Merge pull request #1365 in SNORT/snort3 from file_type_fix to master

Squashed commit of the following:

commit 9c964722ee6e8eb1e56a86b4527a26abf9dbd10b
Author: Masud Hasan <mashasan@cisco.com>
Date:   Tue Sep 18 17:29:10 2018 -0400

    file_api: fix off-by-one bug that was hurting performance

diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc
index 97e842bbf3c9087924cb796b1e224cef487e565a..9e0f1f085115241061bc4c00198e222ee32ae952 100644 (file)
--- a/src/file_api/file_lib.cc
+++ b/src/file_api/file_lib.cc
@@ -271,31 +271,6 @@ FileContext::~FileContext ()
     InspectorManager::release(inspector);
 }
 
-inline int FileContext::get_data_size_from_depth_limit(FileProcessType type, int
-    data_size)
-{
-    uint64_t max_depth;
-
-    switch (type)
-    {
-    case SNORT_FILE_TYPE_ID:
-        max_depth = config->file_type_depth;
-        break;
-    case SNORT_FILE_SHA256:
-        max_depth = config->file_signature_depth;
-        break;
-    default:
-        return data_size;
-    }
-
-    if (processed_bytes > max_depth)
-        data_size = -1;
-    else if (processed_bytes + data_size > max_depth)
-        data_size = (int)(max_depth - processed_bytes);
-
-    return data_size;
-}
-
 /* stop file type identification */
 inline void FileContext::finalize_file_type()
 {
@@ -506,40 +481,33 @@ bool FileContext::process(Flow* flow, const uint8_t* file_data, int data_size,
  * 3) file magics are exhausted in depth
  *
  */
-void FileContext::process_file_type(const uint8_t* file_data, int size, FilePosition position)
+void FileContext::process_file_type(const uint8_t* file_data, int data_size, FilePosition position)
 {
-    int data_size;
-
-    /* file type already found and no magics to continue*/
+    /* file type already found and no magics to continue */
     if (file_type_id && !file_type_context)
         return;
 
-    /* Check whether file type depth is reached*/
-    data_size = get_data_size_from_depth_limit(SNORT_FILE_TYPE_ID, size);
+    bool depth_exhausted = false;
 
-    if (data_size < 0)
+    if ((int64_t)processed_bytes + data_size >= config->file_type_depth)
     {
-        finalize_file_type();
-        return;
+        data_size = config->file_type_depth - processed_bytes;
+        assert(data_size > 0);
+        depth_exhausted = true;
     }
 
     file_type_id =
         config->find_file_type_id(file_data, data_size, processed_bytes, &file_type_context);
 
-    /* Check whether file transfer is done or type depth is reached*/
-    if ( (position == SNORT_FILE_END)  || (position == SNORT_FILE_FULL) ||
-        (data_size != size) )
-    {
+    /* Check whether file transfer is done or type depth is reached */
+    if ( (position == SNORT_FILE_END) || (position == SNORT_FILE_FULL) || depth_exhausted )
         finalize_file_type();
-    }
 }
 
-void FileContext::process_file_signature_sha256(const uint8_t* file_data, int size,
+void FileContext::process_file_signature_sha256(const uint8_t* file_data, int data_size,
     FilePosition position)
 {
-    int data_size = get_data_size_from_depth_limit(SNORT_FILE_SHA256, size);
-
-    if (data_size != size)
+    if ((int64_t)processed_bytes + data_size > config->file_signature_depth)
     {
         file_state.sig_state = FILE_SIG_DEPTH_FAIL;
         return;

diff --git a/src/file_api/file_lib.h b/src/file_api/file_lib.h
index a25217e3717651e2725f1cf8a3b24f653521bb66..e6016035ecee1197abe8957bd6906e76fb5b5f0a 100644 (file)
--- a/src/file_api/file_lib.h
+++ b/src/file_api/file_lib.h
@@ -139,7 +139,6 @@ private:
     FileInspect* inspector;
     FileConfig*  config;
 
-    inline int get_data_size_from_depth_limit(FileProcessType type, int data_size);
     inline void finalize_file_type();
     inline void finish_signature_lookup(Flow*, bool, FilePolicyBase*);
 };