]>
Commit | Line | Data |
---|---|---|
db3b637a | 1 | /* Copyright (C) 2007-2020 Open Information Security Foundation |
ce019275 WM |
2 | * |
3 | * You can copy, redistribute or modify this Program under the terms of | |
4 | * the GNU General Public License version 2 as published by the Free | |
5 | * Software Foundation. | |
6 | * | |
7 | * This program is distributed in the hope that it will be useful, | |
8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | * GNU General Public License for more details. | |
11 | * | |
12 | * You should have received a copy of the GNU General Public License | |
13 | * version 2 along with this program; if not, write to the Free Software | |
14 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
15 | * 02110-1301, USA. | |
16 | */ | |
07f7ba55 | 17 | |
60a99915 EL |
18 | /** |
19 | * \ingroup httplayer | |
20 | * | |
21 | * @{ | |
22 | */ | |
23 | ||
07f7ba55 | 24 | /** |
ce019275 | 25 | * \file |
07f7ba55 | 26 | * |
9d5d46c4 | 27 | * \author Victor Julien <victor@inliniac.net> |
07f7ba55 | 28 | * \author Gurvinder Singh <gurvindersinghdahiya@gmail.com> |
0165b3f0 | 29 | * \author Pablo Rincon <pablo.rincon.crespo@gmail.com> |
a9cdd2bb | 30 | * \author Brian Rectanus <brectanu@gmail.com> |
5e2d9dbd | 31 | * \author Anoop Saldanha <anoopsaldanha@gmail.com> |
07f7ba55 | 32 | * |
ce019275 | 33 | * This file provides a HTTP protocol support for the engine using HTP library. |
07f7ba55 GS |
34 | */ |
35 | ||
5c6a65dc | 36 | #include "suricata.h" |
ecf86f9c | 37 | #include "suricata-common.h" |
1235c578 | 38 | #include "conf.h" |
07f7ba55 GS |
39 | #include "debug.h" |
40 | #include "decode.h" | |
41 | #include "threads.h" | |
cddbb0f6 | 42 | #include "counters.h" |
07f7ba55 GS |
43 | |
44 | #include "util-print.h" | |
45 | #include "util-pool.h" | |
a9cdd2bb | 46 | #include "util-radix-tree.h" |
e1022ee5 | 47 | #include "util-file.h" |
e7c0f0ad | 48 | #include "util-byte.h" |
07f7ba55 GS |
49 | |
50 | #include "stream-tcp-private.h" | |
51 | #include "stream-tcp-reassemble.h" | |
6a53ab9c | 52 | #include "stream-tcp.h" |
07f7ba55 GS |
53 | #include "stream.h" |
54 | ||
55 | #include "app-layer-protos.h" | |
56 | #include "app-layer-parser.h" | |
a0ee6ade | 57 | |
429c6388 | 58 | #include "app-layer.h" |
fc2f7f29 | 59 | #include "app-layer-htp.h" |
a0ee6ade VJ |
60 | #include "app-layer-htp-body.h" |
61 | #include "app-layer-htp-file.h" | |
48cf0585 | 62 | #include "app-layer-htp-libhtp.h" |
1235c578 | 63 | #include "app-layer-htp-xff.h" |
07f7ba55 | 64 | |
705471e4 | 65 | #include "util-spm.h" |
07f7ba55 | 66 | #include "util-debug.h" |
fc2f7f29 | 67 | #include "util-time.h" |
e0c13434 | 68 | #include "util-misc.h" |
07f7ba55 | 69 | |
06a65cb4 PR |
70 | #include "util-unittest.h" |
71 | #include "util-unittest-helper.h" | |
72 | #include "flow-util.h" | |
73 | ||
74 | #include "detect-engine.h" | |
75 | #include "detect-engine-state.h" | |
76 | #include "detect-parse.h" | |
77 | ||
5e2d9dbd | 78 | #include "decode-events.h" |
a9cdd2bb | 79 | |
4537f889 | 80 | #include "util-memcmp.h" |
535d9e35 | 81 | #include "util-random.h" |
e6494114 | 82 | #include "util-validate.h" |
4537f889 | 83 | |
32fb9f37 VJ |
84 | //#define PRINT |
85 | ||
ead13bda | 86 | /** Fast lookup tree (radix) for the various HTP configurations */ |
a9cdd2bb | 87 | static SCRadixTree *cfgtree; |
ead13bda | 88 | /** List of HTP configurations. */ |
a9cdd2bb BR |
89 | static HTPCfgRec cfglist; |
90 | ||
053c7288 PA |
91 | /** Limit to the number of libhtp messages that can be handled */ |
92 | #define HTP_MAX_MESSAGES 512 | |
93 | ||
3ae1854d VJ |
94 | SC_ATOMIC_DECLARE(uint32_t, htp_config_flags); |
95 | ||
07f7ba55 | 96 | #ifdef DEBUG |
5532af46 | 97 | static SCMutex htp_state_mem_lock = SCMUTEX_INITIALIZER; |
07f7ba55 GS |
98 | static uint64_t htp_state_memuse = 0; |
99 | static uint64_t htp_state_memcnt = 0; | |
100 | #endif | |
97d49d8f | 101 | |
e82416a4 PA |
102 | SCEnumCharMap http_decoder_event_table[] = { |
103 | { "UNKNOWN_ERROR", HTTP_DECODER_EVENT_UNKNOWN_ERROR }, | |
104 | { "GZIP_DECOMPRESSION_FAILED", HTTP_DECODER_EVENT_GZIP_DECOMPRESSION_FAILED }, | |
105 | { "REQUEST_FIELD_MISSING_COLON", HTTP_DECODER_EVENT_REQUEST_FIELD_MISSING_COLON }, | |
106 | { "RESPONSE_FIELD_MISSING_COLON", HTTP_DECODER_EVENT_RESPONSE_FIELD_MISSING_COLON }, | |
107 | { "INVALID_REQUEST_CHUNK_LEN", HTTP_DECODER_EVENT_INVALID_REQUEST_CHUNK_LEN }, | |
108 | { "INVALID_RESPONSE_CHUNK_LEN", HTTP_DECODER_EVENT_INVALID_RESPONSE_CHUNK_LEN }, | |
f713b653 | 109 | { "INVALID_TRANSFER_ENCODING_VALUE_IN_REQUEST", |
e82416a4 | 110 | HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_REQUEST }, |
f713b653 | 111 | { "INVALID_TRANSFER_ENCODING_VALUE_IN_RESPONSE", |
e82416a4 | 112 | HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_RESPONSE }, |
f713b653 | 113 | { "INVALID_CONTENT_LENGTH_FIELD_IN_REQUEST", |
e82416a4 | 114 | HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_REQUEST }, |
f713b653 | 115 | { "INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE", |
e82416a4 | 116 | HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE }, |
9cbf9ef7 | 117 | { "DUPLICATE_CONTENT_LENGTH_FIELD_IN_REQUEST", |
e82416a4 | 118 | HTTP_DECODER_EVENT_DUPLICATE_CONTENT_LENGTH_FIELD_IN_REQUEST }, |
9cbf9ef7 | 119 | { "DUPLICATE_CONTENT_LENGTH_FIELD_IN_RESPONSE", |
e82416a4 PA |
120 | HTTP_DECODER_EVENT_DUPLICATE_CONTENT_LENGTH_FIELD_IN_RESPONSE }, |
121 | { "100_CONTINUE_ALREADY_SEEN", HTTP_DECODER_EVENT_100_CONTINUE_ALREADY_SEEN }, | |
f713b653 | 122 | { "UNABLE_TO_MATCH_RESPONSE_TO_REQUEST", |
e82416a4 PA |
123 | HTTP_DECODER_EVENT_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST }, |
124 | { "INVALID_SERVER_PORT_IN_REQUEST", HTTP_DECODER_EVENT_INVALID_SERVER_PORT_IN_REQUEST }, | |
125 | { "INVALID_AUTHORITY_PORT", HTTP_DECODER_EVENT_INVALID_AUTHORITY_PORT }, | |
126 | { "REQUEST_HEADER_INVALID", HTTP_DECODER_EVENT_REQUEST_HEADER_INVALID }, | |
127 | { "RESPONSE_HEADER_INVALID", HTTP_DECODER_EVENT_RESPONSE_HEADER_INVALID }, | |
128 | { "MISSING_HOST_HEADER", HTTP_DECODER_EVENT_MISSING_HOST_HEADER }, | |
129 | { "HOST_HEADER_AMBIGUOUS", HTTP_DECODER_EVENT_HOST_HEADER_AMBIGUOUS }, | |
130 | { "INVALID_REQUEST_FIELD_FOLDING", HTTP_DECODER_EVENT_INVALID_REQUEST_FIELD_FOLDING }, | |
131 | { "INVALID_RESPONSE_FIELD_FOLDING", HTTP_DECODER_EVENT_INVALID_RESPONSE_FIELD_FOLDING }, | |
132 | { "REQUEST_FIELD_TOO_LONG", HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG }, | |
133 | { "RESPONSE_FIELD_TOO_LONG", HTTP_DECODER_EVENT_RESPONSE_FIELD_TOO_LONG }, | |
134 | { "REQUEST_LINE_INVALID", HTTP_DECODER_EVENT_REQUEST_LINE_INVALID }, | |
135 | { "REQUEST_BODY_UNEXPECTED", HTTP_DECODER_EVENT_REQUEST_BODY_UNEXPECTED }, | |
9f519e95 | 136 | { "REQUEST_SERVER_PORT_TCP_PORT_MISMATCH", |
e82416a4 PA |
137 | HTTP_DECODER_EVENT_REQUEST_SERVER_PORT_TCP_PORT_MISMATCH }, |
138 | { "REQUEST_URI_HOST_INVALID", HTTP_DECODER_EVENT_URI_HOST_INVALID }, | |
139 | { "REQUEST_HEADER_HOST_INVALID", HTTP_DECODER_EVENT_HEADER_HOST_INVALID }, | |
140 | { "REQUEST_AUTH_UNRECOGNIZED", HTTP_DECODER_EVENT_AUTH_UNRECOGNIZED }, | |
141 | { "REQUEST_HEADER_REPETITION", HTTP_DECODER_EVENT_REQUEST_HEADER_REPETITION }, | |
142 | { "RESPONSE_HEADER_REPETITION", HTTP_DECODER_EVENT_RESPONSE_HEADER_REPETITION }, | |
143 | { "DOUBLE_ENCODED_URI", HTTP_DECODER_EVENT_DOUBLE_ENCODED_URI }, | |
144 | { "URI_DELIM_NON_COMPLIANT", HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT }, | |
145 | { "METHOD_DELIM_NON_COMPLIANT", HTTP_DECODER_EVENT_METHOD_DELIM_NON_COMPLIANT }, | |
146 | { "REQUEST_LINE_LEADING_WHITESPACE", HTTP_DECODER_EVENT_REQUEST_LINE_LEADING_WHITESPACE }, | |
147 | { "TOO_MANY_ENCODING_LAYERS", HTTP_DECODER_EVENT_TOO_MANY_ENCODING_LAYERS }, | |
148 | { "ABNORMAL_CE_HEADER", HTTP_DECODER_EVENT_ABNORMAL_CE_HEADER }, | |
149 | { "RESPONSE_MULTIPART_BYTERANGES", HTTP_DECODER_EVENT_RESPONSE_MULTIPART_BYTERANGES }, | |
3e120668 | 150 | { "RESPONSE_ABNORMAL_TRANSFER_ENCODING", |
e82416a4 PA |
151 | HTTP_DECODER_EVENT_RESPONSE_ABNORMAL_TRANSFER_ENCODING }, |
152 | { "RESPONSE_CHUNKED_OLD_PROTO", HTTP_DECODER_EVENT_RESPONSE_CHUNKED_OLD_PROTO }, | |
153 | { "RESPONSE_INVALID_PROTOCOL", HTTP_DECODER_EVENT_RESPONSE_INVALID_PROTOCOL }, | |
154 | { "RESPONSE_INVALID_STATUS", HTTP_DECODER_EVENT_RESPONSE_INVALID_STATUS }, | |
155 | { "REQUEST_LINE_INCOMPLETE", HTTP_DECODER_EVENT_REQUEST_LINE_INCOMPLETE }, | |
156 | ||
157 | { "LZMA_MEMLIMIT_REACHED", HTTP_DECODER_EVENT_LZMA_MEMLIMIT_REACHED }, | |
158 | { "COMPRESSION_BOMB", HTTP_DECODER_EVENT_COMPRESSION_BOMB }, | |
159 | ||
160 | { "RANGE_INVALID", HTTP_DECODER_EVENT_RANGE_INVALID }, | |
c9c23d5c | 161 | |
e21d8cdf | 162 | /* suricata warnings/errors */ |
e82416a4 PA |
163 | { "MULTIPART_GENERIC_ERROR", HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR }, |
164 | { "MULTIPART_NO_FILEDATA", HTTP_DECODER_EVENT_MULTIPART_NO_FILEDATA }, | |
165 | { "MULTIPART_INVALID_HEADER", HTTP_DECODER_EVENT_MULTIPART_INVALID_HEADER }, | |
e21d8cdf | 166 | |
e82416a4 | 167 | { "TOO_MANY_WARNINGS", HTTP_DECODER_EVENT_TOO_MANY_WARNINGS }, |
053c7288 | 168 | |
e82416a4 | 169 | { NULL, -1 }, |
f713b653 VJ |
170 | }; |
171 | ||
d4d18e31 AS |
172 | static void *HTPStateGetTx(void *alstate, uint64_t tx_id); |
173 | static int HTPStateGetAlstateProgress(void *tx, uint8_t direction); | |
174 | static uint64_t HTPStateGetTxCnt(void *alstate); | |
db3b637a VJ |
175 | #ifdef UNITTESTS |
176 | static void HTPParserRegisterTests(void); | |
177 | #endif | |
d4d18e31 | 178 | |
94982ae6 VJ |
179 | static inline uint64_t HtpGetActiveRequestTxID(HtpState *s) |
180 | { | |
181 | uint64_t id = HTPStateGetTxCnt(s); | |
182 | BUG_ON(id == 0); | |
183 | return id - 1; | |
184 | } | |
185 | ||
186 | static inline uint64_t HtpGetActiveResponseTxID(HtpState *s) | |
187 | { | |
188 | return s->transaction_cnt; | |
189 | } | |
190 | ||
9a58a025 | 191 | #ifdef DEBUG |
a9cdd2bb BR |
192 | /** |
193 | * \internal | |
194 | * | |
195 | * \brief Lookup the HTP personality string from the numeric personality. | |
196 | * | |
197 | * \todo This needs to be a libhtp function. | |
198 | */ | |
199 | static const char *HTPLookupPersonalityString(int p) | |
200 | { | |
201 | #define CASE_HTP_PERSONALITY_STRING(p) \ | |
202 | case HTP_SERVER_ ## p: return #p | |
203 | ||
204 | switch (p) { | |
205 | CASE_HTP_PERSONALITY_STRING(MINIMAL); | |
206 | CASE_HTP_PERSONALITY_STRING(GENERIC); | |
207 | CASE_HTP_PERSONALITY_STRING(IDS); | |
208 | CASE_HTP_PERSONALITY_STRING(IIS_4_0); | |
209 | CASE_HTP_PERSONALITY_STRING(IIS_5_0); | |
210 | CASE_HTP_PERSONALITY_STRING(IIS_5_1); | |
211 | CASE_HTP_PERSONALITY_STRING(IIS_6_0); | |
212 | CASE_HTP_PERSONALITY_STRING(IIS_7_0); | |
213 | CASE_HTP_PERSONALITY_STRING(IIS_7_5); | |
48cf0585 | 214 | CASE_HTP_PERSONALITY_STRING(APACHE_2); |
a9cdd2bb BR |
215 | } |
216 | ||
217 | return NULL; | |
218 | } | |
9a58a025 | 219 | #endif /* DEBUG */ |
a9cdd2bb BR |
220 | |
221 | /** | |
222 | * \internal | |
223 | * | |
224 | * \brief Lookup the numeric HTP personality from a string. | |
225 | * | |
226 | * \todo This needs to be a libhtp function. | |
227 | */ | |
228 | static int HTPLookupPersonality(const char *str) | |
229 | { | |
230 | #define IF_HTP_PERSONALITY_NUM(p) \ | |
231 | if (strcasecmp(#p, str) == 0) return HTP_SERVER_ ## p | |
232 | ||
233 | IF_HTP_PERSONALITY_NUM(MINIMAL); | |
234 | IF_HTP_PERSONALITY_NUM(GENERIC); | |
235 | IF_HTP_PERSONALITY_NUM(IDS); | |
236 | IF_HTP_PERSONALITY_NUM(IIS_4_0); | |
237 | IF_HTP_PERSONALITY_NUM(IIS_5_0); | |
238 | IF_HTP_PERSONALITY_NUM(IIS_5_1); | |
239 | IF_HTP_PERSONALITY_NUM(IIS_6_0); | |
240 | IF_HTP_PERSONALITY_NUM(IIS_7_0); | |
241 | IF_HTP_PERSONALITY_NUM(IIS_7_5); | |
48cf0585 | 242 | IF_HTP_PERSONALITY_NUM(APACHE_2); |
51c2e1ea | 243 | if (strcasecmp("TOMCAT_6_0", str) == 0) { |
48cf0585 AS |
244 | SCLogError(SC_WARN_OPTION_OBSOLETE, "Personality %s no " |
245 | "longer supported by libhtp.", str); | |
246 | return -1; | |
51c2e1ea VJ |
247 | } else if ((strcasecmp("APACHE", str) == 0) || |
248 | (strcasecmp("APACHE_2_2", str) == 0)) | |
249 | { | |
250 | SCLogWarning(SC_WARN_OPTION_OBSOLETE, "Personality %s no " | |
251 | "longer supported by libhtp, failing back to " | |
252 | "Apache2 personality.", str); | |
253 | return HTP_SERVER_APACHE_2; | |
48cf0585 | 254 | } |
a9cdd2bb BR |
255 | |
256 | return -1; | |
257 | } | |
258 | ||
94982ae6 VJ |
259 | static void HTPSetEvent(HtpState *s, HtpTxUserData *htud, |
260 | const uint8_t dir, const uint8_t e) | |
3f5acc54 VJ |
261 | { |
262 | SCLogDebug("setting event %u", e); | |
263 | ||
264 | if (htud) { | |
265 | AppLayerDecoderEventsSetEventRaw(&htud->decoder_events, e); | |
266 | s->events++; | |
267 | return; | |
268 | } | |
269 | ||
94982ae6 VJ |
270 | const uint64_t tx_id = (dir == STREAM_TOSERVER) ? |
271 | HtpGetActiveRequestTxID(s) : HtpGetActiveResponseTxID(s); | |
272 | ||
273 | htp_tx_t *tx = HTPStateGetTx(s, tx_id); | |
274 | if (tx == NULL && tx_id > 0) | |
275 | tx = HTPStateGetTx(s, tx_id - 1); | |
3f5acc54 VJ |
276 | if (tx != NULL) { |
277 | htud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
278 | if (htud != NULL) { | |
279 | AppLayerDecoderEventsSetEventRaw(&htud->decoder_events, e); | |
280 | s->events++; | |
281 | return; | |
282 | } | |
283 | } | |
284 | SCLogDebug("couldn't set event %u", e); | |
285 | } | |
286 | ||
d568e7fa | 287 | static AppLayerDecoderEvents *HTPGetEvents(void *tx) |
3f5acc54 | 288 | { |
d568e7fa | 289 | SCLogDebug("get HTTP events for TX %p", tx); |
3f5acc54 | 290 | |
d568e7fa JL |
291 | HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); |
292 | if (htud != NULL) { | |
293 | SCLogDebug("has htud, htud->decoder_events %p", htud->decoder_events); | |
294 | return htud->decoder_events; | |
3f5acc54 | 295 | } |
d568e7fa | 296 | |
3f5acc54 VJ |
297 | return NULL; |
298 | } | |
299 | ||
07f7ba55 GS |
300 | /** \brief Function to allocates the HTTP state memory and also creates the HTTP |
301 | * connection parser to be used by the HTP library | |
302 | */ | |
547d6c2d | 303 | static void *HTPStateAlloc(void *orig_state, AppProto proto_orig) |
07f7ba55 | 304 | { |
48248687 VJ |
305 | SCEnter(); |
306 | ||
ced01da8 | 307 | HtpState *s = HTPMalloc(sizeof(HtpState)); |
bfc4be23 VJ |
308 | if (unlikely(s == NULL)) { |
309 | SCReturnPtr(NULL, "void"); | |
310 | } | |
07f7ba55 | 311 | |
48248687 | 312 | memset(s, 0x00, sizeof(HtpState)); |
07f7ba55 | 313 | |
187949b9 VJ |
314 | #ifdef DEBUG |
315 | SCMutexLock(&htp_state_mem_lock); | |
316 | htp_state_memcnt++; | |
317 | htp_state_memuse += sizeof(HtpState); | |
6fca55e0 | 318 | SCLogDebug("htp memory %"PRIu64" (%"PRIu64")", htp_state_memuse, htp_state_memcnt); |
187949b9 VJ |
319 | SCMutexUnlock(&htp_state_mem_lock); |
320 | #endif | |
70b32f73 | 321 | |
48248687 | 322 | SCReturnPtr((void *)s, "void"); |
07f7ba55 GS |
323 | } |
324 | ||
f536099a | 325 | static void HtpTxUserDataFree(HtpState *state, HtpTxUserData *htud) |
8f1d7503 | 326 | { |
f536099a | 327 | if (likely(htud)) { |
6f2cb141 VJ |
328 | HtpBodyFree(&htud->request_body); |
329 | HtpBodyFree(&htud->response_body); | |
330 | bstr_free(htud->request_uri_normalized); | |
331 | if (htud->request_headers_raw) | |
ced01da8 | 332 | HTPFree(htud->request_headers_raw, htud->request_headers_raw_len); |
6f2cb141 | 333 | if (htud->response_headers_raw) |
ced01da8 | 334 | HTPFree(htud->response_headers_raw, htud->response_headers_raw_len); |
3f5acc54 | 335 | AppLayerDecoderEventsFreeEvents(&htud->decoder_events); |
6f2cb141 | 336 | if (htud->boundary) |
ced01da8 | 337 | HTPFree(htud->boundary, htud->boundary_len); |
9c67c634 JI |
338 | if (htud->tx_data.de_state != NULL) { |
339 | DetectEngineStateFree(htud->tx_data.de_state); | |
774bb903 | 340 | } |
ced01da8 | 341 | HTPFree(htud, sizeof(HtpTxUserData)); |
6f2cb141 VJ |
342 | } |
343 | } | |
344 | ||
07f7ba55 GS |
345 | /** \brief Function to frees the HTTP state memory and also frees the HTTP |
346 | * connection parser memory which was used by the HTP library | |
347 | */ | |
25a3a5c6 | 348 | void HTPStateFree(void *state) |
07f7ba55 | 349 | { |
48248687 VJ |
350 | SCEnter(); |
351 | ||
352 | HtpState *s = (HtpState *)state; | |
a56592e5 GIG |
353 | if (s == NULL) { |
354 | SCReturn; | |
355 | } | |
48248687 | 356 | |
07f7ba55 | 357 | /* free the connection parser memory used by HTP library */ |
a56592e5 | 358 | if (s->connp != NULL) { |
6fca55e0 VJ |
359 | SCLogDebug("freeing HTP state"); |
360 | ||
d4d18e31 AS |
361 | uint64_t tx_id; |
362 | uint64_t total_txs = HTPStateGetTxCnt(state); | |
bc55fb27 | 363 | /* free the list of body chunks */ |
48cf0585 | 364 | if (s->conn != NULL) { |
d4d18e31 AS |
365 | for (tx_id = 0; tx_id < total_txs; tx_id++) { |
366 | htp_tx_t *tx = HTPStateGetTx(s, tx_id); | |
bc55fb27 | 367 | if (tx != NULL) { |
66a3cd96 | 368 | HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); |
f536099a VJ |
369 | HtpTxUserDataFree(s, htud); |
370 | htp_tx_set_user_data(tx, NULL); | |
06a65cb4 PR |
371 | } |
372 | } | |
48248687 | 373 | } |
bc55fb27 | 374 | htp_connp_destroy_all(s->connp); |
48248687 | 375 | } |
07f7ba55 | 376 | |
7a797631 VJ |
377 | if (s->file_range) { |
378 | HTPFileCloseHandleRange(s->files_tc, 0, s->file_range, NULL, 0); | |
379 | HttpRangeFreeBlock(s->file_range); | |
380 | } | |
381 | ||
d59ca75e VJ |
382 | FileContainerFree(s->files_ts); |
383 | FileContainerFree(s->files_tc); | |
ced01da8 | 384 | HTPFree(s, sizeof(HtpState)); |
48248687 | 385 | |
07f7ba55 | 386 | #ifdef DEBUG |
e26833be | 387 | SCMutexLock(&htp_state_mem_lock); |
07f7ba55 | 388 | htp_state_memcnt--; |
187949b9 | 389 | htp_state_memuse -= sizeof(HtpState); |
6fca55e0 | 390 | SCLogDebug("htp memory %"PRIu64" (%"PRIu64")", htp_state_memuse, htp_state_memcnt); |
e26833be | 391 | SCMutexUnlock(&htp_state_mem_lock); |
07f7ba55 | 392 | #endif |
48248687 VJ |
393 | |
394 | SCReturn; | |
07f7ba55 GS |
395 | } |
396 | ||
70b32f73 VJ |
397 | /** |
398 | * \brief HTP transaction cleanup callback | |
399 | * | |
400 | * \warning We cannot actually free the transactions here. It seems that | |
401 | * HTP only accepts freeing of transactions in the response callback. | |
402 | */ | |
8f1d7503 KS |
403 | static void HTPStateTransactionFree(void *state, uint64_t id) |
404 | { | |
70b32f73 VJ |
405 | SCEnter(); |
406 | ||
407 | HtpState *s = (HtpState *)state; | |
408 | ||
f59f9033 | 409 | SCLogDebug("state %p, id %"PRIu64, s, id); |
70b32f73 | 410 | |
0fd9b0c4 VJ |
411 | htp_tx_t *tx = HTPStateGetTx(s, id); |
412 | if (tx != NULL) { | |
413 | /* This will remove obsolete body chunks */ | |
414 | HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
f536099a VJ |
415 | HtpTxUserDataFree(s, htud); |
416 | htp_tx_set_user_data(tx, NULL); | |
70b32f73 | 417 | |
bbc9874b VJ |
418 | /* hack: even if libhtp considers the tx incomplete, we want to |
419 | * free it here. htp_tx_destroy however, will refuse to do this. | |
420 | * As htp_tx_destroy_incomplete isn't available in the public API, | |
421 | * we hack around it here. */ | |
422 | if (unlikely(!( | |
423 | tx->request_progress == HTP_REQUEST_COMPLETE && | |
424 | tx->response_progress == HTP_RESPONSE_COMPLETE))) | |
425 | { | |
426 | tx->request_progress = HTP_REQUEST_COMPLETE; | |
427 | tx->response_progress = HTP_RESPONSE_COMPLETE; | |
428 | } | |
0fd9b0c4 VJ |
429 | htp_tx_destroy(tx); |
430 | } | |
70b32f73 VJ |
431 | } |
432 | ||
97d49d8f AS |
433 | /** |
434 | * \brief Sets a flag that informs the HTP app layer that some module in the | |
435 | * engine needs the http request body data. | |
bc55fb27 | 436 | * \initonly |
97d49d8f AS |
437 | */ |
438 | void AppLayerHtpEnableRequestBodyCallback(void) | |
439 | { | |
70b32f73 | 440 | SCEnter(); |
92679442 EL |
441 | |
442 | SC_ATOMIC_OR(htp_config_flags, HTP_REQUIRE_REQUEST_BODY); | |
70b32f73 | 443 | SCReturn; |
97d49d8f AS |
444 | } |
445 | ||
b402d971 VJ |
446 | /** |
447 | * \brief Sets a flag that informs the HTP app layer that some module in the | |
448 | * engine needs the http request body data. | |
449 | * \initonly | |
450 | */ | |
451 | void AppLayerHtpEnableResponseBodyCallback(void) | |
452 | { | |
453 | SCEnter(); | |
92679442 EL |
454 | |
455 | SC_ATOMIC_OR(htp_config_flags, HTP_REQUIRE_RESPONSE_BODY); | |
b402d971 VJ |
456 | SCReturn; |
457 | } | |
458 | ||
6d60b3a7 PR |
459 | /** |
460 | * \brief Sets a flag that informs the HTP app layer that some module in the | |
ef053679 VJ |
461 | * engine needs the http request multi part header. |
462 | * | |
6d60b3a7 PR |
463 | * \initonly |
464 | */ | |
ab1200fb | 465 | static void AppLayerHtpNeedMultipartHeader(void) |
8f1d7503 | 466 | { |
6d60b3a7 | 467 | SCEnter(); |
ef053679 VJ |
468 | AppLayerHtpEnableRequestBodyCallback(); |
469 | ||
92679442 | 470 | SC_ATOMIC_OR(htp_config_flags, HTP_REQUIRE_REQUEST_MULTIPART); |
21acd72a VJ |
471 | SCReturn; |
472 | } | |
473 | ||
ef053679 VJ |
474 | /** |
475 | * \brief Sets a flag that informs the HTP app layer that some module in the | |
476 | * engine needs the http request file. | |
477 | * | |
478 | * \initonly | |
479 | */ | |
480 | void AppLayerHtpNeedFileInspection(void) | |
481 | { | |
21acd72a | 482 | SCEnter(); |
ef053679 | 483 | AppLayerHtpNeedMultipartHeader(); |
b402d971 VJ |
484 | AppLayerHtpEnableRequestBodyCallback(); |
485 | AppLayerHtpEnableResponseBodyCallback(); | |
ef053679 | 486 | |
92679442 | 487 | SC_ATOMIC_OR(htp_config_flags, HTP_REQUIRE_REQUEST_FILE); |
6d60b3a7 PR |
488 | SCReturn; |
489 | } | |
490 | ||
de904db8 GL |
491 | static void AppLayerHtpSetStreamDepthFlag(void *tx, uint8_t flags) |
492 | { | |
493 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data((htp_tx_t *)tx); | |
494 | if (tx_ud) { | |
495 | if (flags & STREAM_TOCLIENT) { | |
496 | tx_ud->tcflags |= HTP_STREAM_DEPTH_SET; | |
497 | } else { | |
498 | tx_ud->tsflags |= HTP_STREAM_DEPTH_SET; | |
499 | } | |
500 | } | |
501 | } | |
502 | ||
c68fbfcf | 503 | static bool AppLayerHtpCheckDepth(const HTPCfgDir *cfg, HtpBody *body, uint8_t flags) |
de904db8 GL |
504 | { |
505 | if (flags & HTP_STREAM_DEPTH_SET) { | |
506 | uint32_t stream_depth = FileReassemblyDepth(); | |
c68fbfcf VJ |
507 | if (body->content_len_so_far < (uint64_t)stream_depth || stream_depth == 0) { |
508 | return true; | |
509 | } | |
510 | } else { | |
511 | if (cfg->body_limit == 0 || body->content_len_so_far < cfg->body_limit) { | |
de904db8 GL |
512 | return true; |
513 | } | |
514 | } | |
de904db8 GL |
515 | return false; |
516 | } | |
517 | ||
518 | static uint32_t AppLayerHtpComputeChunkLength(uint64_t content_len_so_far, uint32_t body_limit, | |
519 | uint32_t stream_depth, uint8_t flags, uint32_t data_len) | |
520 | { | |
521 | uint32_t chunk_len = 0; | |
522 | if (!(flags & HTP_STREAM_DEPTH_SET) && body_limit > 0 && | |
523 | (content_len_so_far < (uint64_t)body_limit) && | |
524 | (content_len_so_far + (uint64_t)data_len) > body_limit) | |
525 | { | |
526 | chunk_len = body_limit - content_len_so_far; | |
527 | } else if ((flags & HTP_STREAM_DEPTH_SET) && stream_depth > 0 && | |
528 | (content_len_so_far < (uint64_t)stream_depth) && | |
529 | (content_len_so_far + (uint64_t)data_len) > stream_depth) | |
530 | { | |
531 | chunk_len = stream_depth - content_len_so_far; | |
532 | } | |
533 | SCLogDebug("len %u", chunk_len); | |
534 | return (chunk_len == 0 ? data_len : chunk_len); | |
535 | } | |
536 | ||
43b39d33 | 537 | /* below error messages updated up to libhtp 0.5.7 (git 379632278b38b9a792183694a4febb9e0dbd1e7a) */ |
f713b653 | 538 | struct { |
ab1200fb | 539 | const char *msg; |
f713b653 VJ |
540 | int de; |
541 | } htp_errors[] = { | |
542 | { "GZip decompressor: inflateInit2 failed", HTTP_DECODER_EVENT_GZIP_DECOMPRESSION_FAILED}, | |
543 | { "Request field invalid: colon missing", HTTP_DECODER_EVENT_REQUEST_FIELD_MISSING_COLON}, | |
43b39d33 | 544 | { "Response field invalid: missing colon", HTTP_DECODER_EVENT_RESPONSE_FIELD_MISSING_COLON}, |
f713b653 VJ |
545 | { "Request chunk encoding: Invalid chunk length", HTTP_DECODER_EVENT_INVALID_REQUEST_CHUNK_LEN}, |
546 | { "Response chunk encoding: Invalid chunk length", HTTP_DECODER_EVENT_INVALID_RESPONSE_CHUNK_LEN}, | |
43b39d33 VJ |
547 | /* { "Invalid T-E value in request", HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_REQUEST}, <- tx flag HTP_REQUEST_INVALID_T_E |
548 | { "Invalid T-E value in response", HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_RESPONSE}, <- nothing to replace it */ | |
549 | /* { "Invalid C-L field in request", HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_REQUEST}, <- tx flag HTP_REQUEST_INVALID_C_L */ | |
f713b653 VJ |
550 | { "Invalid C-L field in response", HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE}, |
551 | { "Already seen 100-Continue", HTTP_DECODER_EVENT_100_CONTINUE_ALREADY_SEEN}, | |
552 | { "Unable to match response to request", HTTP_DECODER_EVENT_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST}, | |
553 | { "Invalid server port information in request", HTTP_DECODER_EVENT_INVALID_SERVER_PORT_IN_REQUEST}, | |
43b39d33 | 554 | /* { "Invalid authority port", HTTP_DECODER_EVENT_INVALID_AUTHORITY_PORT}, htp no longer returns this error */ |
63679175 VJ |
555 | { "Request buffer over", HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG}, |
556 | { "Response buffer over", HTTP_DECODER_EVENT_RESPONSE_FIELD_TOO_LONG}, | |
3e120668 | 557 | { "C-T multipart/byteranges in responses not supported", HTTP_DECODER_EVENT_RESPONSE_MULTIPART_BYTERANGES}, |
af4f8162 | 558 | { "Compression bomb:", HTTP_DECODER_EVENT_COMPRESSION_BOMB}, |
f713b653 VJ |
559 | }; |
560 | ||
561 | struct { | |
ab1200fb | 562 | const char *msg; |
f713b653 VJ |
563 | int de; |
564 | } htp_warnings[] = { | |
565 | { "GZip decompressor:", HTTP_DECODER_EVENT_GZIP_DECOMPRESSION_FAILED}, | |
566 | { "Request field invalid", HTTP_DECODER_EVENT_REQUEST_HEADER_INVALID}, | |
93d121bf | 567 | { "Response field invalid", HTTP_DECODER_EVENT_RESPONSE_HEADER_INVALID}, |
f713b653 | 568 | { "Request header name is not a token", HTTP_DECODER_EVENT_REQUEST_HEADER_INVALID}, |
93d121bf | 569 | { "Response header name is not a token", HTTP_DECODER_EVENT_RESPONSE_HEADER_INVALID}, |
43b39d33 VJ |
570 | /* { "Host information in request headers required by HTTP/1.1", HTTP_DECODER_EVENT_MISSING_HOST_HEADER}, <- tx flag HTP_HOST_MISSING |
571 | { "Host information ambiguous", HTTP_DECODER_EVENT_HOST_HEADER_AMBIGUOUS}, <- tx flag HTP_HOST_AMBIGUOUS */ | |
f713b653 VJ |
572 | { "Invalid request field folding", HTTP_DECODER_EVENT_INVALID_REQUEST_FIELD_FOLDING}, |
573 | { "Invalid response field folding", HTTP_DECODER_EVENT_INVALID_RESPONSE_FIELD_FOLDING}, | |
43b39d33 VJ |
574 | /* line is now: htp_log(connp, HTP_LOG_MARK, HTP_LOG_ERROR, 0, "Request server port=%d number differs from the actual TCP port=%d", port, connp->conn->server_port); |
575 | * luckily, "Request server port=" is unique */ | |
576 | /* { "Request server port number differs from the actual TCP port", HTTP_DECODER_EVENT_REQUEST_SERVER_PORT_TCP_PORT_MISMATCH}, */ | |
577 | { "Request server port=", HTTP_DECODER_EVENT_REQUEST_SERVER_PORT_TCP_PORT_MISMATCH}, | |
5ad7198d | 578 | { "Request line: URI contains non-compliant delimiter", HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT}, |
e78e33a4 | 579 | { "Request line: non-compliant delimiter between Method and URI", HTTP_DECODER_EVENT_METHOD_DELIM_NON_COMPLIANT}, |
52195a41 | 580 | { "Request line: leading whitespace", HTTP_DECODER_EVENT_REQUEST_LINE_LEADING_WHITESPACE}, |
d0cded25 VJ |
581 | { "Too many response content encoding layers", HTTP_DECODER_EVENT_TOO_MANY_ENCODING_LAYERS}, |
582 | { "C-E gzip has abnormal value", HTTP_DECODER_EVENT_ABNORMAL_CE_HEADER}, | |
583 | { "C-E deflate has abnormal value", HTTP_DECODER_EVENT_ABNORMAL_CE_HEADER}, | |
584 | { "C-E unknown setting", HTTP_DECODER_EVENT_ABNORMAL_CE_HEADER}, | |
b6b7778e PA |
585 | { "Excessive request header repetitions", HTTP_DECODER_EVENT_REQUEST_HEADER_REPETITION}, |
586 | { "Excessive response header repetitions", HTTP_DECODER_EVENT_RESPONSE_HEADER_REPETITION}, | |
3e120668 PA |
587 | { "Transfer-encoding has abnormal chunked value", HTTP_DECODER_EVENT_RESPONSE_ABNORMAL_TRANSFER_ENCODING}, |
588 | { "Chunked transfer-encoding on HTTP/0.9 or HTTP/1.0", HTTP_DECODER_EVENT_RESPONSE_CHUNKED_OLD_PROTO}, | |
589 | { "Invalid response line: invalid protocol", HTTP_DECODER_EVENT_RESPONSE_INVALID_PROTOCOL}, | |
590 | { "Invalid response line: invalid response status", HTTP_DECODER_EVENT_RESPONSE_INVALID_STATUS}, | |
591 | { "Request line incomplete", HTTP_DECODER_EVENT_REQUEST_LINE_INCOMPLETE}, | |
b5f3e032 | 592 | { "Unexpected request body", HTTP_DECODER_EVENT_REQUEST_BODY_UNEXPECTED}, |
c9c23d5c | 593 | { "LZMA decompressor: memory limit reached", HTTP_DECODER_EVENT_LZMA_MEMLIMIT_REACHED}, |
9cbf9ef7 PA |
594 | { "Ambiguous request C-L value", HTTP_DECODER_EVENT_DUPLICATE_CONTENT_LENGTH_FIELD_IN_REQUEST}, |
595 | { "Ambiguous response C-L value", HTTP_DECODER_EVENT_DUPLICATE_CONTENT_LENGTH_FIELD_IN_RESPONSE}, | |
f713b653 VJ |
596 | }; |
597 | ||
598 | #define HTP_ERROR_MAX (sizeof(htp_errors) / sizeof(htp_errors[0])) | |
599 | #define HTP_WARNING_MAX (sizeof(htp_warnings) / sizeof(htp_warnings[0])) | |
600 | ||
601 | /** | |
602 | * \internal | |
603 | * | |
604 | * \brief Get the warning id for the warning msg. | |
605 | * | |
606 | * \param msg warning message | |
607 | * | |
608 | * \retval id the id or 0 in case of not found | |
609 | */ | |
8f1d7503 KS |
610 | static int HTPHandleWarningGetId(const char *msg) |
611 | { | |
00948c86 | 612 | SCLogDebug("received warning \"%s\"", msg); |
f713b653 VJ |
613 | size_t idx; |
614 | for (idx = 0; idx < HTP_WARNING_MAX; idx++) { | |
615 | if (strncmp(htp_warnings[idx].msg, msg, | |
616 | strlen(htp_warnings[idx].msg)) == 0) | |
617 | { | |
618 | return htp_warnings[idx].de; | |
619 | } | |
620 | } | |
621 | ||
622 | return 0; | |
623 | } | |
624 | ||
625 | /** | |
626 | * \internal | |
627 | * | |
628 | * \brief Get the error id for the error msg. | |
629 | * | |
630 | * \param msg error message | |
631 | * | |
632 | * \retval id the id or 0 in case of not found | |
633 | */ | |
8f1d7503 KS |
634 | static int HTPHandleErrorGetId(const char *msg) |
635 | { | |
00948c86 VJ |
636 | SCLogDebug("received error \"%s\"", msg); |
637 | ||
f713b653 VJ |
638 | size_t idx; |
639 | for (idx = 0; idx < HTP_ERROR_MAX; idx++) { | |
640 | if (strncmp(htp_errors[idx].msg, msg, | |
641 | strlen(htp_errors[idx].msg)) == 0) | |
642 | { | |
643 | return htp_errors[idx].de; | |
644 | } | |
645 | } | |
646 | ||
647 | return 0; | |
648 | } | |
649 | ||
650 | /** | |
651 | * \internal | |
652 | * | |
653 | * \brief Check state for errors, warnings and add any as events | |
654 | * | |
655 | * \param s state | |
94982ae6 | 656 | * \param dir direction: STREAM_TOSERVER or STREAM_TOCLIENT |
f713b653 | 657 | */ |
94982ae6 | 658 | static void HTPHandleError(HtpState *s, const uint8_t dir) |
8f1d7503 | 659 | { |
48cf0585 AS |
660 | if (s == NULL || s->conn == NULL || |
661 | s->conn->messages == NULL) { | |
f713b653 VJ |
662 | return; |
663 | } | |
664 | ||
48cf0585 | 665 | size_t size = htp_list_size(s->conn->messages); |
f713b653 | 666 | size_t msg; |
053c7288 PA |
667 | if(size >= HTP_MAX_MESSAGES) { |
668 | if (s->htp_messages_offset < HTP_MAX_MESSAGES) { | |
669 | //only once per HtpState | |
670 | HTPSetEvent(s, NULL, dir, HTTP_DECODER_EVENT_TOO_MANY_WARNINGS); | |
671 | s->htp_messages_offset = HTP_MAX_MESSAGES; | |
07ed0dad VJ |
672 | //too noisy in fuzzing |
673 | //DEBUG_VALIDATE_BUG_ON("Too many libhtp messages"); | |
053c7288 PA |
674 | } |
675 | // ignore further messages | |
676 | return; | |
677 | } | |
f713b653 | 678 | |
3f5acc54 | 679 | for (msg = s->htp_messages_offset; msg < size; msg++) { |
48cf0585 | 680 | htp_log_t *log = htp_list_get(s->conn->messages, msg); |
f713b653 VJ |
681 | if (log == NULL) |
682 | continue; | |
683 | ||
3f5acc54 VJ |
684 | HtpTxUserData *htud = NULL; |
685 | htp_tx_t *tx = log->tx; // will be NULL in <=0.5.9 | |
686 | if (tx != NULL) | |
687 | htud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
688 | ||
43544345 VJ |
689 | SCLogDebug("message %s", log->msg); |
690 | ||
f713b653 | 691 | int id = HTPHandleErrorGetId(log->msg); |
3f5acc54 | 692 | if (id == 0) { |
f713b653 | 693 | id = HTPHandleWarningGetId(log->msg); |
3f5acc54 VJ |
694 | if (id == 0) |
695 | id = HTTP_DECODER_EVENT_UNKNOWN_ERROR; | |
f713b653 | 696 | } |
f713b653 | 697 | |
f713b653 | 698 | if (id > 0) { |
94982ae6 | 699 | HTPSetEvent(s, htud, dir, id); |
f713b653 VJ |
700 | } |
701 | } | |
3f5acc54 VJ |
702 | s->htp_messages_offset = (uint16_t)msg; |
703 | SCLogDebug("s->htp_messages_offset %u", s->htp_messages_offset); | |
f713b653 | 704 | } |
97d49d8f | 705 | |
43b39d33 VJ |
706 | static inline void HTPErrorCheckTxRequestFlags(HtpState *s, htp_tx_t *tx) |
707 | { | |
708 | #ifdef DEBUG | |
709 | BUG_ON(s == NULL || tx == NULL); | |
710 | #endif | |
711 | if (tx->flags & ( HTP_REQUEST_INVALID_T_E|HTP_REQUEST_INVALID_C_L| | |
cb150003 VJ |
712 | HTP_HOST_MISSING|HTP_HOST_AMBIGUOUS|HTP_HOSTU_INVALID| |
713 | HTP_HOSTH_INVALID)) | |
43b39d33 | 714 | { |
3f5acc54 VJ |
715 | HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); |
716 | if (htud == NULL) | |
717 | return; | |
718 | ||
43b39d33 | 719 | if (tx->flags & HTP_REQUEST_INVALID_T_E) |
94982ae6 | 720 | HTPSetEvent(s, htud, STREAM_TOSERVER, |
43b39d33 VJ |
721 | HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_REQUEST); |
722 | if (tx->flags & HTP_REQUEST_INVALID_C_L) | |
94982ae6 | 723 | HTPSetEvent(s, htud, STREAM_TOSERVER, |
43b39d33 VJ |
724 | HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_REQUEST); |
725 | if (tx->flags & HTP_HOST_MISSING) | |
94982ae6 | 726 | HTPSetEvent(s, htud, STREAM_TOSERVER, |
43b39d33 VJ |
727 | HTTP_DECODER_EVENT_MISSING_HOST_HEADER); |
728 | if (tx->flags & HTP_HOST_AMBIGUOUS) | |
94982ae6 | 729 | HTPSetEvent(s, htud, STREAM_TOSERVER, |
43b39d33 | 730 | HTTP_DECODER_EVENT_HOST_HEADER_AMBIGUOUS); |
cb150003 | 731 | if (tx->flags & HTP_HOSTU_INVALID) |
94982ae6 | 732 | HTPSetEvent(s, htud, STREAM_TOSERVER, |
cb150003 VJ |
733 | HTTP_DECODER_EVENT_URI_HOST_INVALID); |
734 | if (tx->flags & HTP_HOSTH_INVALID) | |
94982ae6 | 735 | HTPSetEvent(s, htud, STREAM_TOSERVER, |
cb150003 | 736 | HTTP_DECODER_EVENT_HEADER_HOST_INVALID); |
43b39d33 | 737 | } |
a1c6e091 PA |
738 | if (tx->request_auth_type == HTP_AUTH_UNRECOGNIZED) { |
739 | HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
740 | if (htud == NULL) | |
741 | return; | |
94982ae6 VJ |
742 | HTPSetEvent(s, htud, STREAM_TOSERVER, |
743 | HTTP_DECODER_EVENT_AUTH_UNRECOGNIZED); | |
a1c6e091 | 744 | } |
b5f3e032 PA |
745 | if (tx->is_protocol_0_9 && tx->request_method_number == HTP_M_UNKNOWN && |
746 | (tx->request_protocol_number == HTP_PROTOCOL_INVALID || | |
747 | tx->request_protocol_number == HTP_PROTOCOL_UNKNOWN)) { | |
748 | HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
749 | if (htud == NULL) | |
750 | return; | |
94982ae6 VJ |
751 | HTPSetEvent(s, htud, STREAM_TOSERVER, |
752 | HTTP_DECODER_EVENT_REQUEST_LINE_INVALID); | |
b5f3e032 | 753 | } |
43b39d33 VJ |
754 | } |
755 | ||
e6494114 VJ |
756 | static int Setup(Flow *f, HtpState *hstate) |
757 | { | |
758 | /* store flow ref in state so callbacks can access it */ | |
759 | hstate->f = f; | |
760 | ||
761 | HTPCfgRec *htp_cfg_rec = &cfglist; | |
762 | htp_cfg_t *htp = cfglist.cfg; /* Default to the global HTP config */ | |
763 | void *user_data = NULL; | |
764 | ||
765 | if (FLOW_IS_IPV4(f)) { | |
766 | SCLogDebug("Looking up HTP config for ipv4 %08x", *GET_IPV4_DST_ADDR_PTR(f)); | |
767 | (void)SCRadixFindKeyIPV4BestMatch((uint8_t *)GET_IPV4_DST_ADDR_PTR(f), cfgtree, &user_data); | |
768 | } | |
769 | else if (FLOW_IS_IPV6(f)) { | |
770 | SCLogDebug("Looking up HTP config for ipv6"); | |
771 | (void)SCRadixFindKeyIPV6BestMatch((uint8_t *)GET_IPV6_DST_ADDR(f), cfgtree, &user_data); | |
772 | } | |
773 | else { | |
774 | SCLogError(SC_ERR_INVALID_ARGUMENT, "unknown address family, bug!"); | |
775 | goto error; | |
776 | } | |
777 | ||
778 | if (user_data != NULL) { | |
779 | htp_cfg_rec = user_data; | |
780 | htp = htp_cfg_rec->cfg; | |
781 | SCLogDebug("LIBHTP using config: %p", htp); | |
782 | } else { | |
783 | SCLogDebug("Using default HTP config: %p", htp); | |
784 | } | |
785 | ||
786 | if (NULL == htp) { | |
787 | #ifdef DEBUG_VALIDATION | |
788 | BUG_ON(htp == NULL); | |
789 | #endif | |
790 | /* should never happen if HTPConfigure is properly invoked */ | |
791 | goto error; | |
792 | } | |
793 | ||
794 | hstate->connp = htp_connp_create(htp); | |
795 | if (hstate->connp == NULL) { | |
796 | goto error; | |
797 | } | |
798 | ||
799 | hstate->conn = htp_connp_get_connection(hstate->connp); | |
800 | ||
801 | htp_connp_set_user_data(hstate->connp, (void *)hstate); | |
802 | hstate->cfg = htp_cfg_rec; | |
803 | ||
804 | SCLogDebug("New hstate->connp %p", hstate->connp); | |
805 | ||
806 | htp_connp_open(hstate->connp, NULL, f->sp, NULL, f->dp, &f->startts); | |
807 | ||
7186ce7b VJ |
808 | StreamTcpReassemblySetMinInspectDepth(f->protoctx, STREAM_TOSERVER, |
809 | htp_cfg_rec->request.inspect_min_size); | |
810 | StreamTcpReassemblySetMinInspectDepth(f->protoctx, STREAM_TOCLIENT, | |
811 | htp_cfg_rec->response.inspect_min_size); | |
e6494114 VJ |
812 | return 0; |
813 | error: | |
814 | return -1; | |
815 | } | |
816 | ||
07f7ba55 GS |
817 | /** |
818 | * \brief Function to handle the reassembled data from client and feed it to | |
819 | * the HTP library to process it. | |
820 | * | |
92d74fd4 | 821 | * \param flow Pointer to the flow the data belong to |
07f7ba55 GS |
822 | * \param htp_state Pointer the state in which the parsed value to be stored |
823 | * \param pstate Application layer parser state for this session | |
824 | * \param input Pointer the received HTTP client data | |
825 | * \param input_len Length in bytes of the received data | |
826 | * \param output Pointer to the output (not used in this function) | |
827 | * | |
48cf0585 | 828 | * \retval On success returns 1 or on failure returns -1. |
07f7ba55 | 829 | */ |
44d3f264 | 830 | static AppLayerResult HTPHandleRequestData(Flow *f, void *htp_state, |
9634e60e | 831 | AppLayerParserState *pstate, |
579cc9f0 | 832 | const uint8_t *input, uint32_t input_len, |
7bc3c3ac | 833 | void *local_data, const uint8_t flags) |
07f7ba55 | 834 | { |
1b39e602 | 835 | SCEnter(); |
3bcf948a | 836 | int ret = 0; |
07f7ba55 | 837 | HtpState *hstate = (HtpState *)htp_state; |
a9cdd2bb BR |
838 | |
839 | /* On the first invocation, create the connection parser structure to | |
840 | * be used by HTP library. This is looked up via IP in the radix | |
841 | * tree. Failing that, the default HTP config is used. | |
842 | */ | |
48cf0585 | 843 | if (NULL == hstate->conn) { |
e6494114 | 844 | if (Setup(f, hstate) != 0) { |
44d3f264 | 845 | SCReturnStruct(APP_LAYER_ERROR); |
78e15ea7 | 846 | } |
a9cdd2bb | 847 | } |
e6494114 | 848 | DEBUG_VALIDATE_BUG_ON(hstate->connp == NULL); |
4129146a | 849 | |
7acea2c6 | 850 | htp_time_t ts = { f->lastts.tv_sec, f->lastts.tv_usec }; |
70b32f73 | 851 | /* pass the new data to the htp parser */ |
cf9ff6ad | 852 | if (input_len > 0) { |
07cbbfb0 VJ |
853 | const int r = htp_connp_req_data(hstate->connp, &ts, input, input_len); |
854 | switch (r) { | |
cf9ff6ad | 855 | case HTP_STREAM_ERROR: |
cf9ff6ad VJ |
856 | ret = -1; |
857 | break; | |
cf9ff6ad | 858 | default: |
daeba48f | 859 | break; |
cf9ff6ad | 860 | } |
94982ae6 | 861 | HTPHandleError(hstate, STREAM_TOSERVER); |
70b32f73 | 862 | } |
07f7ba55 | 863 | |
a9cdd2bb | 864 | /* if the TCP connection is closed, then close the HTTP connection */ |
4f73943d | 865 | if (AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) && |
429c6388 AS |
866 | !(hstate->flags & HTP_FLAG_STATE_CLOSED_TS)) |
867 | { | |
040aff51 | 868 | htp_connp_req_close(hstate->connp, &ts); |
64625675 AS |
869 | hstate->flags |= HTP_FLAG_STATE_CLOSED_TS; |
870 | SCLogDebug("stream eof encountered, closing htp handle for ts"); | |
fc2f7f29 GS |
871 | } |
872 | ||
48248687 | 873 | SCLogDebug("hstate->connp %p", hstate->connp); |
a9cdd2bb | 874 | |
44d3f264 VJ |
875 | if (ret < 0) { |
876 | SCReturnStruct(APP_LAYER_ERROR); | |
877 | } | |
878 | SCReturnStruct(APP_LAYER_OK); | |
07f7ba55 GS |
879 | } |
880 | ||
881 | /** | |
882 | * \brief Function to handle the reassembled data from server and feed it to | |
883 | * the HTP library to process it. | |
884 | * | |
92d74fd4 | 885 | * \param flow Pointer to the flow the data belong to |
07f7ba55 GS |
886 | * \param htp_state Pointer the state in which the parsed value to be stored |
887 | * \param pstate Application layer parser state for this session | |
888 | * \param input Pointer the received HTTP server data | |
889 | * \param input_len Length in bytes of the received data | |
890 | * \param output Pointer to the output (not used in this function) | |
891 | * | |
2d6cf71d | 892 | * \retval On success returns 1 or on failure returns -1 |
07f7ba55 | 893 | */ |
44d3f264 | 894 | static AppLayerResult HTPHandleResponseData(Flow *f, void *htp_state, |
9634e60e | 895 | AppLayerParserState *pstate, |
579cc9f0 | 896 | const uint8_t *input, uint32_t input_len, |
7bc3c3ac | 897 | void *local_data, const uint8_t flags) |
07f7ba55 | 898 | { |
1b39e602 | 899 | SCEnter(); |
3bcf948a | 900 | int ret = 0; |
07f7ba55 | 901 | HtpState *hstate = (HtpState *)htp_state; |
07cbbfb0 | 902 | |
e6494114 VJ |
903 | /* On the first invocation, create the connection parser structure to |
904 | * be used by HTP library. This is looked up via IP in the radix | |
905 | * tree. Failing that, the default HTP config is used. | |
906 | */ | |
907 | if (NULL == hstate->conn) { | |
908 | if (Setup(f, hstate) != 0) { | |
44d3f264 | 909 | SCReturnStruct(APP_LAYER_ERROR); |
e6494114 | 910 | } |
4129146a | 911 | } |
e6494114 | 912 | DEBUG_VALIDATE_BUG_ON(hstate->connp == NULL); |
07f7ba55 | 913 | |
7acea2c6 | 914 | htp_time_t ts = { f->lastts.tv_sec, f->lastts.tv_usec }; |
9d1b030f PA |
915 | htp_tx_t *tx = NULL; |
916 | size_t consumed = 0; | |
cf9ff6ad | 917 | if (input_len > 0) { |
07cbbfb0 VJ |
918 | const int r = htp_connp_res_data(hstate->connp, &ts, input, input_len); |
919 | switch (r) { | |
cf9ff6ad | 920 | case HTP_STREAM_ERROR: |
cf9ff6ad VJ |
921 | ret = -1; |
922 | break; | |
9d1b030f PA |
923 | case HTP_STREAM_TUNNEL: |
924 | tx = htp_connp_get_out_tx(hstate->connp); | |
925 | if (tx != NULL && tx->response_status_number == 101) { | |
926 | htp_header_t *h = | |
927 | (htp_header_t *)htp_table_get_c(tx->response_headers, "Upgrade"); | |
85360484 | 928 | if (h == NULL || bstr_cmp_c(h->value, "h2c") != 0) { |
42ba421c | 929 | break; |
9d1b030f | 930 | } |
85360484 PA |
931 | if (AppLayerProtoDetectGetProtoName(ALPROTO_HTTP2) == NULL) { |
932 | // if HTTP2 is disabled, keep the HTP_STREAM_TUNNEL mode | |
42ba421c PA |
933 | break; |
934 | } | |
935 | uint16_t dp = 0; | |
936 | if (tx->request_port_number != -1) { | |
937 | dp = (uint16_t)tx->request_port_number; | |
938 | } | |
939 | consumed = htp_connp_res_data_consumed(hstate->connp); | |
940 | AppLayerRequestProtocolChange(hstate->f, dp, ALPROTO_HTTP2); | |
941 | // During HTTP2 upgrade, we may consume the HTTP1 part of the data | |
942 | // and we need to parser the remaining part with HTTP2 | |
943 | if (consumed > 0 && consumed < input_len) { | |
85360484 | 944 | SCReturnStruct(APP_LAYER_INCOMPLETE(consumed, input_len - consumed)); |
42ba421c PA |
945 | } |
946 | SCReturnStruct(APP_LAYER_OK); | |
9d1b030f PA |
947 | } |
948 | break; | |
cf9ff6ad | 949 | default: |
daeba48f | 950 | break; |
cf9ff6ad | 951 | } |
94982ae6 | 952 | HTPHandleError(hstate, STREAM_TOCLIENT); |
cf9ff6ad | 953 | } |
07f7ba55 | 954 | |
fc2f7f29 | 955 | /* if we the TCP connection is closed, then close the HTTP connection */ |
4f73943d | 956 | if (AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) && |
429c6388 AS |
957 | !(hstate->flags & HTP_FLAG_STATE_CLOSED_TC)) |
958 | { | |
48cf0585 | 959 | htp_connp_close(hstate->connp, &ts); |
64625675 | 960 | hstate->flags |= HTP_FLAG_STATE_CLOSED_TC; |
fc2f7f29 GS |
961 | } |
962 | ||
48248687 | 963 | SCLogDebug("hstate->connp %p", hstate->connp); |
44d3f264 VJ |
964 | |
965 | if (ret < 0) { | |
966 | SCReturnStruct(APP_LAYER_ERROR); | |
967 | } | |
968 | SCReturnStruct(APP_LAYER_OK); | |
07f7ba55 GS |
969 | } |
970 | ||
4537f889 VJ |
971 | /** |
972 | * \param name /Lowercase/ version of the variable name | |
973 | */ | |
974 | static int HTTPParseContentDispositionHeader(uint8_t *name, size_t name_len, | |
975 | uint8_t *data, size_t len, uint8_t **retptr, size_t *retlen) | |
976 | { | |
32fb9f37 | 977 | #ifdef PRINT |
4537f889 VJ |
978 | printf("DATA START: \n"); |
979 | PrintRawDataFp(stdout, data, len); | |
980 | printf("DATA END: \n"); | |
981 | #endif | |
982 | size_t x; | |
983 | int quote = 0; | |
984 | ||
985 | for (x = 0; x < len; x++) { | |
986 | if (!(isspace(data[x]))) | |
987 | break; | |
988 | } | |
989 | ||
990 | if (x >= len) | |
991 | return 0; | |
992 | ||
993 | uint8_t *line = data+x; | |
994 | size_t line_len = len-x; | |
995 | size_t offset = 0; | |
32fb9f37 | 996 | #ifdef PRINT |
4537f889 VJ |
997 | printf("LINE START: \n"); |
998 | PrintRawDataFp(stdout, line, line_len); | |
999 | printf("LINE END: \n"); | |
1000 | #endif | |
1001 | for (x = 0 ; x < line_len; x++) { | |
1002 | if (x > 0) { | |
1003 | if (line[x - 1] != '\\' && line[x] == '\"') { | |
1004 | quote++; | |
1005 | } | |
1006 | ||
1007 | if (((line[x - 1] != '\\' && line[x] == ';') || ((x + 1) == line_len)) && (quote == 0 || quote % 2 == 0)) { | |
1008 | uint8_t *token = line + offset; | |
1009 | size_t token_len = x - offset; | |
1010 | ||
1011 | if ((x + 1) == line_len) { | |
1012 | token_len++; | |
1013 | } | |
1014 | ||
1015 | offset = x + 1; | |
1016 | ||
1017 | while (offset < line_len && isspace(line[offset])) { | |
1018 | x++; | |
1019 | offset++; | |
1020 | } | |
32fb9f37 | 1021 | #ifdef PRINT |
4537f889 VJ |
1022 | printf("TOKEN START: \n"); |
1023 | PrintRawDataFp(stdout, token, token_len); | |
1024 | printf("TOKEN END: \n"); | |
1025 | #endif | |
1026 | if (token_len > name_len) { | |
1027 | if (name == NULL || SCMemcmpLowercase(name, token, name_len) == 0) { | |
1028 | uint8_t *value = token + name_len; | |
1029 | size_t value_len = token_len - name_len; | |
1030 | ||
1031 | if (value[0] == '\"') { | |
1032 | value++; | |
1033 | value_len--; | |
1034 | } | |
1035 | if (value[value_len-1] == '\"') { | |
1036 | value_len--; | |
1037 | } | |
32fb9f37 | 1038 | #ifdef PRINT |
4537f889 VJ |
1039 | printf("VALUE START: \n"); |
1040 | PrintRawDataFp(stdout, value, value_len); | |
1041 | printf("VALUE END: \n"); | |
1042 | #endif | |
1043 | *retptr = value; | |
1044 | *retlen = value_len; | |
1045 | return 1; | |
1046 | } | |
1047 | } | |
1048 | } | |
1049 | } | |
1050 | } | |
1051 | ||
1052 | return 0; | |
1053 | } | |
1054 | ||
1055 | /** | |
1056 | * \param name /Lowercase/ version of the variable name | |
1057 | */ | |
1058 | static int HTTPParseContentTypeHeader(uint8_t *name, size_t name_len, | |
1059 | uint8_t *data, size_t len, uint8_t **retptr, size_t *retlen) | |
1060 | { | |
1061 | SCEnter(); | |
32fb9f37 | 1062 | #ifdef PRINT |
4537f889 VJ |
1063 | printf("DATA START: \n"); |
1064 | PrintRawDataFp(stdout, data, len); | |
1065 | printf("DATA END: \n"); | |
1066 | #endif | |
1067 | size_t x; | |
1068 | int quote = 0; | |
1069 | ||
1070 | for (x = 0; x < len; x++) { | |
1071 | if (!(isspace(data[x]))) | |
1072 | break; | |
1073 | } | |
1074 | ||
a0ee6ade VJ |
1075 | if (x >= len) { |
1076 | SCReturnInt(0); | |
1077 | } | |
4537f889 VJ |
1078 | |
1079 | uint8_t *line = data+x; | |
1080 | size_t line_len = len-x; | |
1081 | size_t offset = 0; | |
32fb9f37 | 1082 | #ifdef PRINT |
4537f889 VJ |
1083 | printf("LINE START: \n"); |
1084 | PrintRawDataFp(stdout, line, line_len); | |
1085 | printf("LINE END: \n"); | |
1086 | #endif | |
1087 | for (x = 0 ; x < line_len; x++) { | |
1088 | if (x > 0) { | |
1089 | if (line[x - 1] != '\\' && line[x] == '\"') { | |
1090 | quote++; | |
1091 | } | |
1092 | ||
1093 | if (((line[x - 1] != '\\' && line[x] == ';') || ((x + 1) == line_len)) && (quote == 0 || quote % 2 == 0)) { | |
1094 | uint8_t *token = line + offset; | |
1095 | size_t token_len = x - offset; | |
1096 | ||
1097 | if ((x + 1) == line_len) { | |
1098 | token_len++; | |
1099 | } | |
1100 | ||
1101 | offset = x + 1; | |
1102 | ||
1103 | while (offset < line_len && isspace(line[offset])) { | |
1104 | x++; | |
1105 | offset++; | |
1106 | } | |
32fb9f37 | 1107 | #ifdef PRINT |
4537f889 VJ |
1108 | printf("TOKEN START: \n"); |
1109 | PrintRawDataFp(stdout, token, token_len); | |
1110 | printf("TOKEN END: \n"); | |
1111 | #endif | |
1112 | if (token_len > name_len) { | |
1113 | if (name == NULL || SCMemcmpLowercase(name, token, name_len) == 0) { | |
1114 | uint8_t *value = token + name_len; | |
1115 | size_t value_len = token_len - name_len; | |
1116 | ||
1117 | if (value[0] == '\"') { | |
1118 | value++; | |
1119 | value_len--; | |
1120 | } | |
1121 | if (value[value_len-1] == '\"') { | |
1122 | value_len--; | |
1123 | } | |
32fb9f37 | 1124 | #ifdef PRINT |
4537f889 VJ |
1125 | printf("VALUE START: \n"); |
1126 | PrintRawDataFp(stdout, value, value_len); | |
1127 | printf("VALUE END: \n"); | |
1128 | #endif | |
1129 | *retptr = value; | |
1130 | *retlen = value_len; | |
a0ee6ade | 1131 | SCReturnInt(1); |
4537f889 VJ |
1132 | } |
1133 | } | |
1134 | } | |
1135 | } | |
1136 | } | |
1137 | ||
a0ee6ade | 1138 | SCReturnInt(0); |
4537f889 VJ |
1139 | } |
1140 | ||
ef053679 VJ |
1141 | /** |
1142 | * \brief setup multipart parsing: extract boundary and store it | |
1143 | * | |
1144 | * \param d HTTP transaction | |
1145 | * \param htud transaction userdata | |
1146 | * | |
3702a33a VJ |
1147 | * \retval 1 ok, multipart set up |
1148 | * \retval 0 ok, not multipart though | |
ef053679 VJ |
1149 | * \retval -1 error: problem with the boundary |
1150 | * | |
1151 | * If the request contains a multipart message, this function will | |
1152 | * set the HTP_BOUNDARY_SET in the transaction. | |
1153 | */ | |
fe6950de | 1154 | static int HtpRequestBodySetupMultipart(htp_tx_t *tx, HtpTxUserData *htud) |
8f1d7503 | 1155 | { |
fe6950de | 1156 | htp_header_t *h = (htp_header_t *)htp_table_get_c(tx->request_headers, |
21acd72a VJ |
1157 | "Content-Type"); |
1158 | if (h != NULL && bstr_len(h->value) > 0) { | |
1159 | uint8_t *boundary = NULL; | |
1160 | size_t boundary_len = 0; | |
1161 | ||
1162 | int r = HTTPParseContentTypeHeader((uint8_t *)"boundary=", 9, | |
1163 | (uint8_t *) bstr_ptr(h->value), bstr_len(h->value), | |
1164 | &boundary, &boundary_len); | |
1165 | if (r == 1) { | |
1166 | #ifdef PRINT | |
1167 | printf("BOUNDARY START: \n"); | |
1168 | PrintRawDataFp(stdout, boundary, boundary_len); | |
1169 | printf("BOUNDARY END: \n"); | |
1170 | #endif | |
1171 | if (boundary_len < HTP_BOUNDARY_MAX) { | |
ced01da8 | 1172 | htud->boundary = HTPMalloc(boundary_len); |
21acd72a VJ |
1173 | if (htud->boundary == NULL) { |
1174 | return -1; | |
1175 | } | |
1176 | htud->boundary_len = (uint8_t)boundary_len; | |
1177 | memcpy(htud->boundary, boundary, boundary_len); | |
1178 | ||
43c7fd75 | 1179 | htud->tsflags |= HTP_BOUNDARY_SET; |
21acd72a VJ |
1180 | } else { |
1181 | SCLogDebug("invalid boundary"); | |
1182 | return -1; | |
1183 | } | |
c85674b0 | 1184 | SCReturnInt(1); |
21acd72a | 1185 | } |
c85674b0 | 1186 | //SCReturnInt(1); |
21acd72a | 1187 | } |
3702a33a | 1188 | SCReturnInt(0); |
21acd72a VJ |
1189 | } |
1190 | ||
4537f889 VJ |
1191 | #define C_D_HDR "content-disposition:" |
1192 | #define C_D_HDR_LEN 20 | |
1193 | #define C_T_HDR "content-type:" | |
1194 | #define C_T_HDR_LEN 13 | |
1195 | ||
e21d8cdf | 1196 | static void HtpRequestBodyMultipartParseHeader(HtpState *hstate, |
3f5acc54 | 1197 | HtpTxUserData *htud, |
e21d8cdf | 1198 | uint8_t *header, uint32_t header_len, |
21acd72a VJ |
1199 | uint8_t **filename, uint16_t *filename_len, |
1200 | uint8_t **filetype, uint16_t *filetype_len) | |
1201 | { | |
1202 | uint8_t *fn = NULL; | |
1203 | size_t fn_len = 0; | |
1204 | uint8_t *ft = NULL; | |
1205 | size_t ft_len = 0; | |
1206 | ||
1207 | #ifdef PRINT | |
1208 | printf("HEADER START: \n"); | |
1209 | PrintRawDataFp(stdout, header, header_len); | |
1210 | printf("HEADER END: \n"); | |
1211 | #endif | |
1212 | ||
1213 | while (header_len > 0) { | |
1214 | uint8_t *next_line = Bs2bmSearch(header, header_len, (uint8_t *)"\r\n", 2); | |
1215 | uint8_t *line = header; | |
1216 | uint32_t line_len; | |
1217 | ||
1218 | if (next_line == NULL) { | |
1219 | line_len = header_len; | |
1220 | } else { | |
1221 | line_len = next_line - header; | |
1222 | } | |
e21d8cdf VJ |
1223 | uint8_t *sc = (uint8_t *)memchr(line, ':', line_len); |
1224 | if (sc == NULL) { | |
94982ae6 | 1225 | HTPSetEvent(hstate, htud, STREAM_TOSERVER, |
e21d8cdf | 1226 | HTTP_DECODER_EVENT_MULTIPART_INVALID_HEADER); |
e21d8cdf VJ |
1227 | /* if the : we found is the final char, it means we have |
1228 | * no value */ | |
fcc21ae4 | 1229 | } else if (line_len > 0 && sc == &line[line_len - 1]) { |
94982ae6 | 1230 | HTPSetEvent(hstate, htud, STREAM_TOSERVER, |
fcc21ae4 VJ |
1231 | HTTP_DECODER_EVENT_MULTIPART_INVALID_HEADER); |
1232 | } else { | |
21acd72a | 1233 | #ifdef PRINT |
fcc21ae4 VJ |
1234 | printf("LINE START: \n"); |
1235 | PrintRawDataFp(stdout, line, line_len); | |
1236 | printf("LINE END: \n"); | |
21acd72a | 1237 | #endif |
fcc21ae4 VJ |
1238 | if (line_len >= C_D_HDR_LEN && |
1239 | SCMemcmpLowercase(C_D_HDR, line, C_D_HDR_LEN) == 0) { | |
1240 | uint8_t *value = line + C_D_HDR_LEN; | |
1241 | uint32_t value_len = line_len - C_D_HDR_LEN; | |
1242 | ||
1243 | /* parse content-disposition */ | |
1244 | (void)HTTPParseContentDispositionHeader((uint8_t *)"filename=", 9, | |
1245 | value, value_len, &fn, &fn_len); | |
1246 | } else if (line_len >= C_T_HDR_LEN && | |
1247 | SCMemcmpLowercase(C_T_HDR, line, C_T_HDR_LEN) == 0) { | |
1248 | SCLogDebug("content-type line"); | |
1249 | uint8_t *value = line + C_T_HDR_LEN; | |
1250 | uint32_t value_len = line_len - C_T_HDR_LEN; | |
1251 | ||
1252 | (void)HTTPParseContentTypeHeader(NULL, 0, | |
1253 | value, value_len, &ft, &ft_len); | |
1254 | } | |
21acd72a VJ |
1255 | } |
1256 | ||
1257 | if (next_line == NULL) { | |
1258 | SCLogDebug("no next_line"); | |
1259 | break; | |
1260 | } | |
21acd72a VJ |
1261 | header_len -= ((next_line + 2) - header); |
1262 | header = next_line + 2; | |
1263 | } /* while (header_len > 0) */ | |
1264 | ||
1265 | if (fn_len > USHRT_MAX) | |
1266 | fn_len = USHRT_MAX; | |
1267 | if (ft_len > USHRT_MAX) | |
1268 | ft_len = USHRT_MAX; | |
1269 | ||
1270 | *filename = fn; | |
1271 | *filename_len = fn_len; | |
1272 | *filetype = ft; | |
1273 | *filetype_len = ft_len; | |
1274 | } | |
1275 | ||
ef053679 VJ |
1276 | /** |
1277 | * \brief Create a single buffer from the HtpBodyChunks in our list | |
1278 | * | |
1279 | * \param htud transaction user data | |
1280 | * \param chunks_buffers pointer to pass back the buffer to the caller | |
1281 | * \param chunks_buffer_len pointer to pass back the buffer length to the caller | |
1282 | */ | |
66a3cd96 | 1283 | static void HtpRequestBodyReassemble(HtpTxUserData *htud, |
46e55f1e | 1284 | const uint8_t **chunks_buffer, uint32_t *chunks_buffer_len) |
21acd72a | 1285 | { |
46e55f1e VJ |
1286 | StreamingBufferGetDataAtOffset(htud->request_body.sb, |
1287 | chunks_buffer, chunks_buffer_len, | |
1288 | htud->request_body.body_parsed); | |
21acd72a VJ |
1289 | } |
1290 | ||
83e0529b VJ |
1291 | static void FlagDetectStateNewFile(HtpTxUserData *tx, int dir) |
1292 | { | |
1df00749 | 1293 | SCEnter(); |
9c67c634 | 1294 | if (tx && tx->tx_data.de_state) { |
83e0529b | 1295 | if (dir == STREAM_TOSERVER) { |
1df00749 | 1296 | SCLogDebug("DETECT_ENGINE_STATE_FLAG_FILE_NEW set"); |
9c67c634 | 1297 | tx->tx_data.de_state->dir_state[0].flags |= DETECT_ENGINE_STATE_FLAG_FILE_NEW; |
83e0529b | 1298 | } else if (STREAM_TOCLIENT) { |
1df00749 | 1299 | SCLogDebug("DETECT_ENGINE_STATE_FLAG_FILE_NEW set"); |
9c67c634 | 1300 | tx->tx_data.de_state->dir_state[1].flags |= DETECT_ENGINE_STATE_FLAG_FILE_NEW; |
83e0529b VJ |
1301 | } |
1302 | } | |
1303 | } | |
1304 | ||
444c4b54 VJ |
1305 | /** |
1306 | * \brief Setup boundary buffers | |
1307 | */ | |
1308 | static void HtpRequestBodySetupBoundary(HtpTxUserData *htud, | |
1309 | uint8_t *boundary, uint32_t boundary_len) | |
1310 | { | |
1311 | memset(boundary, '-', boundary_len); | |
1312 | memcpy(boundary + 2, htud->boundary, htud->boundary_len); | |
1313 | } | |
1314 | ||
ab1200fb | 1315 | static int HtpRequestBodyHandleMultipart(HtpState *hstate, HtpTxUserData *htud, void *tx, |
46e55f1e | 1316 | const uint8_t *chunks_buffer, uint32_t chunks_buffer_len) |
403b2788 | 1317 | { |
23e01d23 | 1318 | int result = 0; |
444c4b54 | 1319 | uint8_t boundary[htud->boundary_len + 4]; /**< size limited to HTP_BOUNDARY_MAX + 4 */ |
aae00df4 VJ |
1320 | uint32_t expected_boundary_len = htud->boundary_len + 2; |
1321 | uint32_t expected_boundary_end_len = htud->boundary_len + 4; | |
94e25276 | 1322 | int tx_progress = 0; |
23e01d23 | 1323 | |
403b2788 VJ |
1324 | #ifdef PRINT |
1325 | printf("CHUNK START: \n"); | |
1326 | PrintRawDataFp(stdout, chunks_buffer, chunks_buffer_len); | |
1327 | printf("CHUNK END: \n"); | |
1328 | #endif | |
1329 | ||
444c4b54 | 1330 | HtpRequestBodySetupBoundary(htud, boundary, htud->boundary_len + 4); |
403b2788 VJ |
1331 | |
1332 | /* search for the header start, header end and form end */ | |
54d93e1e | 1333 | const uint8_t *header_start = Bs2bmSearch(chunks_buffer, chunks_buffer_len, |
444c4b54 | 1334 | boundary, expected_boundary_len); |
4d0db9cb | 1335 | /* end of the multipart form */ |
5ef05ffa | 1336 | const uint8_t *form_end = NULL; |
54d93e1e | 1337 | /* end marker belonging to header_start */ |
5ef05ffa | 1338 | const uint8_t *header_end = NULL; |
403b2788 VJ |
1339 | if (header_start != NULL) { |
1340 | header_end = Bs2bmSearch(header_start, chunks_buffer_len - (header_start - chunks_buffer), | |
1341 | (uint8_t *)"\r\n\r\n", 4); | |
4d0db9cb VJ |
1342 | form_end = Bs2bmSearch(header_start, chunks_buffer_len - (header_start - chunks_buffer), |
1343 | boundary, expected_boundary_end_len); | |
403b2788 | 1344 | } |
403b2788 | 1345 | |
fcc21ae4 VJ |
1346 | SCLogDebug("header_start %p, header_end %p, form_end %p", header_start, |
1347 | header_end, form_end); | |
1348 | ||
94e25276 AS |
1349 | /* we currently only handle multipart for ts. When we support it for tc, |
1350 | * we will need to supply right direction */ | |
707f0272 | 1351 | tx_progress = AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, STREAM_TOSERVER); |
403b2788 | 1352 | /* if we're in the file storage process, deal with that now */ |
43c7fd75 | 1353 | if (htud->tsflags & HTP_FILENAME_SET) { |
54d93e1e | 1354 | if (header_start != NULL || (tx_progress > HTP_REQUEST_BODY)) { |
403b2788 VJ |
1355 | SCLogDebug("reached the end of the file"); |
1356 | ||
46e55f1e | 1357 | const uint8_t *filedata = chunks_buffer; |
403b2788 VJ |
1358 | uint32_t filedata_len = 0; |
1359 | uint8_t flags = 0; | |
1360 | ||
54d93e1e VJ |
1361 | if (header_start != NULL) { |
1362 | if (header_start == filedata + 2) { | |
1363 | /* last chunk had all data, but not the boundary */ | |
1364 | SCLogDebug("last chunk had all data, but not the boundary"); | |
1365 | filedata_len = 0; | |
1366 | } else if (header_start > filedata + 2) { | |
1367 | SCLogDebug("some data from last file before the boundary"); | |
1368 | /* some data from last file before the boundary */ | |
1369 | filedata_len = header_start - filedata - 2; | |
1370 | } | |
1371 | } | |
1372 | /* body parsing done, we did not get our form end. Use all data | |
1373 | * we still have and signal to files API we have an issue. */ | |
1374 | if (tx_progress > HTP_REQUEST_BODY) { | |
403b2788 | 1375 | filedata_len = chunks_buffer_len; |
e1022ee5 | 1376 | flags = FILE_TRUNCATED; |
403b2788 VJ |
1377 | } |
1378 | ||
e21d8cdf | 1379 | if (filedata_len > chunks_buffer_len) { |
94982ae6 | 1380 | HTPSetEvent(hstate, htud, STREAM_TOSERVER, |
e21d8cdf VJ |
1381 | HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR); |
1382 | goto end; | |
1383 | } | |
403b2788 VJ |
1384 | #ifdef PRINT |
1385 | printf("FILEDATA (final chunk) START: \n"); | |
1386 | PrintRawDataFp(stdout, filedata, filedata_len); | |
1387 | printf("FILEDATA (final chunk) END: \n"); | |
1388 | #endif | |
43c7fd75 | 1389 | if (!(htud->tsflags & HTP_DONTSTORE)) { |
d59ca75e VJ |
1390 | if (HTPFileClose(hstate, filedata, filedata_len, flags, |
1391 | STREAM_TOSERVER) == -1) | |
23e01d23 VJ |
1392 | { |
1393 | goto end; | |
1394 | } | |
403b2788 VJ |
1395 | } |
1396 | ||
43c7fd75 | 1397 | htud->tsflags &=~ HTP_FILENAME_SET; |
403b2788 VJ |
1398 | |
1399 | /* fall through */ | |
1400 | } else { | |
1401 | SCLogDebug("not yet at the end of the file"); | |
1402 | ||
1403 | if (chunks_buffer_len > expected_boundary_end_len) { | |
46e55f1e | 1404 | const uint8_t *filedata = chunks_buffer; |
403b2788 VJ |
1405 | uint32_t filedata_len = chunks_buffer_len - expected_boundary_len; |
1406 | #ifdef PRINT | |
1407 | printf("FILEDATA (part) START: \n"); | |
1408 | PrintRawDataFp(stdout, filedata, filedata_len); | |
1409 | printf("FILEDATA (part) END: \n"); | |
1410 | #endif | |
23e01d23 | 1411 | |
43c7fd75 | 1412 | if (!(htud->tsflags & HTP_DONTSTORE)) { |
d59ca75e VJ |
1413 | result = HTPFileStoreChunk(hstate, filedata, |
1414 | filedata_len, STREAM_TOSERVER); | |
23e01d23 VJ |
1415 | if (result == -1) { |
1416 | goto end; | |
1417 | } else if (result == -2) { | |
1418 | /* we know for sure we're not storing the file */ | |
43c7fd75 | 1419 | htud->tsflags |= HTP_DONTSTORE; |
23e01d23 | 1420 | } |
403b2788 VJ |
1421 | } |
1422 | ||
b402d971 | 1423 | htud->request_body.body_parsed += filedata_len; |
403b2788 VJ |
1424 | } else { |
1425 | SCLogDebug("chunk too small to already process in part"); | |
1426 | } | |
1427 | ||
1428 | goto end; | |
1429 | } | |
1430 | } | |
1431 | ||
1432 | while (header_start != NULL && header_end != NULL && | |
1433 | header_end != form_end && | |
1434 | header_start < (chunks_buffer + chunks_buffer_len) && | |
1435 | header_end < (chunks_buffer + chunks_buffer_len) && | |
1436 | header_start < header_end) | |
1437 | { | |
1438 | uint8_t *filename = NULL; | |
1439 | uint16_t filename_len = 0; | |
1440 | uint8_t *filetype = NULL; | |
1441 | uint16_t filetype_len = 0; | |
1442 | ||
1443 | uint32_t header_len = header_end - header_start; | |
1444 | SCLogDebug("header_len %u", header_len); | |
54d93e1e | 1445 | uint8_t *header = (uint8_t *)header_start; |
403b2788 | 1446 | |
18837dce VJ |
1447 | /* skip empty records */ |
1448 | if (expected_boundary_len == header_len) { | |
1449 | goto next; | |
aae00df4 | 1450 | } else if ((expected_boundary_len + 2) <= header_len) { |
33848124 | 1451 | header_len -= (expected_boundary_len + 2); |
54d93e1e | 1452 | header = (uint8_t *)header_start + (expected_boundary_len + 2); // + for 0d 0a |
33848124 | 1453 | } |
403b2788 | 1454 | |
3f5acc54 | 1455 | HtpRequestBodyMultipartParseHeader(hstate, htud, header, header_len, |
e21d8cdf | 1456 | &filename, &filename_len, &filetype, &filetype_len); |
403b2788 VJ |
1457 | |
1458 | if (filename != NULL) { | |
5ef05ffa | 1459 | const uint8_t *filedata = NULL; |
403b2788 VJ |
1460 | uint32_t filedata_len = 0; |
1461 | ||
1462 | SCLogDebug("we have a filename"); | |
1463 | ||
43c7fd75 VJ |
1464 | htud->tsflags |= HTP_FILENAME_SET; |
1465 | htud->tsflags &= ~HTP_DONTSTORE; | |
403b2788 VJ |
1466 | |
1467 | SCLogDebug("header_end %p", header_end); | |
1468 | SCLogDebug("form_end %p", form_end); | |
1469 | ||
1470 | /* everything until the final boundary is the file */ | |
1471 | if (form_end != NULL) { | |
54d93e1e VJ |
1472 | SCLogDebug("have form_end"); |
1473 | ||
403b2788 | 1474 | filedata = header_end + 4; |
e21d8cdf | 1475 | if (form_end == filedata) { |
94982ae6 | 1476 | HTPSetEvent(hstate, htud, STREAM_TOSERVER, |
e21d8cdf VJ |
1477 | HTTP_DECODER_EVENT_MULTIPART_NO_FILEDATA); |
1478 | goto end; | |
1479 | } else if (form_end < filedata) { | |
94982ae6 | 1480 | HTPSetEvent(hstate, htud, STREAM_TOSERVER, |
e21d8cdf VJ |
1481 | HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR); |
1482 | goto end; | |
1483 | } | |
1484 | ||
403b2788 | 1485 | filedata_len = form_end - (header_end + 4 + 2); |
e21d8cdf | 1486 | SCLogDebug("filedata_len %"PRIuMAX, (uintmax_t)filedata_len); |
403b2788 VJ |
1487 | |
1488 | /* or is it? */ | |
1489 | uint8_t *header_next = Bs2bmSearch(filedata, filedata_len, | |
444c4b54 | 1490 | boundary, expected_boundary_len); |
403b2788 VJ |
1491 | if (header_next != NULL) { |
1492 | filedata_len -= (form_end - header_next); | |
1493 | } | |
1494 | ||
e21d8cdf | 1495 | if (filedata_len > chunks_buffer_len) { |
94982ae6 | 1496 | HTPSetEvent(hstate, htud, STREAM_TOSERVER, |
e21d8cdf VJ |
1497 | HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR); |
1498 | goto end; | |
1499 | } | |
403b2788 | 1500 | SCLogDebug("filedata_len %"PRIuMAX, (uintmax_t)filedata_len); |
403b2788 VJ |
1501 | #ifdef PRINT |
1502 | printf("FILEDATA START: \n"); | |
1503 | PrintRawDataFp(stdout, filedata, filedata_len); | |
1504 | printf("FILEDATA END: \n"); | |
1505 | #endif | |
1506 | ||
d74c18ee VJ |
1507 | result = HTPFileOpen(hstate, htud, filename, filename_len, filedata, filedata_len, |
1508 | HtpGetActiveRequestTxID(hstate), STREAM_TOSERVER); | |
23e01d23 | 1509 | if (result == -1) { |
403b2788 | 1510 | goto end; |
23e01d23 | 1511 | } else if (result == -2) { |
43c7fd75 | 1512 | htud->tsflags |= HTP_DONTSTORE; |
23e01d23 | 1513 | } else { |
d59ca75e | 1514 | if (HTPFileClose(hstate, NULL, 0, 0, STREAM_TOSERVER) == -1) { |
23e01d23 VJ |
1515 | goto end; |
1516 | } | |
403b2788 | 1517 | } |
83e0529b | 1518 | FlagDetectStateNewFile(htud, STREAM_TOSERVER); |
a6e75aff VJ |
1519 | |
1520 | htud->request_body.body_parsed += (header_end - chunks_buffer); | |
43c7fd75 | 1521 | htud->tsflags &= ~HTP_FILENAME_SET; |
403b2788 | 1522 | } else { |
a6e75aff VJ |
1523 | SCLogDebug("chunk doesn't contain form end"); |
1524 | ||
1525 | filedata = header_end + 4; | |
1526 | filedata_len = chunks_buffer_len - (filedata - chunks_buffer); | |
1527 | SCLogDebug("filedata_len %u (chunks_buffer_len %u)", filedata_len, chunks_buffer_len); | |
1528 | ||
e21d8cdf | 1529 | if (filedata_len > chunks_buffer_len) { |
94982ae6 | 1530 | HTPSetEvent(hstate, htud, STREAM_TOSERVER, |
e21d8cdf VJ |
1531 | HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR); |
1532 | goto end; | |
1533 | } | |
1534 | ||
a6e75aff VJ |
1535 | #ifdef PRINT |
1536 | printf("FILEDATA START: \n"); | |
1537 | PrintRawDataFp(stdout, filedata, filedata_len); | |
1538 | printf("FILEDATA END: \n"); | |
1539 | #endif | |
54d93e1e | 1540 | /* form doesn't end in this chunk, but the part might. Lets |
a6e75aff VJ |
1541 | * see if have another coming up */ |
1542 | uint8_t *header_next = Bs2bmSearch(filedata, filedata_len, | |
444c4b54 | 1543 | boundary, expected_boundary_len); |
a6e75aff VJ |
1544 | SCLogDebug("header_next %p", header_next); |
1545 | if (header_next == NULL) { | |
a6e75aff | 1546 | SCLogDebug("more file data to come"); |
403b2788 | 1547 | |
a6e75aff VJ |
1548 | uint32_t offset = (header_end + 4) - chunks_buffer; |
1549 | SCLogDebug("offset %u", offset); | |
1550 | htud->request_body.body_parsed += offset; | |
1c934acc | 1551 | |
aae00df4 VJ |
1552 | if (filedata_len >= (expected_boundary_len + 2)) { |
1553 | filedata_len -= (expected_boundary_len + 2 - 1); | |
54d93e1e VJ |
1554 | SCLogDebug("opening file with partial data"); |
1555 | } else { | |
1556 | filedata = NULL; | |
1557 | filedata_len = 0; | |
1558 | } | |
d74c18ee VJ |
1559 | result = HTPFileOpen(hstate, htud, filename, filename_len, filedata, |
1560 | filedata_len, HtpGetActiveRequestTxID(hstate), STREAM_TOSERVER); | |
a6e75aff VJ |
1561 | if (result == -1) { |
1562 | goto end; | |
1563 | } else if (result == -2) { | |
43c7fd75 | 1564 | htud->tsflags |= HTP_DONTSTORE; |
a6e75aff | 1565 | } |
83e0529b | 1566 | FlagDetectStateNewFile(htud, STREAM_TOSERVER); |
54d93e1e VJ |
1567 | htud->request_body.body_parsed += filedata_len; |
1568 | SCLogDebug("htud->request_body.body_parsed %"PRIu64, htud->request_body.body_parsed); | |
83e0529b | 1569 | |
fcc21ae4 | 1570 | } else if (header_next - filedata > 2) { |
a6e75aff VJ |
1571 | filedata_len = header_next - filedata - 2; |
1572 | SCLogDebug("filedata_len %u", filedata_len); | |
1573 | ||
d74c18ee VJ |
1574 | result = HTPFileOpen(hstate, htud, filename, filename_len, filedata, |
1575 | filedata_len, HtpGetActiveRequestTxID(hstate), STREAM_TOSERVER); | |
a6e75aff VJ |
1576 | if (result == -1) { |
1577 | goto end; | |
1578 | } else if (result == -2) { | |
43c7fd75 | 1579 | htud->tsflags |= HTP_DONTSTORE; |
a6e75aff VJ |
1580 | } else { |
1581 | if (HTPFileClose(hstate, NULL, 0, 0, STREAM_TOSERVER) == -1) { | |
1582 | goto end; | |
1583 | } | |
1584 | } | |
83e0529b | 1585 | FlagDetectStateNewFile(htud, STREAM_TOSERVER); |
a6e75aff | 1586 | |
43c7fd75 | 1587 | htud->tsflags &= ~HTP_FILENAME_SET; |
a6e75aff | 1588 | htud->request_body.body_parsed += (header_end - chunks_buffer); |
403b2788 VJ |
1589 | } |
1590 | } | |
403b2788 | 1591 | } |
18837dce | 1592 | next: |
403b2788 VJ |
1593 | SCLogDebug("header_start %p, header_end %p, form_end %p", |
1594 | header_start, header_end, form_end); | |
1595 | ||
1596 | /* Search next boundary entry after the start of body */ | |
1597 | uint32_t cursizeread = header_end - chunks_buffer; | |
1598 | header_start = Bs2bmSearch(header_end + 4, | |
1599 | chunks_buffer_len - (cursizeread + 4), | |
444c4b54 | 1600 | boundary, expected_boundary_len); |
403b2788 VJ |
1601 | if (header_start != NULL) { |
1602 | header_end = Bs2bmSearch(header_end + 4, | |
1603 | chunks_buffer_len - (cursizeread + 4), | |
1604 | (uint8_t *) "\r\n\r\n", 4); | |
1605 | } | |
1606 | } | |
0a22ba7e VJ |
1607 | |
1608 | /* if we're parsing the multipart and we're not currently processing a | |
1609 | * file, we move the body pointer forward. */ | |
1610 | if (form_end == NULL && !(htud->tsflags & HTP_FILENAME_SET) && header_start == NULL) { | |
1611 | if (chunks_buffer_len > expected_boundary_end_len) { | |
1612 | uint32_t move = chunks_buffer_len - expected_boundary_end_len + 1; | |
1613 | ||
1614 | htud->request_body.body_parsed += move; | |
1615 | SCLogDebug("form not ready, file not set, parsing non-file " | |
1616 | "record: moved %u", move); | |
1617 | } | |
1618 | } | |
1619 | ||
403b2788 | 1620 | end: |
a6e75aff | 1621 | SCLogDebug("htud->request_body.body_parsed %"PRIu64, htud->request_body.body_parsed); |
403b2788 VJ |
1622 | return 0; |
1623 | } | |
1624 | ||
3702a33a | 1625 | /** \internal |
9a954e94 | 1626 | * \brief Handle POST or PUT, no multipart body data |
3702a33a | 1627 | */ |
9a954e94 | 1628 | static int HtpRequestBodyHandlePOSTorPUT(HtpState *hstate, HtpTxUserData *htud, |
403b2788 VJ |
1629 | htp_tx_t *tx, uint8_t *data, uint32_t data_len) |
1630 | { | |
23e01d23 VJ |
1631 | int result = 0; |
1632 | ||
403b2788 | 1633 | /* see if we need to open the file */ |
43c7fd75 | 1634 | if (!(htud->tsflags & HTP_FILENAME_SET)) |
403b2788 VJ |
1635 | { |
1636 | uint8_t *filename = NULL; | |
fe9258f0 | 1637 | size_t filename_len = 0; |
403b2788 VJ |
1638 | |
1639 | /* get the name */ | |
1640 | if (tx->parsed_uri != NULL && tx->parsed_uri->path != NULL) { | |
1641 | filename = (uint8_t *)bstr_ptr(tx->parsed_uri->path); | |
1642 | filename_len = bstr_len(tx->parsed_uri->path); | |
1643 | } | |
1644 | ||
e3935a2a | 1645 | if (filename != NULL) { |
d74c18ee | 1646 | result = HTPFileOpen(hstate, htud, filename, (uint32_t)filename_len, data, data_len, |
94982ae6 | 1647 | HtpGetActiveRequestTxID(hstate), STREAM_TOSERVER); |
e3935a2a VJ |
1648 | if (result == -1) { |
1649 | goto end; | |
1650 | } else if (result == -2) { | |
43c7fd75 | 1651 | htud->tsflags |= HTP_DONTSTORE; |
e3935a2a | 1652 | } else { |
83e0529b | 1653 | FlagDetectStateNewFile(htud, STREAM_TOSERVER); |
43c7fd75 VJ |
1654 | htud->tsflags |= HTP_FILENAME_SET; |
1655 | htud->tsflags &= ~HTP_DONTSTORE; | |
e3935a2a | 1656 | } |
b402d971 VJ |
1657 | } |
1658 | } | |
1659 | else | |
1660 | { | |
1661 | /* otherwise, just store the data */ | |
1662 | ||
43c7fd75 | 1663 | if (!(htud->tsflags & HTP_DONTSTORE)) { |
d59ca75e | 1664 | result = HTPFileStoreChunk(hstate, data, data_len, STREAM_TOSERVER); |
b402d971 VJ |
1665 | if (result == -1) { |
1666 | goto end; | |
1667 | } else if (result == -2) { | |
1668 | /* we know for sure we're not storing the file */ | |
43c7fd75 | 1669 | htud->tsflags |= HTP_DONTSTORE; |
b402d971 VJ |
1670 | } |
1671 | } | |
1672 | } | |
1673 | ||
1674 | return 0; | |
1675 | end: | |
1676 | return -1; | |
1677 | } | |
1678 | ||
ab1200fb | 1679 | static int HtpResponseBodyHandle(HtpState *hstate, HtpTxUserData *htud, |
b402d971 VJ |
1680 | htp_tx_t *tx, uint8_t *data, uint32_t data_len) |
1681 | { | |
1682 | SCEnter(); | |
1683 | ||
1684 | int result = 0; | |
1685 | ||
9665ab04 PA |
1686 | /* see if we need to open the file |
1687 | * we check for tx->response_line in case of junk | |
1688 | * interpreted as body before response line | |
1689 | */ | |
1690 | if (!(htud->tcflags & HTP_FILENAME_SET) && | |
1691 | (tx->response_line != NULL || tx->is_protocol_0_9)) | |
b402d971 VJ |
1692 | { |
1693 | SCLogDebug("setting up file name"); | |
1694 | ||
1695 | uint8_t *filename = NULL; | |
fe9258f0 | 1696 | size_t filename_len = 0; |
b402d971 | 1697 | |
64827e38 | 1698 | /* try Content-Disposition header first */ |
48cf0585 | 1699 | htp_header_t *h = (htp_header_t *)htp_table_get_c(tx->response_headers, |
64827e38 VJ |
1700 | "Content-Disposition"); |
1701 | if (h != NULL && bstr_len(h->value) > 0) { | |
1702 | /* parse content-disposition */ | |
1703 | (void)HTTPParseContentDispositionHeader((uint8_t *)"filename=", 9, | |
fe9258f0 | 1704 | (uint8_t *) bstr_ptr(h->value), bstr_len(h->value), &filename, &filename_len); |
64827e38 VJ |
1705 | } |
1706 | ||
1707 | /* fall back to name from the uri */ | |
1708 | if (filename == NULL) { | |
1709 | /* get the name */ | |
1710 | if (tx->parsed_uri != NULL && tx->parsed_uri->path != NULL) { | |
1711 | filename = (uint8_t *)bstr_ptr(tx->parsed_uri->path); | |
1712 | filename_len = bstr_len(tx->parsed_uri->path); | |
1713 | } | |
b402d971 VJ |
1714 | } |
1715 | ||
e3935a2a | 1716 | if (filename != NULL) { |
e82416a4 PA |
1717 | // set range if present |
1718 | htp_header_t *h_content_range = htp_table_get_c(tx->response_headers, "content-range"); | |
1719 | if (h_content_range != NULL) { | |
1720 | result = HTPFileOpenWithRange(hstate, htud, filename, (uint32_t)filename_len, data, | |
1721 | data_len, HtpGetActiveResponseTxID(hstate), h_content_range->value, htud); | |
1722 | } else { | |
1723 | result = HTPFileOpen(hstate, htud, filename, (uint32_t)filename_len, data, data_len, | |
1724 | HtpGetActiveResponseTxID(hstate), STREAM_TOCLIENT); | |
1725 | } | |
e3935a2a VJ |
1726 | SCLogDebug("result %d", result); |
1727 | if (result == -1) { | |
1728 | goto end; | |
1729 | } else if (result == -2) { | |
43c7fd75 | 1730 | htud->tcflags |= HTP_DONTSTORE; |
e3935a2a | 1731 | } else { |
83e0529b | 1732 | FlagDetectStateNewFile(htud, STREAM_TOCLIENT); |
43c7fd75 VJ |
1733 | htud->tcflags |= HTP_FILENAME_SET; |
1734 | htud->tcflags &= ~HTP_DONTSTORE; | |
e3935a2a | 1735 | } |
403b2788 | 1736 | } |
403b2788 | 1737 | } |
9665ab04 | 1738 | else if (tx->response_line != NULL || tx->is_protocol_0_9) |
403b2788 VJ |
1739 | { |
1740 | /* otherwise, just store the data */ | |
1741 | ||
43c7fd75 | 1742 | if (!(htud->tcflags & HTP_DONTSTORE)) { |
d59ca75e | 1743 | result = HTPFileStoreChunk(hstate, data, data_len, STREAM_TOCLIENT); |
b402d971 | 1744 | SCLogDebug("result %d", result); |
23e01d23 VJ |
1745 | if (result == -1) { |
1746 | goto end; | |
1747 | } else if (result == -2) { | |
1748 | /* we know for sure we're not storing the file */ | |
43c7fd75 | 1749 | htud->tcflags |= HTP_DONTSTORE; |
23e01d23 | 1750 | } |
403b2788 VJ |
1751 | } |
1752 | } | |
1753 | ||
0bbc818b | 1754 | htud->response_body.body_parsed += data_len; |
403b2788 VJ |
1755 | return 0; |
1756 | end: | |
1757 | return -1; | |
1758 | } | |
1759 | ||
0165b3f0 | 1760 | /** |
a9cdd2bb | 1761 | * \brief Function callback to append chunks for Requests |
0165b3f0 | 1762 | * \param d pointer to the htp_tx_data_t structure (a chunk from htp lib) |
48cf0585 | 1763 | * \retval int HTP_OK if all goes well |
0165b3f0 | 1764 | */ |
ab1200fb | 1765 | static int HTPCallbackRequestBodyData(htp_tx_data_t *d) |
0165b3f0 PR |
1766 | { |
1767 | SCEnter(); | |
6d60b3a7 | 1768 | |
92679442 | 1769 | if (!(SC_ATOMIC_GET(htp_config_flags) & HTP_REQUIRE_REQUEST_BODY)) |
48cf0585 AS |
1770 | SCReturnInt(HTP_OK); |
1771 | ||
d509a780 | 1772 | if (d->len == 0) |
48cf0585 | 1773 | SCReturnInt(HTP_OK); |
66a083da | 1774 | |
a6e75aff VJ |
1775 | #ifdef PRINT |
1776 | printf("HTPBODY START: \n"); | |
1777 | PrintRawDataFp(stdout, (uint8_t *)d->data, d->len); | |
1778 | printf("HTPBODY END: \n"); | |
1779 | #endif | |
1780 | ||
48cf0585 | 1781 | HtpState *hstate = htp_connp_get_user_data(d->tx->connp); |
4537f889 | 1782 | if (hstate == NULL) { |
48cf0585 | 1783 | SCReturnInt(HTP_ERROR); |
4537f889 VJ |
1784 | } |
1785 | ||
23e01d23 | 1786 | SCLogDebug("New request body data available at %p -> %p -> %p, bodylen " |
0165b3f0 PR |
1787 | "%"PRIu32"", hstate, d, d->data, (uint32_t)d->len); |
1788 | ||
48cf0585 AS |
1789 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(d->tx); |
1790 | if (tx_ud == NULL) { | |
274a033d | 1791 | SCReturnInt(HTP_OK); |
48cf0585 AS |
1792 | } |
1793 | if (!tx_ud->response_body_init) { | |
1794 | tx_ud->response_body_init = 1; | |
48cf0585 AS |
1795 | |
1796 | if (d->tx->request_method_number == HTP_M_POST) { | |
3702a33a | 1797 | SCLogDebug("POST"); |
fe6950de | 1798 | int r = HtpRequestBodySetupMultipart(d->tx, tx_ud); |
3702a33a | 1799 | if (r == 1) { |
48cf0585 | 1800 | tx_ud->request_body_type = HTP_BODY_REQUEST_MULTIPART; |
3702a33a | 1801 | } else if (r == 0) { |
48cf0585 | 1802 | tx_ud->request_body_type = HTP_BODY_REQUEST_POST; |
3702a33a | 1803 | SCLogDebug("not multipart"); |
403b2788 | 1804 | } |
48cf0585 | 1805 | } else if (d->tx->request_method_number == HTP_M_PUT) { |
e13b319b | 1806 | tx_ud->request_body_type = HTP_BODY_REQUEST_PUT; |
403b2788 | 1807 | } |
0165b3f0 | 1808 | } |
0165b3f0 | 1809 | |
efdd9e08 VJ |
1810 | /* see if we can get rid of htp body chunks */ |
1811 | HtpBodyPrune(hstate, &tx_ud->request_body, STREAM_TOSERVER); | |
1812 | ||
48cf0585 | 1813 | SCLogDebug("tx_ud->request_body.content_len_so_far %"PRIu64, tx_ud->request_body.content_len_so_far); |
24a2f515 | 1814 | SCLogDebug("hstate->cfg->request.body_limit %u", hstate->cfg->request.body_limit); |
6ebe7b7c VJ |
1815 | |
1816 | /* within limits, add the body chunk to the state. */ | |
c68fbfcf | 1817 | if (AppLayerHtpCheckDepth(&hstate->cfg->request, &tx_ud->request_body, tx_ud->tsflags)) { |
de904db8 GL |
1818 | uint32_t stream_depth = FileReassemblyDepth(); |
1819 | uint32_t len = AppLayerHtpComputeChunkLength(tx_ud->request_body.content_len_so_far, | |
1820 | hstate->cfg->request.body_limit, | |
1821 | stream_depth, | |
1822 | tx_ud->tsflags, | |
1823 | (uint32_t)d->len); | |
1824 | BUG_ON(len > (uint32_t)d->len); | |
6ebe7b7c | 1825 | |
6fb808fc | 1826 | HtpBodyAppendChunk(&hstate->cfg->request, &tx_ud->request_body, d->data, len); |
6ebe7b7c | 1827 | |
46e55f1e | 1828 | const uint8_t *chunks_buffer = NULL; |
403b2788 | 1829 | uint32_t chunks_buffer_len = 0; |
a0ee6ade | 1830 | |
48cf0585 | 1831 | if (tx_ud->request_body_type == HTP_BODY_REQUEST_MULTIPART) { |
403b2788 | 1832 | /* multi-part body handling starts here */ |
48cf0585 | 1833 | if (!(tx_ud->tsflags & HTP_BOUNDARY_SET)) { |
a0ee6ade VJ |
1834 | goto end; |
1835 | } | |
4723f072 | 1836 | |
48cf0585 | 1837 | HtpRequestBodyReassemble(tx_ud, &chunks_buffer, &chunks_buffer_len); |
403b2788 VJ |
1838 | if (chunks_buffer == NULL) { |
1839 | goto end; | |
6d60b3a7 | 1840 | } |
a6e75aff | 1841 | #ifdef PRINT |
3702a33a VJ |
1842 | printf("REASSCHUNK START: \n"); |
1843 | PrintRawDataFp(stdout, chunks_buffer, chunks_buffer_len); | |
1844 | printf("REASSCHUNK END: \n"); | |
a6e75aff | 1845 | #endif |
a0ee6ade | 1846 | |
94e25276 | 1847 | HtpRequestBodyHandleMultipart(hstate, tx_ud, d->tx, chunks_buffer, chunks_buffer_len); |
a0ee6ade | 1848 | |
9a954e94 PA |
1849 | } else if (tx_ud->request_body_type == HTP_BODY_REQUEST_POST || |
1850 | tx_ud->request_body_type == HTP_BODY_REQUEST_PUT) { | |
1851 | HtpRequestBodyHandlePOSTorPUT(hstate, tx_ud, d->tx, (uint8_t *)d->data, len); | |
6d60b3a7 PR |
1852 | } |
1853 | ||
fc380139 GL |
1854 | } else { |
1855 | if (tx_ud->tsflags & HTP_FILENAME_SET) { | |
1856 | SCLogDebug("closing file that was being stored"); | |
1857 | (void)HTPFileClose(hstate, NULL, 0, FILE_TRUNCATED, STREAM_TOSERVER); | |
1858 | tx_ud->tsflags &= ~HTP_FILENAME_SET; | |
1859 | } | |
a0ee6ade VJ |
1860 | } |
1861 | ||
6d60b3a7 | 1862 | end: |
e02b74de VJ |
1863 | if (hstate->conn != NULL) { |
1864 | SCLogDebug("checking body size %"PRIu64" against inspect limit %u (cur %"PRIu64", last %"PRIu64")", | |
1865 | tx_ud->request_body.content_len_so_far, | |
1866 | hstate->cfg->request.inspect_min_size, | |
1867 | (uint64_t)hstate->conn->in_data_counter, hstate->last_request_data_stamp); | |
1868 | ||
1869 | /* if we reach the inspect_min_size we'll trigger inspection, | |
1870 | * so make sure that raw stream is also inspected. Set the | |
13ea30ef | 1871 | * data to be used to the amount of raw bytes we've seen to |
e02b74de VJ |
1872 | * get here. */ |
1873 | if (tx_ud->request_body.body_inspected == 0 && | |
1874 | tx_ud->request_body.content_len_so_far >= hstate->cfg->request.inspect_min_size) { | |
1875 | if ((uint64_t)hstate->conn->in_data_counter > hstate->last_request_data_stamp && | |
1876 | (uint64_t)hstate->conn->in_data_counter - hstate->last_request_data_stamp < (uint64_t)UINT_MAX) | |
1877 | { | |
1878 | uint32_t x = (uint32_t)((uint64_t)hstate->conn->in_data_counter - hstate->last_request_data_stamp); | |
1879 | ||
1880 | /* body still in progress, but due to min inspect size we need to inspect now */ | |
1881 | StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOSERVER, x); | |
1882 | AppLayerParserTriggerRawStreamReassembly(hstate->f, STREAM_TOSERVER); | |
1883 | } | |
1884 | /* after the start of the body, disable the depth logic */ | |
1885 | } else if (tx_ud->request_body.body_inspected > 0) { | |
1886 | StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOSERVER, 0); | |
1887 | } | |
1888 | } | |
48cf0585 | 1889 | SCReturnInt(HTP_OK); |
b402d971 VJ |
1890 | } |
1891 | ||
1892 | /** | |
1893 | * \brief Function callback to append chunks for Responses | |
1894 | * \param d pointer to the htp_tx_data_t structure (a chunk from htp lib) | |
48cf0585 | 1895 | * \retval int HTP_OK if all goes well |
b402d971 | 1896 | */ |
ab1200fb | 1897 | static int HTPCallbackResponseBodyData(htp_tx_data_t *d) |
b402d971 VJ |
1898 | { |
1899 | SCEnter(); | |
1900 | ||
92679442 | 1901 | if (!(SC_ATOMIC_GET(htp_config_flags) & HTP_REQUIRE_RESPONSE_BODY)) |
48cf0585 | 1902 | SCReturnInt(HTP_OK); |
66a083da | 1903 | |
d509a780 | 1904 | if (d->len == 0) |
48cf0585 AS |
1905 | SCReturnInt(HTP_OK); |
1906 | ||
1907 | HtpState *hstate = htp_connp_get_user_data(d->tx->connp); | |
b402d971 | 1908 | if (hstate == NULL) { |
48cf0585 | 1909 | SCReturnInt(HTP_ERROR); |
b402d971 VJ |
1910 | } |
1911 | ||
1912 | SCLogDebug("New response body data available at %p -> %p -> %p, bodylen " | |
1913 | "%"PRIu32"", hstate, d, d->data, (uint32_t)d->len); | |
1914 | ||
48cf0585 AS |
1915 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(d->tx); |
1916 | if (tx_ud == NULL) { | |
274a033d | 1917 | SCReturnInt(HTP_OK); |
48cf0585 AS |
1918 | } |
1919 | if (!tx_ud->request_body_init) { | |
1920 | tx_ud->request_body_init = 1; | |
b402d971 VJ |
1921 | } |
1922 | ||
efdd9e08 VJ |
1923 | /* see if we can get rid of htp body chunks */ |
1924 | HtpBodyPrune(hstate, &tx_ud->response_body, STREAM_TOCLIENT); | |
1925 | ||
48cf0585 | 1926 | SCLogDebug("tx_ud->response_body.content_len_so_far %"PRIu64, tx_ud->response_body.content_len_so_far); |
24a2f515 | 1927 | SCLogDebug("hstate->cfg->response.body_limit %u", hstate->cfg->response.body_limit); |
b402d971 VJ |
1928 | |
1929 | /* within limits, add the body chunk to the state. */ | |
c68fbfcf | 1930 | if (AppLayerHtpCheckDepth(&hstate->cfg->response, &tx_ud->response_body, tx_ud->tcflags)) { |
de904db8 GL |
1931 | uint32_t stream_depth = FileReassemblyDepth(); |
1932 | uint32_t len = AppLayerHtpComputeChunkLength(tx_ud->response_body.content_len_so_far, | |
1933 | hstate->cfg->response.body_limit, | |
1934 | stream_depth, | |
1935 | tx_ud->tcflags, | |
1936 | (uint32_t)d->len); | |
1937 | BUG_ON(len > (uint32_t)d->len); | |
b402d971 | 1938 | |
6fb808fc | 1939 | HtpBodyAppendChunk(&hstate->cfg->response, &tx_ud->response_body, d->data, len); |
b402d971 | 1940 | |
a4568a63 | 1941 | HtpResponseBodyHandle(hstate, tx_ud, d->tx, (uint8_t *)d->data, len); |
7a29aa11 GL |
1942 | } else { |
1943 | if (tx_ud->tcflags & HTP_FILENAME_SET) { | |
1944 | SCLogDebug("closing file that was being stored"); | |
1945 | (void)HTPFileClose(hstate, NULL, 0, FILE_TRUNCATED, STREAM_TOCLIENT); | |
1946 | tx_ud->tcflags &= ~HTP_FILENAME_SET; | |
1947 | } | |
b402d971 VJ |
1948 | } |
1949 | ||
e02b74de VJ |
1950 | if (hstate->conn != NULL) { |
1951 | SCLogDebug("checking body size %"PRIu64" against inspect limit %u (cur %"PRIu64", last %"PRIu64")", | |
1952 | tx_ud->response_body.content_len_so_far, | |
1953 | hstate->cfg->response.inspect_min_size, | |
1954 | (uint64_t)hstate->conn->in_data_counter, hstate->last_response_data_stamp); | |
1955 | /* if we reach the inspect_min_size we'll trigger inspection, | |
1956 | * so make sure that raw stream is also inspected. Set the | |
13ea30ef | 1957 | * data to be used to the amount of raw bytes we've seen to |
e02b74de VJ |
1958 | * get here. */ |
1959 | if (tx_ud->response_body.body_inspected == 0 && | |
1960 | tx_ud->response_body.content_len_so_far >= hstate->cfg->response.inspect_min_size) { | |
1961 | if ((uint64_t)hstate->conn->out_data_counter > hstate->last_response_data_stamp && | |
1962 | (uint64_t)hstate->conn->out_data_counter - hstate->last_response_data_stamp < (uint64_t)UINT_MAX) | |
1963 | { | |
1964 | uint32_t x = (uint32_t)((uint64_t)hstate->conn->out_data_counter - hstate->last_response_data_stamp); | |
1965 | ||
1966 | /* body still in progress, but due to min inspect size we need to inspect now */ | |
1967 | StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOCLIENT, x); | |
1968 | AppLayerParserTriggerRawStreamReassembly(hstate->f, STREAM_TOCLIENT); | |
1969 | } | |
1970 | /* after the start of the body, disable the depth logic */ | |
1971 | } else if (tx_ud->response_body.body_inspected > 0) { | |
1972 | StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOCLIENT, 0); | |
1973 | } | |
1974 | } | |
48cf0585 | 1975 | SCReturnInt(HTP_OK); |
0165b3f0 PR |
1976 | } |
1977 | ||
fc2f7f29 GS |
1978 | /** |
1979 | * \brief Print the stats of the HTTP requests | |
1980 | */ | |
1981 | void HTPAtExitPrintStats(void) | |
1982 | { | |
1983 | #ifdef DEBUG | |
a9cdd2bb | 1984 | SCEnter(); |
fc2f7f29 GS |
1985 | SCMutexLock(&htp_state_mem_lock); |
1986 | SCLogDebug("http_state_memcnt %"PRIu64", http_state_memuse %"PRIu64"", | |
1987 | htp_state_memcnt, htp_state_memuse); | |
1988 | SCMutexUnlock(&htp_state_mem_lock); | |
a9cdd2bb | 1989 | SCReturn; |
fc2f7f29 GS |
1990 | #endif |
1991 | } | |
1992 | ||
1993 | /** \brief Clears the HTTP server configuration memory used by HTP library */ | |
1994 | void HTPFreeConfig(void) | |
1995 | { | |
a9cdd2bb BR |
1996 | SCEnter(); |
1997 | ||
429c6388 AS |
1998 | if (!AppLayerProtoDetectConfProtoDetectionEnabled("tcp", "http") || |
1999 | !AppLayerParserConfParserEnabled("tcp", "http")) | |
2000 | { | |
ddde572f | 2001 | SCReturn; |
429c6388 | 2002 | } |
ddde572f | 2003 | |
a9cdd2bb BR |
2004 | HTPCfgRec *nextrec = cfglist.next; |
2005 | SCRadixReleaseRadixTree(cfgtree); | |
7f8d256e | 2006 | cfgtree = NULL; |
a0fa924c | 2007 | htp_config_destroy(cfglist.cfg); |
a9cdd2bb BR |
2008 | while (nextrec != NULL) { |
2009 | HTPCfgRec *htprec = nextrec; | |
47a47e8a | 2010 | nextrec = nextrec->next; |
a9cdd2bb | 2011 | |
a0fa924c | 2012 | htp_config_destroy(htprec->cfg); |
a9cdd2bb | 2013 | SCFree(htprec); |
a9cdd2bb BR |
2014 | } |
2015 | SCReturn; | |
fc2f7f29 GS |
2016 | } |
2017 | ||
44022743 VJ |
2018 | static int HTPCallbackRequestHasTrailer(htp_tx_t *tx) |
2019 | { | |
2020 | HtpTxUserData *htud = (HtpTxUserData *)htp_tx_get_user_data(tx); | |
2021 | if (htud != NULL) { | |
2022 | htud->request_has_trailers = 1; | |
2023 | } | |
2024 | return HTP_OK; | |
2025 | } | |
2026 | ||
2027 | static int HTPCallbackResponseHasTrailer(htp_tx_t *tx) | |
2028 | { | |
2029 | HtpTxUserData *htud = (HtpTxUserData *)htp_tx_get_user_data(tx); | |
2030 | if (htud != NULL) { | |
2031 | htud->response_has_trailers = 1; | |
2032 | } | |
2033 | return HTP_OK; | |
2034 | } | |
2035 | ||
e02b74de VJ |
2036 | /**\internal |
2037 | * \brief called at start of request | |
2038 | * Set min inspect size. | |
2039 | */ | |
2040 | static int HTPCallbackRequestStart(htp_tx_t *tx) | |
2041 | { | |
2042 | HtpState *hstate = htp_connp_get_user_data(tx->connp); | |
2043 | if (hstate == NULL) { | |
2044 | SCReturnInt(HTP_ERROR); | |
2045 | } | |
2046 | ||
2047 | if (hstate->cfg) | |
2048 | StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOSERVER, | |
2049 | hstate->cfg->request.inspect_min_size); | |
274a033d VJ |
2050 | |
2051 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
2052 | if (tx_ud == NULL) { | |
2053 | tx_ud = HTPCalloc(1, sizeof(HtpTxUserData)); | |
2054 | if (unlikely(tx_ud == NULL)) { | |
2055 | SCReturnInt(HTP_OK); | |
2056 | } | |
2057 | htp_tx_set_user_data(tx, tx_ud); | |
2058 | } | |
e02b74de VJ |
2059 | SCReturnInt(HTP_OK); |
2060 | } | |
2061 | ||
2062 | /**\internal | |
2063 | * \brief called at start of response | |
2064 | * Set min inspect size. | |
2065 | */ | |
2066 | static int HTPCallbackResponseStart(htp_tx_t *tx) | |
2067 | { | |
2068 | HtpState *hstate = htp_connp_get_user_data(tx->connp); | |
2069 | if (hstate == NULL) { | |
2070 | SCReturnInt(HTP_ERROR); | |
2071 | } | |
2072 | ||
2073 | if (hstate->cfg) | |
2074 | StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOCLIENT, | |
2075 | hstate->cfg->response.inspect_min_size); | |
274a033d VJ |
2076 | |
2077 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
2078 | if (tx_ud == NULL) { | |
2079 | tx_ud = HTPCalloc(1, sizeof(HtpTxUserData)); | |
2080 | if (unlikely(tx_ud == NULL)) { | |
2081 | SCReturnInt(HTP_OK); | |
2082 | } | |
2083 | htp_tx_set_user_data(tx, tx_ud); | |
2084 | } | |
e02b74de VJ |
2085 | SCReturnInt(HTP_OK); |
2086 | } | |
2087 | ||
2088 | ||
356a8bf3 GS |
2089 | /** |
2090 | * \brief callback for request to store the recent incoming request | |
2091 | in to the recent_in_tx for the given htp state | |
2092 | * \param connp pointer to the current connection parser which has the htp | |
2093 | * state in it as user data | |
2094 | */ | |
8f1d7503 KS |
2095 | static int HTPCallbackRequest(htp_tx_t *tx) |
2096 | { | |
356a8bf3 | 2097 | SCEnter(); |
187949b9 | 2098 | |
2b734b8d VJ |
2099 | if (tx == NULL) { |
2100 | SCReturnInt(HTP_ERROR); | |
2101 | } | |
2102 | ||
48cf0585 | 2103 | HtpState *hstate = htp_connp_get_user_data(tx->connp); |
187949b9 | 2104 | if (hstate == NULL) { |
48cf0585 | 2105 | SCReturnInt(HTP_ERROR); |
187949b9 | 2106 | } |
70b32f73 | 2107 | |
d4d18e31 AS |
2108 | SCLogDebug("transaction_cnt %"PRIu64", list_size %"PRIu64, |
2109 | hstate->transaction_cnt, HTPStateGetTxCnt(hstate)); | |
70b32f73 VJ |
2110 | |
2111 | SCLogDebug("HTTP request completed"); | |
2112 | ||
2b734b8d | 2113 | HTPErrorCheckTxRequestFlags(hstate, tx); |
43b39d33 | 2114 | |
2b734b8d VJ |
2115 | HtpTxUserData *htud = (HtpTxUserData *)htp_tx_get_user_data(tx); |
2116 | if (htud != NULL) { | |
2117 | if (htud->tsflags & HTP_FILENAME_SET) { | |
2118 | SCLogDebug("closing file that was being stored"); | |
2119 | (void)HTPFileClose(hstate, NULL, 0, 0, STREAM_TOSERVER); | |
2120 | htud->tsflags &= ~HTP_FILENAME_SET; | |
e02b74de VJ |
2121 | StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOSERVER, |
2122 | (uint32_t)hstate->conn->in_data_counter); | |
403b2788 VJ |
2123 | } |
2124 | } | |
2125 | ||
e02b74de | 2126 | hstate->last_request_data_stamp = (uint64_t)hstate->conn->in_data_counter; |
16cfae2f VJ |
2127 | /* request done, do raw reassembly now to inspect state and stream |
2128 | * at the same time. */ | |
2d223b69 | 2129 | AppLayerParserTriggerRawStreamReassembly(hstate->f, STREAM_TOSERVER); |
48cf0585 | 2130 | SCReturnInt(HTP_OK); |
356a8bf3 GS |
2131 | } |
2132 | ||
2133 | /** | |
2134 | * \brief callback for response to remove the recent received requests | |
2135 | from the recent_in_tx for the given htp state | |
2136 | * \param connp pointer to the current connection parser which has the htp | |
2137 | * state in it as user data | |
2138 | */ | |
8f1d7503 KS |
2139 | static int HTPCallbackResponse(htp_tx_t *tx) |
2140 | { | |
356a8bf3 | 2141 | SCEnter(); |
187949b9 | 2142 | |
48cf0585 | 2143 | HtpState *hstate = htp_connp_get_user_data(tx->connp); |
187949b9 | 2144 | if (hstate == NULL) { |
48cf0585 | 2145 | SCReturnInt(HTP_ERROR); |
187949b9 | 2146 | } |
356a8bf3 | 2147 | |
b406af45 AS |
2148 | /* we have one whole transaction now */ |
2149 | hstate->transaction_cnt++; | |
2150 | ||
76d3cb55 VJ |
2151 | HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); |
2152 | if (htud != NULL) { | |
2153 | if (htud->tcflags & HTP_FILENAME_SET) { | |
2154 | SCLogDebug("closing file that was being stored"); | |
2155 | (void)HTPFileClose(hstate, NULL, 0, 0, STREAM_TOCLIENT); | |
2156 | htud->tcflags &= ~HTP_FILENAME_SET; | |
b402d971 VJ |
2157 | } |
2158 | } | |
2159 | ||
16cfae2f VJ |
2160 | /* response done, do raw reassembly now to inspect state and stream |
2161 | * at the same time. */ | |
2d223b69 | 2162 | AppLayerParserTriggerRawStreamReassembly(hstate->f, STREAM_TOCLIENT); |
b6c2b705 MK |
2163 | |
2164 | /* handle HTTP CONNECT */ | |
2165 | if (tx->request_method_number == HTP_M_CONNECT) { | |
2166 | /* any 2XX status response implies that the connection will become | |
2167 | a tunnel immediately after this packet (RFC 7230, 3.3.3). */ | |
2168 | if ((tx->response_status_number >= 200) && | |
2169 | (tx->response_status_number < 300) && | |
2170 | (hstate->transaction_cnt == 1)) { | |
6f42ae91 VJ |
2171 | uint16_t dp = 0; |
2172 | if (tx->request_port_number != -1) { | |
2173 | dp = (uint16_t)tx->request_port_number; | |
2174 | } | |
707f0272 | 2175 | // both ALPROTO_HTTP1 and ALPROTO_TLS are normal options |
6f42ae91 | 2176 | AppLayerRequestProtocolChange(hstate->f, dp, ALPROTO_UNKNOWN); |
b6c2b705 MK |
2177 | tx->request_progress = HTP_REQUEST_COMPLETE; |
2178 | tx->response_progress = HTP_RESPONSE_COMPLETE; | |
2179 | } | |
2180 | } | |
2181 | ||
e02b74de | 2182 | hstate->last_response_data_stamp = (uint64_t)hstate->conn->out_data_counter; |
48cf0585 | 2183 | SCReturnInt(HTP_OK); |
356a8bf3 GS |
2184 | } |
2185 | ||
48cf0585 AS |
2186 | static int HTPCallbackRequestLine(htp_tx_t *tx) |
2187 | { | |
2188 | HtpTxUserData *tx_ud; | |
2189 | bstr *request_uri_normalized; | |
a8b971c7 | 2190 | HtpState *hstate = htp_connp_get_user_data(tx->connp); |
feafc838 | 2191 | const HTPCfgRec *cfg = hstate->cfg; |
48cf0585 | 2192 | |
a8b971c7 | 2193 | request_uri_normalized = SCHTPGenerateNormalizedUri(tx, tx->parsed_uri, cfg->uri_include_all); |
48cf0585 AS |
2194 | if (request_uri_normalized == NULL) |
2195 | return HTP_OK; | |
2196 | ||
0416a842 VJ |
2197 | tx_ud = htp_tx_get_user_data(tx); |
2198 | if (likely(tx_ud == NULL)) { | |
2199 | tx_ud = HTPMalloc(sizeof(*tx_ud)); | |
2200 | if (unlikely(tx_ud == NULL)) { | |
2201 | bstr_free(request_uri_normalized); | |
2202 | return HTP_OK; | |
2203 | } | |
2204 | memset(tx_ud, 0, sizeof(*tx_ud)); | |
2205 | htp_tx_set_user_data(tx, tx_ud); | |
67c12c61 | 2206 | } |
0416a842 VJ |
2207 | if (unlikely(tx_ud->request_uri_normalized != NULL)) |
2208 | bstr_free(tx_ud->request_uri_normalized); | |
48cf0585 | 2209 | tx_ud->request_uri_normalized = request_uri_normalized; |
48cf0585 | 2210 | |
afaa10b3 | 2211 | if (tx->flags) { |
43b39d33 VJ |
2212 | HTPErrorCheckTxRequestFlags(hstate, tx); |
2213 | } | |
48cf0585 AS |
2214 | return HTP_OK; |
2215 | } | |
2216 | ||
8a339e73 | 2217 | static int HTPCallbackDoubleDecodeUriPart(htp_tx_t *tx, bstr *part) |
48cf0585 | 2218 | { |
8a339e73 | 2219 | if (part == NULL) |
48cf0585 AS |
2220 | return HTP_OK; |
2221 | ||
2222 | uint64_t flags = 0; | |
8a339e73 PA |
2223 | size_t prevlen = bstr_len(part); |
2224 | htp_status_t res = htp_urldecode_inplace(tx->cfg, HTP_DECODER_URLENCODED, part, &flags); | |
2225 | // shorter string means that uri was encoded | |
2226 | if (res == HTP_OK && prevlen > bstr_len(part)) { | |
2227 | HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
274a033d VJ |
2228 | if (htud == NULL) |
2229 | return HTP_OK; | |
8a339e73 PA |
2230 | HtpState *s = htp_connp_get_user_data(tx->connp); |
2231 | if (s == NULL) | |
2232 | return HTP_OK; | |
94982ae6 VJ |
2233 | HTPSetEvent(s, htud, STREAM_TOSERVER, |
2234 | HTTP_DECODER_EVENT_DOUBLE_ENCODED_URI); | |
8a339e73 | 2235 | } |
48cf0585 AS |
2236 | |
2237 | return HTP_OK; | |
2238 | } | |
2239 | ||
8a339e73 | 2240 | static int HTPCallbackDoubleDecodeQuery(htp_tx_t *tx) |
48cf0585 | 2241 | { |
8a339e73 | 2242 | if (tx->parsed_uri == NULL) |
48cf0585 AS |
2243 | return HTP_OK; |
2244 | ||
8a339e73 PA |
2245 | return HTPCallbackDoubleDecodeUriPart(tx, tx->parsed_uri->query); |
2246 | } | |
48cf0585 | 2247 | |
8a339e73 PA |
2248 | static int HTPCallbackDoubleDecodePath(htp_tx_t *tx) |
2249 | { | |
2250 | if (tx->parsed_uri == NULL) | |
2251 | return HTP_OK; | |
2252 | ||
2253 | return HTPCallbackDoubleDecodeUriPart(tx, tx->parsed_uri->path); | |
48cf0585 AS |
2254 | } |
2255 | ||
2256 | static int HTPCallbackRequestHeaderData(htp_tx_data_t *tx_data) | |
2257 | { | |
1f07d152 | 2258 | void *ptmp; |
b25bd2e1 | 2259 | if (tx_data->len == 0 || tx_data->tx == NULL) |
48cf0585 AS |
2260 | return HTP_OK; |
2261 | ||
2262 | HtpTxUserData *tx_ud = htp_tx_get_user_data(tx_data->tx); | |
2263 | if (tx_ud == NULL) { | |
274a033d | 2264 | return HTP_OK; |
48cf0585 | 2265 | } |
ced01da8 EL |
2266 | ptmp = HTPRealloc(tx_ud->request_headers_raw, |
2267 | tx_ud->request_headers_raw_len, | |
1f07d152 EL |
2268 | tx_ud->request_headers_raw_len + tx_data->len); |
2269 | if (ptmp == NULL) { | |
48cf0585 AS |
2270 | return HTP_OK; |
2271 | } | |
1f07d152 EL |
2272 | tx_ud->request_headers_raw = ptmp; |
2273 | ||
48cf0585 AS |
2274 | memcpy(tx_ud->request_headers_raw + tx_ud->request_headers_raw_len, |
2275 | tx_data->data, tx_data->len); | |
2276 | tx_ud->request_headers_raw_len += tx_data->len; | |
2277 | ||
43b39d33 VJ |
2278 | if (tx_data->tx && tx_data->tx->flags) { |
2279 | HtpState *hstate = htp_connp_get_user_data(tx_data->tx->connp); | |
2280 | HTPErrorCheckTxRequestFlags(hstate, tx_data->tx); | |
2281 | } | |
48cf0585 AS |
2282 | return HTP_OK; |
2283 | } | |
2284 | ||
2285 | static int HTPCallbackResponseHeaderData(htp_tx_data_t *tx_data) | |
2286 | { | |
1f07d152 | 2287 | void *ptmp; |
b25bd2e1 | 2288 | if (tx_data->len == 0 || tx_data->tx == NULL) |
48cf0585 AS |
2289 | return HTP_OK; |
2290 | ||
2291 | HtpTxUserData *tx_ud = htp_tx_get_user_data(tx_data->tx); | |
2292 | if (tx_ud == NULL) { | |
274a033d | 2293 | return HTP_OK; |
48cf0585 | 2294 | } |
ced01da8 EL |
2295 | ptmp = HTPRealloc(tx_ud->response_headers_raw, |
2296 | tx_ud->response_headers_raw_len, | |
1f07d152 EL |
2297 | tx_ud->response_headers_raw_len + tx_data->len); |
2298 | if (ptmp == NULL) { | |
48cf0585 AS |
2299 | return HTP_OK; |
2300 | } | |
1f07d152 EL |
2301 | tx_ud->response_headers_raw = ptmp; |
2302 | ||
48cf0585 AS |
2303 | memcpy(tx_ud->response_headers_raw + tx_ud->response_headers_raw_len, |
2304 | tx_data->data, tx_data->len); | |
2305 | tx_ud->response_headers_raw_len += tx_data->len; | |
2306 | ||
2307 | return HTP_OK; | |
2308 | } | |
2309 | ||
2310 | /* | |
2311 | * We have a similar set function called HTPConfigSetDefaultsPhase1. | |
2312 | */ | |
2313 | static void HTPConfigSetDefaultsPhase1(HTPCfgRec *cfg_prec) | |
a9cdd2bb | 2314 | { |
a8b971c7 | 2315 | cfg_prec->uri_include_all = FALSE; |
24a2f515 VJ |
2316 | cfg_prec->request.body_limit = HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT; |
2317 | cfg_prec->response.body_limit = HTP_CONFIG_DEFAULT_RESPONSE_BODY_LIMIT; | |
2318 | cfg_prec->request.inspect_min_size = HTP_CONFIG_DEFAULT_REQUEST_INSPECT_MIN_SIZE; | |
2319 | cfg_prec->request.inspect_window = HTP_CONFIG_DEFAULT_REQUEST_INSPECT_WINDOW; | |
2320 | cfg_prec->response.inspect_min_size = HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_MIN_SIZE; | |
2321 | cfg_prec->response.inspect_window = HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_WINDOW; | |
c3b4dd5a VJ |
2322 | |
2323 | if (!g_disable_randomness) { | |
2324 | cfg_prec->randomize = HTP_CONFIG_DEFAULT_RANDOMIZE; | |
2325 | } else { | |
2326 | cfg_prec->randomize = 0; | |
2327 | } | |
ff784075 | 2328 | cfg_prec->randomize_range = HTP_CONFIG_DEFAULT_RANDOMIZE_RANGE; |
48cf0585 AS |
2329 | |
2330 | htp_config_register_request_header_data(cfg_prec->cfg, HTPCallbackRequestHeaderData); | |
2331 | htp_config_register_request_trailer_data(cfg_prec->cfg, HTPCallbackRequestHeaderData); | |
2332 | htp_config_register_response_header_data(cfg_prec->cfg, HTPCallbackResponseHeaderData); | |
2333 | htp_config_register_response_trailer_data(cfg_prec->cfg, HTPCallbackResponseHeaderData); | |
2334 | ||
44022743 VJ |
2335 | htp_config_register_request_trailer(cfg_prec->cfg, HTPCallbackRequestHasTrailer); |
2336 | htp_config_register_response_trailer(cfg_prec->cfg, HTPCallbackResponseHasTrailer); | |
2337 | ||
340542c4 AS |
2338 | htp_config_register_request_body_data(cfg_prec->cfg, HTPCallbackRequestBodyData); |
2339 | htp_config_register_response_body_data(cfg_prec->cfg, HTPCallbackResponseBodyData); | |
a9cdd2bb | 2340 | |
e02b74de | 2341 | htp_config_register_request_start(cfg_prec->cfg, HTPCallbackRequestStart); |
48cf0585 | 2342 | htp_config_register_request_complete(cfg_prec->cfg, HTPCallbackRequest); |
e02b74de VJ |
2343 | |
2344 | htp_config_register_response_start(cfg_prec->cfg, HTPCallbackResponseStart); | |
48cf0585 AS |
2345 | htp_config_register_response_complete(cfg_prec->cfg, HTPCallbackResponse); |
2346 | ||
2347 | htp_config_set_parse_request_cookies(cfg_prec->cfg, 0); | |
48cf0585 | 2348 | |
9a7353e1 VJ |
2349 | /* don't convert + to space by default */ |
2350 | htp_config_set_plusspace_decode(cfg_prec->cfg, HTP_DECODER_URLENCODED, 0); | |
b869ac01 PA |
2351 | // enables request decompression |
2352 | htp_config_set_request_decompression(cfg_prec->cfg, 1); | |
9b5c9233 PA |
2353 | #ifdef HAVE_HTP_CONFIG_SET_LZMA_LAYERS |
2354 | // disable by default | |
2355 | htp_config_set_lzma_layers(cfg_prec->cfg, HTP_CONFIG_DEFAULT_LZMA_LAYERS); | |
2356 | #endif | |
61a6eaf3 JI |
2357 | #ifdef HAVE_HTP_CONFIG_SET_LZMA_MEMLIMIT |
2358 | htp_config_set_lzma_memlimit(cfg_prec->cfg, | |
2359 | HTP_CONFIG_DEFAULT_LZMA_MEMLIMIT); | |
af4f8162 PA |
2360 | #endif |
2361 | #ifdef HAVE_HTP_CONFIG_SET_COMPRESSION_BOMB_LIMIT | |
2362 | htp_config_set_compression_bomb_limit(cfg_prec->cfg, | |
2363 | HTP_CONFIG_DEFAULT_COMPRESSION_BOMB_LIMIT); | |
a04b5566 PA |
2364 | #endif |
2365 | #ifdef HAVE_HTP_CONFIG_SET_COMPRESSION_TIME_LIMIT | |
2366 | htp_config_set_compression_time_limit(cfg_prec->cfg, HTP_CONFIG_DEFAULT_COMPRESSION_TIME_LIMIT); | |
61a6eaf3 | 2367 | #endif |
fb496791 VJ |
2368 | /* libhtp <= 0.5.9 doesn't use soft limit, but it's impossible to set |
2369 | * only the hard limit. So we set both here to the (current) htp defaults. | |
2370 | * The reason we do this is that if the user sets the hard limit in the | |
2371 | * config, we have to set the soft limit as well. If libhtp starts using | |
2372 | * the soft limit in the future, we at least make sure we control what | |
2373 | * it's value is. */ | |
2374 | htp_config_set_field_limits(cfg_prec->cfg, | |
2375 | (size_t)HTP_CONFIG_DEFAULT_FIELD_LIMIT_SOFT, | |
2376 | (size_t)HTP_CONFIG_DEFAULT_FIELD_LIMIT_HARD); | |
48cf0585 AS |
2377 | return; |
2378 | } | |
2379 | ||
7fb58e67 VJ |
2380 | /* hack: htp random range code expects random values in range of 0-RAND_MAX, |
2381 | * but we can get both <0 and >RAND_MAX values from RandomGet | |
2382 | */ | |
2383 | static int RandomGetWrap(void) | |
2384 | { | |
18f64e0d MN |
2385 | unsigned long r; |
2386 | ||
2387 | do { | |
2388 | r = RandomGet(); | |
2389 | } while(r >= ULONG_MAX - (ULONG_MAX % RAND_MAX)); | |
2390 | ||
2391 | return r % RAND_MAX; | |
7fb58e67 VJ |
2392 | } |
2393 | ||
48cf0585 AS |
2394 | /* |
2395 | * We have this splitup so that in case double decoding has been enabled | |
2396 | * for query and path, they would be called first on the callback queue, | |
2397 | * before the callback set by Phase2() is called. We need this, since | |
2398 | * the callback in Phase2() generates the normalized uri which utilizes | |
2399 | * the query and path. */ | |
ab1200fb | 2400 | static void HTPConfigSetDefaultsPhase2(const char *name, HTPCfgRec *cfg_prec) |
48cf0585 | 2401 | { |
ff784075 EL |
2402 | /* randomize inspection size if needed */ |
2403 | if (cfg_prec->randomize) { | |
2404 | int rdrange = cfg_prec->randomize_range; | |
2405 | ||
7fb58e67 | 2406 | long int r = RandomGetWrap(); |
46981ccd PA |
2407 | cfg_prec->request.inspect_min_size += (int)(cfg_prec->request.inspect_min_size * |
2408 | ((double)r / RAND_MAX - 0.5) * rdrange / 100); | |
535d9e35 | 2409 | |
7fb58e67 | 2410 | r = RandomGetWrap(); |
46981ccd PA |
2411 | cfg_prec->request.inspect_window += (int)(cfg_prec->request.inspect_window * |
2412 | ((double)r / RAND_MAX - 0.5) * rdrange / 100); | |
b3bf7a57 | 2413 | SCLogConfig("'%s' server has 'request-body-minimal-inspect-size' set to" |
72954067 EL |
2414 | " %d and 'request-body-inspect-window' set to %d after" |
2415 | " randomization.", | |
2416 | name, | |
24a2f515 VJ |
2417 | cfg_prec->request.inspect_min_size, |
2418 | cfg_prec->request.inspect_window); | |
72954067 | 2419 | |
ff784075 | 2420 | |
7fb58e67 | 2421 | r = RandomGetWrap(); |
46981ccd PA |
2422 | cfg_prec->response.inspect_min_size += (int)(cfg_prec->response.inspect_min_size * |
2423 | ((double)r / RAND_MAX - 0.5) * rdrange / 100); | |
535d9e35 | 2424 | |
7fb58e67 | 2425 | r = RandomGetWrap(); |
46981ccd PA |
2426 | cfg_prec->response.inspect_window += (int)(cfg_prec->response.inspect_window * |
2427 | ((double)r / RAND_MAX - 0.5) * rdrange / 100); | |
72954067 | 2428 | |
b3bf7a57 | 2429 | SCLogConfig("'%s' server has 'response-body-minimal-inspect-size' set to" |
72954067 EL |
2430 | " %d and 'response-body-inspect-window' set to %d after" |
2431 | " randomization.", | |
2432 | name, | |
24a2f515 VJ |
2433 | cfg_prec->response.inspect_min_size, |
2434 | cfg_prec->response.inspect_window); | |
ff784075 EL |
2435 | } |
2436 | ||
48cf0585 AS |
2437 | htp_config_register_request_line(cfg_prec->cfg, HTPCallbackRequestLine); |
2438 | ||
6fb808fc | 2439 | cfg_prec->request.sbcfg.flags = 0; |
24a2f515 VJ |
2440 | cfg_prec->request.sbcfg.buf_size = cfg_prec->request.inspect_window ? |
2441 | cfg_prec->request.inspect_window : 256; | |
6fb808fc VJ |
2442 | cfg_prec->request.sbcfg.buf_slide = 0; |
2443 | cfg_prec->request.sbcfg.Malloc = HTPMalloc; | |
2444 | cfg_prec->request.sbcfg.Calloc = HTPCalloc; | |
2445 | cfg_prec->request.sbcfg.Realloc = HTPRealloc; | |
2446 | cfg_prec->request.sbcfg.Free = HTPFree; | |
2447 | ||
2448 | cfg_prec->response.sbcfg.flags = 0; | |
24a2f515 VJ |
2449 | cfg_prec->response.sbcfg.buf_size = cfg_prec->response.inspect_window ? |
2450 | cfg_prec->response.inspect_window : 256; | |
6fb808fc VJ |
2451 | cfg_prec->response.sbcfg.buf_slide = 0; |
2452 | cfg_prec->response.sbcfg.Malloc = HTPMalloc; | |
2453 | cfg_prec->response.sbcfg.Calloc = HTPCalloc; | |
2454 | cfg_prec->response.sbcfg.Realloc = HTPRealloc; | |
2455 | cfg_prec->response.sbcfg.Free = HTPFree; | |
340542c4 AS |
2456 | return; |
2457 | } | |
a9cdd2bb | 2458 | |
028c6c17 | 2459 | static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s, |
340542c4 AS |
2460 | SCRadixTree *tree) |
2461 | { | |
028c6c17 | 2462 | if (cfg_prec == NULL || s == NULL || tree == NULL) |
340542c4 | 2463 | return; |
a9cdd2bb | 2464 | |
340542c4 AS |
2465 | ConfNode *p = NULL; |
2466 | ||
2467 | /* Default Parameters */ | |
028c6c17 | 2468 | TAILQ_FOREACH(p, &s->head, next) { |
340542c4 AS |
2469 | |
2470 | if (strcasecmp("address", p->name) == 0) { | |
2471 | ConfNode *pval; | |
2472 | /* Addresses */ | |
2473 | TAILQ_FOREACH(pval, &p->head, next) { | |
2474 | SCLogDebug("LIBHTP server %s: %s=%s", s->name, p->name, | |
2475 | pval->val); | |
2476 | ||
2477 | /* IPV6 or IPV4? */ | |
2478 | if (strchr(pval->val, ':') != NULL) { | |
2479 | SCLogDebug("LIBHTP adding ipv6 server %s at %s: %p", | |
028c6c17 | 2480 | s->name, pval->val, cfg_prec->cfg); |
340542c4 AS |
2481 | if (SCRadixAddKeyIPV6String(pval->val, tree, cfg_prec) == NULL) { |
2482 | SCLogWarning(SC_ERR_INVALID_VALUE, "LIBHTP failed to " | |
2483 | "add ipv6 server %s, ignoring", pval->val); | |
2484 | } | |
2485 | } else { | |
2486 | SCLogDebug("LIBHTP adding ipv4 server %s at %s: %p", | |
028c6c17 | 2487 | s->name, pval->val, cfg_prec->cfg); |
340542c4 AS |
2488 | if (SCRadixAddKeyIPV4String(pval->val, tree, cfg_prec) == NULL) { |
2489 | SCLogWarning(SC_ERR_INVALID_VALUE, "LIBHTP failed " | |
2490 | "to add ipv4 server %s, ignoring", | |
2491 | pval->val); | |
2492 | } | |
2493 | } /* else - if (strchr(pval->val, ':') != NULL) */ | |
2494 | } /* TAILQ_FOREACH(pval, &p->head, next) */ | |
2495 | ||
2496 | } else if (strcasecmp("personality", p->name) == 0) { | |
2497 | /* Personalities */ | |
2498 | int personality = HTPLookupPersonality(p->val); | |
2499 | SCLogDebug("LIBHTP default: %s = %s", p->name, p->val); | |
2500 | SCLogDebug("LIBHTP default: %s = %s", p->name, p->val); | |
2501 | ||
2502 | if (personality >= 0) { | |
2503 | SCLogDebug("LIBHTP default: %s=%s (%d)", p->name, p->val, | |
2504 | personality); | |
2505 | if (htp_config_set_server_personality(cfg_prec->cfg, personality) == HTP_ERROR){ | |
2506 | SCLogWarning(SC_ERR_INVALID_VALUE, "LIBHTP Failed adding " | |
2507 | "personality \"%s\", ignoring", p->val); | |
2508 | } else { | |
2509 | SCLogDebug("LIBHTP personality set to %s", | |
2510 | HTPLookupPersonalityString(personality)); | |
2511 | } | |
a9cdd2bb | 2512 | |
340542c4 AS |
2513 | /* The IDS personality by default converts the path (and due to |
2514 | * our query string callback also the query string) to lowercase. | |
2515 | * Signatures do not expect this, so override it. */ | |
48cf0585 | 2516 | htp_config_set_convert_lowercase(cfg_prec->cfg, HTP_DECODER_URL_PATH, 0); |
340542c4 AS |
2517 | } else { |
2518 | SCLogWarning(SC_ERR_UNKNOWN_VALUE, "LIBHTP Unknown personality " | |
2519 | "\"%s\", ignoring", p->val); | |
2520 | continue; | |
2521 | } | |
a9cdd2bb | 2522 | |
340542c4 AS |
2523 | } else if (strcasecmp("request-body-limit", p->name) == 0 || |
2524 | strcasecmp("request_body_limit", p->name) == 0) { | |
24a2f515 | 2525 | if (ParseSizeStringU32(p->val, &cfg_prec->request.body_limit) < 0) { |
340542c4 AS |
2526 | SCLogError(SC_ERR_SIZE_PARSE, "Error parsing request-body-limit " |
2527 | "from conf file - %s. Killing engine", p->val); | |
2528 | exit(EXIT_FAILURE); | |
2529 | } | |
a9cdd2bb | 2530 | |
340542c4 | 2531 | } else if (strcasecmp("response-body-limit", p->name) == 0) { |
24a2f515 | 2532 | if (ParseSizeStringU32(p->val, &cfg_prec->response.body_limit) < 0) { |
340542c4 AS |
2533 | SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-limit " |
2534 | "from conf file - %s. Killing engine", p->val); | |
2535 | exit(EXIT_FAILURE); | |
2536 | } | |
48cf0585 | 2537 | |
2763a612 | 2538 | } else if (strcasecmp("request-body-minimal-inspect-size", p->name) == 0) { |
24a2f515 | 2539 | if (ParseSizeStringU32(p->val, &cfg_prec->request.inspect_min_size) < 0) { |
2763a612 VJ |
2540 | SCLogError(SC_ERR_SIZE_PARSE, "Error parsing request-body-minimal-inspect-size " |
2541 | "from conf file - %s. Killing engine", p->val); | |
2542 | exit(EXIT_FAILURE); | |
2543 | } | |
2544 | ||
2545 | } else if (strcasecmp("request-body-inspect-window", p->name) == 0) { | |
24a2f515 | 2546 | if (ParseSizeStringU32(p->val, &cfg_prec->request.inspect_window) < 0) { |
2763a612 VJ |
2547 | SCLogError(SC_ERR_SIZE_PARSE, "Error parsing request-body-inspect-window " |
2548 | "from conf file - %s. Killing engine", p->val); | |
2549 | exit(EXIT_FAILURE); | |
2550 | } | |
2551 | ||
e5879650 | 2552 | } else if (strcasecmp("double-decode-query", p->name) == 0) { |
48cf0585 AS |
2553 | if (ConfValIsTrue(p->val)) { |
2554 | htp_config_register_request_line(cfg_prec->cfg, | |
2555 | HTPCallbackDoubleDecodeQuery); | |
2556 | } | |
2557 | ||
e5879650 | 2558 | } else if (strcasecmp("double-decode-path", p->name) == 0) { |
48cf0585 AS |
2559 | if (ConfValIsTrue(p->val)) { |
2560 | htp_config_register_request_line(cfg_prec->cfg, | |
2561 | HTPCallbackDoubleDecodePath); | |
2562 | } | |
2563 | ||
2763a612 | 2564 | } else if (strcasecmp("response-body-minimal-inspect-size", p->name) == 0) { |
24a2f515 | 2565 | if (ParseSizeStringU32(p->val, &cfg_prec->response.inspect_min_size) < 0) { |
2763a612 VJ |
2566 | SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-minimal-inspect-size " |
2567 | "from conf file - %s. Killing engine", p->val); | |
2568 | exit(EXIT_FAILURE); | |
2569 | } | |
2570 | ||
2571 | } else if (strcasecmp("response-body-inspect-window", p->name) == 0) { | |
24a2f515 | 2572 | if (ParseSizeStringU32(p->val, &cfg_prec->response.inspect_window) < 0) { |
2763a612 VJ |
2573 | SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-inspect-window " |
2574 | "from conf file - %s. Killing engine", p->val); | |
2575 | exit(EXIT_FAILURE); | |
2576 | } | |
bde55578 | 2577 | |
5ec885e4 VJ |
2578 | } else if (strcasecmp("response-body-decompress-layer-limit", p->name) == 0) { |
2579 | uint32_t value = 2; | |
2580 | if (ParseSizeStringU32(p->val, &value) < 0) { | |
2581 | SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-inspect-window " | |
2582 | "from conf file - %s. Killing engine", p->val); | |
2583 | exit(EXIT_FAILURE); | |
2584 | } | |
2585 | #ifdef HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT | |
2586 | htp_config_set_response_decompression_layer_limit(cfg_prec->cfg, value); | |
2587 | #else | |
2588 | SCLogWarning(SC_WARN_OUTDATED_LIBHTP, "can't set response-body-decompress-layer-limit " | |
2589 | "to %u, libhtp version too old", value); | |
2590 | #endif | |
48cf0585 AS |
2591 | } else if (strcasecmp("path-convert-backslash-separators", p->name) == 0) { |
2592 | htp_config_set_backslash_convert_slashes(cfg_prec->cfg, | |
2593 | HTP_DECODER_URL_PATH, | |
2594 | ConfValIsTrue(p->val)); | |
2595 | } else if (strcasecmp("path-bestfit-replacement-char", p->name) == 0) { | |
2596 | if (strlen(p->val) == 1) { | |
2597 | htp_config_set_bestfit_replacement_byte(cfg_prec->cfg, | |
2598 | HTP_DECODER_URL_PATH, | |
2599 | p->val[0]); | |
028c6c17 AS |
2600 | } else { |
2601 | SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry " | |
48cf0585 | 2602 | "for libhtp param path-bestfit-replacement-char"); |
028c6c17 | 2603 | } |
48cf0585 AS |
2604 | } else if (strcasecmp("path-convert-lowercase", p->name) == 0) { |
2605 | htp_config_set_convert_lowercase(cfg_prec->cfg, | |
2606 | HTP_DECODER_URL_PATH, | |
2607 | ConfValIsTrue(p->val)); | |
2608 | } else if (strcasecmp("path-nul-encoded-terminates", p->name) == 0) { | |
2609 | htp_config_set_nul_encoded_terminates(cfg_prec->cfg, | |
2610 | HTP_DECODER_URL_PATH, | |
2611 | ConfValIsTrue(p->val)); | |
2612 | } else if (strcasecmp("path-nul-raw-terminates", p->name) == 0) { | |
2613 | htp_config_set_nul_raw_terminates(cfg_prec->cfg, | |
2614 | HTP_DECODER_URL_PATH, | |
2615 | ConfValIsTrue(p->val)); | |
2616 | } else if (strcasecmp("path-separators-compress", p->name) == 0) { | |
2617 | htp_config_set_path_separators_compress(cfg_prec->cfg, | |
2618 | HTP_DECODER_URL_PATH, | |
2619 | ConfValIsTrue(p->val)); | |
2620 | } else if (strcasecmp("path-separators-decode", p->name) == 0) { | |
2621 | htp_config_set_path_separators_decode(cfg_prec->cfg, | |
2622 | HTP_DECODER_URL_PATH, | |
2623 | ConfValIsTrue(p->val)); | |
2624 | } else if (strcasecmp("path-u-encoding-decode", p->name) == 0) { | |
2625 | htp_config_set_u_encoding_decode(cfg_prec->cfg, | |
2626 | HTP_DECODER_URL_PATH, | |
2627 | ConfValIsTrue(p->val)); | |
2628 | } else if (strcasecmp("path-url-encoding-invalid-handling", p->name) == 0) { | |
2629 | enum htp_url_encoding_handling_t handling; | |
028c6c17 | 2630 | if (strcasecmp(p->val, "preserve_percent") == 0) { |
48cf0585 | 2631 | handling = HTP_URL_DECODE_PRESERVE_PERCENT; |
028c6c17 | 2632 | } else if (strcasecmp(p->val, "remove_percent") == 0) { |
48cf0585 | 2633 | handling = HTP_URL_DECODE_REMOVE_PERCENT; |
028c6c17 | 2634 | } else if (strcasecmp(p->val, "decode_invalid") == 0) { |
48cf0585 | 2635 | handling = HTP_URL_DECODE_PROCESS_INVALID; |
028c6c17 AS |
2636 | } else { |
2637 | SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry " | |
48cf0585 AS |
2638 | "for libhtp param path-url-encoding-invalid-handling"); |
2639 | return; | |
028c6c17 | 2640 | } |
48cf0585 AS |
2641 | htp_config_set_url_encoding_invalid_handling(cfg_prec->cfg, |
2642 | HTP_DECODER_URL_PATH, | |
2643 | handling); | |
2644 | } else if (strcasecmp("path-utf8-convert-bestfit", p->name) == 0) { | |
2645 | htp_config_set_utf8_convert_bestfit(cfg_prec->cfg, | |
2646 | HTP_DECODER_URL_PATH, | |
2647 | ConfValIsTrue(p->val)); | |
a8b971c7 VJ |
2648 | } else if (strcasecmp("uri-include-all", p->name) == 0) { |
2649 | cfg_prec->uri_include_all = ConfValIsTrue(p->val); | |
2650 | SCLogDebug("uri-include-all %s", | |
2651 | cfg_prec->uri_include_all ? "enabled" : "disabled"); | |
9a7353e1 VJ |
2652 | } else if (strcasecmp("query-plusspace-decode", p->name) == 0) { |
2653 | htp_config_set_plusspace_decode(cfg_prec->cfg, | |
2654 | HTP_DECODER_URLENCODED, | |
2655 | ConfValIsTrue(p->val)); | |
fb496791 VJ |
2656 | } else if (strcasecmp("meta-field-limit", p->name) == 0) { |
2657 | uint32_t limit = 0; | |
2658 | if (ParseSizeStringU32(p->val, &limit) < 0) { | |
2659 | SCLogError(SC_ERR_SIZE_PARSE, "Error meta-field-limit " | |
2660 | "from conf file - %s. Killing engine", p->val); | |
2661 | exit(EXIT_FAILURE); | |
2662 | } | |
2663 | if (limit == 0) { | |
6f7d8e50 | 2664 | FatalError(SC_ERR_FATAL, "Error meta-field-limit " |
fb496791 | 2665 | "from conf file cannot be 0. Killing engine"); |
fb496791 VJ |
2666 | } |
2667 | /* set default soft-limit with our new hard limit */ | |
2668 | htp_config_set_field_limits(cfg_prec->cfg, | |
2669 | (size_t)HTP_CONFIG_DEFAULT_FIELD_LIMIT_SOFT, | |
2670 | (size_t)limit); | |
c9c23d5c VJ |
2671 | #ifdef HAVE_HTP_CONFIG_SET_LZMA_MEMLIMIT |
2672 | } else if (strcasecmp("lzma-memlimit", p->name) == 0) { | |
2673 | uint32_t limit = 0; | |
2674 | if (ParseSizeStringU32(p->val, &limit) < 0) { | |
2675 | FatalError(SC_ERR_SIZE_PARSE, "failed to parse 'lzma-memlimit' " | |
2676 | "from conf file - %s.", p->val); | |
2677 | } | |
2678 | if (limit == 0) { | |
2679 | FatalError(SC_ERR_SIZE_PARSE, "'lzma-memlimit' " | |
2680 | "from conf file cannot be 0."); | |
2681 | } | |
2682 | /* set default soft-limit with our new hard limit */ | |
61a6eaf3 JI |
2683 | SCLogConfig("Setting HTTP LZMA memory limit to %"PRIu32" bytes", limit); |
2684 | htp_config_set_lzma_memlimit(cfg_prec->cfg, (size_t)limit); | |
c09ad018 | 2685 | #endif |
9b5c9233 | 2686 | #ifdef HAVE_HTP_CONFIG_SET_LZMA_LAYERS |
c09ad018 | 2687 | } else if (strcasecmp("lzma-enabled", p->name) == 0) { |
9b5c9233 PA |
2688 | if (ConfValIsTrue(p->val)) { |
2689 | htp_config_set_lzma_layers(cfg_prec->cfg, 1); | |
2690 | } else if (!ConfValIsFalse(p->val)) { | |
2691 | int8_t limit; | |
2692 | if (StringParseInt8(&limit, 10, 0, (const char *)p->val) < 0) { | |
2693 | FatalError(SC_ERR_SIZE_PARSE, | |
2694 | "failed to parse 'lzma-enabled' " | |
2695 | "from conf file - %s.", | |
2696 | p->val); | |
2697 | } | |
2698 | SCLogConfig("Setting HTTP LZMA decompression layers to %" PRIu32 "", (int)limit); | |
2699 | htp_config_set_lzma_layers(cfg_prec->cfg, limit); | |
c09ad018 | 2700 | } |
af4f8162 PA |
2701 | #endif |
2702 | #ifdef HAVE_HTP_CONFIG_SET_COMPRESSION_BOMB_LIMIT | |
2703 | } else if (strcasecmp("compression-bomb-limit", p->name) == 0) { | |
2704 | uint32_t limit = 0; | |
2705 | if (ParseSizeStringU32(p->val, &limit) < 0) { | |
2706 | FatalError(SC_ERR_SIZE_PARSE, "failed to parse 'compression-bomb-limit' " | |
2707 | "from conf file - %s.", p->val); | |
2708 | } | |
2709 | if (limit == 0) { | |
2710 | FatalError(SC_ERR_SIZE_PARSE, "'compression-bomb-limit' " | |
2711 | "from conf file cannot be 0."); | |
2712 | } | |
2713 | /* set default soft-limit with our new hard limit */ | |
2714 | SCLogConfig("Setting HTTP compression bomb limit to %"PRIu32" bytes", limit); | |
2715 | htp_config_set_compression_bomb_limit(cfg_prec->cfg, (size_t)limit); | |
a04b5566 PA |
2716 | #endif |
2717 | #ifdef HAVE_HTP_CONFIG_SET_COMPRESSION_TIME_LIMIT | |
2718 | } else if (strcasecmp("decompression-time-limit", p->name) == 0) { | |
2719 | uint32_t limit = 0; | |
2720 | // between 1 usec and 1 second | |
2721 | if (StringParseU32RangeCheck(&limit, 10, 0, p->val, 1, 1000000) < 0) { | |
2722 | FatalError(SC_ERR_SIZE_PARSE, | |
2723 | "failed to parse 'decompression-time-limit' " | |
2724 | "from conf file - %s.", | |
2725 | p->val); | |
2726 | } | |
2727 | SCLogConfig("Setting HTTP decompression time limit to %" PRIu32 " usec", limit); | |
2728 | htp_config_set_compression_time_limit(cfg_prec->cfg, (size_t)limit); | |
c9c23d5c | 2729 | #endif |
ff784075 | 2730 | } else if (strcasecmp("randomize-inspection-sizes", p->name) == 0) { |
c3b4dd5a VJ |
2731 | if (!g_disable_randomness) { |
2732 | cfg_prec->randomize = ConfValIsTrue(p->val); | |
2733 | } | |
ff784075 | 2734 | } else if (strcasecmp("randomize-inspection-range", p->name) == 0) { |
e7c0f0ad SB |
2735 | uint32_t range; |
2736 | if (StringParseU32RangeCheck(&range, 10, 0, | |
2737 | (const char *)p->val, 0, 100) < 0) { | |
2738 | SCLogError(SC_ERR_INVALID_VALUE, "Invalid value for randomize" | |
2739 | "-inspection-range setting from conf file - \"%s\"." | |
2740 | " It should be a valid integer less than or equal to 100." | |
ff784075 EL |
2741 | " Killing engine", |
2742 | p->val); | |
2743 | exit(EXIT_FAILURE); | |
2744 | } | |
2745 | cfg_prec->randomize_range = range; | |
a459376d GL |
2746 | } else if (strcasecmp("http-body-inline", p->name) == 0) { |
2747 | if (ConfValIsTrue(p->val)) { | |
2748 | cfg_prec->http_body_inline = 1; | |
2749 | } else if (ConfValIsFalse(p->val)) { | |
2750 | cfg_prec->http_body_inline = 0; | |
2751 | } else { | |
2752 | if (strcmp("auto", p->val) != 0) { | |
2753 | WarnInvalidConfEntry("http_body_inline", "%s", "auto"); | |
2754 | } | |
2755 | if (EngineModeIsIPS()) { | |
2756 | cfg_prec->http_body_inline = 1; | |
2757 | } else { | |
2758 | cfg_prec->http_body_inline = 0; | |
2759 | } | |
2760 | } | |
d0f92e2a GL |
2761 | } else if (strcasecmp("swf-decompression", p->name) == 0) { |
2762 | ConfNode *pval; | |
2763 | ||
2764 | TAILQ_FOREACH(pval, &p->head, next) { | |
2765 | if (strcasecmp("enabled", pval->name) == 0) { | |
2766 | if (ConfValIsTrue(pval->val)) { | |
2767 | cfg_prec->swf_decompression_enabled = 1; | |
2768 | } else if (ConfValIsFalse(pval->val)) { | |
2769 | cfg_prec->swf_decompression_enabled = 0; | |
2770 | } else { | |
2771 | WarnInvalidConfEntry("swf-decompression.enabled", "%s", "no"); | |
2772 | } | |
2773 | } else if (strcasecmp("type", pval->name) == 0) { | |
2774 | if (strcasecmp("no", pval->val) == 0) { | |
2775 | cfg_prec->swf_compression_type = HTTP_SWF_COMPRESSION_NONE; | |
2776 | } else if (strcasecmp("deflate", pval->val) == 0) { | |
2777 | cfg_prec->swf_compression_type = HTTP_SWF_COMPRESSION_ZLIB; | |
2778 | } else if (strcasecmp("lzma", pval->val) == 0) { | |
2779 | cfg_prec->swf_compression_type = HTTP_SWF_COMPRESSION_LZMA; | |
2780 | } else if (strcasecmp("both", pval->val) == 0) { | |
2781 | cfg_prec->swf_compression_type = HTTP_SWF_COMPRESSION_BOTH; | |
2782 | } else { | |
2783 | SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, | |
2784 | "Invalid entry for " | |
2785 | "swf-decompression.type: %s - " | |
2786 | "Killing engine", pval->val); | |
2787 | exit(EXIT_FAILURE); | |
2788 | } | |
2789 | } else if (strcasecmp("compress-depth", pval->name) == 0) { | |
2790 | if (ParseSizeStringU32(pval->val, &cfg_prec->swf_compress_depth) < 0) { | |
2791 | SCLogError(SC_ERR_SIZE_PARSE, | |
2792 | "Error parsing swf-decompression.compression-depth " | |
2793 | "from conf file - %s. Killing engine", p->val); | |
2794 | exit(EXIT_FAILURE); | |
2795 | } | |
2796 | } else if (strcasecmp("decompress-depth", pval->name) == 0) { | |
2797 | if (ParseSizeStringU32(pval->val, &cfg_prec->swf_decompress_depth) < 0) { | |
2798 | SCLogError(SC_ERR_SIZE_PARSE, | |
2799 | "Error parsing swf-decompression.decompression-depth " | |
2800 | "from conf file - %s. Killing engine", p->val); | |
2801 | exit(EXIT_FAILURE); | |
2802 | } | |
2803 | } else { | |
2804 | SCLogWarning(SC_ERR_UNKNOWN_VALUE, "Ignoring unknown param %s", pval->name); | |
2805 | } | |
2806 | } | |
340542c4 AS |
2807 | } else { |
2808 | SCLogWarning(SC_ERR_UNKNOWN_VALUE, "LIBHTP Ignoring unknown " | |
2809 | "default config: %s", p->name); | |
a9cdd2bb | 2810 | } |
340542c4 AS |
2811 | } /* TAILQ_FOREACH(p, &default_config->head, next) */ |
2812 | ||
2813 | return; | |
2814 | } | |
2815 | ||
ab4b15c2 | 2816 | void HTPConfigure(void) |
340542c4 AS |
2817 | { |
2818 | SCEnter(); | |
2819 | ||
2820 | cfglist.next = NULL; | |
2821 | ||
2822 | cfgtree = SCRadixCreateRadixTree(NULL, NULL); | |
2823 | if (NULL == cfgtree) | |
2824 | exit(EXIT_FAILURE); | |
2825 | ||
2826 | /* Default Config */ | |
2827 | cfglist.cfg = htp_config_create(); | |
2828 | if (NULL == cfglist.cfg) { | |
6f7d8e50 | 2829 | FatalError(SC_ERR_FATAL, "Failed to create HTP default config"); |
a9cdd2bb | 2830 | } |
340542c4 | 2831 | SCLogDebug("LIBHTP default config: %p", cfglist.cfg); |
48cf0585 | 2832 | HTPConfigSetDefaultsPhase1(&cfglist); |
ddde572f AS |
2833 | if (ConfGetNode("app-layer.protocols.http.libhtp") == NULL) { |
2834 | HTPConfigParseParameters(&cfglist, ConfGetNode("libhtp.default-config"), | |
2835 | cfgtree); | |
2836 | } else { | |
2837 | HTPConfigParseParameters(&cfglist, ConfGetNode("app-layer.protocols.http.libhtp.default-config"), cfgtree); | |
2838 | } | |
72954067 | 2839 | HTPConfigSetDefaultsPhase2("default", &cfglist); |
a9cdd2bb | 2840 | |
ced01da8 EL |
2841 | HTPParseMemcap(); |
2842 | ||
a9cdd2bb | 2843 | /* Read server config and create a parser for each IP in radix tree */ |
ddde572f AS |
2844 | ConfNode *server_config = ConfGetNode("app-layer.protocols.http.libhtp.server-config"); |
2845 | if (server_config == NULL) { | |
2846 | server_config = ConfGetNode("libhtp.server-config"); | |
2847 | if (server_config == NULL) { | |
2848 | SCLogDebug("LIBHTP Configuring %p", server_config); | |
2849 | SCReturn; | |
2850 | } | |
2851 | } | |
a9cdd2bb | 2852 | SCLogDebug("LIBHTP Configuring %p", server_config); |
a9cdd2bb | 2853 | |
340542c4 AS |
2854 | ConfNode *si; |
2855 | /* Server Nodes */ | |
2856 | TAILQ_FOREACH(si, &server_config->head, next) { | |
2857 | /* Need the named node, not the index */ | |
2858 | ConfNode *s = TAILQ_FIRST(&si->head); | |
2859 | if (NULL == s) { | |
2860 | SCLogDebug("LIBHTP s NULL"); | |
2861 | continue; | |
2862 | } | |
a9cdd2bb | 2863 | |
340542c4 | 2864 | SCLogDebug("LIBHTP server %s", s->name); |
a9cdd2bb | 2865 | |
340542c4 | 2866 | HTPCfgRec *nextrec = cfglist.next; |
28c5c681 | 2867 | HTPCfgRec *htprec = SCMalloc(sizeof(HTPCfgRec)); |
340542c4 AS |
2868 | if (NULL == htprec) |
2869 | exit(EXIT_FAILURE); | |
a8b971c7 VJ |
2870 | memset(htprec, 0x00, sizeof(*htprec)); |
2871 | ||
28c5c681 EL |
2872 | cfglist.next = htprec; |
2873 | ||
340542c4 AS |
2874 | cfglist.next->next = nextrec; |
2875 | cfglist.next->cfg = htp_config_create(); | |
2876 | if (NULL == cfglist.next->cfg) { | |
6f7d8e50 | 2877 | FatalError(SC_ERR_FATAL, "Failed to create HTP server config"); |
340542c4 | 2878 | } |
bde55578 | 2879 | |
48cf0585 | 2880 | HTPConfigSetDefaultsPhase1(htprec); |
340542c4 | 2881 | HTPConfigParseParameters(htprec, s, cfgtree); |
72954067 | 2882 | HTPConfigSetDefaultsPhase2(s->name, htprec); |
a9cdd2bb BR |
2883 | } |
2884 | ||
2885 | SCReturn; | |
2886 | } | |
2887 | ||
8f1d7503 KS |
2888 | void AppLayerHtpPrintStats(void) |
2889 | { | |
6fca55e0 VJ |
2890 | #ifdef DEBUG |
2891 | SCMutexLock(&htp_state_mem_lock); | |
b3bf7a57 | 2892 | SCLogPerf("htp memory %"PRIu64" (%"PRIu64")", htp_state_memuse, htp_state_memcnt); |
6fca55e0 VJ |
2893 | SCMutexUnlock(&htp_state_mem_lock); |
2894 | #endif | |
2895 | } | |
2896 | ||
d59ca75e VJ |
2897 | /** \internal |
2898 | * \brief get files callback | |
2899 | * \param state state ptr | |
2900 | * \param direction flow direction | |
2901 | * \retval files files ptr | |
2902 | */ | |
8f1d7503 KS |
2903 | static FileContainer *HTPStateGetFiles(void *state, uint8_t direction) |
2904 | { | |
e1022ee5 VJ |
2905 | if (state == NULL) |
2906 | return NULL; | |
2907 | ||
2908 | HtpState *http_state = (HtpState *)state; | |
d59ca75e VJ |
2909 | |
2910 | if (direction & STREAM_TOCLIENT) { | |
2911 | SCReturnPtr(http_state->files_tc, "FileContainer"); | |
2912 | } else { | |
2913 | SCReturnPtr(http_state->files_ts, "FileContainer"); | |
2914 | } | |
e1022ee5 VJ |
2915 | } |
2916 | ||
d4d18e31 AS |
2917 | static int HTPStateGetAlstateProgress(void *tx, uint8_t direction) |
2918 | { | |
429c6388 | 2919 | if (direction & STREAM_TOSERVER) |
080c15b3 VJ |
2920 | return ((htp_tx_t *)tx)->request_progress; |
2921 | else | |
2922 | return ((htp_tx_t *)tx)->response_progress; | |
d4d18e31 AS |
2923 | } |
2924 | ||
2925 | static uint64_t HTPStateGetTxCnt(void *alstate) | |
2926 | { | |
896b6145 VJ |
2927 | HtpState *http_state = (HtpState *)alstate; |
2928 | ||
6f339abd | 2929 | if (http_state != NULL && http_state->conn != NULL) { |
e07a4393 VJ |
2930 | const int64_t size = (int64_t)htp_list_size(http_state->conn->transactions); |
2931 | if (size < 0) | |
2932 | return 0ULL; | |
6f339abd | 2933 | SCLogDebug("size %"PRIu64, size); |
e07a4393 | 2934 | return (uint64_t)size; |
6f339abd | 2935 | } else { |
896b6145 | 2936 | return 0ULL; |
6f339abd | 2937 | } |
d4d18e31 AS |
2938 | } |
2939 | ||
2940 | static void *HTPStateGetTx(void *alstate, uint64_t tx_id) | |
2941 | { | |
896b6145 VJ |
2942 | HtpState *http_state = (HtpState *)alstate; |
2943 | ||
2944 | if (http_state != NULL && http_state->conn != NULL) | |
2945 | return htp_list_get(http_state->conn->transactions, tx_id); | |
2946 | else | |
2947 | return NULL; | |
d4d18e31 AS |
2948 | } |
2949 | ||
7011bddf PA |
2950 | void *HtpGetTxForH2(void *alstate) |
2951 | { | |
2952 | // gets last transaction | |
2953 | HtpState *http_state = (HtpState *)alstate; | |
2954 | if (http_state != NULL && http_state->conn != NULL) { | |
2955 | size_t txid = htp_list_array_size(http_state->conn->transactions); | |
2956 | if (txid > 0) { | |
2957 | return htp_list_get(http_state->conn->transactions, txid - 1); | |
2958 | } | |
2959 | } | |
2960 | return NULL; | |
2961 | } | |
2962 | ||
ab1200fb | 2963 | static int HTPStateGetEventInfo(const char *event_name, |
5e2d9dbd AS |
2964 | int *event_id, AppLayerEventType *event_type) |
2965 | { | |
2966 | *event_id = SCMapEnumNameToValue(event_name, http_decoder_event_table); | |
2967 | if (*event_id == -1) { | |
2968 | SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in " | |
2969 | "http's enum map table.", event_name); | |
2970 | /* this should be treated as fatal */ | |
2971 | return -1; | |
2972 | } | |
2973 | ||
3f5acc54 | 2974 | *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; |
5e2d9dbd AS |
2975 | |
2976 | return 0; | |
2977 | } | |
2978 | ||
f7b934f8 JL |
2979 | static int HTPStateGetEventInfoById(int event_id, const char **event_name, |
2980 | AppLayerEventType *event_type) | |
2981 | { | |
2982 | *event_name = SCMapEnumValueToName(event_id, http_decoder_event_table); | |
2983 | if (*event_name == NULL) { | |
2984 | SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in " | |
2985 | "http's enum map table.", event_id); | |
2986 | /* this should be treated as fatal */ | |
2987 | return -1; | |
2988 | } | |
2989 | ||
2990 | *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; | |
2991 | ||
2992 | return 0; | |
2993 | } | |
2994 | ||
429c6388 AS |
2995 | static void HTPStateTruncate(void *state, uint8_t direction) |
2996 | { | |
2997 | FileContainer *fc = HTPStateGetFiles(state, direction); | |
869109a6 VJ |
2998 | if (fc != NULL) { |
2999 | FileTruncateAllOpenFiles(fc); | |
3000 | } | |
3001 | } | |
3002 | ||
910922cd | 3003 | static AppLayerTxData *HTPGetTxData(void *vtx) |
a0fad6bb VJ |
3004 | { |
3005 | htp_tx_t *tx = (htp_tx_t *)vtx; | |
3006 | HtpTxUserData *tx_ud = htp_tx_get_user_data(tx); | |
00b0a41b | 3007 | if (tx_ud) { |
910922cd | 3008 | return &tx_ud->tx_data; |
a0fad6bb | 3009 | } |
910922cd | 3010 | return NULL; |
a0fad6bb VJ |
3011 | } |
3012 | ||
429c6388 AS |
3013 | static int HTPRegisterPatternsForProtocolDetection(void) |
3014 | { | |
ab1200fb | 3015 | const char *methods[] = { "GET", "PUT", "POST", "HEAD", "TRACE", "OPTIONS", |
3b26b079 | 3016 | "CONNECT", "DELETE", "PATCH", "PROPFIND", "PROPPATCH", "MKCOL", |
e7658fd4 | 3017 | "COPY", "MOVE", "LOCK", "UNLOCK", "CHECKOUT", "UNCHECKOUT", "CHECKIN", |
3018 | "UPDATE", "LABEL", "REPORT", "MKWORKSPACE", "MKACTIVITY", "MERGE", | |
3019 | "INVALID", "VERSION-CONTROL", "BASELINE-CONTROL", NULL}; | |
ab1200fb VJ |
3020 | const char *spacings[] = { "|20|", "|09|", NULL }; |
3021 | const char *versions[] = { "HTTP/0.9", "HTTP/1.0", "HTTP/1.1", NULL }; | |
3b26b079 | 3022 | |
ec964ebf VJ |
3023 | int methods_pos; |
3024 | int spacings_pos; | |
3025 | int versions_pos; | |
3b26b079 | 3026 | int register_result; |
3027 | char method_buffer[32] = ""; | |
3028 | ||
e7658fd4 | 3029 | /* Loop through all the methods ands spacings and register the patterns */ |
3b26b079 | 3030 | for (methods_pos = 0; methods[methods_pos]; methods_pos++) { |
3031 | for (spacings_pos = 0; spacings[spacings_pos]; spacings_pos++) { | |
3032 | ||
e7658fd4 | 3033 | /* Combine the method name and the spacing */ |
3b26b079 | 3034 | snprintf(method_buffer, sizeof(method_buffer), "%s%s", methods[methods_pos], spacings[spacings_pos]); |
3035 | ||
e7658fd4 | 3036 | /* Register the new method+spacing pattern |
3037 | * 3 is subtracted from the length since the spacing is hex typed as |xx| | |
3038 | * but the pattern matching should only be one char | |
3039 | */ | |
707f0272 PA |
3040 | register_result = AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_HTTP1, |
3041 | method_buffer, strlen(method_buffer) - 3, 0, STREAM_TOSERVER); | |
3b26b079 | 3042 | if (register_result < 0) { |
3043 | return -1; | |
3044 | } | |
3045 | } | |
7a9e9636 | 3046 | } |
3047 | ||
e7658fd4 | 3048 | /* Loop through all the http verions patterns that are TO_CLIENT */ |
3b26b079 | 3049 | for (versions_pos = 0; versions[versions_pos]; versions_pos++) { |
707f0272 PA |
3050 | register_result = AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_HTTP1, |
3051 | versions[versions_pos], strlen(versions[versions_pos]), 0, STREAM_TOCLIENT); | |
3b26b079 | 3052 | if (register_result < 0) { |
3053 | return -1; | |
3054 | } | |
429c6388 | 3055 | } |
ec964ebf | 3056 | |
429c6388 AS |
3057 | return 0; |
3058 | } | |
3059 | ||
07f7ba55 GS |
3060 | /** |
3061 | * \brief Register the HTTP protocol and state handling functions to APP layer | |
3062 | * of the engine. | |
3063 | */ | |
3064 | void RegisterHTPParsers(void) | |
3065 | { | |
a9cdd2bb | 3066 | SCEnter(); |
000ce98c | 3067 | |
ab1200fb | 3068 | const char *proto_name = "http"; |
10966245 | 3069 | |
000ce98c | 3070 | /** HTTP */ |
429c6388 | 3071 | if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) { |
707f0272 | 3072 | AppLayerProtoDetectRegisterProtocol(ALPROTO_HTTP1, proto_name); |
429c6388 AS |
3073 | if (HTPRegisterPatternsForProtocolDetection() < 0) |
3074 | return; | |
ddde572f AS |
3075 | } else { |
3076 | SCLogInfo("Protocol detection and parser disabled for %s protocol", | |
3077 | proto_name); | |
3078 | return; | |
3079 | } | |
3080 | ||
429c6388 | 3081 | if (AppLayerParserConfParserEnabled("tcp", proto_name)) { |
707f0272 PA |
3082 | AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateAlloc, HTPStateFree); |
3083 | AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateTransactionFree); | |
3084 | AppLayerParserRegisterGetFilesFunc(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetFiles); | |
3085 | AppLayerParserRegisterGetStateProgressFunc( | |
3086 | IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetAlstateProgress); | |
3087 | AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetTxCnt); | |
3088 | AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetTx); | |
efc9a7a3 VJ |
3089 | |
3090 | AppLayerParserRegisterStateProgressCompletionStatus( | |
707f0272 PA |
3091 | ALPROTO_HTTP1, HTP_REQUEST_COMPLETE, HTP_RESPONSE_COMPLETE); |
3092 | AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_HTTP1, HTPGetEvents); | |
3093 | AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetEventInfo); | |
3094 | AppLayerParserRegisterGetEventInfoById( | |
3095 | IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetEventInfoById); | |
3096 | ||
3097 | AppLayerParserRegisterTruncateFunc(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateTruncate); | |
707f0272 PA |
3098 | AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_HTTP1, HTPGetTxData); |
3099 | ||
3100 | AppLayerParserRegisterSetStreamDepthFlag( | |
3101 | IPPROTO_TCP, ALPROTO_HTTP1, AppLayerHtpSetStreamDepthFlag); | |
3102 | ||
3103 | AppLayerParserRegisterParser( | |
3104 | IPPROTO_TCP, ALPROTO_HTTP1, STREAM_TOSERVER, HTPHandleRequestData); | |
3105 | AppLayerParserRegisterParser( | |
3106 | IPPROTO_TCP, ALPROTO_HTTP1, STREAM_TOCLIENT, HTPHandleResponseData); | |
ddde572f | 3107 | SC_ATOMIC_INIT(htp_config_flags); |
d509a780 PA |
3108 | /* This parser accepts gaps. */ |
3109 | AppLayerParserRegisterOptionFlags( | |
707f0272 PA |
3110 | IPPROTO_TCP, ALPROTO_HTTP1, APP_LAYER_PARSER_OPT_ACCEPT_GAPS); |
3111 | AppLayerParserRegisterParserAcceptableDataDirection( | |
3112 | IPPROTO_TCP, ALPROTO_HTTP1, STREAM_TOSERVER | STREAM_TOCLIENT); | |
ddde572f AS |
3113 | HTPConfigure(); |
3114 | } else { | |
3115 | SCLogInfo("Parsed disabled for %s protocol. Protocol detection" | |
3116 | "still on.", proto_name); | |
3117 | } | |
9faa4b74 | 3118 | #ifdef UNITTESTS |
707f0272 | 3119 | AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_HTTP1, HTPParserRegisterTests); |
9faa4b74 | 3120 | #endif |
07f7ba55 | 3121 | |
a9cdd2bb | 3122 | SCReturn; |
07f7ba55 GS |
3123 | } |
3124 | ||
c352bff6 | 3125 | #ifdef UNITTESTS |
99fca038 VJ |
3126 | static HTPCfgRec cfglist_backup; |
3127 | ||
ab4b15c2 | 3128 | void HtpConfigCreateBackup(void) |
99fca038 | 3129 | { |
dcdcbd97 | 3130 | cfglist_backup = cfglist; |
99fca038 VJ |
3131 | |
3132 | return; | |
3133 | } | |
3134 | ||
ab4b15c2 | 3135 | void HtpConfigRestoreBackup(void) |
99fca038 | 3136 | { |
dcdcbd97 | 3137 | cfglist = cfglist_backup; |
99fca038 VJ |
3138 | |
3139 | return; | |
3140 | } | |
a9cdd2bb | 3141 | |
07f7ba55 GS |
3142 | /** \test Test case where chunks are sent in smaller chunks and check the |
3143 | * response of the parser from HTP library. */ | |
ab1200fb | 3144 | static int HTPParserTest01(void) |
8f1d7503 | 3145 | { |
fc2f7f29 | 3146 | uint8_t httpbuf1[] = "POST / HTTP/1.0\r\nUser-Agent: Victor/1.0\r\n\r\nPost" |
07f7ba55 GS |
3147 | " Data is c0oL!"; |
3148 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
262a7300 | 3149 | |
953dceec | 3150 | TcpSession ssn; |
07f7ba55 | 3151 | memset(&ssn, 0, sizeof(ssn)); |
262a7300 | 3152 | |
953dceec VJ |
3153 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
3154 | FAIL_IF_NULL(alp_tctx); | |
3155 | ||
3156 | Flow *f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
3157 | FAIL_IF_NULL(f); | |
262a7300 | 3158 | f->protoctx = &ssn; |
429c6388 | 3159 | f->proto = IPPROTO_TCP; |
707f0272 | 3160 | f->alproto = ALPROTO_HTTP1; |
07f7ba55 | 3161 | |
1eeb9669 | 3162 | StreamTcpInitConfig(true); |
6a53ab9c | 3163 | |
07f7ba55 GS |
3164 | uint32_t u; |
3165 | for (u = 0; u < httplen1; u++) { | |
3166 | uint8_t flags = 0; | |
3167 | ||
59cda9a3 VJ |
3168 | if (u == 0) |
3169 | flags = STREAM_TOSERVER|STREAM_START; | |
3170 | else if (u == (httplen1 - 1)) | |
3171 | flags = STREAM_TOSERVER|STREAM_EOF; | |
3172 | else | |
3173 | flags = STREAM_TOSERVER; | |
07f7ba55 | 3174 | |
707f0272 | 3175 | int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
953dceec | 3176 | FAIL_IF(r != 0); |
07f7ba55 GS |
3177 | } |
3178 | ||
953dceec VJ |
3179 | HtpState *htp_state = f->alstate; |
3180 | FAIL_IF_NULL(htp_state); | |
07f7ba55 | 3181 | |
d4d18e31 | 3182 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); |
953dceec VJ |
3183 | FAIL_IF_NULL(tx); |
3184 | ||
48cf0585 | 3185 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); |
953dceec | 3186 | FAIL_IF_NULL(h); |
07f7ba55 | 3187 | |
953dceec VJ |
3188 | FAIL_IF(strcmp(bstr_util_strdup_to_c(h->value), "Victor/1.0")); |
3189 | FAIL_IF(tx->request_method_number != HTP_M_POST); | |
3190 | FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_0); | |
3191 | ||
3192 | AppLayerParserThreadCtxFree(alp_tctx); | |
1eeb9669 | 3193 | StreamTcpFreeConfig(true); |
262a7300 | 3194 | UTHFreeFlow(f); |
953dceec | 3195 | PASS; |
07f7ba55 GS |
3196 | } |
3197 | ||
08af5ddd VJ |
3198 | /** \test Test folding in 1 read case */ |
3199 | static int HTPParserTest01b(void) | |
3200 | { | |
3201 | uint8_t httpbuf1[] = "POST / HTTP/1.0\r\nUser-Agent:\r\n Victor/1.0\r\n\r\nPost" | |
3202 | " Data is c0oL!"; | |
3203 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
3204 | ||
3205 | TcpSession ssn; | |
3206 | memset(&ssn, 0, sizeof(ssn)); | |
3207 | ||
3208 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); | |
3209 | FAIL_IF_NULL(alp_tctx); | |
3210 | ||
3211 | Flow *f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
3212 | FAIL_IF_NULL(f); | |
3213 | f->protoctx = &ssn; | |
3214 | f->proto = IPPROTO_TCP; | |
707f0272 | 3215 | f->alproto = ALPROTO_HTTP1; |
08af5ddd | 3216 | |
1eeb9669 | 3217 | StreamTcpInitConfig(true); |
08af5ddd VJ |
3218 | |
3219 | uint8_t flags =STREAM_TOSERVER|STREAM_START|STREAM_EOF; | |
707f0272 | 3220 | int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, httpbuf1, httplen1); |
08af5ddd VJ |
3221 | FAIL_IF(r != 0); |
3222 | ||
3223 | HtpState *htp_state = f->alstate; | |
3224 | FAIL_IF_NULL(htp_state); | |
3225 | ||
3226 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); | |
3227 | FAIL_IF_NULL(tx); | |
3228 | ||
3229 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); | |
3230 | FAIL_IF_NULL(h); | |
3231 | ||
3232 | FAIL_IF(strcmp(bstr_util_strdup_to_c(h->value), "Victor/1.0")); | |
3233 | FAIL_IF(tx->request_method_number != HTP_M_POST); | |
3234 | FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_0); | |
3235 | ||
3236 | AppLayerParserThreadCtxFree(alp_tctx); | |
1eeb9669 | 3237 | StreamTcpFreeConfig(true); |
08af5ddd VJ |
3238 | UTHFreeFlow(f); |
3239 | PASS; | |
3240 | } | |
3241 | ||
3242 | /** \test Test folding in 1byte per read case */ | |
3243 | static int HTPParserTest01c(void) | |
3244 | { | |
3245 | uint8_t httpbuf1[] = "POST / HTTP/1.0\r\nUser-Agent:\r\n Victor/1.0\r\n\r\nPost" | |
3246 | " Data is c0oL!"; | |
3247 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
3248 | ||
3249 | TcpSession ssn; | |
3250 | memset(&ssn, 0, sizeof(ssn)); | |
3251 | ||
3252 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); | |
3253 | FAIL_IF_NULL(alp_tctx); | |
3254 | ||
3255 | Flow *f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
3256 | FAIL_IF_NULL(f); | |
3257 | f->protoctx = &ssn; | |
3258 | f->proto = IPPROTO_TCP; | |
707f0272 | 3259 | f->alproto = ALPROTO_HTTP1; |
08af5ddd | 3260 | |
1eeb9669 | 3261 | StreamTcpInitConfig(true); |
08af5ddd VJ |
3262 | |
3263 | uint32_t u; | |
3264 | for (u = 0; u < httplen1; u++) { | |
3265 | uint8_t flags = 0; | |
3266 | ||
3267 | if (u == 0) | |
3268 | flags = STREAM_TOSERVER|STREAM_START; | |
3269 | else if (u == (httplen1 - 1)) | |
3270 | flags = STREAM_TOSERVER|STREAM_EOF; | |
3271 | else | |
3272 | flags = STREAM_TOSERVER; | |
3273 | ||
707f0272 | 3274 | int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
08af5ddd VJ |
3275 | FAIL_IF(r != 0); |
3276 | } | |
3277 | ||
3278 | HtpState *htp_state = f->alstate; | |
3279 | FAIL_IF_NULL(htp_state); | |
3280 | ||
3281 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); | |
3282 | FAIL_IF_NULL(tx); | |
3283 | ||
3284 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); | |
3285 | FAIL_IF_NULL(h); | |
3286 | ||
3287 | FAIL_IF(strcmp(bstr_util_strdup_to_c(h->value), "Victor/1.0")); | |
3288 | FAIL_IF(tx->request_method_number != HTP_M_POST); | |
3289 | FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_0); | |
3290 | ||
3291 | AppLayerParserThreadCtxFree(alp_tctx); | |
1eeb9669 | 3292 | StreamTcpFreeConfig(true); |
08af5ddd VJ |
3293 | UTHFreeFlow(f); |
3294 | PASS; | |
3295 | } | |
3296 | ||
52195a41 VJ |
3297 | /** \test Test case where chunks are sent in smaller chunks and check the |
3298 | * response of the parser from HTP library. */ | |
3299 | static int HTPParserTest01a(void) | |
3300 | { | |
e86e27ba | 3301 | int result = 0; |
52195a41 VJ |
3302 | Flow *f = NULL; |
3303 | uint8_t httpbuf1[] = " POST / HTTP/1.0\r\nUser-Agent: Victor/1.0\r\n\r\nPost" | |
3304 | " Data is c0oL!"; | |
3305 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
3306 | TcpSession ssn; | |
3307 | HtpState *htp_state = NULL; | |
3308 | int r = 0; | |
3309 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); | |
3310 | ||
3311 | memset(&ssn, 0, sizeof(ssn)); | |
3312 | ||
3313 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
3314 | if (f == NULL) | |
3315 | goto end; | |
3316 | f->protoctx = &ssn; | |
3317 | f->proto = IPPROTO_TCP; | |
707f0272 | 3318 | f->alproto = ALPROTO_HTTP1; |
52195a41 | 3319 | |
1eeb9669 | 3320 | StreamTcpInitConfig(true); |
52195a41 VJ |
3321 | |
3322 | uint32_t u; | |
3323 | for (u = 0; u < httplen1; u++) { | |
3324 | uint8_t flags = 0; | |
3325 | ||
3326 | if (u == 0) | |
3327 | flags = STREAM_TOSERVER|STREAM_START; | |
3328 | else if (u == (httplen1 - 1)) | |
3329 | flags = STREAM_TOSERVER|STREAM_EOF; | |
3330 | else | |
3331 | flags = STREAM_TOSERVER; | |
3332 | ||
6530c3d0 | 3333 | FLOWLOCK_WRLOCK(f); |
707f0272 | 3334 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
52195a41 VJ |
3335 | if (r != 0) { |
3336 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
3337 | " 0: ", u, r); | |
6530c3d0 | 3338 | FLOWLOCK_UNLOCK(f); |
52195a41 VJ |
3339 | goto end; |
3340 | } | |
6530c3d0 | 3341 | FLOWLOCK_UNLOCK(f); |
52195a41 VJ |
3342 | } |
3343 | ||
3344 | htp_state = f->alstate; | |
3345 | if (htp_state == NULL) { | |
3346 | printf("no http state: "); | |
52195a41 VJ |
3347 | goto end; |
3348 | } | |
3349 | ||
3350 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); | |
3351 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); | |
3352 | if (strcmp(bstr_util_strdup_to_c(h->value), "Victor/1.0") | |
3353 | || tx->request_method_number != HTP_M_POST || | |
3354 | tx->request_protocol_number != HTP_PROTOCOL_1_0) | |
3355 | { | |
3356 | printf("expected header value: Victor/1.0 and got %s: and expected" | |
3357 | " method: POST and got %s, expected protocol number HTTP/1.0" | |
3358 | " and got: %s \n", bstr_util_strdup_to_c(h->value), | |
3359 | bstr_util_strdup_to_c(tx->request_method), | |
3360 | bstr_util_strdup_to_c(tx->request_protocol)); | |
52195a41 VJ |
3361 | goto end; |
3362 | } | |
e86e27ba | 3363 | result = 1; |
52195a41 VJ |
3364 | end: |
3365 | if (alp_tctx != NULL) | |
3366 | AppLayerParserThreadCtxFree(alp_tctx); | |
1eeb9669 | 3367 | StreamTcpFreeConfig(true); |
52195a41 VJ |
3368 | UTHFreeFlow(f); |
3369 | return result; | |
3370 | } | |
3371 | ||
2d6cf71d | 3372 | /** \test See how it deals with an incomplete request. */ |
ab1200fb | 3373 | static int HTPParserTest02(void) |
8f1d7503 | 3374 | { |
e86e27ba | 3375 | int result = 0; |
262a7300 | 3376 | Flow *f = NULL; |
2d6cf71d GS |
3377 | uint8_t httpbuf1[] = "POST"; |
3378 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
3379 | TcpSession ssn; | |
25a3a5c6 | 3380 | HtpState *http_state = NULL; |
8dbf7a0d | 3381 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
2d6cf71d | 3382 | |
2d6cf71d | 3383 | memset(&ssn, 0, sizeof(ssn)); |
262a7300 VJ |
3384 | |
3385 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
3386 | if (f == NULL) | |
3387 | goto end; | |
3388 | f->protoctx = &ssn; | |
429c6388 | 3389 | f->proto = IPPROTO_TCP; |
707f0272 | 3390 | f->alproto = ALPROTO_HTTP1; |
2d6cf71d | 3391 | |
1eeb9669 | 3392 | StreamTcpInitConfig(true); |
6a53ab9c | 3393 | |
6530c3d0 | 3394 | FLOWLOCK_WRLOCK(f); |
707f0272 PA |
3395 | int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, |
3396 | STREAM_TOSERVER | STREAM_START | STREAM_EOF, httpbuf1, httplen1); | |
2d6cf71d GS |
3397 | if (r != 0) { |
3398 | printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); | |
6530c3d0 | 3399 | FLOWLOCK_UNLOCK(f); |
2d6cf71d GS |
3400 | goto end; |
3401 | } | |
6530c3d0 | 3402 | FLOWLOCK_UNLOCK(f); |
2d6cf71d | 3403 | |
262a7300 | 3404 | http_state = f->alstate; |
2d6cf71d GS |
3405 | if (http_state == NULL) { |
3406 | printf("no http state: "); | |
2d6cf71d GS |
3407 | goto end; |
3408 | } | |
3409 | ||
d4d18e31 | 3410 | htp_tx_t *tx = HTPStateGetTx(http_state, 0); |
032f31b7 | 3411 | FAIL_IF_NULL(tx); |
48cf0585 | 3412 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); |
032f31b7 VJ |
3413 | FAIL_IF_NOT_NULL(h); |
3414 | ||
3415 | FAIL_IF_NULL(tx->request_method); | |
3416 | char *method = bstr_util_strdup_to_c(tx->request_method); | |
3417 | FAIL_IF_NULL(method); | |
3418 | ||
3419 | FAIL_IF(strcmp(method, "POST") != 0); | |
3420 | SCFree(method); | |
3421 | ||
e86e27ba | 3422 | result = 1; |
2d6cf71d | 3423 | end: |
429c6388 | 3424 | if (alp_tctx != NULL) |
fdefb65b | 3425 | AppLayerParserThreadCtxFree(alp_tctx); |
1eeb9669 | 3426 | StreamTcpFreeConfig(true); |
262a7300 | 3427 | UTHFreeFlow(f); |
2d6cf71d GS |
3428 | return result; |
3429 | } | |
3430 | ||
3431 | /** \test Test case where method is invalid and data is sent in smaller chunks | |
3432 | * and check the response of the parser from HTP library. */ | |
ab1200fb | 3433 | static int HTPParserTest03(void) |
8f1d7503 | 3434 | { |
e86e27ba | 3435 | int result = 0; |
262a7300 | 3436 | Flow *f = NULL; |
2d6cf71d GS |
3437 | uint8_t httpbuf1[] = "HELLO / HTTP/1.0\r\n"; |
3438 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
3439 | TcpSession ssn; | |
25a3a5c6 | 3440 | HtpState *htp_state = NULL; |
2d6cf71d | 3441 | int r = 0; |
8dbf7a0d | 3442 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
429c6388 | 3443 | |
2d6cf71d | 3444 | memset(&ssn, 0, sizeof(ssn)); |
262a7300 VJ |
3445 | |
3446 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
3447 | if (f == NULL) | |
3448 | goto end; | |
3449 | f->protoctx = &ssn; | |
429c6388 | 3450 | f->proto = IPPROTO_TCP; |
707f0272 | 3451 | f->alproto = ALPROTO_HTTP1; |
2d6cf71d | 3452 | |
1eeb9669 | 3453 | StreamTcpInitConfig(true); |
6a53ab9c | 3454 | |
2d6cf71d GS |
3455 | uint32_t u; |
3456 | for (u = 0; u < httplen1; u++) { | |
3457 | uint8_t flags = 0; | |
3458 | ||
3459 | if (u == 0) flags = STREAM_TOSERVER|STREAM_START; | |
3460 | else if (u == (httplen1 - 1)) flags = STREAM_TOSERVER|STREAM_EOF; | |
3461 | else flags = STREAM_TOSERVER; | |
3462 | ||
6530c3d0 | 3463 | FLOWLOCK_WRLOCK(f); |
707f0272 | 3464 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
2d6cf71d GS |
3465 | if (r != 0) { |
3466 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
3467 | " 0: ", u, r); | |
6530c3d0 | 3468 | FLOWLOCK_UNLOCK(f); |
2d6cf71d GS |
3469 | goto end; |
3470 | } | |
6530c3d0 | 3471 | FLOWLOCK_UNLOCK(f); |
2d6cf71d | 3472 | } |
262a7300 | 3473 | htp_state = f->alstate; |
2d6cf71d GS |
3474 | if (htp_state == NULL) { |
3475 | printf("no http state: "); | |
2d6cf71d GS |
3476 | goto end; |
3477 | } | |
3478 | ||
d4d18e31 | 3479 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); |
2d6cf71d | 3480 | |
48cf0585 AS |
3481 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); |
3482 | if (tx->request_method_number != HTP_M_UNKNOWN || | |
3483 | h != NULL || tx->request_protocol_number != HTP_PROTOCOL_1_0) | |
2d6cf71d GS |
3484 | { |
3485 | printf("expected method M_UNKNOWN and got %s: , expected protocol " | |
48cf0585 AS |
3486 | "HTTP/1.0 and got %s \n", bstr_util_strdup_to_c(tx->request_method), |
3487 | bstr_util_strdup_to_c(tx->request_protocol)); | |
2d6cf71d GS |
3488 | goto end; |
3489 | } | |
e86e27ba | 3490 | result = 1; |
2d6cf71d | 3491 | end: |
429c6388 | 3492 | if (alp_tctx != NULL) |
fdefb65b | 3493 | AppLayerParserThreadCtxFree(alp_tctx); |
1eeb9669 | 3494 | StreamTcpFreeConfig(true); |
262a7300 | 3495 | UTHFreeFlow(f); |
2d6cf71d GS |
3496 | return result; |
3497 | } | |
3498 | ||
3499 | /** \test Test case where invalid data is sent and check the response of the | |
3500 | * parser from HTP library. */ | |
ab1200fb | 3501 | static int HTPParserTest04(void) |
8f1d7503 | 3502 | { |
e86e27ba | 3503 | int result = 0; |
262a7300 | 3504 | Flow *f = NULL; |
25a3a5c6 | 3505 | HtpState *htp_state = NULL; |
2d6cf71d GS |
3506 | uint8_t httpbuf1[] = "World!\r\n"; |
3507 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
3508 | TcpSession ssn; | |
3509 | int r = 0; | |
8dbf7a0d | 3510 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
262a7300 | 3511 | |
2d6cf71d | 3512 | memset(&ssn, 0, sizeof(ssn)); |
262a7300 VJ |
3513 | |
3514 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
3515 | if (f == NULL) | |
3516 | goto end; | |
3517 | f->protoctx = &ssn; | |
429c6388 | 3518 | f->proto = IPPROTO_TCP; |
707f0272 | 3519 | f->alproto = ALPROTO_HTTP1; |
2d6cf71d | 3520 | |
1eeb9669 | 3521 | StreamTcpInitConfig(true); |
6a53ab9c | 3522 | |
6530c3d0 | 3523 | FLOWLOCK_WRLOCK(f); |
707f0272 PA |
3524 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, |
3525 | STREAM_TOSERVER | STREAM_START | STREAM_EOF, httpbuf1, httplen1); | |
2d16abcf | 3526 | if (r != 0) { |
6530c3d0 | 3527 | FLOWLOCK_UNLOCK(f); |
2d16abcf VJ |
3528 | goto end; |
3529 | } | |
6530c3d0 | 3530 | FLOWLOCK_UNLOCK(f); |
2d6cf71d | 3531 | |
262a7300 | 3532 | htp_state = f->alstate; |
2d6cf71d GS |
3533 | if (htp_state == NULL) { |
3534 | printf("no http state: "); | |
2d6cf71d GS |
3535 | goto end; |
3536 | } | |
3537 | ||
d4d18e31 | 3538 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); |
48cf0585 AS |
3539 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); |
3540 | if (tx->request_method_number != HTP_M_UNKNOWN || | |
3541 | h != NULL || tx->request_protocol_number != HTP_PROTOCOL_0_9) | |
2d6cf71d GS |
3542 | { |
3543 | printf("expected method M_UNKNOWN and got %s: , expected protocol " | |
48cf0585 AS |
3544 | "NULL and got %s \n", bstr_util_strdup_to_c(tx->request_method), |
3545 | bstr_util_strdup_to_c(tx->request_protocol)); | |
2d6cf71d GS |
3546 | goto end; |
3547 | } | |
e86e27ba | 3548 | result = 1; |
2d6cf71d | 3549 | end: |
429c6388 | 3550 | if (alp_tctx != NULL) |
fdefb65b | 3551 | AppLayerParserThreadCtxFree(alp_tctx); |
1eeb9669 | 3552 | StreamTcpFreeConfig(true); |
262a7300 | 3553 | UTHFreeFlow(f); |
2d6cf71d GS |
3554 | return result; |
3555 | } | |
3556 | ||
3557 | /** \test Test both sides of a http stream mixed up to see if the HTP parser | |
3558 | * properly parsed them and also keeps them separated. */ | |
ab1200fb | 3559 | static int HTPParserTest05(void) |
8f1d7503 | 3560 | { |
56b1df1b | 3561 | uint8_t httpbuf1[] = "POST / HTTP/1.0\r\nUser-Agent: Victor/1.0\r\nContent-Length: 17\r\n\r\n"; |
2d6cf71d GS |
3562 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ |
3563 | uint8_t httpbuf2[] = "Post D"; | |
3564 | uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */ | |
3565 | uint8_t httpbuf3[] = "ata is c0oL!"; | |
3566 | uint32_t httplen3 = sizeof(httpbuf3) - 1; /* minus the \0 */ | |
3567 | ||
fc2f7f29 | 3568 | uint8_t httpbuf4[] = "HTTP/1.0 200 OK\r\nServer: VictorServer/1.0\r\n\r\n"; |
2d6cf71d GS |
3569 | uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */ |
3570 | uint8_t httpbuf5[] = "post R"; | |
3571 | uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */ | |
3572 | uint8_t httpbuf6[] = "esults are tha bomb!"; | |
3573 | uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */ | |
2d6cf71d | 3574 | |
56b1df1b | 3575 | TcpSession ssn; |
2d6cf71d | 3576 | memset(&ssn, 0, sizeof(ssn)); |
262a7300 | 3577 | |
56b1df1b VJ |
3578 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
3579 | FAIL_IF_NULL(alp_tctx); | |
3580 | ||
3581 | Flow *f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
3582 | FAIL_IF_NULL(f); | |
262a7300 | 3583 | f->protoctx = &ssn; |
429c6388 | 3584 | f->proto = IPPROTO_TCP; |
707f0272 | 3585 | f->alproto = ALPROTO_HTTP1; |
2d6cf71d | 3586 | |
1eeb9669 | 3587 | StreamTcpInitConfig(true); |
6a53ab9c | 3588 | |
707f0272 PA |
3589 | int r = AppLayerParserParse( |
3590 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER | STREAM_START, httpbuf1, httplen1); | |
56b1df1b | 3591 | FAIL_IF(r != 0); |
2d6cf71d | 3592 | |
707f0272 PA |
3593 | r = AppLayerParserParse( |
3594 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT | STREAM_START, httpbuf4, httplen4); | |
56b1df1b | 3595 | FAIL_IF(r != 0); |
2d6cf71d | 3596 | |
707f0272 | 3597 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT, httpbuf5, httplen5); |
56b1df1b | 3598 | FAIL_IF(r != 0); |
2d6cf71d | 3599 | |
707f0272 | 3600 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER, httpbuf2, httplen2); |
56b1df1b | 3601 | FAIL_IF(r != 0); |
2d6cf71d | 3602 | |
707f0272 PA |
3603 | r = AppLayerParserParse( |
3604 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER | STREAM_EOF, httpbuf3, httplen3); | |
56b1df1b | 3605 | FAIL_IF(r != 0); |
2d6cf71d | 3606 | |
707f0272 PA |
3607 | r = AppLayerParserParse( |
3608 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT | STREAM_EOF, httpbuf6, httplen6); | |
56b1df1b | 3609 | FAIL_IF(r != 0); |
2d6cf71d | 3610 | |
56b1df1b VJ |
3611 | HtpState *http_state = f->alstate; |
3612 | FAIL_IF_NULL(http_state); | |
2d6cf71d | 3613 | |
d4d18e31 | 3614 | htp_tx_t *tx = HTPStateGetTx(http_state, 0); |
56b1df1b VJ |
3615 | FAIL_IF_NULL(tx); |
3616 | FAIL_IF_NOT(tx->request_method_number == HTP_M_POST); | |
3617 | FAIL_IF_NOT(tx->request_protocol_number == HTP_PROTOCOL_1_0); | |
3618 | ||
48cf0585 | 3619 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); |
56b1df1b | 3620 | FAIL_IF_NULL(h); |
2d6cf71d | 3621 | |
56b1df1b VJ |
3622 | FAIL_IF_NOT(tx->response_status_number == 200); |
3623 | ||
3624 | AppLayerParserThreadCtxFree(alp_tctx); | |
1eeb9669 | 3625 | StreamTcpFreeConfig(true); |
262a7300 | 3626 | UTHFreeFlow(f); |
56b1df1b | 3627 | PASS; |
2d6cf71d GS |
3628 | } |
3629 | ||
fc2f7f29 GS |
3630 | /** \test Test proper chunked encoded response body |
3631 | */ | |
ab1200fb | 3632 | static int HTPParserTest06(void) |
8f1d7503 | 3633 | { |
fc2f7f29 GS |
3634 | uint8_t httpbuf1[] = "GET /ld/index.php?id=412784631&cid=0064&version=4&" |
3635 | "name=try HTTP/1.1\r\nAccept: */*\r\nUser-Agent: " | |
3636 | "LD-agent\r\nHost: 209.205.196.16\r\n\r\n"; | |
3637 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
3638 | uint8_t httpbuf2[] = "HTTP/1.1 200 OK\r\nDate: Sat, 03 Oct 2009 10:16:02 " | |
3639 | "GMT\r\n" | |
3640 | "Server: Apache/1.3.37 (Unix) mod_ssl/2.8.28 " | |
3641 | "OpenSSL/0.9.7a PHP/4.4.7 mod_perl/1.29 " | |
3642 | "FrontPage/5.0.2.2510\r\n" | |
3643 | "X-Powered-By: PHP/4.4.7\r\nTransfer-Encoding: " | |
3644 | "chunked\r\n" | |
3645 | "Content-Type: text/html\r\n\r\n" | |
56143131 | 3646 | "580\r\n" |
fc2f7f29 GS |
3647 | "W2dyb3VwMV0NCnBob25lMT1wMDB3ODgyMTMxMzAyMTINCmxvZ2lu" |
3648 | "MT0NCnBhc3N3b3JkMT0NCnBob25lMj1wMDB3ODgyMTMxMzAyMTIN" | |
3649 | "CmxvZ2luMj0NCnBhc3N3b3JkMj0NCnBob25lMz0NCmxvZ2luMz0N" | |
3650 | "CnBhc3N3b3JkMz0NCnBob25lND0NCmxvZ2luND0NCnBhc3N3b3Jk" | |
3651 | "ND0NCnBob25lNT0NCmxvZ2luNT0NCnBhc3N3b3JkNT0NCnBob25l" | |
3652 | "Nj0NCmxvZ2luNj0NCnBhc3N3b3JkNj0NCmNhbGxfdGltZTE9MzIN" | |
3653 | "CmNhbGxfdGltZTI9MjMyDQpkYXlfbGltaXQ9NQ0KbW9udGhfbGlt" | |
3654 | "aXQ9MTUNCltncm91cDJdDQpwaG9uZTE9DQpsb2dpbjE9DQpwYXNz" | |
3655 | "d29yZDE9DQpwaG9uZTI9DQpsb2dpbjI9DQpwYXNzd29yZDI9DQpw" | |
3656 | "aG9uZTM9DQpsb2dpbjM9DQpwYXNzd29yZDM9DQpwaG9uZTQ9DQps" | |
3657 | "b2dpbjQ9DQpwYXNzd29yZDQ9DQpwaG9uZTU9DQpsb2dpbjU9DQpw" | |
3658 | "YXNzd29yZDU9DQpwaG9uZTY9DQpsb2dpbjY9DQpwYXNzd29yZDY9" | |
3659 | "DQpjYWxsX3RpbWUxPQ0KY2FsbF90aW1lMj0NCmRheV9saW1pdD0N" | |
3660 | "Cm1vbnRoX2xpbWl0PQ0KW2dyb3VwM10NCnBob25lMT0NCmxvZ2lu" | |
3661 | "MT0NCnBhc3N3b3JkMT0NCnBob25lMj0NCmxvZ2luMj0NCnBhc3N3" | |
3662 | "b3JkMj0NCnBob25lMz0NCmxvZ2luMz0NCnBhc3N3b3JkMz0NCnBo" | |
3663 | "b25lND0NCmxvZ2luND0NCnBhc3N3b3JkND0NCnBob25lNT0NCmxv" | |
3664 | "Z2luNT0NCnBhc3N3b3JkNT0NCnBob25lNj0NCmxvZ2luNj0NCnBh" | |
3665 | "c3N3b3JkNj0NCmNhbGxfdGltZTE9DQpjYWxsX3RpbWUyPQ0KZGF5" | |
3666 | "X2xpbWl0PQ0KbW9udGhfbGltaXQ9DQpbZ3JvdXA0XQ0KcGhvbmUx" | |
3667 | "PQ0KbG9naW4xPQ0KcGFzc3dvcmQxPQ0KcGhvbmUyPQ0KbG9naW4y" | |
3668 | "PQ0KcGFzc3dvcmQyPQ0KcGhvbmUzPQ0KbG9naW4zPQ0KcGFzc3dv" | |
3669 | "cmQzPQ0KcGhvbmU0PQ0KbG9naW40PQ0KcGFzc3dvcmQ0PQ0KcGhv" | |
3670 | "bmU1PQ0KbG9naW41PQ0KcGFzc3dvcmQ1PQ0KcGhvbmU2PQ0KbG9n" | |
3671 | "aW42PQ0KcGFzc3dvcmQ2PQ0KY2FsbF90aW1lMT0NCmNhbGxfdGlt" | |
3672 | "ZTI9DQpkYXlfbGltaXQ9DQptb250aF9saW1pdD0NCltmaWxlc10N" | |
3673 | "Cmxpbms9aHR0cDovLzIwOS4yMDUuMTk2LjE2L2xkL2dldGJvdC5w" | |
56143131 | 3674 | "aHA=\r\n0\r\n\r\n"; |
fc2f7f29 GS |
3675 | uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */ |
3676 | TcpSession ssn; | |
56b1df1b | 3677 | |
8dbf7a0d | 3678 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
56b1df1b | 3679 | FAIL_IF_NULL(alp_tctx); |
fc2f7f29 | 3680 | |
fc2f7f29 | 3681 | memset(&ssn, 0, sizeof(ssn)); |
78e15ea7 | 3682 | |
56b1df1b VJ |
3683 | Flow *f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); |
3684 | FAIL_IF_NULL(f); | |
262a7300 | 3685 | f->protoctx = &ssn; |
429c6388 | 3686 | f->proto = IPPROTO_TCP; |
707f0272 | 3687 | f->alproto = ALPROTO_HTTP1; |
fc2f7f29 | 3688 | |
1eeb9669 | 3689 | StreamTcpInitConfig(true); |
6a53ab9c | 3690 | |
707f0272 PA |
3691 | int r = AppLayerParserParse( |
3692 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER | STREAM_START, httpbuf1, httplen1); | |
56b1df1b | 3693 | FAIL_IF(r != 0); |
707f0272 PA |
3694 | r = AppLayerParserParse( |
3695 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT | STREAM_START, httpbuf2, httplen2); | |
56b1df1b | 3696 | FAIL_IF(r != 0); |
fc2f7f29 | 3697 | |
56b1df1b VJ |
3698 | HtpState *http_state = f->alstate; |
3699 | FAIL_IF_NULL(http_state); | |
fc2f7f29 | 3700 | |
d4d18e31 | 3701 | htp_tx_t *tx = HTPStateGetTx(http_state, 0); |
56b1df1b VJ |
3702 | FAIL_IF_NULL(tx); |
3703 | ||
3704 | FAIL_IF(tx->request_method_number != HTP_M_GET); | |
3705 | FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); | |
3706 | ||
3707 | FAIL_IF(tx->response_status_number != 200); | |
3708 | FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); | |
3709 | ||
48cf0585 | 3710 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); |
56b1df1b | 3711 | FAIL_IF_NULL(h); |
fc2f7f29 | 3712 | |
56b1df1b | 3713 | AppLayerParserThreadCtxFree(alp_tctx); |
1eeb9669 | 3714 | StreamTcpFreeConfig(true); |
262a7300 | 3715 | UTHFreeFlow(f); |
56b1df1b | 3716 | PASS; |
fc2f7f29 | 3717 | } |
a9cdd2bb | 3718 | |
15ce8503 VJ |
3719 | /** \test |
3720 | */ | |
ab1200fb | 3721 | static int HTPParserTest07(void) |
8f1d7503 | 3722 | { |
36917c7d | 3723 | int result = 0; |
262a7300 | 3724 | Flow *f = NULL; |
15ce8503 VJ |
3725 | uint8_t httpbuf1[] = "GET /awstats.pl?/migratemigrate%20=%20| HTTP/1.0\r\n\r\n"; |
3726 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
3727 | TcpSession ssn; | |
15ce8503 VJ |
3728 | HtpState *htp_state = NULL; |
3729 | int r = 0; | |
8dbf7a0d | 3730 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
262a7300 | 3731 | |
15ce8503 | 3732 | memset(&ssn, 0, sizeof(ssn)); |
262a7300 VJ |
3733 | |
3734 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
3735 | if (f == NULL) | |
3736 | goto end; | |
3737 | f->protoctx = &ssn; | |
429c6388 | 3738 | f->proto = IPPROTO_TCP; |
707f0272 | 3739 | f->alproto = ALPROTO_HTTP1; |
15ce8503 | 3740 | |
1eeb9669 | 3741 | StreamTcpInitConfig(true); |
15ce8503 VJ |
3742 | |
3743 | uint32_t u; | |
3744 | for (u = 0; u < httplen1; u++) { | |
3745 | uint8_t flags = 0; | |
3746 | ||
36917c7d VJ |
3747 | if (u == 0) |
3748 | flags = STREAM_TOSERVER|STREAM_START; | |
3749 | else if (u == (httplen1 - 1)) | |
3750 | flags = STREAM_TOSERVER|STREAM_EOF; | |
3751 | else | |
3752 | flags = STREAM_TOSERVER; | |
15ce8503 | 3753 | |
6530c3d0 | 3754 | FLOWLOCK_WRLOCK(f); |
707f0272 | 3755 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
15ce8503 VJ |
3756 | if (r != 0) { |
3757 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
3758 | " 0: ", u, r); | |
6530c3d0 | 3759 | FLOWLOCK_UNLOCK(f); |
15ce8503 VJ |
3760 | goto end; |
3761 | } | |
6530c3d0 | 3762 | FLOWLOCK_UNLOCK(f); |
15ce8503 VJ |
3763 | } |
3764 | ||
262a7300 | 3765 | htp_state = f->alstate; |
15ce8503 VJ |
3766 | if (htp_state == NULL) { |
3767 | printf("no http state: "); | |
15ce8503 VJ |
3768 | goto end; |
3769 | } | |
3770 | ||
36917c7d VJ |
3771 | uint8_t ref[] = "/awstats.pl?/migratemigrate = |"; |
3772 | size_t reflen = sizeof(ref) - 1; | |
3773 | ||
d4d18e31 | 3774 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); |
48cf0585 AS |
3775 | if (tx == NULL) |
3776 | goto end; | |
3777 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
3778 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
3779 | if (reflen != bstr_len(tx_ud->request_uri_normalized)) { | |
0625d542 | 3780 | printf("normalized uri len should be %"PRIuMAX", is %"PRIuMAX, |
48cf0585 | 3781 | (uintmax_t)reflen, |
d5fdfa4b | 3782 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
36917c7d VJ |
3783 | goto end; |
3784 | } | |
3785 | ||
48cf0585 AS |
3786 | if (memcmp(bstr_ptr(tx_ud->request_uri_normalized), ref, |
3787 | bstr_len(tx_ud->request_uri_normalized)) != 0) | |
36917c7d | 3788 | { |
0625d542 | 3789 | printf("normalized uri \""); |
48cf0585 | 3790 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); |
0625d542 VJ |
3791 | printf("\" != \""); |
3792 | PrintRawUriFp(stdout, ref, reflen); | |
3793 | printf("\": "); | |
36917c7d VJ |
3794 | goto end; |
3795 | } | |
15ce8503 VJ |
3796 | } |
3797 | ||
36917c7d | 3798 | result = 1; |
15ce8503 | 3799 | end: |
429c6388 | 3800 | if (alp_tctx != NULL) |
fdefb65b | 3801 | AppLayerParserThreadCtxFree(alp_tctx); |
1eeb9669 | 3802 | StreamTcpFreeConfig(true); |
262a7300 | 3803 | UTHFreeFlow(f); |
15ce8503 VJ |
3804 | return result; |
3805 | } | |
3806 | ||
a9cdd2bb BR |
3807 | #include "conf-yaml-loader.h" |
3808 | ||
326047ee VJ |
3809 | /** \test Abort |
3810 | */ | |
ab1200fb | 3811 | static int HTPParserTest08(void) |
8f1d7503 | 3812 | { |
326047ee | 3813 | int result = 0; |
262a7300 | 3814 | Flow *f = NULL; |
326047ee VJ |
3815 | uint8_t httpbuf1[] = "GET /secondhouse/image/js/\%ce\%de\%ce\%fd_RentCity.js?v=2011.05.02 HTTP/1.0\r\n\r\n"; |
3816 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
3817 | TcpSession ssn; | |
8dbf7a0d | 3818 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
326047ee VJ |
3819 | |
3820 | char input[] = "\ | |
3821 | %YAML 1.1\n\ | |
3822 | ---\n\ | |
3823 | libhtp:\n\ | |
3824 | \n\ | |
3825 | default-config:\n\ | |
3826 | personality: IDS\n\ | |
3827 | "; | |
3828 | ||
3829 | ConfCreateContextBackup(); | |
3830 | ConfInit(); | |
63f6de58 VJ |
3831 | HtpConfigCreateBackup(); |
3832 | ||
326047ee VJ |
3833 | ConfYamlLoadString(input, strlen(input)); |
3834 | HTPConfigure(); | |
3835 | ||
3836 | HtpState *htp_state = NULL; | |
3837 | int r = 0; | |
326047ee | 3838 | memset(&ssn, 0, sizeof(ssn)); |
262a7300 VJ |
3839 | |
3840 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
3841 | if (f == NULL) | |
3842 | goto end; | |
3843 | f->protoctx = &ssn; | |
429c6388 | 3844 | f->proto = IPPROTO_TCP; |
707f0272 | 3845 | f->alproto = ALPROTO_HTTP1; |
326047ee | 3846 | |
1eeb9669 | 3847 | StreamTcpInitConfig(true); |
326047ee VJ |
3848 | |
3849 | uint8_t flags = 0; | |
3850 | flags = STREAM_TOSERVER|STREAM_START|STREAM_EOF; | |
3851 | ||
6530c3d0 | 3852 | FLOWLOCK_WRLOCK(f); |
707f0272 | 3853 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, httpbuf1, httplen1); |
326047ee VJ |
3854 | if (r != 0) { |
3855 | printf("toserver chunk returned %" PRId32 ", expected" | |
3856 | " 0: ", r); | |
3857 | result = 0; | |
6530c3d0 | 3858 | FLOWLOCK_UNLOCK(f); |
326047ee VJ |
3859 | goto end; |
3860 | } | |
6530c3d0 | 3861 | FLOWLOCK_UNLOCK(f); |
326047ee | 3862 | |
262a7300 | 3863 | htp_state = f->alstate; |
326047ee VJ |
3864 | if (htp_state == NULL) { |
3865 | printf("no http state: "); | |
3866 | result = 0; | |
3867 | goto end; | |
3868 | } | |
3869 | ||
d4d18e31 | 3870 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); |
48cf0585 AS |
3871 | if (tx == NULL) |
3872 | goto end; | |
3873 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
3874 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
3875 | //printf("uri %s\n", bstr_util_strdup_to_c(tx->request_uri_normalized)); | |
3876 | PrintRawDataFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), | |
3877 | bstr_len(tx_ud->request_uri_normalized)); | |
326047ee VJ |
3878 | } |
3879 | ||
3880 | result = 1; | |
3881 | end: | |
429c6388 | 3882 | if (alp_tctx != NULL) |
fdefb65b | 3883 | AppLayerParserThreadCtxFree(alp_tctx); |
1eeb9669 | 3884 | StreamTcpFreeConfig(true); |
63f6de58 | 3885 | HTPFreeConfig(); |
326047ee VJ |
3886 | ConfDeInit(); |
3887 | ConfRestoreContextBackup(); | |
63f6de58 | 3888 | HtpConfigRestoreBackup(); |
262a7300 | 3889 | UTHFreeFlow(f); |
326047ee VJ |
3890 | return result; |
3891 | } | |
3892 | ||
3893 | /** \test Abort | |
3894 | */ | |
ab1200fb | 3895 | static int HTPParserTest09(void) |
8f1d7503 | 3896 | { |
326047ee | 3897 | int result = 0; |
262a7300 | 3898 | Flow *f = NULL; |
326047ee VJ |
3899 | uint8_t httpbuf1[] = "GET /secondhouse/image/js/\%ce\%de\%ce\%fd_RentCity.js?v=2011.05.02 HTTP/1.0\r\n\r\n"; |
3900 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
3901 | TcpSession ssn; | |
8dbf7a0d | 3902 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
326047ee VJ |
3903 | |
3904 | char input[] = "\ | |
3905 | %YAML 1.1\n\ | |
3906 | ---\n\ | |
3907 | libhtp:\n\ | |
3908 | \n\ | |
3909 | default-config:\n\ | |
3910 | personality: Apache_2_2\n\ | |
3911 | "; | |
3912 | ||
3913 | ConfCreateContextBackup(); | |
3914 | ConfInit(); | |
63f6de58 VJ |
3915 | HtpConfigCreateBackup(); |
3916 | ||
326047ee VJ |
3917 | ConfYamlLoadString(input, strlen(input)); |
3918 | HTPConfigure(); | |
3919 | ||
3920 | HtpState *htp_state = NULL; | |
3921 | int r = 0; | |
262a7300 | 3922 | |
326047ee | 3923 | memset(&ssn, 0, sizeof(ssn)); |
262a7300 VJ |
3924 | |
3925 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
3926 | if (f == NULL) | |
3927 | goto end; | |
3928 | f->protoctx = &ssn; | |
429c6388 | 3929 | f->proto = IPPROTO_TCP; |
707f0272 | 3930 | f->alproto = ALPROTO_HTTP1; |
326047ee | 3931 | |
1eeb9669 | 3932 | StreamTcpInitConfig(true); |
326047ee VJ |
3933 | |
3934 | uint8_t flags = 0; | |
3935 | flags = STREAM_TOSERVER|STREAM_START|STREAM_EOF; | |
3936 | ||
6530c3d0 | 3937 | FLOWLOCK_WRLOCK(f); |
707f0272 | 3938 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, httpbuf1, httplen1); |
326047ee VJ |
3939 | if (r != 0) { |
3940 | printf("toserver chunk returned %" PRId32 ", expected" | |
3941 | " 0: ", r); | |
6530c3d0 | 3942 | FLOWLOCK_UNLOCK(f); |
326047ee VJ |
3943 | goto end; |
3944 | } | |
6530c3d0 | 3945 | FLOWLOCK_UNLOCK(f); |
326047ee | 3946 | |
262a7300 | 3947 | htp_state = f->alstate; |
326047ee VJ |
3948 | if (htp_state == NULL) { |
3949 | printf("no http state: "); | |
326047ee VJ |
3950 | goto end; |
3951 | } | |
3952 | ||
d4d18e31 | 3953 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); |
48cf0585 AS |
3954 | if (tx == NULL) |
3955 | goto end; | |
3956 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
3957 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
3958 | //printf("uri %s\n", bstr_util_strdup_to_c(tx->request_uri_normalized)); | |
3959 | PrintRawDataFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), | |
3960 | bstr_len(tx_ud->request_uri_normalized)); | |
326047ee VJ |
3961 | } |
3962 | ||
3963 | result = 1; | |
3964 | end: | |
429c6388 | 3965 | if (alp_tctx != NULL) |
fdefb65b | 3966 | AppLayerParserThreadCtxFree(alp_tctx); |
1eeb9669 | 3967 | StreamTcpFreeConfig(true); |
63f6de58 | 3968 | HTPFreeConfig(); |
326047ee VJ |
3969 | ConfDeInit(); |
3970 | ConfRestoreContextBackup(); | |
63f6de58 | 3971 | HtpConfigRestoreBackup(); |
262a7300 | 3972 | UTHFreeFlow(f); |
326047ee VJ |
3973 | return result; |
3974 | } | |
3975 | ||
f2f8dfd8 VJ |
3976 | /** \test Host:www.google.com <- missing space between name:value (rfc violation) |
3977 | */ | |
ab1200fb | 3978 | static int HTPParserTest10(void) |
8f1d7503 | 3979 | { |
f2f8dfd8 VJ |
3980 | int result = 0; |
3981 | Flow *f = NULL; | |
3982 | uint8_t httpbuf1[] = "GET / HTTP/1.0\r\nHost:www.google.com\r\n\r\n"; | |
3983 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
3984 | TcpSession ssn; | |
3985 | HtpState *htp_state = NULL; | |
3986 | int r = 0; | |
8dbf7a0d | 3987 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
f2f8dfd8 VJ |
3988 | |
3989 | memset(&ssn, 0, sizeof(ssn)); | |
3990 | ||
3991 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
3992 | if (f == NULL) | |
3993 | goto end; | |
3994 | f->protoctx = &ssn; | |
429c6388 | 3995 | f->proto = IPPROTO_TCP; |
707f0272 | 3996 | f->alproto = ALPROTO_HTTP1; |
f2f8dfd8 | 3997 | |
1eeb9669 | 3998 | StreamTcpInitConfig(true); |
f2f8dfd8 VJ |
3999 | |
4000 | uint32_t u; | |
4001 | for (u = 0; u < httplen1; u++) { | |
4002 | uint8_t flags = 0; | |
4003 | ||
4004 | if (u == 0) | |
4005 | flags = STREAM_TOSERVER|STREAM_START; | |
4006 | else if (u == (httplen1 - 1)) | |
4007 | flags = STREAM_TOSERVER|STREAM_EOF; | |
4008 | else | |
4009 | flags = STREAM_TOSERVER; | |
4010 | ||
6530c3d0 | 4011 | FLOWLOCK_WRLOCK(f); |
707f0272 | 4012 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
f2f8dfd8 VJ |
4013 | if (r != 0) { |
4014 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
4015 | " 0: ", u, r); | |
6530c3d0 | 4016 | FLOWLOCK_UNLOCK(f); |
f2f8dfd8 VJ |
4017 | goto end; |
4018 | } | |
6530c3d0 | 4019 | FLOWLOCK_UNLOCK(f); |
f2f8dfd8 VJ |
4020 | } |
4021 | ||
4022 | htp_state = f->alstate; | |
4023 | if (htp_state == NULL) { | |
4024 | printf("no http state: "); | |
4025 | goto end; | |
4026 | } | |
4027 | ||
d4d18e31 | 4028 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); |
48cf0585 | 4029 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); |
f2f8dfd8 VJ |
4030 | if (h == NULL) { |
4031 | goto end; | |
4032 | } | |
4033 | ||
48cf0585 | 4034 | char *name = bstr_util_strdup_to_c(h->name); |
f2f8dfd8 VJ |
4035 | if (name == NULL) { |
4036 | goto end; | |
4037 | } | |
4038 | ||
4039 | if (strcmp(name, "Host") != 0) { | |
4040 | printf("header name not \"Host\", instead \"%s\": ", name); | |
4041 | free(name); | |
4042 | goto end; | |
4043 | } | |
4044 | free(name); | |
4045 | ||
48cf0585 | 4046 | char *value = bstr_util_strdup_to_c(h->value); |
f2f8dfd8 VJ |
4047 | if (value == NULL) { |
4048 | goto end; | |
4049 | } | |
4050 | ||
4051 | if (strcmp(value, "www.google.com") != 0) { | |
4052 | printf("header value not \"www.google.com\", instead \"%s\": ", value); | |
4053 | free(value); | |
4054 | goto end; | |
4055 | } | |
4056 | free(value); | |
4057 | ||
4058 | result = 1; | |
4059 | end: | |
429c6388 | 4060 | if (alp_tctx != NULL) |
fdefb65b | 4061 | AppLayerParserThreadCtxFree(alp_tctx); |
1eeb9669 | 4062 | StreamTcpFreeConfig(true); |
f2f8dfd8 VJ |
4063 | UTHFreeFlow(f); |
4064 | return result; | |
4065 | } | |
4066 | ||
ab3fcb01 VJ |
4067 | /** \test double encoding in path |
4068 | */ | |
8f1d7503 KS |
4069 | static int HTPParserTest11(void) |
4070 | { | |
ab3fcb01 VJ |
4071 | int result = 0; |
4072 | Flow *f = NULL; | |
4073 | uint8_t httpbuf1[] = "GET /%2500 HTTP/1.0\r\n\r\n"; | |
4074 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
4075 | TcpSession ssn; | |
4076 | HtpState *htp_state = NULL; | |
4077 | int r = 0; | |
8dbf7a0d | 4078 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
ab3fcb01 VJ |
4079 | |
4080 | memset(&ssn, 0, sizeof(ssn)); | |
4081 | ||
4082 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
4083 | if (f == NULL) | |
4084 | goto end; | |
4085 | f->protoctx = &ssn; | |
429c6388 | 4086 | f->proto = IPPROTO_TCP; |
707f0272 | 4087 | f->alproto = ALPROTO_HTTP1; |
ab3fcb01 | 4088 | |
1eeb9669 | 4089 | StreamTcpInitConfig(true); |
ab3fcb01 VJ |
4090 | |
4091 | uint32_t u; | |
4092 | for (u = 0; u < httplen1; u++) { | |
4093 | uint8_t flags = 0; | |
4094 | ||
4095 | if (u == 0) | |
4096 | flags = STREAM_TOSERVER|STREAM_START; | |
4097 | else if (u == (httplen1 - 1)) | |
4098 | flags = STREAM_TOSERVER|STREAM_EOF; | |
4099 | else | |
4100 | flags = STREAM_TOSERVER; | |
4101 | ||
6530c3d0 | 4102 | FLOWLOCK_WRLOCK(f); |
707f0272 | 4103 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
ab3fcb01 VJ |
4104 | if (r != 0) { |
4105 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
4106 | " 0: ", u, r); | |
6530c3d0 | 4107 | FLOWLOCK_UNLOCK(f); |
ab3fcb01 VJ |
4108 | goto end; |
4109 | } | |
6530c3d0 | 4110 | FLOWLOCK_UNLOCK(f); |
ab3fcb01 VJ |
4111 | } |
4112 | ||
4113 | htp_state = f->alstate; | |
4114 | if (htp_state == NULL) { | |
4115 | printf("no http state: "); | |
4116 | goto end; | |
4117 | } | |
4118 | ||
d4d18e31 | 4119 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); |
48cf0585 AS |
4120 | if (tx == NULL) |
4121 | goto end; | |
4122 | HtpTxUserData *tx_ud = (HtpTxUserData *)htp_tx_get_user_data(tx); | |
4123 | if (tx != NULL && tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
4124 | if (4 != bstr_len(tx_ud->request_uri_normalized)) { | |
ab3fcb01 | 4125 | printf("normalized uri len should be 2, is %"PRIuMAX, |
d5fdfa4b | 4126 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
ab3fcb01 VJ |
4127 | goto end; |
4128 | } | |
4129 | ||
48cf0585 AS |
4130 | if (bstr_ptr(tx_ud->request_uri_normalized)[0] != '/' || |
4131 | bstr_ptr(tx_ud->request_uri_normalized)[1] != '%' || | |
4132 | bstr_ptr(tx_ud->request_uri_normalized)[2] != '0' || | |
4133 | bstr_ptr(tx_ud->request_uri_normalized)[3] != '0') | |
ab3fcb01 VJ |
4134 | { |
4135 | printf("normalized uri \""); | |
48cf0585 | 4136 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); |
ab3fcb01 VJ |
4137 | printf("\": "); |
4138 | goto end; | |
4139 | } | |
4140 | } | |
4141 | ||
4142 | result = 1; | |
4143 | end: | |
429c6388 | 4144 | if (alp_tctx != NULL) |
fdefb65b | 4145 | AppLayerParserThreadCtxFree(alp_tctx); |
1eeb9669 | 4146 | StreamTcpFreeConfig(true); |
ab3fcb01 VJ |
4147 | UTHFreeFlow(f); |
4148 | return result; | |
4149 | } | |
4150 | ||
4151 | /** \test double encoding in query | |
4152 | */ | |
8f1d7503 KS |
4153 | static int HTPParserTest12(void) |
4154 | { | |
ab3fcb01 VJ |
4155 | int result = 0; |
4156 | Flow *f = NULL; | |
4157 | uint8_t httpbuf1[] = "GET /?a=%2500 HTTP/1.0\r\n\r\n"; | |
4158 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
4159 | TcpSession ssn; | |
4160 | HtpState *htp_state = NULL; | |
4161 | int r = 0; | |
8dbf7a0d | 4162 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
ab3fcb01 VJ |
4163 | |
4164 | memset(&ssn, 0, sizeof(ssn)); | |
4165 | ||
4166 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
4167 | if (f == NULL) | |
4168 | goto end; | |
4169 | f->protoctx = &ssn; | |
429c6388 | 4170 | f->proto = IPPROTO_TCP; |
707f0272 | 4171 | f->alproto = ALPROTO_HTTP1; |
ab3fcb01 | 4172 | |
1eeb9669 | 4173 | StreamTcpInitConfig(true); |
ab3fcb01 VJ |
4174 | |
4175 | uint32_t u; | |
4176 | for (u = 0; u < httplen1; u++) { | |
4177 | uint8_t flags = 0; | |
4178 | ||
4179 | if (u == 0) | |
4180 | flags = STREAM_TOSERVER|STREAM_START; | |
4181 | else if (u == (httplen1 - 1)) | |
4182 | flags = STREAM_TOSERVER|STREAM_EOF; | |
4183 | else | |
4184 | flags = STREAM_TOSERVER; | |
4185 | ||
6530c3d0 | 4186 | FLOWLOCK_WRLOCK(f); |
707f0272 | 4187 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
ab3fcb01 VJ |
4188 | if (r != 0) { |
4189 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
4190 | " 0: ", u, r); | |
6530c3d0 | 4191 | FLOWLOCK_UNLOCK(f); |
ab3fcb01 VJ |
4192 | goto end; |
4193 | } | |
6530c3d0 | 4194 | FLOWLOCK_UNLOCK(f); |
ab3fcb01 VJ |
4195 | } |
4196 | ||
4197 | htp_state = f->alstate; | |
4198 | if (htp_state == NULL) { | |
4199 | printf("no http state: "); | |
4200 | goto end; | |
4201 | } | |
4202 | ||
d4d18e31 | 4203 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); |
48cf0585 AS |
4204 | if (tx == NULL) |
4205 | goto end; | |
4206 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
4207 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
4208 | if (7 != bstr_len(tx_ud->request_uri_normalized)) { | |
ab3fcb01 | 4209 | printf("normalized uri len should be 5, is %"PRIuMAX, |
d5fdfa4b | 4210 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
ab3fcb01 VJ |
4211 | goto end; |
4212 | } | |
4213 | ||
48cf0585 AS |
4214 | if (bstr_ptr(tx_ud->request_uri_normalized)[0] != '/' || |
4215 | bstr_ptr(tx_ud->request_uri_normalized)[1] != '?' || | |
4216 | bstr_ptr(tx_ud->request_uri_normalized)[2] != 'a' || | |
4217 | bstr_ptr(tx_ud->request_uri_normalized)[3] != '=' || | |
4218 | bstr_ptr(tx_ud->request_uri_normalized)[4] != '%' || | |
4219 | bstr_ptr(tx_ud->request_uri_normalized)[5] != '0' || | |
4220 | bstr_ptr(tx_ud->request_uri_normalized)[6] != '0') | |
ab3fcb01 VJ |
4221 | { |
4222 | printf("normalized uri \""); | |
48cf0585 | 4223 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); |
ab3fcb01 VJ |
4224 | printf("\": "); |
4225 | goto end; | |
4226 | } | |
4227 | } | |
4228 | ||
4229 | result = 1; | |
429c6388 AS |
4230 | end: |
4231 | if (alp_tctx != NULL) | |
fdefb65b | 4232 | AppLayerParserThreadCtxFree(alp_tctx); |
1eeb9669 | 4233 | StreamTcpFreeConfig(true); |
ab3fcb01 VJ |
4234 | UTHFreeFlow(f); |
4235 | return result; | |
4236 | } | |
4237 | ||
0c98980e VJ |
4238 | /** \test Host:www.google.com0dName: Value0d0a <- missing space between name:value (rfc violation) |
4239 | */ | |
ab1200fb | 4240 | static int HTPParserTest13(void) |
8f1d7503 | 4241 | { |
0c98980e VJ |
4242 | int result = 0; |
4243 | Flow *f = NULL; | |
4244 | uint8_t httpbuf1[] = "GET / HTTP/1.0\r\nHost:www.google.com\rName: Value\r\n\r\n"; | |
4245 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
4246 | TcpSession ssn; | |
4247 | HtpState *htp_state = NULL; | |
4248 | int r = 0; | |
8dbf7a0d | 4249 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
0c98980e VJ |
4250 | |
4251 | memset(&ssn, 0, sizeof(ssn)); | |
4252 | ||
4253 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
4254 | if (f == NULL) | |
4255 | goto end; | |
4256 | f->protoctx = &ssn; | |
429c6388 | 4257 | f->proto = IPPROTO_TCP; |
707f0272 | 4258 | f->alproto = ALPROTO_HTTP1; |
0c98980e | 4259 | |
1eeb9669 | 4260 | StreamTcpInitConfig(true); |
0c98980e VJ |
4261 | |
4262 | uint32_t u; | |
4263 | for (u = 0; u < httplen1; u++) { | |
4264 | uint8_t flags = 0; | |
4265 | ||
4266 | if (u == 0) | |
4267 | flags = STREAM_TOSERVER|STREAM_START; | |
4268 | else if (u == (httplen1 - 1)) | |
4269 | flags = STREAM_TOSERVER|STREAM_EOF; | |
4270 | else | |
4271 | flags = STREAM_TOSERVER; | |
4272 | ||
6530c3d0 | 4273 | FLOWLOCK_WRLOCK(f); |
707f0272 | 4274 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
0c98980e VJ |
4275 | if (r != 0) { |
4276 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
4277 | " 0: ", u, r); | |
6530c3d0 | 4278 | FLOWLOCK_UNLOCK(f); |
0c98980e VJ |
4279 | goto end; |
4280 | } | |
6530c3d0 | 4281 | FLOWLOCK_UNLOCK(f); |
0c98980e VJ |
4282 | } |
4283 | ||
4284 | htp_state = f->alstate; | |
4285 | if (htp_state == NULL) { | |
4286 | printf("no http state: "); | |
4287 | goto end; | |
4288 | } | |
4289 | ||
d4d18e31 | 4290 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); |
48cf0585 | 4291 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); |
0c98980e VJ |
4292 | if (h == NULL) { |
4293 | goto end; | |
4294 | } | |
4295 | ||
48cf0585 | 4296 | char *name = bstr_util_strdup_to_c(h->name); |
0c98980e VJ |
4297 | if (name == NULL) { |
4298 | goto end; | |
4299 | } | |
4300 | ||
4301 | if (strcmp(name, "Host") != 0) { | |
4302 | printf("header name not \"Host\", instead \"%s\": ", name); | |
4303 | free(name); | |
4304 | goto end; | |
4305 | } | |
4306 | free(name); | |
4307 | ||
48cf0585 | 4308 | char *value = bstr_util_strdup_to_c(h->value); |
0c98980e VJ |
4309 | if (value == NULL) { |
4310 | goto end; | |
4311 | } | |
4312 | ||
4313 | if (strcmp(value, "www.google.com\rName: Value") != 0) { | |
4314 | printf("header value not \"www.google.com\", instead \""); | |
4315 | PrintRawUriFp(stdout, (uint8_t *)value, strlen(value)); | |
4316 | printf("\": "); | |
4317 | free(value); | |
4318 | goto end; | |
4319 | } | |
4320 | free(value); | |
4321 | ||
4322 | result = 1; | |
4323 | end: | |
429c6388 | 4324 | if (alp_tctx != NULL) |
fdefb65b | 4325 | AppLayerParserThreadCtxFree(alp_tctx); |
1eeb9669 | 4326 | StreamTcpFreeConfig(true); |
0c98980e VJ |
4327 | UTHFreeFlow(f); |
4328 | return result; | |
4329 | } | |
4330 | ||
a9cdd2bb | 4331 | /** \test Test basic config */ |
ab1200fb | 4332 | static int HTPParserConfigTest01(void) |
a9cdd2bb BR |
4333 | { |
4334 | int ret = 0; | |
4335 | char input[] = "\ | |
4336 | %YAML 1.1\n\ | |
4337 | ---\n\ | |
4338 | libhtp:\n\ | |
4339 | \n\ | |
4340 | default-config:\n\ | |
4341 | personality: IDS\n\ | |
4342 | \n\ | |
4343 | server-config:\n\ | |
4344 | \n\ | |
4345 | - apache-tomcat:\n\ | |
4346 | address: [192.168.1.0/24, 127.0.0.0/8, \"::1\"]\n\ | |
4347 | personality: Tomcat_6_0\n\ | |
4348 | \n\ | |
4349 | - iis7:\n\ | |
4350 | address: \n\ | |
4351 | - 192.168.0.0/24\n\ | |
4352 | - 192.168.10.0/24\n\ | |
4353 | personality: IIS_7_0\n\ | |
4354 | "; | |
4355 | ||
4356 | ConfCreateContextBackup(); | |
4357 | ConfInit(); | |
4358 | ||
4359 | ConfYamlLoadString(input, strlen(input)); | |
4360 | ||
4361 | ConfNode *outputs; | |
4362 | outputs = ConfGetNode("libhtp.default-config.personality"); | |
4363 | if (outputs == NULL) { | |
4364 | goto end; | |
4365 | } | |
4366 | ||
4367 | outputs = ConfGetNode("libhtp.server-config"); | |
4368 | if (outputs == NULL) { | |
4369 | goto end; | |
4370 | } | |
4371 | ||
4372 | ConfNode *node = TAILQ_FIRST(&outputs->head); | |
4373 | if (node == NULL) { | |
4374 | goto end; | |
4375 | } | |
4376 | if (strcmp(node->name, "0") != 0) { | |
4377 | goto end; | |
4378 | } | |
4379 | node = TAILQ_FIRST(&node->head); | |
4380 | if (node == NULL) { | |
4381 | goto end; | |
4382 | } | |
4383 | if (strcmp(node->name, "apache-tomcat") != 0) { | |
4384 | goto end; | |
4385 | } | |
4386 | ||
4387 | int i = 0; | |
4388 | ConfNode *n; | |
4389 | ||
4390 | ConfNode *node2 = ConfNodeLookupChild(node, "personality"); | |
4391 | if (node2 == NULL) { | |
4392 | goto end; | |
4393 | } | |
4394 | if (strcmp(node2->val, "Tomcat_6_0") != 0) { | |
4395 | goto end; | |
4396 | } | |
4397 | ||
4398 | node = ConfNodeLookupChild(node, "address"); | |
4399 | if (node == NULL) { | |
4400 | goto end; | |
4401 | } | |
4402 | TAILQ_FOREACH(n, &node->head, next) { | |
4403 | if (n == NULL) { | |
4404 | goto end; | |
4405 | } | |
4406 | ||
4407 | switch(i) { | |
4408 | case 0: | |
4409 | if (strcmp(n->name, "0") != 0) { | |
4410 | goto end; | |
4411 | } | |
4412 | if (strcmp(n->val, "192.168.1.0/24") != 0) { | |
4413 | goto end; | |
4414 | } | |
4415 | break; | |
4416 | case 1: | |
4417 | if (strcmp(n->name, "1") != 0) { | |
4418 | goto end; | |
4419 | } | |
4420 | if (strcmp(n->val, "127.0.0.0/8") != 0) { | |
4421 | goto end; | |
4422 | } | |
4423 | break; | |
4424 | case 2: | |
4425 | if (strcmp(n->name, "2") != 0) { | |
4426 | goto end; | |
4427 | } | |
4428 | if (strcmp(n->val, "::1") != 0) { | |
4429 | goto end; | |
4430 | } | |
4431 | break; | |
4432 | default: | |
4433 | goto end; | |
4434 | } | |
4435 | i++; | |
4436 | } | |
4437 | ||
4438 | outputs = ConfGetNode("libhtp.server-config"); | |
4439 | if (outputs == NULL) { | |
4440 | goto end; | |
4441 | } | |
4442 | ||
4443 | node = TAILQ_FIRST(&outputs->head); | |
4444 | node = TAILQ_NEXT(node, next); | |
4445 | if (node == NULL) { | |
4446 | goto end; | |
4447 | } | |
4448 | if (strcmp(node->name, "1") != 0) { | |
4449 | goto end; | |
4450 | } | |
4451 | node = TAILQ_FIRST(&node->head); | |
4452 | if (node == NULL) { | |
4453 | goto end; | |
4454 | } | |
4455 | if (strcmp(node->name, "iis7") != 0) { | |
4456 | goto end; | |
4457 | } | |
4458 | ||
4459 | node2 = ConfNodeLookupChild(node, "personality"); | |
4460 | if (node2 == NULL) { | |
4461 | goto end; | |
4462 | } | |
4463 | if (strcmp(node2->val, "IIS_7_0") != 0) { | |
4464 | goto end; | |
4465 | } | |
4466 | ||
4467 | node = ConfNodeLookupChild(node, "address"); | |
4468 | if (node == NULL) { | |
4469 | goto end; | |
4470 | } | |
4471 | ||
4472 | i = 0; | |
4473 | TAILQ_FOREACH(n, &node->head, next) { | |
4474 | if (n == NULL) { | |
4475 | goto end; | |
4476 | } | |
4477 | ||
4478 | switch(i) { | |
4479 | case 0: | |
4480 | if (strcmp(n->name, "0") != 0) { | |
4481 | goto end; | |
4482 | } | |
4483 | if (strcmp(n->val, "192.168.0.0/24") != 0) { | |
4484 | goto end; | |
4485 | } | |
4486 | break; | |
4487 | case 1: | |
4488 | if (strcmp(n->name, "1") != 0) { | |
4489 | goto end; | |
4490 | } | |
4491 | if (strcmp(n->val, "192.168.10.0/24") != 0) { | |
4492 | goto end; | |
4493 | } | |
4494 | break; | |
4495 | default: | |
4496 | goto end; | |
4497 | } | |
4498 | i++; | |
4499 | } | |
4500 | ||
4501 | ret = 1; | |
4502 | ||
4503 | end: | |
4504 | ConfDeInit(); | |
4505 | ConfRestoreContextBackup(); | |
4506 | ||
4507 | return ret; | |
4508 | } | |
4509 | ||
4510 | /** \test Test config builds radix correctly */ | |
ab1200fb | 4511 | static int HTPParserConfigTest02(void) |
a9cdd2bb BR |
4512 | { |
4513 | int ret = 0; | |
4514 | char input[] = "\ | |
4515 | %YAML 1.1\n\ | |
4516 | ---\n\ | |
4517 | libhtp:\n\ | |
4518 | \n\ | |
4519 | default-config:\n\ | |
4520 | personality: IDS\n\ | |
4521 | \n\ | |
4522 | server-config:\n\ | |
4523 | \n\ | |
4524 | - apache-tomcat:\n\ | |
4525 | address: [192.168.1.0/24, 127.0.0.0/8, \"::1\"]\n\ | |
4526 | personality: Tomcat_6_0\n\ | |
4527 | \n\ | |
4528 | - iis7:\n\ | |
4529 | address: \n\ | |
4530 | - 192.168.0.0/24\n\ | |
4531 | - 192.168.10.0/24\n\ | |
4532 | personality: IIS_7_0\n\ | |
4533 | "; | |
4534 | ||
4535 | ConfCreateContextBackup(); | |
4536 | ConfInit(); | |
5c6a65dc | 4537 | HtpConfigCreateBackup(); |
a9cdd2bb BR |
4538 | |
4539 | ConfYamlLoadString(input, strlen(input)); | |
4540 | ||
4541 | HTPConfigure(); | |
4542 | ||
4543 | if (cfglist.cfg == NULL) { | |
4544 | printf("No default config created.\n"); | |
4545 | goto end; | |
4546 | } | |
4547 | ||
4548 | if (cfgtree == NULL) { | |
4549 | printf("No config tree created.\n"); | |
4550 | goto end; | |
4551 | } | |
4552 | ||
a9cdd2bb BR |
4553 | htp_cfg_t *htp = cfglist.cfg; |
4554 | uint8_t buf[128]; | |
4555 | const char *addr; | |
d0a26c6a | 4556 | void *user_data = NULL; |
a9cdd2bb BR |
4557 | |
4558 | addr = "192.168.10.42"; | |
4559 | if (inet_pton(AF_INET, addr, buf) == 1) { | |
d0a26c6a VJ |
4560 | (void)SCRadixFindKeyIPV4BestMatch(buf, cfgtree, &user_data); |
4561 | if (user_data != NULL) { | |
4562 | HTPCfgRec *htp_cfg_rec = user_data; | |
4563 | htp = htp_cfg_rec->cfg; | |
4564 | SCLogDebug("LIBHTP using config: %p", htp); | |
69a4fee7 | 4565 | } |
a9cdd2bb BR |
4566 | if (htp == NULL) { |
4567 | printf("Could not get config for: %s\n", addr); | |
4568 | goto end; | |
4569 | } | |
4570 | } | |
4571 | else { | |
4572 | printf("Failed to parse address: %s\n", addr); | |
4573 | goto end; | |
4574 | } | |
4575 | ||
d0a26c6a | 4576 | user_data = NULL; |
a9cdd2bb BR |
4577 | addr = "::1"; |
4578 | if (inet_pton(AF_INET6, addr, buf) == 1) { | |
d0a26c6a VJ |
4579 | (void)SCRadixFindKeyIPV6BestMatch(buf, cfgtree, &user_data); |
4580 | if (user_data != NULL) { | |
4581 | HTPCfgRec *htp_cfg_rec = user_data; | |
4582 | htp = htp_cfg_rec->cfg; | |
4583 | SCLogDebug("LIBHTP using config: %p", htp); | |
69a4fee7 | 4584 | } |
a9cdd2bb BR |
4585 | if (htp == NULL) { |
4586 | printf("Could not get config for: %s\n", addr); | |
4587 | goto end; | |
4588 | } | |
4589 | } | |
4590 | else { | |
4591 | printf("Failed to parse address: %s\n", addr); | |
4592 | goto end; | |
4593 | } | |
4594 | ||
4595 | ret = 1; | |
4596 | ||
4597 | end: | |
5c6a65dc | 4598 | HTPFreeConfig(); |
a9cdd2bb BR |
4599 | ConfDeInit(); |
4600 | ConfRestoreContextBackup(); | |
5c6a65dc | 4601 | HtpConfigRestoreBackup(); |
a9cdd2bb BR |
4602 | |
4603 | return ret; | |
4604 | } | |
4605 | ||
4606 | /** \test Test traffic is handled by the correct htp config */ | |
ab1200fb | 4607 | static int HTPParserConfigTest03(void) |
a9cdd2bb BR |
4608 | { |
4609 | int result = 1; | |
262a7300 | 4610 | Flow *f = NULL; |
a9cdd2bb BR |
4611 | uint8_t httpbuf1[] = "POST / HTTP/1.0\r\nUser-Agent: Victor/1.0\r\n\r\nPost" |
4612 | " Data is c0oL!"; | |
4613 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
4614 | TcpSession ssn; | |
8dbf7a0d | 4615 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
a9cdd2bb BR |
4616 | |
4617 | HtpState *htp_state = NULL; | |
4618 | int r = 0; | |
4619 | char input[] = "\ | |
4620 | %YAML 1.1\n\ | |
4621 | ---\n\ | |
4622 | libhtp:\n\ | |
4623 | \n\ | |
4624 | default-config:\n\ | |
4625 | personality: IDS\n\ | |
4626 | \n\ | |
4627 | server-config:\n\ | |
4628 | \n\ | |
4629 | - apache-tomcat:\n\ | |
4630 | address: [192.168.1.0/24, 127.0.0.0/8, \"::1\"]\n\ | |
4631 | personality: Tomcat_6_0\n\ | |
4632 | \n\ | |
4633 | - iis7:\n\ | |
4634 | address: \n\ | |
4635 | - 192.168.0.0/24\n\ | |
4636 | - 192.168.10.0/24\n\ | |
4637 | personality: IIS_7_0\n\ | |
4638 | "; | |
4639 | ||
4640 | ConfCreateContextBackup(); | |
4641 | ConfInit(); | |
5c6a65dc | 4642 | HtpConfigCreateBackup(); |
a9cdd2bb BR |
4643 | |
4644 | ConfYamlLoadString(input, strlen(input)); | |
4645 | ||
4646 | HTPConfigure(); | |
4647 | ||
ab1200fb | 4648 | const char *addr = "192.168.10.42"; |
a9cdd2bb | 4649 | |
a9cdd2bb | 4650 | memset(&ssn, 0, sizeof(ssn)); |
262a7300 VJ |
4651 | |
4652 | f = UTHBuildFlow(AF_INET, "1.2.3.4", addr, 1024, 80); | |
4653 | if (f == NULL) | |
4654 | goto end; | |
4655 | f->protoctx = &ssn; | |
429c6388 | 4656 | f->proto = IPPROTO_TCP; |
707f0272 | 4657 | f->alproto = ALPROTO_HTTP1; |
a9cdd2bb | 4658 | |
a9cdd2bb | 4659 | htp_cfg_t *htp = cfglist.cfg; |
262a7300 | 4660 | |
d0a26c6a VJ |
4661 | void *user_data = NULL; |
4662 | (void)SCRadixFindKeyIPV4BestMatch((uint8_t *)f->dst.addr_data32, cfgtree, &user_data); | |
4663 | if (user_data != NULL) { | |
4664 | HTPCfgRec *htp_cfg_rec = user_data; | |
4665 | htp = htp_cfg_rec->cfg; | |
4666 | SCLogDebug("LIBHTP using config: %p", htp); | |
69a4fee7 | 4667 | } |
a9cdd2bb BR |
4668 | if (htp == NULL) { |
4669 | printf("Could not get config for: %s\n", addr); | |
4670 | goto end; | |
4671 | } | |
4672 | ||
1eeb9669 | 4673 | StreamTcpInitConfig(true); |
a9cdd2bb BR |
4674 | |
4675 | uint32_t u; | |
4676 | for (u = 0; u < httplen1; u++) { | |
4677 | uint8_t flags = 0; | |
4678 | ||
4679 | if (u == 0) flags = STREAM_TOSERVER|STREAM_START; | |
4680 | else if (u == (httplen1 - 1)) flags = STREAM_TOSERVER|STREAM_EOF; | |
4681 | else flags = STREAM_TOSERVER; | |
4682 | ||
6530c3d0 | 4683 | FLOWLOCK_WRLOCK(f); |
707f0272 | 4684 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
a9cdd2bb BR |
4685 | if (r != 0) { |
4686 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
4687 | " 0: ", u, r); | |
4688 | result = 0; | |
6530c3d0 | 4689 | FLOWLOCK_UNLOCK(f); |
a9cdd2bb BR |
4690 | goto end; |
4691 | } | |
6530c3d0 | 4692 | FLOWLOCK_UNLOCK(f); |
a9cdd2bb BR |
4693 | } |
4694 | ||
262a7300 | 4695 | htp_state = f->alstate; |
a9cdd2bb BR |
4696 | if (htp_state == NULL) { |
4697 | printf("no http state: "); | |
4698 | result = 0; | |
4699 | goto end; | |
4700 | } | |
4701 | ||
48cf0585 AS |
4702 | if (HTPStateGetTxCnt(htp_state) != 2) { |
4703 | printf("HTPStateGetTxCnt(htp_state) failure\n"); | |
4704 | goto end; | |
4705 | } | |
4706 | ||
4707 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); | |
4708 | if (tx == NULL) | |
4709 | goto end; | |
4710 | if (tx->cfg != htp) { | |
a9cdd2bb | 4711 | printf("wrong HTP config (%p instead of %p - default=%p): ", |
48cf0585 AS |
4712 | tx->cfg, htp, cfglist.cfg); |
4713 | goto end; | |
4714 | } | |
4715 | tx = HTPStateGetTx(htp_state, 1); | |
4716 | if (tx == NULL) | |
4717 | goto end; | |
4718 | if (tx->cfg != htp) { | |
4719 | printf("wrong HTP config (%p instead of %p - default=%p): ", | |
4720 | tx->cfg, htp, cfglist.cfg); | |
a9cdd2bb BR |
4721 | goto end; |
4722 | } | |
4723 | ||
4724 | end: | |
429c6388 | 4725 | if (alp_tctx != NULL) |
fdefb65b | 4726 | AppLayerParserThreadCtxFree(alp_tctx); |
5c6a65dc | 4727 | HTPFreeConfig(); |
a9cdd2bb BR |
4728 | ConfDeInit(); |
4729 | ConfRestoreContextBackup(); | |
5c6a65dc | 4730 | HtpConfigRestoreBackup(); |
a9cdd2bb | 4731 | |
1eeb9669 | 4732 | StreamTcpFreeConfig(true); |
262a7300 | 4733 | UTHFreeFlow(f); |
a9cdd2bb BR |
4734 | return result; |
4735 | } | |
06a65cb4 | 4736 | |
48cf0585 AS |
4737 | /* disabled when we upgraded to libhtp 0.5.x */ |
4738 | #if 0 | |
ab1200fb | 4739 | static int HTPParserConfigTest04(void) |
028c6c17 AS |
4740 | { |
4741 | int result = 0; | |
4742 | ||
4743 | char input[] = "\ | |
4744 | %YAML 1.1\n\ | |
4745 | ---\n\ | |
4746 | libhtp:\n\ | |
4747 | \n\ | |
4748 | default-config:\n\ | |
4749 | personality: IDS\n\ | |
4750 | path-control-char-handling: status_400\n\ | |
4751 | path-convert-utf8: yes\n\ | |
4752 | path-invalid-encoding-handling: remove_percent\n\ | |
4753 | \n\ | |
4754 | server-config:\n\ | |
4755 | \n\ | |
4756 | - apache-tomcat:\n\ | |
4757 | personality: Tomcat_6_0\n\ | |
4758 | path-invalid-utf8-handling: none\n\ | |
4759 | path-nul-encoded-handling: status_404\n\ | |
4760 | path-nul-raw-handling: status_400\n\ | |
4761 | \n\ | |
4762 | - iis7:\n\ | |
4763 | personality: IIS_7_0\n\ | |
4764 | path-replacement-char: o\n\ | |
4765 | path-unicode-mapping: status_400\n\ | |
4766 | "; | |
4767 | ||
4768 | ConfCreateContextBackup(); | |
4769 | ConfInit(); | |
4770 | HtpConfigCreateBackup(); | |
4771 | ||
4772 | ConfYamlLoadString(input, strlen(input)); | |
4773 | ||
4774 | HTPConfigure(); | |
4775 | ||
4776 | HTPCfgRec *cfg_rec = &cfglist; | |
4777 | if (cfg_rec->cfg->path_control_char_handling != STATUS_400 || | |
4778 | cfg_rec->cfg->path_convert_utf8 != 1 || | |
4779 | cfg_rec->cfg->path_invalid_encoding_handling != URL_DECODER_REMOVE_PERCENT) { | |
4780 | printf("failed 1\n"); | |
4781 | goto end; | |
4782 | } | |
4783 | ||
4784 | cfg_rec = cfg_rec->next; | |
080c15b3 | 4785 | if (cfg_rec->cfg->bestfit_replacement_char != 'o' || |
028c6c17 AS |
4786 | cfg_rec->cfg->path_unicode_mapping != STATUS_400) { |
4787 | printf("failed 2\n"); | |
4788 | goto end; | |
4789 | } | |
4790 | ||
4791 | cfg_rec = cfg_rec->next; | |
4792 | if (cfg_rec->cfg->path_invalid_utf8_handling != NONE || | |
4793 | cfg_rec->cfg->path_nul_encoded_handling != STATUS_404 || | |
4794 | cfg_rec->cfg->path_nul_raw_handling != STATUS_400) { | |
4795 | printf("failed 3\n"); | |
4796 | goto end; | |
4797 | } | |
4798 | ||
4799 | result = 1; | |
4800 | ||
4801 | end: | |
4802 | HTPFreeConfig(); | |
4803 | ConfDeInit(); | |
4804 | ConfRestoreContextBackup(); | |
4805 | HtpConfigRestoreBackup(); | |
4806 | ||
4807 | return result; | |
4808 | } | |
48cf0585 | 4809 | #endif |
028c6c17 | 4810 | |
ad827ad0 VJ |
4811 | /** \test Test %2f decoding in profile Apache_2_2 |
4812 | * | |
4813 | * %2f in path is left untouched | |
4814 | * %2f in query string is normalized to %2F | |
4815 | * %252f in query string is decoded/normalized to %2F | |
4816 | */ | |
4817 | static int HTPParserDecodingTest01(void) | |
4818 | { | |
4819 | int result = 0; | |
4820 | Flow *f = NULL; | |
4821 | uint8_t httpbuf1[] = | |
4822 | "GET /abc%2fdef HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n" | |
4823 | "GET /abc/def?ghi%2fjkl HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n" | |
4824 | "GET /abc/def?ghi%252fjkl HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n"; | |
4825 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
4826 | TcpSession ssn; | |
8dbf7a0d | 4827 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
ad827ad0 VJ |
4828 | |
4829 | HtpState *htp_state = NULL; | |
4830 | int r = 0; | |
4831 | char input[] = "\ | |
4832 | %YAML 1.1\n\ | |
4833 | ---\n\ | |
4834 | libhtp:\n\ | |
4835 | \n\ | |
4836 | default-config:\n\ | |
48cf0585 | 4837 | personality: Apache_2\n\ |
ad827ad0 VJ |
4838 | "; |
4839 | ||
4840 | ConfCreateContextBackup(); | |
4841 | ConfInit(); | |
4842 | HtpConfigCreateBackup(); | |
4843 | ConfYamlLoadString(input, strlen(input)); | |
4844 | HTPConfigure(); | |
ab1200fb | 4845 | const char *addr = "4.3.2.1"; |
ad827ad0 VJ |
4846 | memset(&ssn, 0, sizeof(ssn)); |
4847 | ||
4848 | f = UTHBuildFlow(AF_INET, "1.2.3.4", addr, 1024, 80); | |
4849 | if (f == NULL) | |
4850 | goto end; | |
4851 | f->protoctx = &ssn; | |
429c6388 | 4852 | f->proto = IPPROTO_TCP; |
707f0272 | 4853 | f->alproto = ALPROTO_HTTP1; |
ad827ad0 | 4854 | |
1eeb9669 | 4855 | StreamTcpInitConfig(true); |
ad827ad0 VJ |
4856 | |
4857 | uint32_t u; | |
4858 | for (u = 0; u < httplen1; u++) { | |
4859 | uint8_t flags = 0; | |
4860 | ||
4861 | if (u == 0) flags = STREAM_TOSERVER|STREAM_START; | |
4862 | else if (u == (httplen1 - 1)) flags = STREAM_TOSERVER|STREAM_EOF; | |
4863 | else flags = STREAM_TOSERVER; | |
4864 | ||
6530c3d0 | 4865 | FLOWLOCK_WRLOCK(f); |
707f0272 | 4866 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
ad827ad0 VJ |
4867 | if (r != 0) { |
4868 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
4869 | " 0: ", u, r); | |
6530c3d0 | 4870 | FLOWLOCK_UNLOCK(f); |
ad827ad0 VJ |
4871 | goto end; |
4872 | } | |
6530c3d0 | 4873 | FLOWLOCK_UNLOCK(f); |
ad827ad0 VJ |
4874 | } |
4875 | ||
4876 | htp_state = f->alstate; | |
4877 | if (htp_state == NULL) { | |
4878 | printf("no http state: "); | |
ad827ad0 VJ |
4879 | goto end; |
4880 | } | |
4881 | ||
4882 | uint8_t ref1[] = "/abc%2fdef"; | |
4883 | size_t reflen = sizeof(ref1) - 1; | |
4884 | ||
d4d18e31 | 4885 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); |
48cf0585 AS |
4886 | if (tx == NULL) |
4887 | goto end; | |
4888 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
4889 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
4890 | if (reflen != bstr_len(tx_ud->request_uri_normalized)) { | |
ad827ad0 | 4891 | printf("normalized uri len should be %"PRIuMAX", is %"PRIuMAX, |
48cf0585 | 4892 | (uintmax_t)reflen, |
d5fdfa4b | 4893 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
ad827ad0 VJ |
4894 | goto end; |
4895 | } | |
4896 | ||
48cf0585 AS |
4897 | if (memcmp(bstr_ptr(tx_ud->request_uri_normalized), ref1, |
4898 | bstr_len(tx_ud->request_uri_normalized)) != 0) | |
ad827ad0 VJ |
4899 | { |
4900 | printf("normalized uri \""); | |
48cf0585 | 4901 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); |
ad827ad0 VJ |
4902 | printf("\" != \""); |
4903 | PrintRawUriFp(stdout, ref1, reflen); | |
4904 | printf("\": "); | |
4905 | goto end; | |
4906 | } | |
4907 | } | |
4908 | ||
48cf0585 | 4909 | uint8_t ref2[] = "/abc/def?ghi/jkl"; |
ad827ad0 VJ |
4910 | reflen = sizeof(ref2) - 1; |
4911 | ||
d4d18e31 | 4912 | tx = HTPStateGetTx(htp_state, 1); |
48cf0585 AS |
4913 | if (tx == NULL) |
4914 | goto end; | |
4915 | tx_ud = (HtpTxUserData *)htp_tx_get_user_data(tx); | |
4916 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
4917 | if (reflen != bstr_len(tx_ud->request_uri_normalized)) { | |
ad827ad0 | 4918 | printf("normalized uri len should be %"PRIuMAX", is %"PRIuMAX, |
48cf0585 | 4919 | (uintmax_t)reflen, |
d5fdfa4b | 4920 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
ad827ad0 VJ |
4921 | goto end; |
4922 | } | |
4923 | ||
48cf0585 AS |
4924 | if (memcmp(bstr_ptr(tx_ud->request_uri_normalized), ref2, |
4925 | bstr_len(tx_ud->request_uri_normalized)) != 0) | |
ad827ad0 VJ |
4926 | { |
4927 | printf("normalized uri \""); | |
48cf0585 | 4928 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); |
ad827ad0 VJ |
4929 | printf("\" != \""); |
4930 | PrintRawUriFp(stdout, ref2, reflen); | |
4931 | printf("\": "); | |
4932 | goto end; | |
4933 | } | |
4934 | } | |
4935 | ||
48cf0585 AS |
4936 | uint8_t ref3[] = "/abc/def?ghi%2fjkl"; |
4937 | reflen = sizeof(ref3) - 1; | |
d4d18e31 | 4938 | tx = HTPStateGetTx(htp_state, 2); |
48cf0585 AS |
4939 | if (tx == NULL) |
4940 | goto end; | |
4941 | tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
4942 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
4943 | if (reflen != bstr_len(tx_ud->request_uri_normalized)) { | |
ad827ad0 | 4944 | printf("normalized uri len should be %"PRIuMAX", is %"PRIuMAX, |
48cf0585 | 4945 | (uintmax_t)reflen, |
d5fdfa4b | 4946 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
ad827ad0 VJ |
4947 | goto end; |
4948 | } | |
4949 | ||
48cf0585 AS |
4950 | if (memcmp(bstr_ptr(tx_ud->request_uri_normalized), ref3, |
4951 | bstr_len(tx_ud->request_uri_normalized)) != 0) | |
ad827ad0 VJ |
4952 | { |
4953 | printf("normalized uri \""); | |
48cf0585 | 4954 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); |
ad827ad0 VJ |
4955 | printf("\" != \""); |
4956 | PrintRawUriFp(stdout, ref3, reflen); | |
4957 | printf("\": "); | |
4958 | goto end; | |
4959 | } | |
4960 | } | |
4961 | ||
4962 | result = 1; | |
4963 | ||
4964 | end: | |
429c6388 | 4965 | if (alp_tctx != NULL) |
fdefb65b | 4966 | AppLayerParserThreadCtxFree(alp_tctx); |
ad827ad0 VJ |
4967 | HTPFreeConfig(); |
4968 | ConfDeInit(); | |
4969 | ConfRestoreContextBackup(); | |
4970 | HtpConfigRestoreBackup(); | |
4971 | ||
1eeb9669 | 4972 | StreamTcpFreeConfig(true); |
ad827ad0 VJ |
4973 | UTHFreeFlow(f); |
4974 | return result; | |
4975 | } | |
4976 | ||
4977 | /** \test Test %2f decoding in profile IDS | |
4978 | * | |
4979 | * %2f in path decoded to / | |
4980 | * %2f in query string is decoded to / | |
e839cea9 | 4981 | * %252f in query string is decoded to %2F |
ad827ad0 VJ |
4982 | */ |
4983 | static int HTPParserDecodingTest02(void) | |
4984 | { | |
4985 | int result = 0; | |
4986 | Flow *f = NULL; | |
4987 | uint8_t httpbuf1[] = | |
4988 | "GET /abc%2fdef HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n" | |
4989 | "GET /abc/def?ghi%2fjkl HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n" | |
4990 | "GET /abc/def?ghi%252fjkl HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n"; | |
4991 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
4992 | TcpSession ssn; | |
8dbf7a0d | 4993 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
ad827ad0 VJ |
4994 | |
4995 | HtpState *htp_state = NULL; | |
4996 | int r = 0; | |
4997 | char input[] = "\ | |
4998 | %YAML 1.1\n\ | |
4999 | ---\n\ | |
5000 | libhtp:\n\ | |
5001 | \n\ | |
5002 | default-config:\n\ | |
5003 | personality: IDS\n\ | |
e839cea9 VJ |
5004 | double-decode-path: no\n\ |
5005 | double-decode-query: no\n\ | |
ad827ad0 VJ |
5006 | "; |
5007 | ||
5008 | ConfCreateContextBackup(); | |
5009 | ConfInit(); | |
5010 | HtpConfigCreateBackup(); | |
5011 | ConfYamlLoadString(input, strlen(input)); | |
5012 | HTPConfigure(); | |
ab1200fb | 5013 | const char *addr = "4.3.2.1"; |
ad827ad0 VJ |
5014 | memset(&ssn, 0, sizeof(ssn)); |
5015 | ||
5016 | f = UTHBuildFlow(AF_INET, "1.2.3.4", addr, 1024, 80); | |
5017 | if (f == NULL) | |
5018 | goto end; | |
5019 | f->protoctx = &ssn; | |
429c6388 | 5020 | f->proto = IPPROTO_TCP; |
707f0272 | 5021 | f->alproto = ALPROTO_HTTP1; |
ad827ad0 | 5022 | |
1eeb9669 | 5023 | StreamTcpInitConfig(true); |
ad827ad0 VJ |
5024 | |
5025 | uint32_t u; | |
5026 | for (u = 0; u < httplen1; u++) { | |
5027 | uint8_t flags = 0; | |
5028 | ||
5029 | if (u == 0) flags = STREAM_TOSERVER|STREAM_START; | |
5030 | else if (u == (httplen1 - 1)) flags = STREAM_TOSERVER|STREAM_EOF; | |
5031 | else flags = STREAM_TOSERVER; | |
5032 | ||
6530c3d0 | 5033 | FLOWLOCK_WRLOCK(f); |
707f0272 | 5034 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
ad827ad0 VJ |
5035 | if (r != 0) { |
5036 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
5037 | " 0: ", u, r); | |
6530c3d0 | 5038 | FLOWLOCK_UNLOCK(f); |
ad827ad0 VJ |
5039 | goto end; |
5040 | } | |
6530c3d0 | 5041 | FLOWLOCK_UNLOCK(f); |
ad827ad0 VJ |
5042 | } |
5043 | ||
5044 | htp_state = f->alstate; | |
5045 | if (htp_state == NULL) { | |
5046 | printf("no http state: "); | |
ad827ad0 VJ |
5047 | goto end; |
5048 | } | |
5049 | ||
5050 | uint8_t ref1[] = "/abc/def"; | |
5051 | size_t reflen = sizeof(ref1) - 1; | |
5052 | ||
d4d18e31 | 5053 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); |
48cf0585 AS |
5054 | if (tx == NULL) |
5055 | goto end; | |
5056 | HtpTxUserData *tx_ud = (HtpTxUserData *)htp_tx_get_user_data(tx); | |
5057 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
5058 | if (reflen != bstr_len(tx_ud->request_uri_normalized)) { | |
ad827ad0 | 5059 | printf("normalized uri len should be %"PRIuMAX", is %"PRIuMAX, |
48cf0585 | 5060 | (uintmax_t)reflen, |
d5fdfa4b | 5061 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
ad827ad0 VJ |
5062 | goto end; |
5063 | } | |
5064 | ||
48cf0585 AS |
5065 | if (memcmp(bstr_ptr(tx_ud->request_uri_normalized), ref1, |
5066 | bstr_len(tx_ud->request_uri_normalized)) != 0) | |
ad827ad0 VJ |
5067 | { |
5068 | printf("normalized uri \""); | |
48cf0585 | 5069 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); |
ad827ad0 VJ |
5070 | printf("\" != \""); |
5071 | PrintRawUriFp(stdout, ref1, reflen); | |
5072 | printf("\": "); | |
5073 | goto end; | |
5074 | } | |
5075 | } | |
5076 | ||
5077 | uint8_t ref2[] = "/abc/def?ghi/jkl"; | |
5078 | reflen = sizeof(ref2) - 1; | |
5079 | ||
d4d18e31 | 5080 | tx = HTPStateGetTx(htp_state, 1); |
48cf0585 AS |
5081 | if (tx == NULL) |
5082 | goto end; | |
5083 | tx_ud = (HtpTxUserData *)htp_tx_get_user_data(tx); | |
5084 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
5085 | if (reflen != bstr_len(tx_ud->request_uri_normalized)) { | |
ad827ad0 | 5086 | printf("normalized uri len should be %"PRIuMAX", is %"PRIuMAX, |
48cf0585 | 5087 | (uintmax_t)reflen, |
d5fdfa4b | 5088 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
ad827ad0 VJ |
5089 | goto end; |
5090 | } | |
5091 | ||
48cf0585 AS |
5092 | if (memcmp(bstr_ptr(tx_ud->request_uri_normalized), ref2, |
5093 | bstr_len(tx_ud->request_uri_normalized)) != 0) | |
ad827ad0 VJ |
5094 | { |
5095 | printf("normalized uri \""); | |
48cf0585 | 5096 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); |
ad827ad0 VJ |
5097 | printf("\" != \""); |
5098 | PrintRawUriFp(stdout, ref2, reflen); | |
5099 | printf("\": "); | |
5100 | goto end; | |
5101 | } | |
5102 | } | |
5103 | ||
48cf0585 | 5104 | uint8_t ref3[] = "/abc/def?ghi%2fjkl"; |
e839cea9 | 5105 | reflen = sizeof(ref3) - 1; |
d4d18e31 | 5106 | tx = HTPStateGetTx(htp_state, 2); |
48cf0585 AS |
5107 | if (tx == NULL) |
5108 | goto end; | |
5109 | tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
5110 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
5111 | if (reflen != bstr_len(tx_ud->request_uri_normalized)) { | |
e839cea9 | 5112 | printf("normalized uri len should be %"PRIuMAX", is %"PRIuMAX" (3): ", |
48cf0585 | 5113 | (uintmax_t)reflen, |
d5fdfa4b | 5114 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
ad827ad0 VJ |
5115 | goto end; |
5116 | } | |
5117 | ||
48cf0585 AS |
5118 | if (memcmp(bstr_ptr(tx_ud->request_uri_normalized), ref3, |
5119 | bstr_len(tx_ud->request_uri_normalized)) != 0) | |
ad827ad0 VJ |
5120 | { |
5121 | printf("normalized uri \""); | |
48cf0585 | 5122 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); |
ad827ad0 VJ |
5123 | printf("\" != \""); |
5124 | PrintRawUriFp(stdout, ref3, reflen); | |
5125 | printf("\": "); | |
5126 | goto end; | |
5127 | } | |
5128 | } | |
5129 | ||
5130 | result = 1; | |
5131 | ||
5132 | end: | |
429c6388 | 5133 | if (alp_tctx != NULL) |
fdefb65b | 5134 | AppLayerParserThreadCtxFree(alp_tctx); |
ad827ad0 VJ |
5135 | HTPFreeConfig(); |
5136 | ConfDeInit(); | |
5137 | ConfRestoreContextBackup(); | |
5138 | HtpConfigRestoreBackup(); | |
5139 | ||
1eeb9669 | 5140 | StreamTcpFreeConfig(true); |
ad827ad0 VJ |
5141 | UTHFreeFlow(f); |
5142 | return result; | |
5143 | } | |
5144 | ||
e839cea9 VJ |
5145 | /** \test Test %2f decoding in profile IDS with double-decode-* options |
5146 | * | |
5147 | * %252f in path decoded to / | |
5148 | * %252f in query string is decoded to / | |
5149 | */ | |
5150 | static int HTPParserDecodingTest03(void) | |
5151 | { | |
5152 | int result = 0; | |
5153 | Flow *f = NULL; | |
5154 | uint8_t httpbuf1[] = | |
5155 | "GET /abc%252fdef HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n" | |
5156 | "GET /abc/def?ghi%252fjkl HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n"; | |
5157 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
5158 | TcpSession ssn; | |
8dbf7a0d | 5159 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
e839cea9 VJ |
5160 | |
5161 | HtpState *htp_state = NULL; | |
5162 | int r = 0; | |
5163 | char input[] = "\ | |
5164 | %YAML 1.1\n\ | |
5165 | ---\n\ | |
5166 | libhtp:\n\ | |
5167 | \n\ | |
5168 | default-config:\n\ | |
5169 | personality: IDS\n\ | |
5170 | double-decode-path: yes\n\ | |
5171 | double-decode-query: yes\n\ | |
5172 | "; | |
5173 | ||
5174 | ConfCreateContextBackup(); | |
5175 | ConfInit(); | |
5176 | HtpConfigCreateBackup(); | |
5177 | ConfYamlLoadString(input, strlen(input)); | |
5178 | HTPConfigure(); | |
ab1200fb | 5179 | const char *addr = "4.3.2.1"; |
e839cea9 VJ |
5180 | memset(&ssn, 0, sizeof(ssn)); |
5181 | ||
5182 | f = UTHBuildFlow(AF_INET, "1.2.3.4", addr, 1024, 80); | |
5183 | if (f == NULL) | |
5184 | goto end; | |
5185 | f->protoctx = &ssn; | |
429c6388 | 5186 | f->proto = IPPROTO_TCP; |
707f0272 | 5187 | f->alproto = ALPROTO_HTTP1; |
e839cea9 | 5188 | |
1eeb9669 | 5189 | StreamTcpInitConfig(true); |
e839cea9 VJ |
5190 | |
5191 | uint32_t u; | |
5192 | for (u = 0; u < httplen1; u++) { | |
5193 | uint8_t flags = 0; | |
5194 | ||
5195 | if (u == 0) flags = STREAM_TOSERVER|STREAM_START; | |
5196 | else if (u == (httplen1 - 1)) flags = STREAM_TOSERVER|STREAM_EOF; | |
5197 | else flags = STREAM_TOSERVER; | |
5198 | ||
6530c3d0 | 5199 | FLOWLOCK_WRLOCK(f); |
707f0272 | 5200 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
e839cea9 VJ |
5201 | if (r != 0) { |
5202 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
5203 | " 0: ", u, r); | |
6530c3d0 | 5204 | FLOWLOCK_UNLOCK(f); |
e839cea9 VJ |
5205 | goto end; |
5206 | } | |
6530c3d0 | 5207 | FLOWLOCK_UNLOCK(f); |
e839cea9 VJ |
5208 | } |
5209 | ||
5210 | htp_state = f->alstate; | |
5211 | if (htp_state == NULL) { | |
5212 | printf("no http state: "); | |
e839cea9 VJ |
5213 | goto end; |
5214 | } | |
5215 | ||
5216 | uint8_t ref1[] = "/abc/def"; | |
5217 | size_t reflen = sizeof(ref1) - 1; | |
5218 | ||
d4d18e31 | 5219 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); |
48cf0585 AS |
5220 | if (tx == NULL) |
5221 | goto end; | |
5222 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
5223 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
5224 | if (reflen != bstr_len(tx_ud->request_uri_normalized)) { | |
e839cea9 | 5225 | printf("normalized uri len should be %"PRIuMAX", is %"PRIuMAX, |
48cf0585 | 5226 | (uintmax_t)reflen, |
d5fdfa4b | 5227 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
e839cea9 VJ |
5228 | goto end; |
5229 | } | |
5230 | ||
48cf0585 AS |
5231 | if (memcmp(bstr_ptr(tx_ud->request_uri_normalized), ref1, |
5232 | bstr_len(tx_ud->request_uri_normalized)) != 0) | |
e839cea9 VJ |
5233 | { |
5234 | printf("normalized uri \""); | |
48cf0585 | 5235 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); |
e839cea9 VJ |
5236 | printf("\" != \""); |
5237 | PrintRawUriFp(stdout, ref1, reflen); | |
5238 | printf("\": "); | |
5239 | goto end; | |
5240 | } | |
5241 | } | |
5242 | ||
5243 | uint8_t ref2[] = "/abc/def?ghi/jkl"; | |
5244 | reflen = sizeof(ref2) - 1; | |
5245 | ||
d4d18e31 | 5246 | tx = HTPStateGetTx(htp_state, 1); |
48cf0585 AS |
5247 | if (tx == NULL) |
5248 | goto end; | |
5249 | tx_ud = (HtpTxUserData *)htp_tx_get_user_data(tx); | |
5250 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
5251 | if (reflen != bstr_len(tx_ud->request_uri_normalized)) { | |
e839cea9 | 5252 | printf("normalized uri len should be %"PRIuMAX", is %"PRIuMAX, |
48cf0585 | 5253 | (uintmax_t)reflen, |
d5fdfa4b | 5254 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
e839cea9 VJ |
5255 | goto end; |
5256 | } | |
5257 | ||
48cf0585 AS |
5258 | if (memcmp(bstr_ptr(tx_ud->request_uri_normalized), ref2, |
5259 | bstr_len(tx_ud->request_uri_normalized)) != 0) | |
e839cea9 VJ |
5260 | { |
5261 | printf("normalized uri \""); | |
48cf0585 | 5262 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); |
e839cea9 VJ |
5263 | printf("\" != \""); |
5264 | PrintRawUriFp(stdout, ref2, reflen); | |
5265 | printf("\": "); | |
5266 | goto end; | |
5267 | } | |
5268 | } | |
5269 | ||
5270 | result = 1; | |
5271 | ||
5272 | end: | |
429c6388 | 5273 | if (alp_tctx != NULL) |
fdefb65b | 5274 | AppLayerParserThreadCtxFree(alp_tctx); |
e839cea9 VJ |
5275 | HTPFreeConfig(); |
5276 | ConfDeInit(); | |
5277 | ConfRestoreContextBackup(); | |
5278 | HtpConfigRestoreBackup(); | |
5279 | ||
1eeb9669 | 5280 | StreamTcpFreeConfig(true); |
e839cea9 VJ |
5281 | UTHFreeFlow(f); |
5282 | return result; | |
5283 | } | |
5284 | ||
cc51eec5 VJ |
5285 | /** \test Test http:// in query profile IDS |
5286 | */ | |
5287 | static int HTPParserDecodingTest04(void) | |
5288 | { | |
5289 | int result = 0; | |
5290 | Flow *f = NULL; | |
5291 | uint8_t httpbuf1[] = | |
5292 | "GET /abc/def?a=http://www.abc.com/ HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n"; | |
5293 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
5294 | TcpSession ssn; | |
8dbf7a0d | 5295 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
cc51eec5 VJ |
5296 | |
5297 | HtpState *htp_state = NULL; | |
5298 | int r = 0; | |
5299 | char input[] = "\ | |
5300 | %YAML 1.1\n\ | |
5301 | ---\n\ | |
5302 | libhtp:\n\ | |
5303 | \n\ | |
5304 | default-config:\n\ | |
5305 | personality: IDS\n\ | |
5306 | double-decode-path: yes\n\ | |
5307 | double-decode-query: yes\n\ | |
5308 | "; | |
5309 | ||
5310 | ConfCreateContextBackup(); | |
5311 | ConfInit(); | |
5312 | HtpConfigCreateBackup(); | |
5313 | ConfYamlLoadString(input, strlen(input)); | |
5314 | HTPConfigure(); | |
ab1200fb | 5315 | const char *addr = "4.3.2.1"; |
cc51eec5 VJ |
5316 | memset(&ssn, 0, sizeof(ssn)); |
5317 | ||
5318 | f = UTHBuildFlow(AF_INET, "1.2.3.4", addr, 1024, 80); | |
5319 | if (f == NULL) | |
5320 | goto end; | |
5321 | f->protoctx = &ssn; | |
429c6388 | 5322 | f->proto = IPPROTO_TCP; |
707f0272 | 5323 | f->alproto = ALPROTO_HTTP1; |
cc51eec5 | 5324 | |
1eeb9669 | 5325 | StreamTcpInitConfig(true); |
cc51eec5 VJ |
5326 | |
5327 | uint32_t u; | |
5328 | for (u = 0; u < httplen1; u++) { | |
5329 | uint8_t flags = 0; | |
5330 | ||
5331 | if (u == 0) flags = STREAM_TOSERVER|STREAM_START; | |
5332 | else if (u == (httplen1 - 1)) flags = STREAM_TOSERVER|STREAM_EOF; | |
5333 | else flags = STREAM_TOSERVER; | |
5334 | ||
6530c3d0 | 5335 | FLOWLOCK_WRLOCK(f); |
707f0272 | 5336 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
cc51eec5 VJ |
5337 | if (r != 0) { |
5338 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
5339 | " 0: ", u, r); | |
6530c3d0 | 5340 | FLOWLOCK_UNLOCK(f); |
cc51eec5 VJ |
5341 | goto end; |
5342 | } | |
6530c3d0 | 5343 | FLOWLOCK_UNLOCK(f); |
cc51eec5 VJ |
5344 | } |
5345 | ||
5346 | htp_state = f->alstate; | |
5347 | if (htp_state == NULL) { | |
5348 | printf("no http state: "); | |
cc51eec5 VJ |
5349 | goto end; |
5350 | } | |
5351 | ||
5352 | uint8_t ref1[] = "/abc/def?a=http://www.abc.com/"; | |
5353 | size_t reflen = sizeof(ref1) - 1; | |
5354 | ||
d4d18e31 | 5355 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); |
48cf0585 AS |
5356 | if (tx == NULL) |
5357 | goto end; | |
5358 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
5359 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
5360 | if (reflen != bstr_len(tx_ud->request_uri_normalized)) { | |
cc51eec5 | 5361 | printf("normalized uri len should be %"PRIuMAX", is %"PRIuMAX, |
48cf0585 | 5362 | (uintmax_t)reflen, |
d5fdfa4b | 5363 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
cc51eec5 VJ |
5364 | goto end; |
5365 | } | |
5366 | ||
48cf0585 AS |
5367 | if (memcmp(bstr_ptr(tx_ud->request_uri_normalized), ref1, |
5368 | bstr_len(tx_ud->request_uri_normalized)) != 0) | |
cc51eec5 VJ |
5369 | { |
5370 | printf("normalized uri \""); | |
48cf0585 | 5371 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); |
cc51eec5 VJ |
5372 | printf("\" != \""); |
5373 | PrintRawUriFp(stdout, ref1, reflen); | |
5374 | printf("\": "); | |
5375 | goto end; | |
5376 | } | |
5377 | } | |
5378 | ||
5379 | result = 1; | |
5380 | ||
5381 | end: | |
429c6388 | 5382 | if (alp_tctx != NULL) |
fdefb65b | 5383 | AppLayerParserThreadCtxFree(alp_tctx); |
cc51eec5 VJ |
5384 | HTPFreeConfig(); |
5385 | ConfDeInit(); | |
5386 | ConfRestoreContextBackup(); | |
5387 | HtpConfigRestoreBackup(); | |
5388 | ||
1eeb9669 | 5389 | StreamTcpFreeConfig(true); |
cc51eec5 VJ |
5390 | UTHFreeFlow(f); |
5391 | return result; | |
5392 | } | |
5393 | ||
5394 | /** \test Test \ char in query profile IDS. Bug 739 | |
5395 | */ | |
5396 | static int HTPParserDecodingTest05(void) | |
5397 | { | |
5398 | int result = 0; | |
5399 | Flow *f = NULL; | |
5400 | uint8_t httpbuf1[] = | |
5401 | "GET /index?id=\\\"<script>alert(document.cookie)</script> HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n"; | |
5402 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
5403 | TcpSession ssn; | |
8dbf7a0d | 5404 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
cc51eec5 VJ |
5405 | |
5406 | HtpState *htp_state = NULL; | |
5407 | int r = 0; | |
5408 | char input[] = "\ | |
5409 | %YAML 1.1\n\ | |
5410 | ---\n\ | |
5411 | libhtp:\n\ | |
5412 | \n\ | |
5413 | default-config:\n\ | |
5414 | personality: IDS\n\ | |
5415 | double-decode-path: yes\n\ | |
5416 | double-decode-query: yes\n\ | |
5417 | "; | |
5418 | ||
5419 | ConfCreateContextBackup(); | |
5420 | ConfInit(); | |
5421 | HtpConfigCreateBackup(); | |
5422 | ConfYamlLoadString(input, strlen(input)); | |
5423 | HTPConfigure(); | |
ab1200fb | 5424 | const char *addr = "4.3.2.1"; |
cc51eec5 VJ |
5425 | memset(&ssn, 0, sizeof(ssn)); |
5426 | ||
5427 | f = UTHBuildFlow(AF_INET, "1.2.3.4", addr, 1024, 80); | |
5428 | if (f == NULL) | |
5429 | goto end; | |
5430 | f->protoctx = &ssn; | |
429c6388 | 5431 | f->proto = IPPROTO_TCP; |
707f0272 | 5432 | f->alproto = ALPROTO_HTTP1; |
cc51eec5 | 5433 | |
1eeb9669 | 5434 | StreamTcpInitConfig(true); |
cc51eec5 VJ |
5435 | |
5436 | uint32_t u; | |
5437 | for (u = 0; u < httplen1; u++) { | |
5438 | uint8_t flags = 0; | |
5439 | ||
5440 | if (u == 0) flags = STREAM_TOSERVER|STREAM_START; | |
5441 | else if (u == (httplen1 - 1)) flags = STREAM_TOSERVER|STREAM_EOF; | |
5442 | else flags = STREAM_TOSERVER; | |
5443 | ||
6530c3d0 | 5444 | FLOWLOCK_WRLOCK(f); |
707f0272 | 5445 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
cc51eec5 VJ |
5446 | if (r != 0) { |
5447 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
5448 | " 0: ", u, r); | |
6530c3d0 | 5449 | FLOWLOCK_UNLOCK(f); |
cc51eec5 VJ |
5450 | goto end; |
5451 | } | |
6530c3d0 | 5452 | FLOWLOCK_UNLOCK(f); |
cc51eec5 VJ |
5453 | } |
5454 | ||
5455 | htp_state = f->alstate; | |
5456 | if (htp_state == NULL) { | |
5457 | printf("no http state: "); | |
cc51eec5 VJ |
5458 | goto end; |
5459 | } | |
5460 | ||
5461 | uint8_t ref1[] = "/index?id=\\\"<script>alert(document.cookie)</script>"; | |
5462 | size_t reflen = sizeof(ref1) - 1; | |
5463 | ||
d4d18e31 | 5464 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); |
48cf0585 AS |
5465 | if (tx == NULL) |
5466 | goto end; | |
5467 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
5468 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
5469 | if (reflen != bstr_len(tx_ud->request_uri_normalized)) { | |
cc51eec5 | 5470 | printf("normalized uri len should be %"PRIuMAX", is %"PRIuMAX, |
48cf0585 | 5471 | (uintmax_t)reflen, |
d5fdfa4b | 5472 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
cc51eec5 VJ |
5473 | goto end; |
5474 | } | |
5475 | ||
48cf0585 AS |
5476 | if (memcmp(bstr_ptr(tx_ud->request_uri_normalized), ref1, |
5477 | bstr_len(tx_ud->request_uri_normalized)) != 0) | |
cc51eec5 VJ |
5478 | { |
5479 | printf("normalized uri \""); | |
48cf0585 | 5480 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); |
cc51eec5 VJ |
5481 | printf("\" != \""); |
5482 | PrintRawUriFp(stdout, ref1, reflen); | |
5483 | printf("\": "); | |
5484 | goto end; | |
5485 | } | |
5486 | } | |
5487 | ||
5488 | result = 1; | |
5489 | ||
5490 | end: | |
429c6388 | 5491 | if (alp_tctx != NULL) |
fdefb65b | 5492 | AppLayerParserThreadCtxFree(alp_tctx); |
cc51eec5 VJ |
5493 | HTPFreeConfig(); |
5494 | ConfDeInit(); | |
5495 | ConfRestoreContextBackup(); | |
5496 | HtpConfigRestoreBackup(); | |
5497 | ||
1eeb9669 | 5498 | StreamTcpFreeConfig(true); |
cc51eec5 VJ |
5499 | UTHFreeFlow(f); |
5500 | return result; | |
5501 | } | |
5502 | ||
9a7353e1 VJ |
5503 | /** \test Test + char in query. Bug 1035 |
5504 | */ | |
5505 | static int HTPParserDecodingTest06(void) | |
5506 | { | |
5507 | int result = 0; | |
5508 | Flow *f = NULL; | |
5509 | uint8_t httpbuf1[] = | |
5510 | "GET /put.php?ip=1.2.3.4&port=+6000 HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n"; | |
5511 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
5512 | TcpSession ssn; | |
8dbf7a0d | 5513 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
9a7353e1 VJ |
5514 | |
5515 | HtpState *htp_state = NULL; | |
5516 | int r = 0; | |
5517 | char input[] = "\ | |
5518 | %YAML 1.1\n\ | |
5519 | ---\n\ | |
5520 | libhtp:\n\ | |
5521 | \n\ | |
5522 | default-config:\n\ | |
5523 | personality: IDS\n\ | |
5524 | double-decode-path: yes\n\ | |
5525 | double-decode-query: yes\n\ | |
5526 | "; | |
5527 | ||
5528 | ConfCreateContextBackup(); | |
5529 | ConfInit(); | |
5530 | HtpConfigCreateBackup(); | |
5531 | ConfYamlLoadString(input, strlen(input)); | |
5532 | HTPConfigure(); | |
ab1200fb | 5533 | const char *addr = "4.3.2.1"; |
9a7353e1 VJ |
5534 | memset(&ssn, 0, sizeof(ssn)); |
5535 | ||
5536 | f = UTHBuildFlow(AF_INET, "1.2.3.4", addr, 1024, 80); | |
5537 | if (f == NULL) | |
5538 | goto end; | |
5539 | f->protoctx = &ssn; | |
429c6388 | 5540 | f->proto = IPPROTO_TCP; |
707f0272 | 5541 | f->alproto = ALPROTO_HTTP1; |
9a7353e1 | 5542 | |
1eeb9669 | 5543 | StreamTcpInitConfig(true); |
9a7353e1 VJ |
5544 | |
5545 | uint32_t u; | |
5546 | for (u = 0; u < httplen1; u++) { | |
5547 | uint8_t flags = 0; | |
5548 | ||
5549 | if (u == 0) flags = STREAM_TOSERVER|STREAM_START; | |
5550 | else if (u == (httplen1 - 1)) flags = STREAM_TOSERVER|STREAM_EOF; | |
5551 | else flags = STREAM_TOSERVER; | |
5552 | ||
6530c3d0 | 5553 | FLOWLOCK_WRLOCK(f); |
707f0272 | 5554 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
9a7353e1 VJ |
5555 | if (r != 0) { |
5556 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
5557 | " 0: ", u, r); | |
6530c3d0 | 5558 | FLOWLOCK_UNLOCK(f); |
9a7353e1 VJ |
5559 | goto end; |
5560 | } | |
6530c3d0 | 5561 | FLOWLOCK_UNLOCK(f); |
9a7353e1 VJ |
5562 | } |
5563 | ||
5564 | htp_state = f->alstate; | |
5565 | if (htp_state == NULL) { | |
5566 | printf("no http state: "); | |
9a7353e1 VJ |
5567 | goto end; |
5568 | } | |
5569 | ||
5570 | uint8_t ref1[] = "/put.php?ip=1.2.3.4&port=+6000"; | |
5571 | size_t reflen = sizeof(ref1) - 1; | |
5572 | ||
5573 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); | |
5574 | if (tx == NULL) | |
5575 | goto end; | |
5576 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
5577 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
5578 | if (reflen != bstr_len(tx_ud->request_uri_normalized)) { | |
5579 | printf("normalized uri len should be %"PRIuMAX", is %"PRIuMAX, | |
5580 | (uintmax_t)reflen, | |
d5fdfa4b | 5581 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
9a7353e1 VJ |
5582 | goto end; |
5583 | } | |
5584 | ||
5585 | if (memcmp(bstr_ptr(tx_ud->request_uri_normalized), ref1, | |
5586 | bstr_len(tx_ud->request_uri_normalized)) != 0) | |
5587 | { | |
5588 | printf("normalized uri \""); | |
5589 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); | |
5590 | printf("\" != \""); | |
5591 | PrintRawUriFp(stdout, ref1, reflen); | |
5592 | printf("\": "); | |
5593 | goto end; | |
5594 | } | |
5595 | } | |
5596 | ||
5597 | result = 1; | |
5598 | ||
5599 | end: | |
429c6388 | 5600 | if (alp_tctx != NULL) |
fdefb65b | 5601 | AppLayerParserThreadCtxFree(alp_tctx); |
9a7353e1 VJ |
5602 | HTPFreeConfig(); |
5603 | ConfDeInit(); | |
5604 | ConfRestoreContextBackup(); | |
5605 | HtpConfigRestoreBackup(); | |
5606 | ||
1eeb9669 | 5607 | StreamTcpFreeConfig(true); |
9a7353e1 VJ |
5608 | UTHFreeFlow(f); |
5609 | return result; | |
5610 | } | |
5611 | ||
5612 | /** \test Test + char in query. Bug 1035 | |
5613 | */ | |
5614 | static int HTPParserDecodingTest07(void) | |
5615 | { | |
5616 | int result = 0; | |
5617 | Flow *f = NULL; | |
5618 | uint8_t httpbuf1[] = | |
5619 | "GET /put.php?ip=1.2.3.4&port=+6000 HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n"; | |
5620 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
5621 | TcpSession ssn; | |
8dbf7a0d | 5622 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
9a7353e1 VJ |
5623 | |
5624 | HtpState *htp_state = NULL; | |
5625 | int r = 0; | |
5626 | char input[] = "\ | |
5627 | %YAML 1.1\n\ | |
5628 | ---\n\ | |
5629 | libhtp:\n\ | |
5630 | \n\ | |
5631 | default-config:\n\ | |
5632 | personality: IDS\n\ | |
5633 | double-decode-path: yes\n\ | |
5634 | double-decode-query: yes\n\ | |
5635 | query-plusspace-decode: yes\n\ | |
5636 | "; | |
5637 | ||
5638 | ConfCreateContextBackup(); | |
5639 | ConfInit(); | |
5640 | HtpConfigCreateBackup(); | |
5641 | ConfYamlLoadString(input, strlen(input)); | |
5642 | HTPConfigure(); | |
ab1200fb | 5643 | const char *addr = "4.3.2.1"; |
9a7353e1 VJ |
5644 | memset(&ssn, 0, sizeof(ssn)); |
5645 | ||
5646 | f = UTHBuildFlow(AF_INET, "1.2.3.4", addr, 1024, 80); | |
5647 | if (f == NULL) | |
5648 | goto end; | |
5649 | f->protoctx = &ssn; | |
429c6388 | 5650 | f->proto = IPPROTO_TCP; |
707f0272 | 5651 | f->alproto = ALPROTO_HTTP1; |
9a7353e1 | 5652 | |
1eeb9669 | 5653 | StreamTcpInitConfig(true); |
9a7353e1 VJ |
5654 | |
5655 | uint32_t u; | |
5656 | for (u = 0; u < httplen1; u++) { | |
5657 | uint8_t flags = 0; | |
5658 | ||
5659 | if (u == 0) flags = STREAM_TOSERVER|STREAM_START; | |
5660 | else if (u == (httplen1 - 1)) flags = STREAM_TOSERVER|STREAM_EOF; | |
5661 | else flags = STREAM_TOSERVER; | |
5662 | ||
6530c3d0 | 5663 | FLOWLOCK_WRLOCK(f); |
707f0272 | 5664 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
9a7353e1 VJ |
5665 | if (r != 0) { |
5666 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
5667 | " 0: ", u, r); | |
6530c3d0 | 5668 | FLOWLOCK_UNLOCK(f); |
9a7353e1 VJ |
5669 | goto end; |
5670 | } | |
6530c3d0 | 5671 | FLOWLOCK_UNLOCK(f); |
9a7353e1 VJ |
5672 | } |
5673 | ||
5674 | htp_state = f->alstate; | |
5675 | if (htp_state == NULL) { | |
5676 | printf("no http state: "); | |
9a7353e1 VJ |
5677 | goto end; |
5678 | } | |
5679 | ||
5680 | uint8_t ref1[] = "/put.php?ip=1.2.3.4&port= 6000"; | |
5681 | size_t reflen = sizeof(ref1) - 1; | |
5682 | ||
5683 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); | |
5684 | if (tx == NULL) | |
5685 | goto end; | |
5686 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
5687 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
5688 | if (reflen != bstr_len(tx_ud->request_uri_normalized)) { | |
5689 | printf("normalized uri len should be %"PRIuMAX", is %"PRIuMAX, | |
5690 | (uintmax_t)reflen, | |
d5fdfa4b | 5691 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
9a7353e1 VJ |
5692 | goto end; |
5693 | } | |
5694 | ||
5695 | if (memcmp(bstr_ptr(tx_ud->request_uri_normalized), ref1, | |
5696 | bstr_len(tx_ud->request_uri_normalized)) != 0) | |
5697 | { | |
5698 | printf("normalized uri \""); | |
5699 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); | |
5700 | printf("\" != \""); | |
5701 | PrintRawUriFp(stdout, ref1, reflen); | |
5702 | printf("\": "); | |
5703 | goto end; | |
5704 | } | |
5705 | } | |
5706 | ||
5707 | result = 1; | |
5708 | ||
5709 | end: | |
429c6388 | 5710 | if (alp_tctx != NULL) |
fdefb65b | 5711 | AppLayerParserThreadCtxFree(alp_tctx); |
9a7353e1 VJ |
5712 | HTPFreeConfig(); |
5713 | ConfDeInit(); | |
5714 | ConfRestoreContextBackup(); | |
5715 | HtpConfigRestoreBackup(); | |
5716 | ||
1eeb9669 | 5717 | StreamTcpFreeConfig(true); |
9a7353e1 VJ |
5718 | UTHFreeFlow(f); |
5719 | return result; | |
5720 | } | |
5721 | ||
a8b971c7 VJ |
5722 | /** \test Test 'proxy' URI normalization. Ticket 1008 |
5723 | */ | |
5724 | static int HTPParserDecodingTest08(void) | |
5725 | { | |
5726 | int result = 0; | |
5727 | Flow *f = NULL; | |
5728 | uint8_t httpbuf1[] = | |
5729 | "GET http://suricata-ids.org/blah/ HTTP/1.1\r\nHost: suricata-ids.org\r\n\r\n"; | |
5730 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
5731 | TcpSession ssn; | |
8dbf7a0d | 5732 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
a8b971c7 VJ |
5733 | |
5734 | HtpState *htp_state = NULL; | |
5735 | int r = 0; | |
5736 | char input[] = "\ | |
5737 | %YAML 1.1\n\ | |
5738 | ---\n\ | |
5739 | libhtp:\n\ | |
5740 | \n\ | |
5741 | default-config:\n\ | |
5742 | personality: IDS\n\ | |
5743 | "; | |
5744 | ||
5745 | ConfCreateContextBackup(); | |
5746 | ConfInit(); | |
5747 | HtpConfigCreateBackup(); | |
5748 | ConfYamlLoadString(input, strlen(input)); | |
5749 | HTPConfigure(); | |
ab1200fb | 5750 | const char *addr = "4.3.2.1"; |
a8b971c7 VJ |
5751 | memset(&ssn, 0, sizeof(ssn)); |
5752 | ||
5753 | f = UTHBuildFlow(AF_INET, "1.2.3.4", addr, 1024, 80); | |
5754 | if (f == NULL) | |
5755 | goto end; | |
5756 | f->protoctx = &ssn; | |
429c6388 | 5757 | f->proto = IPPROTO_TCP; |
707f0272 | 5758 | f->alproto = ALPROTO_HTTP1; |
a8b971c7 | 5759 | |
1eeb9669 | 5760 | StreamTcpInitConfig(true); |
a8b971c7 VJ |
5761 | |
5762 | uint32_t u; | |
5763 | for (u = 0; u < httplen1; u++) { | |
5764 | uint8_t flags = 0; | |
5765 | ||
5766 | if (u == 0) flags = STREAM_TOSERVER|STREAM_START; | |
5767 | else if (u == (httplen1 - 1)) flags = STREAM_TOSERVER|STREAM_EOF; | |
5768 | else flags = STREAM_TOSERVER; | |
5769 | ||
6530c3d0 | 5770 | FLOWLOCK_WRLOCK(f); |
707f0272 | 5771 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
a8b971c7 VJ |
5772 | if (r != 0) { |
5773 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
5774 | " 0: ", u, r); | |
6530c3d0 | 5775 | FLOWLOCK_UNLOCK(f); |
a8b971c7 VJ |
5776 | goto end; |
5777 | } | |
6530c3d0 | 5778 | FLOWLOCK_UNLOCK(f); |
a8b971c7 VJ |
5779 | } |
5780 | ||
5781 | htp_state = f->alstate; | |
5782 | if (htp_state == NULL) { | |
5783 | printf("no http state: "); | |
a8b971c7 VJ |
5784 | goto end; |
5785 | } | |
5786 | ||
5787 | uint8_t ref1[] = "/blah/"; | |
5788 | size_t reflen = sizeof(ref1) - 1; | |
5789 | ||
5790 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); | |
5791 | if (tx == NULL) | |
5792 | goto end; | |
5793 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
5794 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
5795 | if (reflen != bstr_len(tx_ud->request_uri_normalized)) { | |
5796 | printf("normalized uri len should be %"PRIuMAX", is %"PRIuMAX, | |
5797 | (uintmax_t)reflen, | |
d5fdfa4b | 5798 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
a8b971c7 VJ |
5799 | goto end; |
5800 | } | |
5801 | ||
5802 | if (memcmp(bstr_ptr(tx_ud->request_uri_normalized), ref1, | |
5803 | bstr_len(tx_ud->request_uri_normalized)) != 0) | |
5804 | { | |
5805 | printf("normalized uri \""); | |
5806 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); | |
5807 | printf("\" != \""); | |
5808 | PrintRawUriFp(stdout, ref1, reflen); | |
5809 | printf("\": "); | |
5810 | goto end; | |
5811 | } | |
5812 | } | |
5813 | ||
5814 | result = 1; | |
5815 | ||
5816 | end: | |
429c6388 | 5817 | if (alp_tctx != NULL) |
fdefb65b | 5818 | AppLayerParserThreadCtxFree(alp_tctx); |
a8b971c7 VJ |
5819 | HTPFreeConfig(); |
5820 | ConfDeInit(); | |
5821 | ConfRestoreContextBackup(); | |
5822 | HtpConfigRestoreBackup(); | |
5823 | ||
1eeb9669 | 5824 | StreamTcpFreeConfig(true); |
a8b971c7 VJ |
5825 | UTHFreeFlow(f); |
5826 | return result; | |
5827 | } | |
5828 | ||
5829 | /** \test Test 'proxy' URI normalization. Ticket 1008 | |
5830 | */ | |
5831 | static int HTPParserDecodingTest09(void) | |
5832 | { | |
5833 | int result = 0; | |
5834 | Flow *f = NULL; | |
5835 | uint8_t httpbuf1[] = | |
5836 | "GET http://suricata-ids.org/blah/ HTTP/1.1\r\nHost: suricata-ids.org\r\n\r\n"; | |
5837 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
5838 | TcpSession ssn; | |
8dbf7a0d | 5839 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
a8b971c7 VJ |
5840 | |
5841 | HtpState *htp_state = NULL; | |
5842 | int r = 0; | |
5843 | char input[] = "\ | |
5844 | %YAML 1.1\n\ | |
5845 | ---\n\ | |
5846 | libhtp:\n\ | |
5847 | \n\ | |
5848 | default-config:\n\ | |
5849 | personality: IDS\n\ | |
5850 | uri-include-all: true\n\ | |
5851 | "; | |
5852 | ||
5853 | ConfCreateContextBackup(); | |
5854 | ConfInit(); | |
5855 | HtpConfigCreateBackup(); | |
5856 | ConfYamlLoadString(input, strlen(input)); | |
5857 | HTPConfigure(); | |
ab1200fb | 5858 | const char *addr = "4.3.2.1"; |
a8b971c7 VJ |
5859 | memset(&ssn, 0, sizeof(ssn)); |
5860 | ||
5861 | f = UTHBuildFlow(AF_INET, "1.2.3.4", addr, 1024, 80); | |
5862 | if (f == NULL) | |
5863 | goto end; | |
5864 | f->protoctx = &ssn; | |
429c6388 | 5865 | f->proto = IPPROTO_TCP; |
707f0272 | 5866 | f->alproto = ALPROTO_HTTP1; |
a8b971c7 | 5867 | |
1eeb9669 | 5868 | StreamTcpInitConfig(true); |
a8b971c7 VJ |
5869 | |
5870 | uint32_t u; | |
5871 | for (u = 0; u < httplen1; u++) { | |
5872 | uint8_t flags = 0; | |
5873 | ||
5874 | if (u == 0) flags = STREAM_TOSERVER|STREAM_START; | |
5875 | else if (u == (httplen1 - 1)) flags = STREAM_TOSERVER|STREAM_EOF; | |
5876 | else flags = STREAM_TOSERVER; | |
5877 | ||
6530c3d0 | 5878 | FLOWLOCK_WRLOCK(f); |
707f0272 | 5879 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, &httpbuf1[u], 1); |
a8b971c7 VJ |
5880 | if (r != 0) { |
5881 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
5882 | " 0: ", u, r); | |
6530c3d0 | 5883 | FLOWLOCK_UNLOCK(f); |
a8b971c7 VJ |
5884 | goto end; |
5885 | } | |
6530c3d0 | 5886 | FLOWLOCK_UNLOCK(f); |
a8b971c7 VJ |
5887 | } |
5888 | ||
5889 | htp_state = f->alstate; | |
5890 | if (htp_state == NULL) { | |
5891 | printf("no http state: "); | |
a8b971c7 VJ |
5892 | goto end; |
5893 | } | |
5894 | ||
5895 | uint8_t ref1[] = "http://suricata-ids.org/blah/"; | |
5896 | size_t reflen = sizeof(ref1) - 1; | |
5897 | ||
5898 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); | |
5899 | if (tx == NULL) | |
5900 | goto end; | |
5901 | HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(tx); | |
5902 | if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | |
5903 | if (reflen != bstr_len(tx_ud->request_uri_normalized)) { | |
5904 | printf("normalized uri len should be %"PRIuMAX", is %"PRIuMAX, | |
5905 | (uintmax_t)reflen, | |
d5fdfa4b | 5906 | (uintmax_t)bstr_len(tx_ud->request_uri_normalized)); |
a8b971c7 VJ |
5907 | goto end; |
5908 | } | |
5909 | ||
5910 | if (memcmp(bstr_ptr(tx_ud->request_uri_normalized), ref1, | |
5911 | bstr_len(tx_ud->request_uri_normalized)) != 0) | |
5912 | { | |
5913 | printf("normalized uri \""); | |
5914 | PrintRawUriFp(stdout, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); | |
5915 | printf("\" != \""); | |
5916 | PrintRawUriFp(stdout, ref1, reflen); | |
5917 | printf("\": "); | |
5918 | goto end; | |
5919 | } | |
5920 | } | |
5921 | ||
5922 | result = 1; | |
5923 | ||
5924 | end: | |
429c6388 | 5925 | if (alp_tctx != NULL) |
fdefb65b | 5926 | AppLayerParserThreadCtxFree(alp_tctx); |
a8b971c7 VJ |
5927 | HTPFreeConfig(); |
5928 | ConfDeInit(); | |
5929 | ConfRestoreContextBackup(); | |
5930 | HtpConfigRestoreBackup(); | |
5931 | ||
1eeb9669 | 5932 | StreamTcpFreeConfig(true); |
a8b971c7 VJ |
5933 | UTHFreeFlow(f); |
5934 | return result; | |
5935 | } | |
5936 | ||
fcc21ae4 VJ |
5937 | /** \test BG box crash -- chunks are messed up. Observed for real. */ |
5938 | static int HTPBodyReassemblyTest01(void) | |
5939 | { | |
5940 | int result = 0; | |
5941 | HtpTxUserData htud; | |
5942 | memset(&htud, 0x00, sizeof(htud)); | |
5943 | HtpState hstate; | |
5944 | memset(&hstate, 0x00, sizeof(hstate)); | |
5945 | Flow flow; | |
5946 | memset(&flow, 0x00, sizeof(flow)); | |
9634e60e | 5947 | AppLayerParserState *parser = AppLayerParserStateAlloc(); |
94e25276 AS |
5948 | htp_tx_t tx; |
5949 | memset(&tx, 0, sizeof(tx)); | |
fcc21ae4 VJ |
5950 | |
5951 | hstate.f = &flow; | |
c7ae662d | 5952 | flow.alparser = parser; |
fcc21ae4 VJ |
5953 | |
5954 | uint8_t chunk1[] = "--e5a320f21416a02493a0a6f561b1c494\r\nContent-Disposition: form-data; name=\"uploadfile\"; filename=\"D2GUef.jpg\"\r"; | |
5955 | uint8_t chunk2[] = "POST /uri HTTP/1.1\r\nHost: hostname.com\r\nKeep-Alive: 115\r\nAccept-Charset: utf-8\r\nUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:9.0.1) Gecko/20100101 Firefox/9.0.1\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nConnection: keep-alive\r\nContent-length: 68102\r\nReferer: http://otherhost.com\r\nAccept-Encoding: gzip\r\nContent-Type: multipart/form-data; boundary=e5a320f21416a02493a0a6f561b1c494\r\nCookie: blah\r\nAccept-Language: us\r\n\r\n--e5a320f21416a02493a0a6f561b1c494\r\nContent-Disposition: form-data; name=\"uploadfile\"; filename=\"D2GUef.jpg\"\r"; | |
5956 | ||
6fb808fc | 5957 | int r = HtpBodyAppendChunk(NULL, &htud.request_body, chunk1, sizeof(chunk1)-1); |
fcc21ae4 | 5958 | BUG_ON(r != 0); |
6fb808fc | 5959 | r = HtpBodyAppendChunk(NULL, &htud.request_body, chunk2, sizeof(chunk2)-1); |
fcc21ae4 VJ |
5960 | BUG_ON(r != 0); |
5961 | ||
46e55f1e | 5962 | const uint8_t *chunks_buffer = NULL; |
fcc21ae4 VJ |
5963 | uint32_t chunks_buffer_len = 0; |
5964 | ||
5965 | HtpRequestBodyReassemble(&htud, &chunks_buffer, &chunks_buffer_len); | |
5966 | if (chunks_buffer == NULL) { | |
5967 | goto end; | |
5968 | } | |
5969 | #ifdef PRINT | |
5970 | printf("REASSCHUNK START: \n"); | |
5971 | PrintRawDataFp(stdout, chunks_buffer, chunks_buffer_len); | |
5972 | printf("REASSCHUNK END: \n"); | |
5973 | #endif | |
5974 | ||
94e25276 | 5975 | HtpRequestBodyHandleMultipart(&hstate, &htud, &tx, chunks_buffer, chunks_buffer_len); |
fcc21ae4 VJ |
5976 | |
5977 | if (htud.request_body.content_len_so_far != 669) { | |
5978 | printf("htud.request_body.content_len_so_far %"PRIu64": ", htud.request_body.content_len_so_far); | |
5979 | goto end; | |
5980 | } | |
5981 | ||
5982 | if (hstate.files_ts != NULL) | |
5983 | goto end; | |
5984 | ||
5985 | result = 1; | |
5986 | end: | |
5987 | return result; | |
5988 | } | |
5989 | ||
5990 | /** \test BG crash */ | |
8f1d7503 KS |
5991 | static int HTPSegvTest01(void) |
5992 | { | |
fcc21ae4 VJ |
5993 | int result = 0; |
5994 | Flow *f = NULL; | |
5995 | uint8_t httpbuf1[] = "POST /uri HTTP/1.1\r\nHost: hostname.com\r\nKeep-Alive: 115\r\nAccept-Charset: utf-8\r\nUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:9.0.1) Gecko/20100101 Firefox/9.0.1\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nConnection: keep-alive\r\nContent-length: 68102\r\nReferer: http://otherhost.com\r\nAccept-Encoding: gzip\r\nContent-Type: multipart/form-data; boundary=e5a320f21416a02493a0a6f561b1c494\r\nCookie: blah\r\nAccept-Language: us\r\n\r\n--e5a320f21416a02493a0a6f561b1c494\r\nContent-Disposition: form-data; name=\"uploadfile\"; filename=\"D2GUef.jpg\"\r"; | |
5996 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
5997 | char input[] = "\ | |
5998 | %YAML 1.1\n\ | |
5999 | ---\n\ | |
6000 | libhtp:\n\ | |
6001 | \n\ | |
6002 | default-config:\n\ | |
6003 | personality: IDS\n\ | |
6004 | double-decode-path: no\n\ | |
6005 | double-decode-query: no\n\ | |
6006 | request-body-limit: 0\n\ | |
6007 | response-body-limit: 0\n\ | |
6008 | "; | |
6009 | ||
6010 | ConfCreateContextBackup(); | |
6011 | ConfInit(); | |
6012 | HtpConfigCreateBackup(); | |
6013 | ConfYamlLoadString(input, strlen(input)); | |
6014 | HTPConfigure(); | |
6015 | ||
6016 | TcpSession ssn; | |
6017 | HtpState *http_state = NULL; | |
8dbf7a0d | 6018 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
fcc21ae4 VJ |
6019 | |
6020 | memset(&ssn, 0, sizeof(ssn)); | |
6021 | ||
6022 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
6023 | if (f == NULL) | |
6024 | goto end; | |
6025 | f->protoctx = &ssn; | |
429c6388 | 6026 | f->proto = IPPROTO_TCP; |
707f0272 | 6027 | f->alproto = ALPROTO_HTTP1; |
fcc21ae4 | 6028 | |
1eeb9669 | 6029 | StreamTcpInitConfig(true); |
fcc21ae4 VJ |
6030 | |
6031 | SCLogDebug("\n>>>> processing chunk 1 <<<<\n"); | |
6530c3d0 | 6032 | FLOWLOCK_WRLOCK(f); |
707f0272 PA |
6033 | int r = AppLayerParserParse( |
6034 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER | STREAM_START, httpbuf1, httplen1); | |
fcc21ae4 VJ |
6035 | if (r != 0) { |
6036 | printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); | |
6530c3d0 | 6037 | FLOWLOCK_UNLOCK(f); |
fcc21ae4 VJ |
6038 | goto end; |
6039 | } | |
6530c3d0 | 6040 | FLOWLOCK_UNLOCK(f); |
fcc21ae4 | 6041 | SCLogDebug("\n>>>> processing chunk 1 again <<<<\n"); |
6530c3d0 | 6042 | FLOWLOCK_WRLOCK(f); |
707f0272 | 6043 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER, httpbuf1, httplen1); |
fcc21ae4 VJ |
6044 | if (r != 0) { |
6045 | printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); | |
6530c3d0 | 6046 | FLOWLOCK_UNLOCK(f); |
fcc21ae4 VJ |
6047 | goto end; |
6048 | } | |
6530c3d0 | 6049 | FLOWLOCK_UNLOCK(f); |
fcc21ae4 VJ |
6050 | |
6051 | http_state = f->alstate; | |
6052 | if (http_state == NULL) { | |
6053 | printf("no http state: "); | |
fcc21ae4 VJ |
6054 | goto end; |
6055 | } | |
6056 | ||
6530c3d0 | 6057 | FLOWLOCK_WRLOCK(f); |
429c6388 | 6058 | AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(f->alparser); |
fcc21ae4 VJ |
6059 | if (decoder_events != NULL) { |
6060 | printf("app events: "); | |
6530c3d0 | 6061 | FLOWLOCK_UNLOCK(f); |
fcc21ae4 VJ |
6062 | goto end; |
6063 | } | |
6530c3d0 | 6064 | FLOWLOCK_UNLOCK(f); |
fcc21ae4 VJ |
6065 | result = 1; |
6066 | end: | |
429c6388 | 6067 | if (alp_tctx != NULL) |
fdefb65b | 6068 | AppLayerParserThreadCtxFree(alp_tctx); |
fcc21ae4 VJ |
6069 | HTPFreeConfig(); |
6070 | ConfDeInit(); | |
6071 | ConfRestoreContextBackup(); | |
6072 | HtpConfigRestoreBackup(); | |
1eeb9669 | 6073 | StreamTcpFreeConfig(true); |
fcc21ae4 VJ |
6074 | UTHFreeFlow(f); |
6075 | return result; | |
6076 | } | |
6077 | ||
129b6a65 | 6078 | /** \test Test really long request, this should result in HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG */ |
ab1200fb | 6079 | static int HTPParserTest14(void) |
8f1d7503 | 6080 | { |
129b6a65 VJ |
6081 | size_t len = 18887; |
6082 | TcpSession ssn; | |
129b6a65 VJ |
6083 | char input[] = "\ |
6084 | %YAML 1.1\n\ | |
6085 | ---\n\ | |
6086 | libhtp:\n\ | |
6087 | \n\ | |
6088 | default-config:\n\ | |
6089 | personality: IDS\n\ | |
6090 | double-decode-path: no\n\ | |
6091 | double-decode-query: no\n\ | |
6092 | request-body-limit: 0\n\ | |
6093 | response-body-limit: 0\n\ | |
6094 | "; | |
8dbf7a0d | 6095 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
26b61bad | 6096 | FAIL_IF_NULL(alp_tctx); |
129b6a65 VJ |
6097 | |
6098 | memset(&ssn, 0, sizeof(ssn)); | |
6099 | ||
6100 | ConfCreateContextBackup(); | |
6101 | ConfInit(); | |
6102 | HtpConfigCreateBackup(); | |
6103 | ConfYamlLoadString(input, strlen(input)); | |
6104 | HTPConfigure(); | |
6105 | ||
26b61bad VJ |
6106 | char *httpbuf = SCMalloc(len); |
6107 | FAIL_IF_NULL(httpbuf); | |
129b6a65 VJ |
6108 | memset(httpbuf, 0x00, len); |
6109 | ||
6110 | /* create the request with a longer than 18k cookie */ | |
6111 | strlcpy(httpbuf, "GET /blah/ HTTP/1.1\r\n" | |
6112 | "Host: myhost.lan\r\n" | |
6113 | "Connection: keep-alive\r\n" | |
6114 | "Accept: */*\r\n" | |
6115 | "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36\r\n" | |
6116 | "Referer: http://blah.lan/\r\n" | |
6117 | "Accept-Encoding: gzip,deflate,sdch\r\nAccept-Language: en-US,en;q=0.8\r\n" | |
6118 | "Cookie: ", len); | |
6119 | size_t o = strlen(httpbuf); | |
6120 | for ( ; o < len - 4; o++) { | |
6121 | httpbuf[o] = 'A'; | |
6122 | } | |
6123 | httpbuf[len - 4] = '\r'; | |
6124 | httpbuf[len - 3] = '\n'; | |
6125 | httpbuf[len - 2] = '\r'; | |
6126 | httpbuf[len - 1] = '\n'; | |
6127 | ||
26b61bad VJ |
6128 | Flow *f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); |
6129 | FAIL_IF_NULL(f); | |
129b6a65 | 6130 | f->protoctx = &ssn; |
707f0272 | 6131 | f->alproto = ALPROTO_HTTP1; |
429c6388 | 6132 | f->proto = IPPROTO_TCP; |
129b6a65 | 6133 | |
1eeb9669 | 6134 | StreamTcpInitConfig(true); |
129b6a65 VJ |
6135 | |
6136 | uint32_t u; | |
6137 | for (u = 0; u < len; u++) { | |
6138 | uint8_t flags = 0; | |
6139 | ||
6140 | if (u == 0) flags = STREAM_TOSERVER|STREAM_START; | |
6141 | else if (u == (len - 1)) flags = STREAM_TOSERVER|STREAM_EOF; | |
6142 | else flags = STREAM_TOSERVER; | |
6143 | ||
707f0272 PA |
6144 | (void)AppLayerParserParse( |
6145 | NULL, alp_tctx, f, ALPROTO_HTTP1, flags, (uint8_t *)&httpbuf[u], 1); | |
129b6a65 | 6146 | } |
26b61bad VJ |
6147 | HtpState *htp_state = f->alstate; |
6148 | FAIL_IF_NULL(htp_state); | |
129b6a65 VJ |
6149 | |
6150 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); | |
26b61bad VJ |
6151 | FAIL_IF_NULL(tx); |
6152 | FAIL_IF(tx->request_method_number != HTP_M_GET); | |
6153 | FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); | |
129b6a65 | 6154 | |
707f0272 PA |
6155 | void *txtmp = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP1, f->alstate, 0); |
6156 | AppLayerDecoderEvents *decoder_events = | |
6157 | AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP1, txtmp); | |
26b61bad | 6158 | FAIL_IF_NULL(decoder_events); |
129b6a65 | 6159 | |
26b61bad | 6160 | FAIL_IF(decoder_events->events[0] != HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG); |
129b6a65 | 6161 | |
26b61bad | 6162 | AppLayerParserThreadCtxFree(alp_tctx); |
1eeb9669 | 6163 | StreamTcpFreeConfig(true); |
129b6a65 | 6164 | UTHFreeFlow(f); |
26b61bad | 6165 | SCFree(httpbuf); |
129b6a65 VJ |
6166 | HTPFreeConfig(); |
6167 | ConfDeInit(); | |
6168 | ConfRestoreContextBackup(); | |
6169 | HtpConfigRestoreBackup(); | |
26b61bad | 6170 | PASS; |
129b6a65 | 6171 | } |
fb496791 VJ |
6172 | |
6173 | /** \test Test really long request (same as HTPParserTest14), now with config | |
6174 | * update to allow it */ | |
ab1200fb | 6175 | static int HTPParserTest15(void) |
8f1d7503 | 6176 | { |
fb496791 VJ |
6177 | int result = 0; |
6178 | Flow *f = NULL; | |
6179 | char *httpbuf = NULL; | |
6180 | size_t len = 18887; | |
6181 | TcpSession ssn; | |
6182 | HtpState *htp_state = NULL; | |
6183 | int r = 0; | |
6184 | char input[] = "\ | |
6185 | %YAML 1.1\n\ | |
6186 | ---\n\ | |
6187 | libhtp:\n\ | |
6188 | \n\ | |
6189 | default-config:\n\ | |
6190 | personality: IDS\n\ | |
6191 | double-decode-path: no\n\ | |
6192 | double-decode-query: no\n\ | |
6193 | request-body-limit: 0\n\ | |
6194 | response-body-limit: 0\n\ | |
6195 | meta-field-limit: 20000\n\ | |
6196 | "; | |
8dbf7a0d | 6197 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); |
fb496791 VJ |
6198 | |
6199 | memset(&ssn, 0, sizeof(ssn)); | |
6200 | ||
6201 | ConfCreateContextBackup(); | |
6202 | ConfInit(); | |
6203 | HtpConfigCreateBackup(); | |
6204 | ConfYamlLoadString(input, strlen(input)); | |
6205 | HTPConfigure(); | |
6206 | ||
6207 | httpbuf = SCMalloc(len); | |
6208 | if (unlikely(httpbuf == NULL)) | |
6209 | goto end; | |
6210 | memset(httpbuf, 0x00, len); | |
6211 | ||
6212 | /* create the request with a longer than 18k cookie */ | |
6213 | strlcpy(httpbuf, "GET /blah/ HTTP/1.1\r\n" | |
6214 | "Host: myhost.lan\r\n" | |
6215 | "Connection: keep-alive\r\n" | |
6216 | "Accept: */*\r\n" | |
6217 | "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36\r\n" | |
6218 | "Referer: http://blah.lan/\r\n" | |
6219 | "Accept-Encoding: gzip,deflate,sdch\r\nAccept-Language: en-US,en;q=0.8\r\n" | |
6220 | "Cookie: ", len); | |
6221 | size_t o = strlen(httpbuf); | |
6222 | for ( ; o < len - 4; o++) { | |
6223 | httpbuf[o] = 'A'; | |
6224 | } | |
6225 | httpbuf[len - 4] = '\r'; | |
6226 | httpbuf[len - 3] = '\n'; | |
6227 | httpbuf[len - 2] = '\r'; | |
6228 | httpbuf[len - 1] = '\n'; | |
6229 | ||
6230 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
6231 | if (f == NULL) | |
6232 | goto end; | |
6233 | f->protoctx = &ssn; | |
429c6388 | 6234 | f->proto = IPPROTO_TCP; |
707f0272 | 6235 | f->alproto = ALPROTO_HTTP1; |
fb496791 | 6236 | |
1eeb9669 | 6237 | StreamTcpInitConfig(true); |
fb496791 VJ |
6238 | |
6239 | uint32_t u; | |
6240 | for (u = 0; u < len; u++) { | |
6241 | uint8_t flags = 0; | |
6242 | ||
6243 | if (u == 0) flags = STREAM_TOSERVER|STREAM_START; | |
6244 | else if (u == (len - 1)) flags = STREAM_TOSERVER|STREAM_EOF; | |
6245 | else flags = STREAM_TOSERVER; | |
6246 | ||
6530c3d0 | 6247 | FLOWLOCK_WRLOCK(f); |
707f0272 | 6248 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, (uint8_t *)&httpbuf[u], 1); |
fb496791 VJ |
6249 | if (r != 0) { |
6250 | printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" | |
6251 | " 0: ", u, r); | |
6530c3d0 | 6252 | FLOWLOCK_UNLOCK(f); |
fb496791 VJ |
6253 | goto end; |
6254 | } | |
6530c3d0 | 6255 | FLOWLOCK_UNLOCK(f); |
fb496791 VJ |
6256 | } |
6257 | htp_state = f->alstate; | |
6258 | if (htp_state == NULL) { | |
6259 | printf("no http state: "); | |
6260 | goto end; | |
6261 | } | |
6262 | ||
6263 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); | |
6264 | if (tx == NULL || tx->request_method_number != HTP_M_GET || tx->request_protocol_number != HTP_PROTOCOL_1_1) | |
6265 | { | |
6266 | printf("expected method M_GET and got %s: , expected protocol " | |
6267 | "HTTP/1.1 and got %s \n", bstr_util_strdup_to_c(tx->request_method), | |
6268 | bstr_util_strdup_to_c(tx->request_protocol)); | |
6269 | goto end; | |
6270 | } | |
6271 | ||
6530c3d0 | 6272 | FLOWLOCK_WRLOCK(f); |
707f0272 PA |
6273 | void *txtmp = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP1, f->alstate, 0); |
6274 | AppLayerDecoderEvents *decoder_events = | |
6275 | AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP1, txtmp); | |
fb496791 VJ |
6276 | if (decoder_events != NULL) { |
6277 | printf("app events: "); | |
6530c3d0 | 6278 | FLOWLOCK_UNLOCK(f); |
fb496791 VJ |
6279 | goto end; |
6280 | } | |
6530c3d0 | 6281 | FLOWLOCK_UNLOCK(f); |
fb496791 VJ |
6282 | |
6283 | result = 1; | |
6284 | end: | |
429c6388 | 6285 | if (alp_tctx != NULL) |
fdefb65b | 6286 | AppLayerParserThreadCtxFree(alp_tctx); |
1eeb9669 | 6287 | StreamTcpFreeConfig(true); |
fb496791 VJ |
6288 | UTHFreeFlow(f); |
6289 | if (httpbuf != NULL) | |
6290 | SCFree(httpbuf); | |
6291 | HTPFreeConfig(); | |
6292 | ConfDeInit(); | |
6293 | ConfRestoreContextBackup(); | |
6294 | HtpConfigRestoreBackup(); | |
6295 | return result; | |
6296 | } | |
e78e33a4 VJ |
6297 | |
6298 | /** \test Test unusual delims in request line HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG */ | |
ab1200fb | 6299 | static int HTPParserTest16(void) |
e78e33a4 VJ |
6300 | { |
6301 | int result = 0; | |
6302 | Flow *f = NULL; | |
6303 | TcpSession ssn; | |
6304 | HtpState *htp_state = NULL; | |
6305 | int r = 0; | |
6306 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); | |
6307 | ||
6308 | memset(&ssn, 0, sizeof(ssn)); | |
6309 | ||
6310 | uint8_t httpbuf[] = "GET\f/blah/\fHTTP/1.1\r\n" | |
6311 | "Host: myhost.lan\r\n" | |
6312 | "Connection: keep-alive\r\n" | |
6313 | "Accept: */*\r\n" | |
6314 | "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36\r\n" | |
6315 | "Referer: http://blah.lan/\r\n" | |
6316 | "Accept-Encoding: gzip,deflate,sdch\r\nAccept-Language: en-US,en;q=0.8\r\n" | |
6317 | "Cookie: blah\r\n\r\n"; | |
6318 | size_t len = sizeof(httpbuf) - 1; | |
6319 | ||
6320 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
6321 | if (f == NULL) | |
6322 | goto end; | |
6323 | f->protoctx = &ssn; | |
6324 | f->proto = IPPROTO_TCP; | |
707f0272 | 6325 | f->alproto = ALPROTO_HTTP1; |
e78e33a4 | 6326 | |
1eeb9669 | 6327 | StreamTcpInitConfig(true); |
e78e33a4 VJ |
6328 | |
6329 | uint8_t flags = STREAM_TOSERVER|STREAM_START|STREAM_EOF; | |
6330 | ||
6530c3d0 | 6331 | FLOWLOCK_WRLOCK(f); |
707f0272 | 6332 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, flags, (uint8_t *)httpbuf, len); |
e78e33a4 VJ |
6333 | if (r != 0) { |
6334 | printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); | |
6530c3d0 | 6335 | FLOWLOCK_UNLOCK(f); |
e78e33a4 VJ |
6336 | goto end; |
6337 | } | |
6530c3d0 | 6338 | FLOWLOCK_UNLOCK(f); |
e78e33a4 VJ |
6339 | |
6340 | htp_state = f->alstate; | |
6341 | if (htp_state == NULL) { | |
6342 | printf("no http state: "); | |
6343 | goto end; | |
6344 | } | |
6345 | ||
6346 | htp_tx_t *tx = HTPStateGetTx(htp_state, 0); | |
6347 | if (tx == NULL || tx->request_method_number != HTP_M_GET || tx->request_protocol_number != HTP_PROTOCOL_1_1) | |
6348 | { | |
6349 | printf("expected method M_GET and got %s: , expected protocol " | |
b3b7625b VJ |
6350 | "HTTP/1.1 and got %s \n", tx ? bstr_util_strdup_to_c(tx->request_method) : "tx null", |
6351 | tx ? bstr_util_strdup_to_c(tx->request_protocol) : "tx null"); | |
e78e33a4 VJ |
6352 | goto end; |
6353 | } | |
6354 | ||
91b29308 PA |
6355 | #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION |
6356 | //these events are disabled during fuzzing as they are too noisy and consume much resource | |
6530c3d0 | 6357 | FLOWLOCK_WRLOCK(f); |
707f0272 PA |
6358 | void *txtmp = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP1, f->alstate, 0); |
6359 | AppLayerDecoderEvents *decoder_events = | |
6360 | AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP1, txtmp); | |
e78e33a4 VJ |
6361 | if (decoder_events == NULL) { |
6362 | printf("no app events: "); | |
6530c3d0 | 6363 | FLOWLOCK_UNLOCK(f); |
e78e33a4 VJ |
6364 | goto end; |
6365 | } | |
6530c3d0 | 6366 | FLOWLOCK_UNLOCK(f); |
e78e33a4 VJ |
6367 | |
6368 | if (decoder_events->events[0] != HTTP_DECODER_EVENT_METHOD_DELIM_NON_COMPLIANT) { | |
6369 | printf("HTTP_DECODER_EVENT_METHOD_DELIM_NON_COMPLIANT not set: "); | |
6370 | goto end; | |
6371 | } | |
6372 | ||
6373 | if (decoder_events->events[1] != HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT) { | |
6374 | printf("HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT not set: "); | |
6375 | goto end; | |
6376 | } | |
91b29308 | 6377 | #endif |
e78e33a4 VJ |
6378 | |
6379 | result = 1; | |
6380 | end: | |
6381 | if (alp_tctx != NULL) | |
6382 | AppLayerParserThreadCtxFree(alp_tctx); | |
1eeb9669 | 6383 | StreamTcpFreeConfig(true); |
e78e33a4 VJ |
6384 | UTHFreeFlow(f); |
6385 | return result; | |
6386 | } | |
6387 | ||
49927024 VJ |
6388 | /** \test Test response not HTTP |
6389 | */ | |
6390 | static int HTPParserTest20(void) | |
6391 | { | |
6392 | Flow *f = NULL; | |
6393 | uint8_t httpbuf1[] = "GET /ld/index.php?id=412784631&cid=0064&version=4&" | |
6394 | "name=try HTTP/1.1\r\nAccept: */*\r\nUser-Agent: " | |
6395 | "LD-agent\r\nHost: 209.205.196.16\r\n\r\n"; | |
6396 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
6397 | uint8_t httpbuf2[] = "NOTHTTP\r\nSOMEOTHERDATA"; | |
6398 | uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */ | |
6399 | uint8_t httpbuf3[] = "STILLNOTHTTP\r\nSOMEMOREOTHERDATA"; | |
6400 | uint32_t httplen3 = sizeof(httpbuf3) - 1; /* minus the \0 */ | |
6401 | TcpSession ssn; | |
6402 | HtpState *http_state = NULL; | |
6403 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); | |
6404 | FAIL_IF_NULL(alp_tctx); | |
6405 | ||
6406 | memset(&ssn, 0, sizeof(ssn)); | |
6407 | ||
6408 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
6409 | FAIL_IF_NULL(f); | |
6410 | f->protoctx = &ssn; | |
6411 | f->proto = IPPROTO_TCP; | |
707f0272 | 6412 | f->alproto = ALPROTO_HTTP1; |
49927024 | 6413 | |
1eeb9669 | 6414 | StreamTcpInitConfig(true); |
49927024 | 6415 | |
707f0272 PA |
6416 | int r = AppLayerParserParse( |
6417 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER | STREAM_START, httpbuf1, httplen1); | |
49927024 VJ |
6418 | FAIL_IF(r != 0); |
6419 | ||
707f0272 PA |
6420 | r = AppLayerParserParse( |
6421 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT | STREAM_START, httpbuf2, httplen2); | |
49927024 VJ |
6422 | FAIL_IF(r != 0); |
6423 | ||
707f0272 PA |
6424 | r = AppLayerParserParse( |
6425 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT | STREAM_START, httpbuf3, httplen3); | |
49927024 VJ |
6426 | FAIL_IF(r != 0); |
6427 | ||
6428 | http_state = f->alstate; | |
6429 | FAIL_IF_NULL(http_state); | |
6430 | htp_tx_t *tx = HTPStateGetTx(http_state, 0); | |
6431 | FAIL_IF_NULL(tx); | |
6432 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); | |
6433 | FAIL_IF_NULL(h); | |
6434 | ||
6435 | FAIL_IF(tx->request_method_number != HTP_M_GET); | |
6436 | FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); | |
6437 | ||
6438 | FAIL_IF(tx->response_status_number != 0); | |
6439 | FAIL_IF(tx->response_protocol_number != -1); | |
6440 | ||
6441 | AppLayerParserThreadCtxFree(alp_tctx); | |
1eeb9669 | 6442 | StreamTcpFreeConfig(true); |
49927024 VJ |
6443 | UTHFreeFlow(f); |
6444 | PASS; | |
6445 | } | |
6446 | ||
6447 | /** \test Test response not HTTP | |
6448 | */ | |
6449 | static int HTPParserTest21(void) | |
6450 | { | |
6451 | Flow *f = NULL; | |
6452 | uint8_t httpbuf1[] = "GET /ld/index.php?id=412784631&cid=0064&version=4&" | |
6453 | "name=try HTTP/1.1\r\nAccept: */*\r\nUser-Agent: " | |
6454 | "LD-agent\r\nHost: 209.205.196.16\r\n\r\n"; | |
6455 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
6456 | uint8_t httpbuf2[] = "999 NOTHTTP REALLY\r\nSOMEOTHERDATA\r\n"; | |
6457 | uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */ | |
6458 | uint8_t httpbuf3[] = "STILLNOTHTTP\r\nSOMEMOREOTHERDATA"; | |
6459 | uint32_t httplen3 = sizeof(httpbuf3) - 1; /* minus the \0 */ | |
6460 | TcpSession ssn; | |
6461 | HtpState *http_state = NULL; | |
6462 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); | |
6463 | FAIL_IF_NULL(alp_tctx); | |
6464 | ||
6465 | memset(&ssn, 0, sizeof(ssn)); | |
6466 | ||
6467 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
6468 | FAIL_IF_NULL(f); | |
6469 | f->protoctx = &ssn; | |
6470 | f->proto = IPPROTO_TCP; | |
707f0272 | 6471 | f->alproto = ALPROTO_HTTP1; |
49927024 | 6472 | |
1eeb9669 | 6473 | StreamTcpInitConfig(true); |
49927024 | 6474 | |
707f0272 PA |
6475 | int r = AppLayerParserParse( |
6476 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER | STREAM_START, httpbuf1, httplen1); | |
49927024 VJ |
6477 | FAIL_IF(r != 0); |
6478 | ||
707f0272 PA |
6479 | r = AppLayerParserParse( |
6480 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT | STREAM_START, httpbuf2, httplen2); | |
49927024 VJ |
6481 | FAIL_IF(r != 0); |
6482 | ||
707f0272 PA |
6483 | r = AppLayerParserParse( |
6484 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT | STREAM_START, httpbuf3, httplen3); | |
49927024 VJ |
6485 | FAIL_IF(r != 0); |
6486 | ||
6487 | http_state = f->alstate; | |
6488 | FAIL_IF_NULL(http_state); | |
6489 | htp_tx_t *tx = HTPStateGetTx(http_state, 0); | |
6490 | FAIL_IF_NULL(tx); | |
6491 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); | |
6492 | FAIL_IF_NULL(h); | |
6493 | ||
6494 | FAIL_IF(tx->request_method_number != HTP_M_GET); | |
6495 | FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); | |
6496 | ||
6497 | FAIL_IF(tx->response_status_number != 0); | |
6498 | FAIL_IF(tx->response_protocol_number != -1); | |
6499 | ||
6500 | AppLayerParserThreadCtxFree(alp_tctx); | |
1eeb9669 | 6501 | StreamTcpFreeConfig(true); |
49927024 VJ |
6502 | UTHFreeFlow(f); |
6503 | PASS; | |
6504 | } | |
6505 | ||
6506 | /** \test Test response not HTTP | |
6507 | */ | |
6508 | static int HTPParserTest22(void) | |
6509 | { | |
6510 | Flow *f = NULL; | |
6511 | uint8_t httpbuf1[] = "GET /ld/index.php?id=412784631&cid=0064&version=4&" | |
6512 | "name=try HTTP/1.1\r\nAccept: */*\r\nUser-Agent: " | |
6513 | "LD-agent\r\nHost: 209.205.196.16\r\n\r\n"; | |
6514 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
6515 | uint8_t httpbuf2[] = "\r\n0000=0000000/ASDF3_31.zip, 456723\r\n" | |
6516 | "AAAAAA_0000=0000000/AAAAAAAA.zip,46725\r\n"; | |
6517 | uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */ | |
6518 | TcpSession ssn; | |
6519 | HtpState *http_state = NULL; | |
6520 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); | |
6521 | FAIL_IF_NULL(alp_tctx); | |
6522 | ||
6523 | memset(&ssn, 0, sizeof(ssn)); | |
6524 | ||
6525 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
6526 | FAIL_IF_NULL(f); | |
6527 | f->protoctx = &ssn; | |
6528 | f->proto = IPPROTO_TCP; | |
707f0272 | 6529 | f->alproto = ALPROTO_HTTP1; |
49927024 | 6530 | |
1eeb9669 | 6531 | StreamTcpInitConfig(true); |
49927024 | 6532 | |
707f0272 PA |
6533 | int r = AppLayerParserParse( |
6534 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER | STREAM_START, httpbuf1, httplen1); | |
49927024 VJ |
6535 | FAIL_IF(r != 0); |
6536 | ||
707f0272 PA |
6537 | r = AppLayerParserParse( |
6538 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT | STREAM_START, httpbuf2, httplen2); | |
49927024 VJ |
6539 | FAIL_IF(r != 0); |
6540 | ||
6541 | http_state = f->alstate; | |
6542 | FAIL_IF_NULL(http_state); | |
6543 | htp_tx_t *tx = HTPStateGetTx(http_state, 0); | |
6544 | FAIL_IF_NULL(tx); | |
6545 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); | |
6546 | FAIL_IF_NULL(h); | |
6547 | ||
6548 | FAIL_IF(tx->request_method_number != HTP_M_GET); | |
6549 | FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); | |
6550 | ||
6551 | FAIL_IF(tx->response_status_number != -0); | |
6552 | FAIL_IF(tx->response_protocol_number != -1); | |
6553 | ||
6554 | AppLayerParserThreadCtxFree(alp_tctx); | |
1eeb9669 | 6555 | StreamTcpFreeConfig(true); |
49927024 VJ |
6556 | UTHFreeFlow(f); |
6557 | PASS; | |
6558 | } | |
6559 | ||
6560 | /** \test Test response not HTTP | |
6561 | */ | |
6562 | static int HTPParserTest23(void) | |
6563 | { | |
6564 | Flow *f = NULL; | |
6565 | uint8_t httpbuf1[] = "GET /ld/index.php?id=412784631&cid=0064&version=4&" | |
6566 | "name=try HTTP/1.1\r\nAccept: */*\r\nUser-Agent: " | |
6567 | "LD-agent\r\nHost: 209.205.196.16\r\n\r\n"; | |
6568 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
6569 | uint8_t httpbuf2[] = "HTTP0000=0000000/ASDF3_31.zip, 456723\r\n" | |
6570 | "AAAAAA_0000=0000000/AAAAAAAA.zip,46725\r\n"; | |
6571 | uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */ | |
6572 | TcpSession ssn; | |
6573 | HtpState *http_state = NULL; | |
6574 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); | |
6575 | FAIL_IF_NULL(alp_tctx); | |
6576 | ||
6577 | memset(&ssn, 0, sizeof(ssn)); | |
6578 | ||
6579 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
6580 | FAIL_IF_NULL(f); | |
6581 | f->protoctx = &ssn; | |
6582 | f->proto = IPPROTO_TCP; | |
707f0272 | 6583 | f->alproto = ALPROTO_HTTP1; |
49927024 | 6584 | |
1eeb9669 | 6585 | StreamTcpInitConfig(true); |
49927024 | 6586 | |
707f0272 PA |
6587 | int r = AppLayerParserParse( |
6588 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER | STREAM_START, httpbuf1, httplen1); | |
49927024 VJ |
6589 | FAIL_IF(r != 0); |
6590 | ||
707f0272 PA |
6591 | r = AppLayerParserParse( |
6592 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT | STREAM_START, httpbuf2, httplen2); | |
49927024 VJ |
6593 | FAIL_IF(r != 0); |
6594 | ||
6595 | http_state = f->alstate; | |
6596 | FAIL_IF_NULL(http_state); | |
6597 | htp_tx_t *tx = HTPStateGetTx(http_state, 0); | |
6598 | FAIL_IF_NULL(tx); | |
6599 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); | |
6600 | FAIL_IF_NULL(h); | |
6601 | ||
6602 | FAIL_IF(tx->request_method_number != HTP_M_GET); | |
6603 | FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); | |
6604 | ||
6605 | FAIL_IF(tx->response_status_number != -1); | |
6606 | FAIL_IF(tx->response_protocol_number != -2); | |
6607 | ||
6608 | AppLayerParserThreadCtxFree(alp_tctx); | |
1eeb9669 | 6609 | StreamTcpFreeConfig(true); |
49927024 VJ |
6610 | UTHFreeFlow(f); |
6611 | PASS; | |
6612 | } | |
6613 | ||
6614 | /** \test Test response not HTTP | |
6615 | */ | |
6616 | static int HTPParserTest24(void) | |
6617 | { | |
6618 | Flow *f = NULL; | |
6619 | uint8_t httpbuf1[] = "GET /ld/index.php?id=412784631&cid=0064&version=4&" | |
6620 | "name=try HTTP/1.1\r\nAccept: */*\r\nUser-Agent: " | |
6621 | "LD-agent\r\nHost: 209.205.196.16\r\n\r\n"; | |
6622 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
6623 | uint8_t httpbuf2[] = "HTTP/1.0 0000=0000000/ASDF3_31.zip, 456723\r\n" | |
6624 | "AAAAAA_0000=0000000/AAAAAAAA.zip,46725\r\n"; | |
6625 | uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */ | |
6626 | TcpSession ssn; | |
6627 | HtpState *http_state = NULL; | |
6628 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); | |
6629 | FAIL_IF_NULL(alp_tctx); | |
6630 | ||
6631 | memset(&ssn, 0, sizeof(ssn)); | |
6632 | ||
6633 | f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
6634 | FAIL_IF_NULL(f); | |
6635 | f->protoctx = &ssn; | |
6636 | f->proto = IPPROTO_TCP; | |
707f0272 | 6637 | f->alproto = ALPROTO_HTTP1; |
49927024 | 6638 | |
1eeb9669 | 6639 | StreamTcpInitConfig(true); |
49927024 | 6640 | |
707f0272 PA |
6641 | int r = AppLayerParserParse( |
6642 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER | STREAM_START, httpbuf1, httplen1); | |
49927024 VJ |
6643 | FAIL_IF(r != 0); |
6644 | ||
707f0272 PA |
6645 | r = AppLayerParserParse( |
6646 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT | STREAM_START, httpbuf2, httplen2); | |
49927024 VJ |
6647 | FAIL_IF(r != 0); |
6648 | ||
6649 | http_state = f->alstate; | |
6650 | FAIL_IF_NULL(http_state); | |
6651 | htp_tx_t *tx = HTPStateGetTx(http_state, 0); | |
6652 | FAIL_IF_NULL(tx); | |
6653 | htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); | |
6654 | FAIL_IF_NULL(h); | |
6655 | ||
6656 | FAIL_IF(tx->request_method_number != HTP_M_GET); | |
6657 | FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); | |
6658 | ||
6659 | FAIL_IF(tx->response_status_number != -1); | |
6660 | FAIL_IF(tx->response_protocol_number != HTP_PROTOCOL_1_0); | |
6661 | ||
6662 | AppLayerParserThreadCtxFree(alp_tctx); | |
1eeb9669 | 6663 | StreamTcpFreeConfig(true); |
49927024 VJ |
6664 | UTHFreeFlow(f); |
6665 | PASS; | |
6666 | } | |
6667 | ||
d34e4106 VJ |
6668 | /** \test multi transactions and cleanup */ |
6669 | static int HTPParserTest25(void) | |
6670 | { | |
6671 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); | |
6672 | FAIL_IF_NULL(alp_tctx); | |
6673 | ||
1eeb9669 | 6674 | StreamTcpInitConfig(true); |
d34e4106 VJ |
6675 | TcpSession ssn; |
6676 | memset(&ssn, 0, sizeof(ssn)); | |
6677 | ||
6678 | Flow *f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); | |
6679 | FAIL_IF_NULL(f); | |
6680 | f->protoctx = &ssn; | |
6681 | f->proto = IPPROTO_TCP; | |
707f0272 | 6682 | f->alproto = ALPROTO_HTTP1; |
d34e4106 VJ |
6683 | |
6684 | const char *str = "GET / HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Suricata/1.0\r\n\r\n"; | |
707f0272 PA |
6685 | int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER | STREAM_START, |
6686 | (uint8_t *)str, strlen(str)); | |
d34e4106 | 6687 | FAIL_IF_NOT(r == 0); |
707f0272 PA |
6688 | r = AppLayerParserParse( |
6689 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER, (uint8_t *)str, strlen(str)); | |
d34e4106 | 6690 | FAIL_IF_NOT(r == 0); |
707f0272 PA |
6691 | r = AppLayerParserParse( |
6692 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER, (uint8_t *)str, strlen(str)); | |
d34e4106 | 6693 | FAIL_IF_NOT(r == 0); |
707f0272 PA |
6694 | r = AppLayerParserParse( |
6695 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER, (uint8_t *)str, strlen(str)); | |
d34e4106 | 6696 | FAIL_IF_NOT(r == 0); |
707f0272 PA |
6697 | r = AppLayerParserParse( |
6698 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER, (uint8_t *)str, strlen(str)); | |
d34e4106 | 6699 | FAIL_IF_NOT(r == 0); |
707f0272 PA |
6700 | r = AppLayerParserParse( |
6701 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER, (uint8_t *)str, strlen(str)); | |
d34e4106 | 6702 | FAIL_IF_NOT(r == 0); |
707f0272 PA |
6703 | r = AppLayerParserParse( |
6704 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER, (uint8_t *)str, strlen(str)); | |
d34e4106 | 6705 | FAIL_IF_NOT(r == 0); |
707f0272 PA |
6706 | r = AppLayerParserParse( |
6707 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER, (uint8_t *)str, strlen(str)); | |
d34e4106 VJ |
6708 | FAIL_IF_NOT(r == 0); |
6709 | ||
6710 | str = "HTTP 1.1 200 OK\r\nServer: Suricata/1.0\r\nContent-Length: 8\r\n\r\nSuricata"; | |
707f0272 PA |
6711 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT | STREAM_START, |
6712 | (uint8_t *)str, strlen(str)); | |
d34e4106 | 6713 | FAIL_IF_NOT(r == 0); |
707f0272 PA |
6714 | r = AppLayerParserParse( |
6715 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT, (uint8_t *)str, strlen(str)); | |
d34e4106 | 6716 | FAIL_IF_NOT(r == 0); |
707f0272 PA |
6717 | r = AppLayerParserParse( |
6718 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT, (uint8_t *)str, strlen(str)); | |
d34e4106 | 6719 | FAIL_IF_NOT(r == 0); |
707f0272 PA |
6720 | r = AppLayerParserParse( |
6721 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT, (uint8_t *)str, strlen(str)); | |
d34e4106 | 6722 | FAIL_IF_NOT(r == 0); |
707f0272 PA |
6723 | r = AppLayerParserParse( |
6724 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT, (uint8_t *)str, strlen(str)); | |
d34e4106 | 6725 | FAIL_IF_NOT(r == 0); |
707f0272 PA |
6726 | r = AppLayerParserParse( |
6727 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT, (uint8_t *)str, strlen(str)); | |
d34e4106 | 6728 | FAIL_IF_NOT(r == 0); |
707f0272 PA |
6729 | r = AppLayerParserParse( |
6730 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT, (uint8_t *)str, strlen(str)); | |
d34e4106 | 6731 | FAIL_IF_NOT(r == 0); |
707f0272 PA |
6732 | r = AppLayerParserParse( |
6733 | NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT, (uint8_t *)str, strlen(str)); | |
d34e4106 VJ |
6734 | FAIL_IF_NOT(r == 0); |
6735 | ||
6736 | AppLayerParserTransactionsCleanup(f); | |
6737 | ||
6738 | uint64_t ret[4]; | |
6739 | UTHAppLayerParserStateGetIds(f->alparser, &ret[0], &ret[1], &ret[2], &ret[3]); | |
6740 | FAIL_IF_NOT(ret[0] == 8); // inspect_id[0] | |
6741 | FAIL_IF_NOT(ret[1] == 8); // inspect_id[1] | |
6742 | FAIL_IF_NOT(ret[2] == 8); // log_id | |
6743 | FAIL_IF_NOT(ret[3] == 8); // min_id | |
6744 | ||
707f0272 PA |
6745 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOSERVER | STREAM_EOF, |
6746 | (uint8_t *)str, strlen(str)); | |
d34e4106 VJ |
6747 | FAIL_IF_NOT(r == 0); |
6748 | AppLayerParserTransactionsCleanup(f); | |
6749 | ||
6750 | UTHAppLayerParserStateGetIds(f->alparser, &ret[0], &ret[1], &ret[2], &ret[3]); | |
6751 | FAIL_IF_NOT(ret[0] == 8); // inspect_id[0] not updated by ..Cleanup() until full tx is done | |
6752 | FAIL_IF_NOT(ret[1] == 8); // inspect_id[1] | |
6753 | FAIL_IF_NOT(ret[2] == 8); // log_id | |
6754 | FAIL_IF_NOT(ret[3] == 8); // min_id | |
6755 | ||
707f0272 PA |
6756 | r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP1, STREAM_TOCLIENT | STREAM_EOF, |
6757 | (uint8_t *)str, strlen(str)); | |
d34e4106 VJ |
6758 | FAIL_IF_NOT(r == 0); |
6759 | AppLayerParserTransactionsCleanup(f); | |
6760 | ||
6761 | UTHAppLayerParserStateGetIds(f->alparser, &ret[0], &ret[1], &ret[2], &ret[3]); | |
6762 | FAIL_IF_NOT(ret[0] == 9); // inspect_id[0] | |
6763 | FAIL_IF_NOT(ret[1] == 9); // inspect_id[1] | |
6764 | FAIL_IF_NOT(ret[2] == 9); // log_id | |
6765 | FAIL_IF_NOT(ret[3] == 9); // min_id | |
6766 | ||
6767 | HtpState *http_state = f->alstate; | |
6768 | FAIL_IF_NULL(http_state); | |
6769 | ||
6770 | AppLayerParserThreadCtxFree(alp_tctx); | |
1eeb9669 | 6771 | StreamTcpFreeConfig(true); |
d34e4106 VJ |
6772 | UTHFreeFlow(f); |
6773 | ||
6774 | PASS; | |
6775 | } | |
6776 | ||
de904db8 GL |
6777 | static int HTPParserTest26(void) |
6778 | { | |
6779 | char input[] = "\ | |
6780 | %YAML 1.1\n\ | |
6781 | ---\n\ | |
6782 | libhtp:\n\ | |
6783 | \n\ | |
6784 | default-config:\n\ | |
6785 | personality: IDS\n\ | |
6786 | request-body-limit: 1\n\ | |
6787 | response-body-limit: 1\n\ | |
6788 | "; | |
6789 | ConfCreateContextBackup(); | |
6790 | ConfInit(); | |
6791 | HtpConfigCreateBackup(); | |
6792 | ConfYamlLoadString(input, strlen(input)); | |
6793 | HTPConfigure(); | |
6794 | ||
6795 | Packet *p1 = NULL; | |
6796 | Packet *p2 = NULL; | |
6797 | ThreadVars th_v; | |
6798 | DetectEngineCtx *de_ctx = NULL; | |
6799 | DetectEngineThreadCtx *det_ctx = NULL; | |
6800 | Flow f; | |
6801 | uint8_t httpbuf1[] = "GET /alice.txt HTTP/1.1\r\n\r\n"; | |
6802 | uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ | |
6803 | uint8_t httpbuf2[] = "HTTP/1.1 200 OK\r\n" | |
6804 | "Content-Type: text/plain\r\n" | |
6805 | "Content-Length: 228\r\n\r\n" | |
6806 | "Alice was beginning to get very tired of sitting by her sister on the bank." | |
6807 | "Alice was beginning to get very tired of sitting by her sister on the bank."; | |
6808 | uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */ | |
6809 | uint8_t httpbuf3[] = "Alice was beginning to get very tired of sitting by her sister on the bank.\r\n\r\n"; | |
6810 | uint32_t httplen3 = sizeof(httpbuf3) - 1; /* minus the \0 */ | |
6811 | TcpSession ssn; | |
6812 | HtpState *http_state = NULL; | |
6813 | AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); | |
6814 | FAIL_IF_NULL(alp_tctx); | |
6815 | ||
6816 | memset(&th_v, 0, sizeof(th_v)); | |
6817 | memset(&f, 0, sizeof(f)); | |
6818 | memset(&ssn, 0, sizeof(ssn)); | |
6819 | ||
6820 | p1 = UTHBuildPacket(NULL, 0, IPPROTO_TCP); | |
6821 | p2 = UTHBuildPacket(NULL, 0, IPPROTO_TCP); | |
6822 | ||
6823 | FLOW_INITIALIZE(&f); | |
6824 | f.protoctx = (void *)&ssn; | |
6825 | f.proto = IPPROTO_TCP; | |
6826 | f.flags |= FLOW_IPV4; | |
6827 | ||
6828 | p1->flow = &f; | |
6829 | p1->flowflags |= FLOW_PKT_TOSERVER; | |
6830 | p1->flowflags |= FLOW_PKT_ESTABLISHED; | |
6831 | p1->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; | |
6832 | p2->flow = &f; | |
6833 | p2->flowflags |= FLOW_PKT_TOCLIENT; | |
6834 | p2->flowflags |= FLOW_PKT_ESTABLISHED; | |
6835 | p2->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; | |
707f0272 | 6836 | f.alproto = ALPROTO_HTTP1; |
de904db8 | 6837 | |
1eeb9669 | 6838 | StreamTcpInitConfig(true); |
de904db8 GL |
6839 | |
6840 | de_ctx = DetectEngineCtxInit(); | |
6841 | FAIL_IF_NULL(de_ctx); | |
6842 | ||
6843 | de_ctx->flags |= DE_QUIET; | |
6844 | ||
6845 | de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any " | |
6846 | "(filestore; sid:1; rev:1;)"); | |
6847 | FAIL_IF_NULL(de_ctx->sig_list); | |
6848 | ||
6849 | SigGroupBuild(de_ctx); | |
6850 | DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); | |
6851 | ||
707f0272 PA |
6852 | int r = AppLayerParserParse( |
6853 | &th_v, alp_tctx, &f, ALPROTO_HTTP1, STREAM_TOSERVER, httpbuf1, httplen1); | |
de904db8 GL |
6854 | FAIL_IF(r != 0); |
6855 | ||
6856 | http_state = f.alstate; | |
6857 | FAIL_IF_NULL(http_state); | |
6858 | ||
6859 | /* do detect */ | |
6860 | SigMatchSignatures(&th_v, de_ctx, det_ctx, p1); | |
6861 | ||
6862 | FAIL_IF((PacketAlertCheck(p1, 1))); | |
6863 | ||
6864 | /* do detect */ | |
6865 | SigMatchSignatures(&th_v, de_ctx, det_ctx, p1); | |
6866 | ||
6867 | FAIL_IF((PacketAlertCheck(p1, 1))); | |
6868 | ||
707f0272 PA |
6869 | r = AppLayerParserParse( |
6870 | &th_v, alp_tctx, &f, ALPROTO_HTTP1, STREAM_TOCLIENT, httpbuf2, httplen2); | |
de904db8 GL |
6871 | FAIL_IF(r != 0); |
6872 | ||
6873 | http_state = f.alstate; | |
6874 | FAIL_IF_NULL(http_state); | |
6875 | ||
6876 | /* do detect */ | |
6877 | SigMatchSignatures(&th_v, de_ctx, det_ctx, p2); | |
6878 | ||
6879 | FAIL_IF(!(PacketAlertCheck(p2, 1))); | |
6880 | ||
707f0272 PA |
6881 | r = AppLayerParserParse( |
6882 | &th_v, alp_tctx, &f, ALPROTO_HTTP1, STREAM_TOCLIENT, httpbuf3, httplen3); | |
de904db8 GL |
6883 | FAIL_IF(r != 0); |
6884 | ||
6885 | http_state = f.alstate; | |
6886 | FAIL_IF_NULL(http_state); | |
6887 | ||
6888 | FileContainer *ffc = HTPStateGetFiles(http_state, STREAM_TOCLIENT); | |
6889 | FAIL_IF_NULL(ffc); | |
6890 | ||
6891 | File *ptr = ffc->head; | |
6892 | FAIL_IF(ptr->state != FILE_STATE_CLOSED); | |
6893 | ||
6894 | AppLayerParserThreadCtxFree(alp_tctx); | |
6895 | DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); | |
6896 | DetectEngineCtxFree(de_ctx); | |
1eeb9669 | 6897 | StreamTcpFreeConfig(true); |
de904db8 GL |
6898 | |
6899 | HTPFreeConfig(); | |
6900 | FLOW_DESTROY(&f); | |
6901 | UTHFreePackets(&p1, 1); | |
6902 | UTHFreePackets(&p2, 1); | |
6903 | ConfDeInit(); | |
6904 | ConfRestoreContextBackup(); | |
6905 | HtpConfigRestoreBackup(); | |
6906 | PASS; | |
6907 | } | |
6908 | ||
6909 | static int HTPParserTest27(void) | |
6910 | { | |
c68fbfcf VJ |
6911 | HTPCfgDir cfg; |
6912 | memset(&cfg, 0, sizeof(cfg)); | |
6913 | cfg.body_limit = 1500; | |
de904db8 GL |
6914 | FileReassemblyDepthEnable(2000); |
6915 | ||
6916 | uint32_t len = 1000; | |
6917 | ||
6918 | HtpTxUserData *tx_ud = SCMalloc(sizeof(HtpTxUserData)); | |
6919 | FAIL_IF_NULL(tx_ud); | |
6920 | ||
6921 | tx_ud->tsflags |= HTP_STREAM_DEPTH_SET; | |
6922 | tx_ud->request_body.content_len_so_far = 2500; | |
6923 | ||
c68fbfcf | 6924 | FAIL_IF(AppLayerHtpCheckDepth(&cfg, &tx_ud->request_body, tx_ud->tsflags)); |
de904db8 GL |
6925 | |
6926 | len = AppLayerHtpComputeChunkLength(tx_ud->request_body.content_len_so_far, | |
6927 | 0, | |
6928 | FileReassemblyDepth(), | |
6929 | tx_ud->tsflags, | |
6930 | len); | |
6931 | FAIL_IF(len != 1000); | |
6932 | ||
6933 | SCFree(tx_ud); | |
6934 | ||
6935 | PASS; | |
6936 | } | |
c352bff6 | 6937 | |
07f7ba55 GS |
6938 | /** |
6939 | * \brief Register the Unit tests for the HTTP protocol | |
6940 | */ | |
db3b637a | 6941 | static void HTPParserRegisterTests(void) |
8f1d7503 | 6942 | { |
796dd522 JI |
6943 | UtRegisterTest("HTPParserTest01", HTPParserTest01); |
6944 | UtRegisterTest("HTPParserTest01a", HTPParserTest01a); | |
08af5ddd VJ |
6945 | UtRegisterTest("HTPParserTest01b", HTPParserTest01b); |
6946 | UtRegisterTest("HTPParserTest01c", HTPParserTest01c); | |
796dd522 JI |
6947 | UtRegisterTest("HTPParserTest02", HTPParserTest02); |
6948 | UtRegisterTest("HTPParserTest03", HTPParserTest03); | |
6949 | UtRegisterTest("HTPParserTest04", HTPParserTest04); | |
6950 | UtRegisterTest("HTPParserTest05", HTPParserTest05); | |
6951 | UtRegisterTest("HTPParserTest06", HTPParserTest06); | |
6952 | UtRegisterTest("HTPParserTest07", HTPParserTest07); | |
6953 | UtRegisterTest("HTPParserTest08", HTPParserTest08); | |
6954 | UtRegisterTest("HTPParserTest09", HTPParserTest09); | |
6955 | UtRegisterTest("HTPParserTest10", HTPParserTest10); | |
6956 | UtRegisterTest("HTPParserTest11", HTPParserTest11); | |
6957 | UtRegisterTest("HTPParserTest12", HTPParserTest12); | |
6958 | UtRegisterTest("HTPParserTest13", HTPParserTest13); | |
6959 | UtRegisterTest("HTPParserConfigTest01", HTPParserConfigTest01); | |
6960 | UtRegisterTest("HTPParserConfigTest02", HTPParserConfigTest02); | |
6961 | UtRegisterTest("HTPParserConfigTest03", HTPParserConfigTest03); | |
48cf0585 | 6962 | #if 0 /* disabled when we upgraded to libhtp 0.5.x */ |
028c6c17 | 6963 | UtRegisterTest("HTPParserConfigTest04", HTPParserConfigTest04, 1); |
48cf0585 | 6964 | #endif |
a0ee6ade | 6965 | |
796dd522 JI |
6966 | UtRegisterTest("HTPParserDecodingTest01", HTPParserDecodingTest01); |
6967 | UtRegisterTest("HTPParserDecodingTest02", HTPParserDecodingTest02); | |
6968 | UtRegisterTest("HTPParserDecodingTest03", HTPParserDecodingTest03); | |
6969 | UtRegisterTest("HTPParserDecodingTest04", HTPParserDecodingTest04); | |
6970 | UtRegisterTest("HTPParserDecodingTest05", HTPParserDecodingTest05); | |
6971 | UtRegisterTest("HTPParserDecodingTest06", HTPParserDecodingTest06); | |
6972 | UtRegisterTest("HTPParserDecodingTest07", HTPParserDecodingTest07); | |
6973 | UtRegisterTest("HTPParserDecodingTest08", HTPParserDecodingTest08); | |
6974 | UtRegisterTest("HTPParserDecodingTest09", HTPParserDecodingTest09); | |
6975 | ||
6976 | UtRegisterTest("HTPBodyReassemblyTest01", HTPBodyReassemblyTest01); | |
6977 | ||
6978 | UtRegisterTest("HTPSegvTest01", HTPSegvTest01); | |
6979 | ||
6980 | UtRegisterTest("HTPParserTest14", HTPParserTest14); | |
6981 | UtRegisterTest("HTPParserTest15", HTPParserTest15); | |
6982 | UtRegisterTest("HTPParserTest16", HTPParserTest16); | |
49927024 VJ |
6983 | UtRegisterTest("HTPParserTest20", HTPParserTest20); |
6984 | UtRegisterTest("HTPParserTest21", HTPParserTest21); | |
6985 | UtRegisterTest("HTPParserTest22", HTPParserTest22); | |
6986 | UtRegisterTest("HTPParserTest23", HTPParserTest23); | |
6987 | UtRegisterTest("HTPParserTest24", HTPParserTest24); | |
d34e4106 | 6988 | UtRegisterTest("HTPParserTest25", HTPParserTest25); |
de904db8 GL |
6989 | UtRegisterTest("HTPParserTest26", HTPParserTest26); |
6990 | UtRegisterTest("HTPParserTest27", HTPParserTest27); | |
fcc21ae4 | 6991 | |
a0ee6ade | 6992 | HTPFileParserRegisterTests(); |
1235c578 | 6993 | HTPXFFParserRegisterTests(); |
07f7ba55 | 6994 | } |
db3b637a | 6995 | #endif /* UNITTESTS */ |
07f7ba55 | 6996 | |
60a99915 EL |
6997 | /** |
6998 | * @} | |
6999 | */ |