->body_octets[source_id] = 0;
const int64_t& depth = (source_id == SRC_CLIENT) ? params->request_depth : setup_mime();
params->response_depth; if (!session_data->mime_state[source_id])
session_data->detect_depth_remaining[source_id] = (depth != -1) ? depth : IN {
T64_MAX; const int64_t& depth = (source_id == SRC_CLIENT) ? params->request_depth
params->js_norm_param.js_norm->set_detection_depth(session_data->detect_dept :
h_remaining[source_id]); params->response_depth;
session_data->detect_depth_remaining[source_id] = (depth != -1) ? depth
: INT64_MAX;
params->js_norm_param.js_norm->set_detection_depth(session_data->detect_
depth_remaining[source_id]);
}
else
{
// File and decode depths are per attachment, so if either is greater th
an 0 we inspect the
// full message body. Currently the decode depths are not configurable f
or http_inspect so
// are always the default of unlimited, meaning for MIME we always inspe
ct the full message
// body
session_data->detect_depth_remaining[source_id] = INT64_MAX;
}
if ((source_id == SRC_CLIENT) and params->publish_request_body and session_d ata->for_http2) if ((source_id == SRC_CLIENT) and params->publish_request_body and session_d ata->for_http2)
{ {
session_data->publish_octets[source_id] = 0; session_data->publish_octets[source_id] = 0;
session_data->publish_depth_remaining[source_id] = REQUEST_PUBLISH_DEPTH ; session_data->publish_depth_remaining[source_id] = REQUEST_PUBLISH_DEPTH ;
} }
setup_file_processing(); setup_file_processing();
setup_encoding_decompression(); setup_encoding_decompression();
setup_utf_decoding(); setup_utf_decoding();
setup_file_decompression(); setup_file_decompression();
update_depth(); update_depth();
skipping to change at line 482 skipping to change at line 493
// Message bodies for CONNECT requests have no defined semantics // Message bodies for CONNECT requests have no defined semantics
if ((method_id == METH_CONNECT) && !session_data->for_http2) if ((method_id == METH_CONNECT) && !session_data->for_http2)
{ {
add_infraction(INF_CONNECT_REQUEST_BODY); add_infraction(INF_CONNECT_REQUEST_BODY);
create_event(EVENT_CONNECT_REQUEST_BODY); create_event(EVENT_CONNECT_REQUEST_BODY);
} }
} }
} }
void HttpMsgHeader::setup_file_processing() void HttpMsgHeader::setup_mime()
{ {
session_data->file_octets[source_id] = 0;
const int64_t max_file_depth = FileService::get_max_file_depth();
if (max_file_depth <= 0)
{
session_data->file_depth_remaining[source_id] = 0;
return;
}
// Generate the unique file id for multi file processing
set_multi_file_processing_id(get_transaction_id(), session_data->get_h2_stre
am_id());
// Do we meet all the conditions for MIME file processing? // Do we meet all the conditions for MIME file processing?
if (source_id == SRC_CLIENT) if (source_id == SRC_CLIENT)
{ {
const Field& content_type = get_header_value_raw(HEAD_CONTENT_TYPE); const Field& content_type = get_header_value_raw(HEAD_CONTENT_TYPE);
if (content_type.length() > 0) if (content_type.length() > 0)
{ {
if (boundary_present(content_type)) if (boundary_present(content_type))
{ {
// Generate the unique file id for multi file processing
set_multi_file_processing_id(get_transaction_id(), session_data-
>get_h2_stream_id());
Packet* p = DetectionEngine::get_current_packet(); Packet* p = DetectionEngine::get_current_packet();
const Field& uri = request->get_uri_norm_classic(); const Field& uri = request->get_uri_norm_classic();
if (uri.length() > 0) if (uri.length() > 0)
session_data->mime_state[source_id] = new MimeSession(p, session_data->mime_state[source_id] = new MimeSession(p,
&params->mime_decode_conf, &mime_conf, get_multi_file_pr ocessing_id(), params->mime_decode_conf, &mime_conf, get_multi_file_pro cessing_id(),
uri.start(), uri.length()); uri.start(), uri.length());
else else
session_data->mime_state[source_id] = new MimeSession(p, session_data->mime_state[source_id] = new MimeSession(p,
&params->mime_decode_conf, &mime_conf, get_multi_file_pr ocessing_id()); params->mime_decode_conf, &mime_conf, get_multi_file_pro cessing_id());
// Show file processing the Content-Type header as if it were re gular data. // Show file processing the Content-Type header as if it were re gular data.
// This will enable it to find the boundary string. // This will enable it to find the boundary string.
// FIXIT-L develop a proper interface for passing the boundary s tring. // FIXIT-L develop a proper interface for passing the boundary s tring.
// This interface is a leftover from when OHI pushed whole messa ges through // This interface is a leftover from when OHI pushed whole messa ges through
// this interface. // this interface.
session_data->mime_state[source_id]->process_mime_data(p, session_data->mime_state[source_id]->process_mime_data(p,
content_type.start(), content_type.length(), true, content_type.start(), content_type.length(), true,
SNORT_FILE_POSITION_UNKNOWN); SNORT_FILE_POSITION_UNKNOWN);
session_data->mime_state[source_id]->process_mime_data(p, session_data->mime_state[source_id]->process_mime_data(p,
(const uint8_t*)"\r\n", 2, true, SNORT_FILE_POSITION_UNKNOWN ); (const uint8_t*)"\r\n", 2, true, SNORT_FILE_POSITION_UNKNOWN );
session_data->file_depth_remaining[source_id] = INT64_MAX; session_data->file_depth_remaining[source_id] = INT64_MAX;
} }
} }
} }
}
// Otherwise do regular file processing void HttpMsgHeader::setup_file_processing()
if (session_data->mime_state[source_id] == nullptr) {
if (session_data->mime_state[source_id])
return;
session_data->file_octets[source_id] = 0;
const int64_t max_file_depth = FileService::get_max_file_depth();
if (max_file_depth <= 0)
{ {
session_data->file_depth_remaining[source_id] = max_file_depth; session_data->file_depth_remaining[source_id] = 0;
FileFlows* file_flows = FileFlows::get_file_flows(flow); return;
if (!file_flows)
session_data->file_depth_remaining[source_id] = 0;
} }
// Generate the unique file id for multi file processing
set_multi_file_processing_id(get_transaction_id(), session_data->get_h2_stre
am_id());
session_data->file_depth_remaining[source_id] = max_file_depth;
FileFlows* file_flows = FileFlows::get_file_flows(flow);
if (!file_flows)
session_data->file_depth_remaining[source_id] = 0;
} }
void HttpMsgHeader::setup_encoding_decompression() void HttpMsgHeader::setup_encoding_decompression()
{ {
if (!params->unzip) if (!params->unzip)
return; return;
CompressId& compression = session_data->compression[source_id]; CompressId& compression = session_data->compression[source_id];
// Search the Content-Encoding header to find the type of compression used. We detect and alert // Search the Content-Encoding header to find the type of compression used. We detect and alert
 End of changes. 11 change blocks. 
30 lines changed or deleted 50 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)