Merge pull request #2705 in SNORT/snort3 from ~KATHARVE/snort3:file_context to master

author Mike Stepanek (mstepane) <mstepane@cisco.com>

Tue, 19 Jan 2021 16:01:09 +0000 (16:01 +0000)

committer Mike Stepanek (mstepane) <mstepane@cisco.com>

Tue, 19 Jan 2021 16:01:09 +0000 (16:01 +0000)
author Mike Stepanek (mstepane) <mstepane@cisco.com>
Tue, 19 Jan 2021 16:01:09 +0000 (16:01 +0000)
committer Mike Stepanek (mstepane) <mstepane@cisco.com>
Tue, 19 Jan 2021 16:01:09 +0000 (16:01 +0000)
diff --git a/src/file_api/file_flows.cc b/src/file_api/file_flows.cc

index cc6c0090b29405a21ed44aedf2f6ea042dafd41c..aea5246676ceb41f5ac34cf3c60ef8cf34604e32 100644 (file)
--- a/src/file_api/file_flows.cc
+++ b/src/file_api/file_flows.cc
@@ -350,21 +350,38 @@ bool FileFlows::file_process(Packet* p, const uint8_t* file_data, int data_size,
      return context->process(p, file_data, data_size, position, file_policy);
  }
  
-void FileFlows::set_file_name(const uint8_t* fname, uint32_t name_size, uint64_t file_id)
+/*
+ * Return:
+ *    true: continue processing this file
+ *    false: ignore this file
+ */
+bool FileFlows::set_file_name(const uint8_t* fname, uint32_t name_size, uint64_t file_id,
+    uint64_t multi_file_processing_id)
  {
      FileContext* context;
      if (file_id)
-        context = get_file_context(file_id, false);
+        context = get_file_context(file_id, false, multi_file_processing_id);
      else
          context = get_current_file_context();
      if ( !context )
-        return;
+        return false;
  
      if ( !context->is_file_name_set() )
      {
          context->set_file_name((const char*)fname, name_size);
          context->log_file_event(flow, file_policy);
      }
+
+    if ((context->get_processed_bytes() == (uint64_t)FileService::get_max_file_depth()) or
+        ((context->get_file_type() != SNORT_FILE_TYPE_CONTINUE) and
+            (!context->is_file_capture_enabled()) and (!context->is_file_signature_enabled())))
+    {
+        context->processing_complete = true;
+        // this can be called by inspector also if needed instead of here based on return value
+        remove_processed_file_context(multi_file_processing_id);
+        return false;
+    }
+    return true;
  }
  
  void FileFlows::add_pending_file(uint64_t file_id)
diff --git a/src/file_api/file_flows.h b/src/file_api/file_flows.h

index f6321caa114bd827babd49b1e77beb3d28addaf2..df77560c6779400f7faf4d1147428da045cbb362 100644 (file)
--- a/src/file_api/file_flows.h
+++ b/src/file_api/file_flows.h
@@ -82,7 +82,8 @@ public:
  
      uint64_t get_new_file_instance();
  
-    void set_file_name(const uint8_t* fname, uint32_t name_size, uint64_t file_id=0);
+    bool set_file_name(const uint8_t* fname, uint32_t name_size, uint64_t file_id=0,
+        uint64_t multi_file_processing_id=0);
  
      void set_sig_gen_state( bool enable )
      {
diff --git a/src/mime/file_mime_process.cc b/src/mime/file_mime_process.cc

index 426865d8df6681024c652848b5afd5281f538bcf..8a9dca9b4241755cecdacc89e3e2235a8dc86721 100644 (file)
--- a/src/mime/file_mime_process.cc
+++ b/src/mime/file_mime_process.cc
@@ -836,7 +836,7 @@ uint64_t MimeSession::get_file_cache_file_id()
  // file counter
  uint64_t MimeSession::get_multiprocessing_file_id()
  {
-    if (!current_multiprocessing_file_id)
+    if (!current_multiprocessing_file_id and session_base_file_id)
      {
          const int data_len = sizeof(session_base_file_id) + sizeof(file_counter);
          uint8_t data[data_len];
@@ -872,7 +872,8 @@ void MimeSession::mime_file_process(Packet* p, const uint8_t* data, int data_siz
          file_process_offset += data_size;
          if (continue_inspecting_file and (isFileStart(position)) && log_state)
          {
-            file_flows->set_file_name((const uint8_t*)filename.c_str(), filename.length());
+            continue_inspecting_file = file_flows->set_file_name((const uint8_t*)filename.c_str(),
+                filename.length(), 0, get_multiprocessing_file_id());
              filename.clear();
          }
      }
diff --git a/src/service_inspectors/http_inspect/http_msg_body.cc b/src/service_inspectors/http_inspect/http_msg_body.cc

index 253dab51ec1d9cc298928aaf06da931af8d7aba5..2e10c7344f28309c02daf071e638f4687f45ca6e 100644 (file)
--- a/src/service_inspectors/http_inspect/http_msg_body.cc
+++ b/src/service_inspectors/http_inspect/http_msg_body.cc
@@ -277,9 +277,10 @@ void HttpMsgBody::do_file_processing(const Field& file_data)
  
          const uint64_t file_index = get_header(source_id)->get_file_cache_index();
  
-        if (file_flows->file_process(p, file_index, file_data.start(), fp_length,
-            session_data->file_octets[source_id], dir,
-            get_header(source_id)->get_multi_file_processing_id(), file_position))
+        bool continue_processing_file = file_flows->file_process(p, file_index, file_data.start(),
+            fp_length, session_data->file_octets[source_id], dir,
+            get_header(source_id)->get_multi_file_processing_id(), file_position);
+        if (continue_processing_file)
          {
              session_data->file_depth_remaining[source_id] -= fp_length;
  
@@ -296,7 +297,9 @@ void HttpMsgBody::do_file_processing(const Field& file_data)
                              get_content_disposition_filename();
                          if (cd_filename.length() > 0)
                          {
-                            file_flows->set_file_name(cd_filename.start(), cd_filename.length());
+                            continue_processing_file = file_flows->set_file_name(
+                                cd_filename.start(), cd_filename.length(), 0, 
+                                get_header(source_id)->get_multi_file_processing_id());
                              has_cd_filename = true;
                          }
                      }
@@ -305,14 +308,15 @@ void HttpMsgBody::do_file_processing(const Field& file_data)
                          const Field& transaction_uri = request->get_uri();
                          if (transaction_uri.length() > 0)
                          {
-                            file_flows->set_file_name(transaction_uri.start(),
-                                transaction_uri.length());
+                            continue_processing_file = file_flows->set_file_name(
+                                transaction_uri.start(), transaction_uri.length(), 0,
+                                get_header(source_id)->get_multi_file_processing_id());
                          }
                      }
                  }
              }
          }
-        else
+        if (!continue_processing_file)
          {
              // file processing doesn't want any more data
              session_data->file_depth_remaining[source_id] = 0;
author	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Tue, 19 Jan 2021 16:01:09 +0000 (16:01 +0000)
committer	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Tue, 19 Jan 2021 16:01:09 +0000 (16:01 +0000)
src/file_api/file_flows.cc		patch \| blob \| blame \| history
src/file_api/file_flows.h		patch \| blob \| blame \| history
src/mime/file_mime_process.cc		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_msg_body.cc		patch \| blob \| blame \| history