]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
Pull request #3457: Mime phase 2
authorTom Peters (thopeter) <thopeter@cisco.com>
Tue, 7 Jun 2022 19:16:39 +0000 (19:16 +0000)
committerTom Peters (thopeter) <thopeter@cisco.com>
Tue, 7 Jun 2022 19:16:39 +0000 (19:16 +0000)
Merge in SNORT/snort3 from ~THOPETER/snort3:mime_phase_2 to master

Squashed commit of the following:

commit fe36683acc1a83d5e93ce55ab806ce0c9edcf8f0
Author: Tom Peters <thopeter@cisco.com>
Date:   Mon Jun 6 16:20:52 2022 -0400

    http_inspect: remove unneeded header inclusions and improve cleanup before trailers

commit 39da40c13fb24edd3204b7a780cd597d6832b29f
Author: Tom Peters <thopeter@cisco.com>
Date:   Fri Jun 3 13:50:16 2022 -0400

    mime: cleanup

src/mime/file_mime_process.cc
src/mime/file_mime_process.h
src/service_inspectors/http_inspect/http_flow_data.cc
src/service_inspectors/http_inspect/http_flow_data.h
src/service_inspectors/http_inspect/http_msg_body.h
src/service_inspectors/http_inspect/http_msg_body_chunk.cc
src/service_inspectors/http_inspect/http_msg_header.h

index 8cc555c30211ee46cfc4b437f88b2bdcb93c5e38..15cc1910643b677bfa44cb5a630a156974549e4d 100644 (file)
@@ -409,13 +409,13 @@ bool MimeSession::process_header_line(const uint8_t*& ptr, const uint8_t* eol, c
 static const uint8_t* GetDataEnd(const uint8_t* data_start,
     const uint8_t* data_end_marker)
 {
-    /* '\r\n' + '--' + MIME boundary string */
+    // '\r\n' + '--' + MIME boundary string
     const int Max_Search = 4 + MAX_MIME_BOUNDARY_LEN;
     const uint8_t* start;
-    /*Exclude 2 bytes because either \r\n or '--'  at the end */
+    // Exclude 2 bytes because either \r\n or '--'  at the end
     const uint8_t* end = data_end_marker - 2;
 
-    /*Search for the start of boundary, should be less than boundary length*/
+    // Search for the start of boundary, should be less than boundary length
     if (end > data_start + Max_Search)
         start = end - Max_Search;
     else
@@ -585,7 +585,7 @@ const uint8_t* MimeSession::process_mime_data_paf(
                     set_file_data(decomp_buffer, decomp_buf_size);
                 }
 
-                /*Process file type/file signature*/
+                // Process file type/file signature
                 mime_file_process(p, buffer, buf_size, position, upload);
 
                 if (mime_stats)
@@ -645,7 +645,7 @@ void MimeSession::reset_part_state()
     // Clear MIME's file data to prepare for next file
     filename.clear();
     file_counter++;
-    file_process_offset = 0;
+    file_offset = 0;
     current_file_cache_file_id = 0;
     current_multiprocessing_file_id = 0;
     continue_inspecting_file = true;
@@ -668,11 +668,11 @@ const uint8_t* MimeSession::process_mime_data(Packet* p, const uint8_t* start,
         return data_end_marker;
     }
 
-    initFilePosition(&position, file_process_offset);
-    /* look for boundary */
+    initFilePosition(&position, file_offset);
+    // look for boundary
     while (start < data_end_marker)
     {
-        /*Found the boundary, start processing data*/
+        // Found the boundary, start processing data
         if (process_mime_paf_data(&(mime_boundary),  *start))
         {
             attach_end = start;
@@ -689,7 +689,7 @@ const uint8_t* MimeSession::process_mime_data(Packet* p, const uint8_t* start,
 
     if ((start == data_end_marker) && (attach_start < data_end_marker))
     {
-        updateFilePosition(&position, file_process_offset);
+        updateFilePosition(&position, file_offset);
         process_mime_data_paf(p, attach_start, data_end_marker,
             upload, position);
     }
@@ -886,16 +886,15 @@ void MimeSession::mime_file_process(Packet* p, const uint8_t* data, int data_siz
         if (session_base_file_id)
         {
             const FileDirection dir = upload? FILE_UPLOAD : FILE_DOWNLOAD;
-            uint64_t offset = file_process_offset;
             continue_inspecting_file = file_flows->file_process(p, get_file_cache_file_id(), data,
-                data_size, offset, dir, get_multiprocessing_file_id(), position);
+                data_size, file_offset, dir, get_multiprocessing_file_id(), position);
         }
         else
         {
             continue_inspecting_file = file_flows->file_process(p, data, data_size, position,
                 upload);
         }
-        file_process_offset += data_size;
+        file_offset += data_size;
         if (continue_inspecting_file and (isFileStart(position)) && log_state)
         {
             continue_inspecting_file = file_flows->set_file_name((const uint8_t*)filename.c_str(),
index 1ec2a1621932619cf6b35c0c93c2cec48f2b0a5f..8eca8a7577f113818b3ed93714352293dbd652d1 100644 (file)
@@ -99,7 +99,7 @@ private:
     bool continue_inspecting_file = true;
     // This counter is not an accurate count of files; used only for creating a unique mime_file_id
     uint32_t file_counter = 0;
-    uint32_t file_process_offset = 0;
+    uint32_t file_offset = 0;
     uint64_t session_base_file_id = 0;
     uint64_t current_file_cache_file_id = 0;
     uint64_t current_multiprocessing_file_id = 0;
@@ -111,7 +111,7 @@ private:
         FilePosition position, bool upload);
     void reset_part_state();
 
-    // SMTP, IMAP, POP might have different implementation for this
+    // Individual service inspectors may have different implementations for these
     virtual int handle_header_line(const uint8_t*, const uint8_t*, int, Packet*) { return 0; }
     virtual int normalize_data(const uint8_t*, const uint8_t*, Packet*) { return 0; }
     virtual void decode_alert() { }
index baacbfeb0fb8deda26d2cb04e5c2b4937c843f6c..4f55e8c722ff4e75c021f24336b5e9665930064c 100644 (file)
@@ -25,6 +25,7 @@
 
 #include "decompress/file_decomp.h"
 #include "main/snort_debug.h"
+#include "mime/file_mime_process.h"
 #include "service_inspectors/http2_inspect/http2_flow_data.h"
 #include "utils/js_identifier_ctx.h"
 #include "utils/js_normalizer.h"
@@ -205,6 +206,10 @@ void HttpFlowData::trailer_prep(SourceId source_id)
         delete compress_stream[source_id];
         compress_stream[source_id] = nullptr;
     }
+    delete mime_state[source_id];
+    mime_state[source_id] = nullptr;
+    delete utf_state[source_id];
+    utf_state[source_id] = nullptr;
 }
 
 void HttpFlowData::garbage_collect()
index 6fb942f6ded9577164a6c7d4ebf194095c380812..fa7b7c7cc2bf6765318fe31d486d937e74f44c47 100644 (file)
@@ -25,7 +25,6 @@
 #include <cstdio>
 
 #include "flow/flow.h"
-#include "mime/file_mime_process.h"
 #include "utils/util_utf.h"
 #include "decompress/file_decomp.h"
 
@@ -44,6 +43,7 @@ class JSIdentifierCtxBase;
 namespace snort
 {
 class JSNormalizer;
+class MimeSession;
 }
 
 class HttpFlowData : public snort::FlowData
index 4241cdb822bba1a2cf657b47f714f5dcb6729159..fd241ed09442386b9cdaa575caac4e5e8d6f369c 100644 (file)
@@ -20,6 +20,8 @@
 #ifndef HTTP_MSG_BODY_H
 #define HTTP_MSG_BODY_H
 
+#include "file_api/file_api.h"
+
 #include "http_common.h"
 #include "http_enum.h"
 #include "http_field.h"
index a6992080ed2068c091c863b78b4b77cc5b9b900c..77f59628883d6e8f3b2431bc70c5fe9bfebb4eba 100644 (file)
@@ -32,24 +32,9 @@ void HttpMsgBodyChunk::update_flow()
 
     // Cutter was deleted by splitter when zero-length chunk received or at TCP close
     if (session_data->cutter[source_id] == nullptr)
-    {
         session_data->trailer_prep(source_id);
-        if (session_data->mime_state[source_id] != nullptr)
-        {
-            delete session_data->mime_state[source_id];
-            session_data->mime_state[source_id] = nullptr;
-        }
-
-        if ((source_id == SRC_SERVER) && (session_data->utf_state[source_id] != nullptr))
-        {
-            delete session_data->utf_state[source_id];
-            session_data->utf_state[source_id] = nullptr;
-        }
-    }
     else
-    {
         update_depth();
-    }
 }
 
 #ifdef REG_TEST
index 06f9fc3d383091bb31eda6f8ed109cb77247a494..13d9249c57a4de0b8002f3431e62fac5a7fa117a 100644 (file)
@@ -21,6 +21,7 @@
 #define HTTP_MSG_HEADER_H
 
 #include "file_api/file_api.h"
+#include "mime/file_mime_process.h"
 
 #include "http_common.h"
 #include "http_enum.h"