From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Tue, 18 Dec 2018 13:16:13 +0000 (+0100)
Subject: ids-functions.pl: Introduce filesize check for downloader
X-Git-Tag: suricata-beta4~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=96da5803a77ac8cae85fc8bc37e2153a19b5ab26;p=people%2Fstevee%2Fipfire-2.x.git

ids-functions.pl: Introduce filesize check for downloader

The downloader now requests the html header for the rulestarball
and obtain the size of the file bevore downloading it.

After success the size of the downloaded file will be compared with
the requested one before. If they do not match, an error will be gained.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 2cf1ad7cea..1556c5b850 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -168,6 +168,34 @@ sub downloadruleset {
 		return 1;
 	}
 
+	# Pass the requrested url to the downloader.
+	my $request = HTTP::Request->new(HEAD => $url);
+
+	# Accept the html header.
+	$request->header('Accept' => 'text/html');
+
+	# Perform the request and fetch the html header.
+	my $response = $downloader->request($request);
+
+	# Check if there was any error.
+	unless ($response->is_success) {
+		# Obtain error.
+		my $error = $response->content;
+
+		# Log error message.
+		&_log_to_syslog("Unable to download the ruleset. \($error\)");
+
+		# Return "1" - false.
+		return 1;
+	}
+
+	# Assign the fetched header object.
+	my $header = $response->headers;
+
+	# Grab the remote file size from the object and store it in the
+	# variable.
+	my $remote_filesize = $header->content_length;
+
 	# Pass the requested url to the downloader.
 	my $request = HTTP::Request->new(GET => $url);
 
@@ -186,6 +214,25 @@ sub downloadruleset {
 		return 1;
 	}
 
+	# Load perl stat module.
+	use File::stat;
+
+	# Perform stat on the rulestarball.
+	my $stat = stat($rulestarball);
+
+	# Grab the local filesize of the downloaded tarball.
+	my $local_filesize = $stat->size;
+
+	# Check if both file sizes match.
+	unless ($remote_filesize eq $local_filesize) {
+		# Log error message.
+		&_log_to_syslog("Unable to completely download the ruleset. ");
+		&_log_to_syslog("Only got $local_filesize Bytes instead of $remote_filesize Bytes. ");
+
+		# Return "1" - false.
+		return 1;
+	}
+
 	# If we got here, everything worked fine. Return nothing.
 	return;
 }