set( DECOMPRESS_INCLUDES
file_decomp.h
- file_decomp_pdf.h
- file_decomp_swf.h
)
add_library (decompress STATIC
${DECOMPRESS_INCLUDES}
file_decomp.cc
file_decomp_pdf.cc
+ file_decomp_pdf.h
file_decomp_swf.cc
+ file_decomp_swf.h
)
target_link_libraries(decompress
x_includedir = $(pkgincludedir)/decompress
x_include_HEADERS = \
-file_decomp.h \
-file_decomp_pdf.h \
-file_decomp_swf.h
+file_decomp.h
libdecompress_a_SOURCES = \
file_decomp.cc \
file_decomp_pdf.cc \
-file_decomp_swf.cc
+file_decomp_pdf.h \
+file_decomp_swf.cc \
+file_decomp_swf.h
// file_decomp.cc author Ed Borgoyn <eborgoyn@sourcefire.com>
+#include "file_decomp.h"
+
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "file_decomp.h"
+#ifdef HAVE_LZMA
+#include <lzma.h>
+#endif
+
+#include <zlib.h>
+
#include "main/snort_types.h"
#include "utils/util.h"
#include "detection/detection_util.h"
-#include "decompress/file_decomp_pdf.h"
-#include "decompress/file_decomp_swf.h"
+
+#include "file_decomp_pdf.h"
+#include "file_decomp_swf.h"
#ifdef UNIT_TEST
#include "catch/catch.hpp"
void File_Decomp_Free(fd_session_p_t SessionPtr)
{
+ assert(SessionPtr);
+
+ switch ( SessionPtr->File_Type )
+ {
+ case FILE_TYPE_SWF:
+ assert(SessionPtr->SWF);
+ snort_free(SessionPtr->SWF);
+ break;
+
+ case FILE_TYPE_PDF:
+ assert(SessionPtr->PDF);
+ snort_free(SessionPtr->PDF);
+ break;
+ }
+
delete SessionPtr;
}
// File_Decomp global typedefs (used in child objects)
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
#include <stdint.h>
#include <string.h>
#include "main/snort_types.h"
/* Function return codes used internally and with caller */
-typedef enum fd_status
+enum fd_status_t
{
File_Decomp_DecompError = -2, /* Error from decompression */
File_Decomp_Error = -1, /* Error from decompression */
File_Decomp_BlockOut = 3, /* Blocked due to lack of output space */
File_Decomp_BlockIn = 4, /* Blocked due to lack in input data */
File_Decomp_Eof = 5 /* End of file located */
-} fd_status_t;
+};
-typedef enum file_compression_type
+enum file_compression_type_t
{
FILE_COMPRESSION_TYPE_NONE,
FILE_COMPRESSION_TYPE_DEFLATE,
FILE_COMPRESSION_TYPE_ZLIB,
FILE_COMPRESSION_TYPE_LZMA,
FILE_COMPRESSION_TYPE_MAX
-} file_compression_type_t;
-
-typedef struct fd_session_s* fd_session_p_t, fd_session_t;
-
-// FIXIT-L this should be unravelled so that these internal includes are not necessary
-#include "decompress/file_decomp_pdf.h"
-#include "decompress/file_decomp_swf.h"
-#include <zlib.h>
-
-#ifdef HAVE_LZMA
-#include <lzma.h>
-#endif
+};
/* Potential decompression modes, passed in at initalization time. */
#define FILE_SWF_LZMA_BIT (0x00000001)
};
/* Private Types */
-typedef enum file_type
+enum file_type_t
{
FILE_TYPE_NONE,
FILE_TYPE_SWF,
FILE_TYPE_PDF,
FILE_TYPE_MAX
-} file_type_t;
+};
-typedef enum states
+enum fd_states_t
{
STATE_NEW, /* Session created */
STATE_READY, /* Session created and ready for content, no file/decomp selected */
STATE_ACTIVE, /* Decompressor inited and ready for content */
STATE_COMPLETE /* Decompression completed */
-} fd_states_t;
+};
/* Primary file decompression session state context */
-struct fd_session_s
+struct fd_session_t
{
- uint8_t* Next_In; /* next input byte */
- uint32_t Avail_In; /* number of bytes available at next_in */
- uint32_t Total_In; /* total number of input bytes read so far */
-
- uint8_t* Next_Out; /* next output byte should be put there */
- uint32_t Avail_Out; /* remaining free space at next_out */
- uint32_t Total_Out; /* total number of bytes output so far */
-
- /* Internal buffer setup by _Init(). App can overide. */
- uint8_t* Buffer; /* pointer to decompresiion buffer */
- uint32_t Buffer_Len; /* length of decompression buffer */
+ // FIXIT-L replace with abstract base class pointer used for
+ // PDF or SWF subclass and eliminate switches on File_Type
+ union
+ {
+ struct fd_PDF_t* PDF;
+ struct fd_SWF_t* SWF;
+ };
- /* Configuration settings */
- uint32_t Compr_Depth;
- uint32_t Decompr_Depth;
- uint32_t Modes; /* Bit mapped set of potential file/algo modes */
+ uint8_t* Next_In; // next input byte
+ uint8_t* Next_Out; // next output byte should be put there
+ uint8_t* Buffer; // pointer to decompresiion buffer
- /* Alerting callback */
+ // Alerting callback
void (* Alert_Callback)(void* Context, int Event);
void* Alert_Context;
- /* Internal State */
- uint8_t File_Type; /* Active file type */
- uint8_t Decomp_Type; /* Active decompression type */
- uint8_t Sig_State; /* Sig search state machine */
- uint8_t State; /* main state machine */
+ uint32_t Avail_In; // number of bytes available at next_in
+ uint32_t Total_In; // total number of input bytes read so far
- union
- {
- fd_PDF_t PDF;
- fd_SWF_t SWF;
- } Decomp_State;
+ uint32_t Avail_Out; // remaining free space at next_out
+ uint32_t Total_Out; // total number of bytes output so far
- /* Specific event indicated by DecomprError return */
- int Error_Event;
+ uint32_t Buffer_Len; // length of decompression buffer
+
+ // Configuration settings
+ uint32_t Compr_Depth;
+ uint32_t Decompr_Depth;
+ uint32_t Modes; // Bit mapped set of potential file/algo modes
+
+ int Error_Event; // Specific event indicated by DecomprError return
+
+ // Internal State
+ uint8_t File_Type; // Active file type
+ uint8_t Decomp_Type; // Active decompression type
+ uint8_t Sig_State; // Sig search state machine
+ uint8_t State; // main state machine
};
+// FIXIT-L don't obfuscate pointers
+typedef fd_session_t* fd_session_p_t;
+
/* Macros */
/* Macros used to sync my decompression context with that
// file_decomp_pdf.cc author Ed Borgoyn <eborgoyn@sourcefire.com>
-#include "file_decomp.h"
#include "file_decomp_pdf.h"
#ifdef HAVE_CONFIG_H
#include <zlib.h>
#include "main/thread.h"
+#include "utils/util.h"
#ifdef UNIT_TEST
#include "catch/catch.hpp"
{
/* Found our first matching, supported filter type */
SessionPtr->Decomp_Type = Comp_Type;
- SessionPtr->Decomp_State.PDF.Decomp_Type = Comp_Type;
+ SessionPtr->PDF->Decomp_Type = Comp_Type;
}
}
else
int Index;
fd_status_t Ret_Code = File_Decomp_OK;
- fd_PDF_Parse_p_t p = &(SessionPtr->Decomp_State.PDF.Parse);
+ fd_PDF_Parse_p_t p = &(SessionPtr->PDF->Parse);
/* Assume the 'no compression' result */
SessionPtr->Decomp_Type = FILE_COMPRESSION_TYPE_NONE;
static inline void Init_Parser(fd_session_p_t SessionPtr)
{
- fd_PDF_Parse_p_t p = &(SessionPtr->Decomp_State.PDF.Parse);
+ fd_PDF_Parse_p_t p = &(SessionPtr->PDF->Parse);
/* The parser starts in the P_COMMENT state we start
parsing the file just after the signature is located
and the signature is syntactially a comment. */
static inline fd_status_t Handle_State_DICT_OBJECT(fd_session_p_t SessionPtr, uint8_t c)
{
char Filter_Tok[] = TOK_DICT_FILT;
- fd_PDF_Parse_p_t p = &(SessionPtr->Decomp_State.PDF.Parse);
+ fd_PDF_Parse_p_t p = &(SessionPtr->PDF->Parse);
/* enter with c being an EOL from the ind obj state */
if ( p->State != P_DICT_OBJECT )
static THREAD_LOCAL uint8_t Stream_Token[] = { TOK_STRM_OPEN };
static THREAD_LOCAL uint8_t Stream_End_Token[] = { TOK_STRM_CLOSE };
- fd_PDF_Parse_p_t p = &(SessionPtr->Decomp_State.PDF.Parse);
+ fd_PDF_Parse_p_t p = &(SessionPtr->PDF->Parse);
/* Upon initial entry, setup state context */
if ( p->State != P_IND_OBJ )
{
static THREAD_LOCAL const uint8_t* Xref_Tok = (uint8_t*)TOK_XRF_STARTXREF;
uint8_t Xref_End_Tok[] = { TOK_XRF_END };
- fd_PDF_Parse_p_t p = &(SessionPtr->Decomp_State.PDF.Parse);
+ fd_PDF_Parse_p_t p = &(SessionPtr->PDF->Parse);
if ( p->State != P_XREF )
{
static inline fd_status_t Handle_State_START(fd_session_p_t SessionPtr, uint8_t c)
{
- fd_PDF_Parse_p_t p = &(SessionPtr->Decomp_State.PDF.Parse);
+ fd_PDF_Parse_p_t p = &(SessionPtr->PDF->Parse);
/* Skip any whitespace. This will include
the LF as part of a <CRLF> EOL token. */
if ( IS_WHITESPACE(c) )
/* Parse file until input blocked or stream located. */
static fd_status_t Locate_Stream_Beginning(fd_session_p_t SessionPtr)
{
- fd_PDF_Parse_p_t p = &(SessionPtr->Decomp_State.PDF.Parse);
+ fd_PDF_Parse_p_t p = &(SessionPtr->PDF->Parse);
fd_status_t Ret_Code = File_Decomp_OK;
uint8_t c;
static fd_status_t Init_Stream(fd_session_p_t SessionPtr)
{
- fd_PDF_p_t StPtr = &(SessionPtr->Decomp_State.PDF);
+ fd_PDF_p_t StPtr = SessionPtr->PDF;
switch ( StPtr->Decomp_Type )
{
static fd_status_t Decomp_Stream(fd_session_p_t SessionPtr)
{
- fd_PDF_p_t StPtr = &(SessionPtr->Decomp_State.PDF);
+ fd_PDF_p_t StPtr = SessionPtr->PDF;
/* No reason to decompress if there's no input or
room for output. */
static fd_status_t Close_Stream(fd_session_p_t SessionPtr)
{
/* Put the parser state back where it was interrupted */
- if ( Pop_State(&(SessionPtr->Decomp_State.PDF.Parse) ) == File_Decomp_Error )
+ if ( Pop_State(&(SessionPtr->PDF->Parse) ) == File_Decomp_Error )
return( File_Decomp_Error );
- SessionPtr->Decomp_State.PDF.State = PDF_STATE_LOCATE_STREAM;
+ SessionPtr->PDF->State = PDF_STATE_LOCATE_STREAM;
return( File_Decomp_OK );
}
if ( SessionPtr == NULL )
return( File_Decomp_Error );
- StPtr = &(SessionPtr->Decomp_State.PDF);
+ StPtr = SessionPtr->PDF;
if ( (StPtr->State != PDF_STATE_INIT_STREAM) &&
(StPtr->State != PDF_STATE_PROCESS_STREAM) )
/* From caller, initialize PDF state machine. */
fd_status_t File_Decomp_Init_PDF(fd_session_p_t SessionPtr)
{
- fd_PDF_p_t StPtr;
-
if ( SessionPtr == NULL )
return( File_Decomp_Error );
- StPtr = &(SessionPtr->Decomp_State.PDF);
+ SessionPtr->PDF = (fd_PDF_t*)snort_calloc(sizeof(fd_PDF_t));
+
+ fd_PDF_p_t StPtr = SessionPtr->PDF;
Init_Parser(SessionPtr);
/* Process all data until blocked */
while ( 1 )
{
- switch ( SessionPtr->Decomp_State.PDF.State )
+ switch ( SessionPtr->PDF->State )
{
case ( PDF_STATE_LOCATE_STREAM ):
{
}
else
{
- SessionPtr->Decomp_State.PDF.State = PDF_STATE_INIT_STREAM;
+ SessionPtr->PDF->State = PDF_STATE_INIT_STREAM;
/* If we've located the beginning of stream, set new state
and fall into next state */
}
break;
}
- SessionPtr->Decomp_State.PDF.State = PDF_STATE_PROCESS_STREAM;
+ SessionPtr->PDF->State = PDF_STATE_PROCESS_STREAM;
/* INTENTIONAL FALL-THROUGH INTO PDF_STATE_PROCESS_STREAM CASE. */
}
fd_session_p_t p_s;
REQUIRE((p_s = File_Decomp_New()) != (fd_session_p_t)NULL);
+ p_s->PDF = (fd_PDF_t*)snort_calloc(sizeof(fd_PDF_t));
p_s->File_Type = FILE_TYPE_SWF;
REQUIRE(File_Decomp_PDF(p_s) == File_Decomp_Error);
+ snort_free(p_s->PDF);
}
TEST_CASE("File_Decomp_PDF-bad_state-error", "[file_decomp]")
fd_session_p_t p_s;
REQUIRE((p_s = File_Decomp_New()) != (fd_session_p_t)NULL);
+ p_s->PDF = (fd_PDF_t*)snort_calloc(sizeof(fd_PDF_t));
p_s->File_Type = FILE_TYPE_PDF;
- p_s->Decomp_State.PDF.State = PDF_STATE_NEW;
+ p_s->PDF->State = PDF_STATE_NEW;
REQUIRE(File_Decomp_PDF(p_s) == File_Decomp_Error);
+ snort_free(p_s->PDF);
}
TEST_CASE("File_Decomp_End_PDF-bad_type-error", "[file_decomp]")
fd_session_p_t p_s;
REQUIRE((p_s = File_Decomp_New()) != (fd_session_p_t)NULL);
- p_s->Decomp_State.PDF.Decomp_Type = FILE_COMPRESSION_TYPE_LZMA;
- p_s->Decomp_State.PDF.State = PDF_STATE_PROCESS_STREAM;
+ p_s->PDF = (fd_PDF_t*)snort_calloc(sizeof(fd_PDF_t));
+ p_s->PDF->Decomp_Type = FILE_COMPRESSION_TYPE_LZMA;
+ p_s->PDF->State = PDF_STATE_PROCESS_STREAM;
REQUIRE(File_Decomp_End_PDF(p_s) == File_Decomp_Error);
+ snort_free(p_s->PDF);
}
#endif
#ifndef FILE_DECOMP_PDF_H
#define FILE_DECOMP_PDF_H
+#include <stdint.h>
#include <zlib.h>
+#include "file_decomp.h"
+
#define ELEM_BUF_LEN (12)
#define FILTER_SPEC_BUF_LEN (40)
#define PARSE_STACK_LEN (12)
/* FIXIT-L Other than the API prototypes, the other parts of this header should
be private to file_decomp_pdf. */
-typedef enum pdf_states
+enum fd_PDF_States
{
PDF_STATE_NEW,
PDF_STATE_LOCATE_STREAM, /* Found sig bytes, looking for dictionary & stream*/
PDF_STATE_INIT_STREAM, /* Init stream */
PDF_STATE_PROCESS_STREAM /* Processing stream */
-} fd_PDF_States;
+};
-typedef struct fd_PDF_Parse_Stack_s
+struct fd_PDF_Parse_Stack_t
{
uint8_t State;
uint8_t Sub_State;
-} fd_PDF_Parse_Stack_t, * fd_PDF_Parse_Stack_p_t;
+};
-typedef struct fd_PDF_Parse_s
+struct fd_PDF_Parse_t
{
uint8_t Dict_Nesting_Cnt;
uint8_t Elem_Buf[ELEM_BUF_LEN];
uint32_t Gen_Number;
uint8_t Sub_State;
uint8_t State;
-} fd_PDF_Parse_t, * fd_PDF_Parse_p_t;
+};
-typedef struct fd_PDF_Deflate_s
+struct fd_PDF_Deflate_t
{
z_stream StreamDeflate;
-} fd_PDF_Deflate_t;
+};
-typedef struct fd_PDF_s
+struct fd_PDF_t
{
union
{
fd_PDF_Parse_t Parse;
uint8_t Decomp_Type;
uint8_t State;
-} fd_PDF_t, * fd_PDF_p_t;
+};
+
+// FIXIT-L don't obfuscate pointers
+typedef fd_PDF_Parse_Stack_t* fd_PDF_Parse_Stack_p_t;
+typedef fd_PDF_Parse_t* fd_PDF_Parse_p_t;
+typedef fd_PDF_t* fd_PDF_p_t;
/* API Functions */
// file_decomp_swf.cc author Ed Borgoyn <eborgoyn@sourcefire.com>
-#include "file_decomp.h"
#include "file_decomp_swf.h"
#ifdef HAVE_CONFIG_H
#include <lzma.h>
#endif
+#include "utils/util.h"
+
#ifdef UNIT_TEST
#include "catch/catch.hpp"
#endif
static fd_status_t File_Decomp_Process_LZMA_Header(fd_session_p_t SessionPtr)
{
uint8_t LZMA_Header[LZMA_HEADER_LEN];
- uint8_t* SWF_Header = SessionPtr->Decomp_State.SWF.Header_Bytes;
+ uint8_t* SWF_Header = SessionPtr->SWF->Header_Bytes;
uint64_t LZMA_Uncomp_Len;
uint32_t SWF_Uncomp_Len;
int idx;
lzma_ret l_ret;
- lzma_stream* l_s = &(SessionPtr->Decomp_State.SWF.StreamLZMA);
+ lzma_stream* l_s = &(SessionPtr->SWF->StreamLZMA);
SWF_Uncomp_Len = 0;
/* Read little-endian into value */
case FILE_COMPRESSION_TYPE_ZLIB:
{
int z_ret;
- z_stream* z_s = &(SessionPtr->Decomp_State.SWF.StreamZLIB);
+ z_stream* z_s = &(SessionPtr->SWF->StreamZLIB);
SYNC_IN(z_s)
case FILE_COMPRESSION_TYPE_LZMA:
{
lzma_ret l_ret;
- lzma_stream* l_s = &(SessionPtr->Decomp_State.SWF.StreamLZMA);
+ lzma_stream* l_s = &(SessionPtr->SWF->StreamLZMA);
SYNC_IN(l_s)
case FILE_COMPRESSION_TYPE_ZLIB:
{
int z_ret;
- z_stream* z_s = &(SessionPtr->Decomp_State.SWF.StreamZLIB);
+ z_stream* z_s = &(SessionPtr->SWF->StreamZLIB);
z_ret = inflateEnd(z_s);
#ifdef HAVE_LZMA
case FILE_COMPRESSION_TYPE_LZMA:
{
- lzma_stream* l_s = &(SessionPtr->Decomp_State.SWF.StreamLZMA);
+ lzma_stream* l_s = &(SessionPtr->SWF->StreamLZMA);
lzma_end(l_s);
if ( SessionPtr == NULL )
return( File_Decomp_Error );
+ SessionPtr->SWF = (fd_SWF_t*)snort_calloc(sizeof(fd_SWF_t));
+
/* Indicate the we need to look for the remainder of the
uncompressed header. */
- SessionPtr->Decomp_State.SWF.State = SWF_STATE_GET_HEADER;
- SessionPtr->Decomp_State.SWF.Header_Cnt = 0;
+ SessionPtr->SWF->State = SWF_STATE_GET_HEADER;
+ SessionPtr->SWF->Header_Cnt = 0;
switch ( SessionPtr->Decomp_Type )
{
int z_ret;
z_stream* z_s;
- SessionPtr->Decomp_State.SWF.Header_Len =
+ SessionPtr->SWF->Header_Len =
SWF_VER_LEN + SWF_UCL_LEN;
- z_s = &(SessionPtr->Decomp_State.SWF.StreamZLIB);
+ z_s = &(SessionPtr->SWF->StreamZLIB);
memset( (char*)z_s, 0, sizeof(z_stream));
lzma_ret l_ret;
lzma_stream* l_s;
- SessionPtr->Decomp_State.SWF.Header_Len =
+ SessionPtr->SWF->Header_Len =
SWF_VER_LEN + SWF_UCL_LEN + SWF_LZMA_CML_LEN + SWF_LZMA_PRP_LEN;
- l_s = &(SessionPtr->Decomp_State.SWF.StreamLZMA);
+ l_s = &(SessionPtr->SWF->StreamLZMA);
memset( (char*)l_s, 0, sizeof(lzma_stream));
return( File_Decomp_Error );
/* Are we still looking for the balance of the uncompressed header? */
- switch ( SessionPtr->Decomp_State.SWF.State )
+ switch ( SessionPtr->SWF->State )
{
case ( SWF_STATE_GET_HEADER ):
{
- uint8_t* Cnt_Ptr = &(SessionPtr->Decomp_State.SWF.Header_Cnt); // For convenience
- uint8_t* Len_Ptr = &(SessionPtr->Decomp_State.SWF.Header_Len); // For convenience
+ uint8_t& Cnt_Ptr = SessionPtr->SWF->Header_Cnt;
+ uint8_t& Len_Ptr = SessionPtr->SWF->Header_Len;
- while ( *Len_Ptr > *Cnt_Ptr )
+ while ( Len_Ptr > Cnt_Ptr )
{
if ( SessionPtr->Avail_In == 0 )
return( File_Decomp_BlockIn );
if ( SessionPtr->Avail_Out == 0 )
return( File_Decomp_BlockOut );
- SessionPtr->Decomp_State.SWF.Header_Bytes[*Cnt_Ptr] =
+ SessionPtr->SWF->Header_Bytes[Cnt_Ptr] =
*(SessionPtr->Next_In);
(void)Move_1(SessionPtr);
- *Cnt_Ptr += 1;
+ ++Cnt_Ptr;
}
- SessionPtr->Decomp_State.SWF.State = SWF_STATE_PROC_HEADER;
+ SessionPtr->SWF->State = SWF_STATE_PROC_HEADER;
/* INTENTIONAL FALL-THROUGH INTO SWF_STATE_PROC_HEADER CASE. */
}
case ( SWF_STATE_PROC_HEADER ):
}
#endif
- SessionPtr->Decomp_State.SWF.State = SWF_STATE_DATA;
+ SessionPtr->SWF->State = SWF_STATE_DATA;
/* INTENTIONAL FALL-THROUGH INTO SWF_STATE_DATA CASE. */
}
case ( SWF_STATE_DATA ):
fd_session_p_t p_s;
REQUIRE((p_s = File_Decomp_New()) != (fd_session_p_t)NULL);
+ p_s->SWF = (fd_SWF_t*)snort_calloc(sizeof(fd_SWF_t));
p_s->File_Type = FILE_TYPE_PDF;
REQUIRE(File_Decomp_SWF(p_s) == File_Decomp_Error);
+ snort_free(p_s->SWF);
}
TEST_CASE("File_Decomp_SWF-bad_state-error", "[file_decomp]")
fd_session_p_t p_s;
REQUIRE((p_s = File_Decomp_New()) != (fd_session_p_t)NULL);
+ p_s->SWF = (fd_SWF_t*)snort_calloc(sizeof(fd_SWF_t));
p_s->File_Type = FILE_TYPE_SWF;
- p_s->Decomp_State.SWF.State = SWF_STATE_NEW;
+ p_s->SWF->State = SWF_STATE_NEW;
REQUIRE(File_Decomp_SWF(p_s) == File_Decomp_Error);
+ snort_free(p_s->SWF);
}
TEST_CASE("File_Decomp_Init_SWF-bad_type-error", "[file_decomp]")
fd_session_p_t p_s;
REQUIRE((p_s = File_Decomp_New()) != (fd_session_p_t)NULL);
+ p_s->SWF = (fd_SWF_t*)snort_calloc(sizeof(fd_SWF_t));
p_s->Decomp_Type = FILE_COMPRESSION_TYPE_DEFLATE;
REQUIRE(File_Decomp_Init_SWF(p_s) == File_Decomp_Error);
+ snort_free(p_s->SWF);
}
TEST_CASE("File_Decomp_End_SWF-bad_type-error", "[file_decomp]")
fd_session_p_t p_s;
REQUIRE((p_s = File_Decomp_New()) != (fd_session_p_t)NULL);
+ p_s->SWF = (fd_SWF_t*)snort_calloc(sizeof(fd_SWF_t));
p_s->Decomp_Type = FILE_COMPRESSION_TYPE_DEFLATE;
REQUIRE(File_Decomp_End_SWF(p_s) == File_Decomp_Error);
+ snort_free(p_s->SWF);
}
#endif
#include "config.h"
#endif
+#include <stdint.h>
#include <zlib.h>
+
#ifdef HAVE_LZMA
#include <lzma.h>
#endif
+#include "file_decomp.h"
+
/* FIXIT-L Other than the API prototypes, the other parts of this header should
be private to file_decomp_swf. */
/* Types */
-typedef enum swf_states
+enum fd_SWF_States
{
SWF_STATE_NEW,
SWF_STATE_GET_HEADER, /* Found sig bytes, looking for end of uncomp header */
SWF_STATE_PROC_HEADER, /* Found header bytes, now process the header */
SWF_STATE_DATA /* Done with header, looking for start of data */
-} fd_SWF_States;
+};
-typedef struct fd_SWF_s
+struct fd_SWF_t
{
z_stream StreamZLIB;
#ifdef HAVE_LZMA
uint8_t State;
uint8_t Header_Len;
uint8_t Header_Cnt;
-} fd_SWF_t;
+};
/* API Functions */
projects / thirdparty / snort3.git / commitdiff
