"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/mime/file_mime_process.cc" between
snort3-3.1.31.0.tar.gz and snort3-3.1.32.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

file_mime_process.cc  (snort3-3.1.31.0):file_mime_process.cc  (snort3-3.1.32.0)
skipping to change at line 412 skipping to change at line 412
} }
ptr = eol; ptr = eol;
return true; return true;
} }
/* Get the end of data body (excluding boundary)*/ /* Get the end of data body (excluding boundary)*/
static const uint8_t* GetDataEnd(const uint8_t* data_start, static const uint8_t* GetDataEnd(const uint8_t* data_start,
const uint8_t* data_end_marker) const uint8_t* data_end_marker)
{ {
/* '\r\n' + '--' + MIME boundary string */ // '\r\n' + '--' + MIME boundary string
const int Max_Search = 4 + MAX_MIME_BOUNDARY_LEN; const int Max_Search = 4 + MAX_MIME_BOUNDARY_LEN;
const uint8_t* start; const uint8_t* start;
/*Exclude 2 bytes because either \r\n or '--' at the end */ // Exclude 2 bytes because either \r\n or '--' at the end
const uint8_t* end = data_end_marker - 2; const uint8_t* end = data_end_marker - 2;
/*Search for the start of boundary, should be less than boundary length*/ // Search for the start of boundary, should be less than boundary length
if (end > data_start + Max_Search) if (end > data_start + Max_Search)
start = end - Max_Search; start = end - Max_Search;
else else
start = data_start; start = data_start;
while (end > start) while (end > start)
{ {
if (*(--end) != '\n') if (*(--end) != '\n')
continue; continue;
skipping to change at line 588 skipping to change at line 588
DecodeResult result = decode_state->decompress_data( DecodeResult result = decode_state->decompress_data(
buffer, detection_size, decomp_buffer, decomp_buf_size buffer, detection_size, decomp_buffer, decomp_buf_size
); );
if ( result != DECODE_SUCCESS ) if ( result != DECODE_SUCCESS )
decompress_alert(); decompress_alert();
set_file_data(decomp_buffer, decomp_buf_size); set_file_data(decomp_buffer, decomp_buf_size);
} }
/*Process file type/file signature*/ // Process file type/file signature
mime_file_process(p, buffer, buf_size, position, upload); mime_file_process(p, buffer, buf_size, position, upload);
if (mime_stats) if (mime_stats)
{ {
switch (decode_state->get_decode_type()) switch (decode_state->get_decode_type())
{ {
case DECODE_B64: case DECODE_B64:
mime_stats->b64_bytes += buf_size; mime_stats->b64_bytes += buf_size;
break; break;
case DECODE_QP: case DECODE_QP:
skipping to change at line 648 skipping to change at line 648
partial_header_len = 0; partial_header_len = 0;
if (decode_state) if (decode_state)
{ {
decode_state->clear_decode_state(); decode_state->clear_decode_state();
decode_state->file_decomp_reset(); decode_state->file_decomp_reset();
} }
// Clear MIME's file data to prepare for next file // Clear MIME's file data to prepare for next file
filename.clear(); filename.clear();
file_counter++; file_counter++;
file_process_offset = 0; file_offset = 0;
current_file_cache_file_id = 0; current_file_cache_file_id = 0;
current_multiprocessing_file_id = 0; current_multiprocessing_file_id = 0;
continue_inspecting_file = true; continue_inspecting_file = true;
} }
// Main function for mime processing // Main function for mime processing
// This should be called when mime data is available // This should be called when mime data is available
const uint8_t* MimeSession::process_mime_data(Packet* p, const uint8_t* start, const uint8_t* MimeSession::process_mime_data(Packet* p, const uint8_t* start,
int data_size, bool upload, FilePosition position) int data_size, bool upload, FilePosition position)
{ {
skipping to change at line 671 skipping to change at line 671
const uint8_t* data_end_marker = start + data_size; const uint8_t* data_end_marker = start + data_size;
if (position != SNORT_FILE_POSITION_UNKNOWN) if (position != SNORT_FILE_POSITION_UNKNOWN)
{ {
process_mime_data_paf(p, attach_start, data_end_marker, process_mime_data_paf(p, attach_start, data_end_marker,
upload, position); upload, position);
return data_end_marker; return data_end_marker;
} }
initFilePosition(&position, file_process_offset); initFilePosition(&position, file_offset);
/* look for boundary */ // look for boundary
while (start < data_end_marker) while (start < data_end_marker)
{ {
/*Found the boundary, start processing data*/ // Found the boundary, start processing data
if (process_mime_paf_data(&(mime_boundary), *start)) if (process_mime_paf_data(&(mime_boundary), *start))
{ {
attach_end = start; attach_end = start;
finalFilePosition(&position); finalFilePosition(&position);
process_mime_data_paf(p, attach_start, attach_end, process_mime_data_paf(p, attach_start, attach_end,
upload, position); upload, position);
data_state = STATE_MIME_HEADER; data_state = STATE_MIME_HEADER;
position = SNORT_FILE_START; position = SNORT_FILE_START;
return attach_end; return attach_end;
} }
start++; start++;
} }
if ((start == data_end_marker) && (attach_start < data_end_marker)) if ((start == data_end_marker) && (attach_start < data_end_marker))
{ {
updateFilePosition(&position, file_process_offset); updateFilePosition(&position, file_offset);
process_mime_data_paf(p, attach_start, data_end_marker, process_mime_data_paf(p, attach_start, data_end_marker,
upload, position); upload, position);
} }
return data_end_marker; return data_end_marker;
} }
int MimeSession::get_data_state() int MimeSession::get_data_state()
{ {
return data_state; return data_state;
skipping to change at line 889 skipping to change at line 889
Flow* flow = p->flow; Flow* flow = p->flow;
FileFlows* file_flows = FileFlows::get_file_flows(flow); FileFlows* file_flows = FileFlows::get_file_flows(flow);
if(!file_flows) if(!file_flows)
return; return;
if (continue_inspecting_file) if (continue_inspecting_file)
{ {
if (session_base_file_id) if (session_base_file_id)
{ {
const FileDirection dir = upload? FILE_UPLOAD : FILE_DOWNLOAD; const FileDirection dir = upload? FILE_UPLOAD : FILE_DOWNLOAD;
uint64_t offset = file_process_offset;
continue_inspecting_file = file_flows->file_process(p, get_file_cach e_file_id(), data, continue_inspecting_file = file_flows->file_process(p, get_file_cach e_file_id(), data,
data_size, offset, dir, get_multiprocessing_file_id(), position) ; data_size, file_offset, dir, get_multiprocessing_file_id(), posi tion);
} }
else else
{ {
continue_inspecting_file = file_flows->file_process(p, data, data_si ze, position, continue_inspecting_file = file_flows->file_process(p, data, data_si ze, position,
upload); upload);
} }
file_process_offset += data_size; file_offset += data_size;
if (continue_inspecting_file and (isFileStart(position)) && log_state) if (continue_inspecting_file and (isFileStart(position)) && log_state)
{ {
continue_inspecting_file = file_flows->set_file_name((const uint8_t* )filename.c_str(), continue_inspecting_file = file_flows->set_file_name((const uint8_t* )filename.c_str(),
filename.length(), 0, get_multiprocessing_file_id(), uri, uri_le ngth); filename.length(), 0, get_multiprocessing_file_id(), uri, uri_le ngth);
filename.clear(); filename.clear();
} }
} }
} }
 End of changes. 11 change blocks. 
12 lines changed or deleted 11 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)