#include "utils/util.h"
#include "utils/snort_bounds.h"
+static int file_node_free_func(void*, void* data)
+{
+ FileEnforcer::FileNode* node = (FileEnforcer::FileNode*)data;
+ assert(node);
+ delete node->file;
+ node->file = nullptr;
+ return 0;
+}
+
FileEnforcer::FileEnforcer()
{
fileHash = sfxhash_new(MAX_FILES_TRACKED, sizeof(FileHashKey), sizeof(FileNode),
- MAX_MEMORY_USED, 1, nullptr, nullptr, 1);
+ MAX_MEMORY_USED, 1, nullptr, file_node_free_func, 1);
if (!fileHash)
FatalError("Failed to create the expected channel hash table.\n");
}
void FileEnforcer::update_file_node(FileNode* node, FileInfo* file)
{
- node->file = *file;
+ *(node->file) = *file;
}
FileVerdict FileEnforcer::check_verdict(Flow* flow, FileNode* node, SFXHASH_NODE* hash_node)
// Check file type first
FilePolicy& inspect = FileService::get_inspect();
- verdict = inspect.type_lookup(flow, &(node->file));
+ assert(node->file);
+
+ verdict = inspect.type_lookup(flow, node->file);
if ((verdict == FILE_VERDICT_UNKNOWN) ||
(verdict == FILE_VERDICT_STOP_CAPTURE))
{
- verdict = inspect.signature_lookup(flow, &(node->file));
+ verdict = inspect.signature_lookup(flow, node->file);
}
if ((verdict == FILE_VERDICT_UNKNOWN) ||
(verdict == FILE_VERDICT_STOP_CAPTURE))
{
- verdict = node->file.verdict;
+ verdict = node->file->verdict;
}
if (verdict == FILE_VERDICT_LOG)
FileNode new_node;
DebugMessage(DEBUG_FILE, "Adding file node\n");
+ new_node.file = new FileInfo();
+
update_file_node(&new_node, file);
/*
else
return verdict;
- if (node)
+ if (node && node->file)
{
DebugMessage(DEBUG_FILE, "Found resumed file\n");
if (node->expires && packet_time() > node->expires)
size_t file_sig;
};
+ #define MAX_FILES_TRACKED 16384
+ #define MAX_MEMORY_USED (10*1024*1024) // 10M
+
+public:
struct FileNode
{
time_t expires;
- FileInfo file;
+ FileInfo* file;
};
- #define MAX_FILES_TRACKED 16384
- #define MAX_MEMORY_USED 10*1024*1024 // 10M
-
-public:
FileEnforcer();
~FileEnforcer();
FileVerdict cached_verdict_lookup(Flow*, FileInfo*);
/* file signature calculation */
if (is_file_signature_enabled())
{
- process_file_signature_sha256(file_data, data_size, position);
+ if (!sha256)
+ process_file_signature_sha256(file_data, data_size, position);
file_stats.data_processed[get_file_type()][get_file_direction()]
+= data_size;
switch (position)
{
case SNORT_FILE_START:
- file_signature_context = snort_calloc(sizeof(SHA256_CTX));
+ if (!file_signature_context)
+ file_signature_context = snort_calloc(sizeof(SHA256_CTX));
SHA256_Init((SHA256_CTX*)file_signature_context);
SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
break;
case SNORT_FILE_MIDDLE:
if (!file_signature_context)
- file_signature_context = snort_calloc(sizeof(SHA256_CTX));
+ return;
SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
break;
case SNORT_FILE_END:
if (!file_signature_context)
- file_signature_context = snort_calloc(sizeof(SHA256_CTX));
- if (processed_bytes == 0)
- SHA256_Init((SHA256_CTX*)file_signature_context);
+ return;
SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
sha256 = new uint8_t[SHA256_HASH_SIZE];
SHA256_Final(sha256, (SHA256_CTX*)file_signature_context);
file_state.sig_state = FILE_SIG_DONE;
break;
case SNORT_FILE_FULL:
- file_signature_context = snort_calloc(sizeof (SHA256_CTX));
+ if (!file_signature_context)
+ file_signature_context = snort_calloc(sizeof (SHA256_CTX));
SHA256_Init((SHA256_CTX*)file_signature_context);
SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
sha256 = new uint8_t[SHA256_HASH_SIZE];
projects / thirdparty / snort3.git / commitdiff
