From: Tom Peters (thopeter) Date: Tue, 7 Jun 2022 19:16:39 +0000 (+0000) Subject: Pull request #3457: Mime phase 2 X-Git-Tag: 3.1.32.0~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=761f550d00fd53bce262c81bf15ffa85323cb633;p=thirdparty%2Fsnort3.git Pull request #3457: Mime phase 2 Merge in SNORT/snort3 from ~THOPETER/snort3:mime_phase_2 to master Squashed commit of the following: commit fe36683acc1a83d5e93ce55ab806ce0c9edcf8f0 Author: Tom Peters Date: Mon Jun 6 16:20:52 2022 -0400 http_inspect: remove unneeded header inclusions and improve cleanup before trailers commit 39da40c13fb24edd3204b7a780cd597d6832b29f Author: Tom Peters Date: Fri Jun 3 13:50:16 2022 -0400 mime: cleanup --- diff --git a/src/mime/file_mime_process.cc b/src/mime/file_mime_process.cc index 8cc555c30..15cc19106 100644 --- a/src/mime/file_mime_process.cc +++ b/src/mime/file_mime_process.cc @@ -409,13 +409,13 @@ bool MimeSession::process_header_line(const uint8_t*& ptr, const uint8_t* eol, c static const uint8_t* GetDataEnd(const uint8_t* data_start, const uint8_t* data_end_marker) { - /* '\r\n' + '--' + MIME boundary string */ + // '\r\n' + '--' + MIME boundary string const int Max_Search = 4 + MAX_MIME_BOUNDARY_LEN; const uint8_t* start; - /*Exclude 2 bytes because either \r\n or '--' at the end */ + // Exclude 2 bytes because either \r\n or '--' at the end const uint8_t* end = data_end_marker - 2; - /*Search for the start of boundary, should be less than boundary length*/ + // Search for the start of boundary, should be less than boundary length if (end > data_start + Max_Search) start = end - Max_Search; else @@ -585,7 +585,7 @@ const uint8_t* MimeSession::process_mime_data_paf( set_file_data(decomp_buffer, decomp_buf_size); } - /*Process file type/file signature*/ + // Process file type/file signature mime_file_process(p, buffer, buf_size, position, upload); if (mime_stats) @@ -645,7 +645,7 @@ void MimeSession::reset_part_state() // Clear MIME's file data to prepare for next file filename.clear(); file_counter++; - file_process_offset = 0; + file_offset = 0; current_file_cache_file_id = 0; current_multiprocessing_file_id = 0; continue_inspecting_file = true; @@ -668,11 +668,11 @@ const uint8_t* MimeSession::process_mime_data(Packet* p, const uint8_t* start, return data_end_marker; } - initFilePosition(&position, file_process_offset); - /* look for boundary */ + initFilePosition(&position, file_offset); + // look for boundary while (start < data_end_marker) { - /*Found the boundary, start processing data*/ + // Found the boundary, start processing data if (process_mime_paf_data(&(mime_boundary), *start)) { attach_end = start; @@ -689,7 +689,7 @@ const uint8_t* MimeSession::process_mime_data(Packet* p, const uint8_t* start, if ((start == data_end_marker) && (attach_start < data_end_marker)) { - updateFilePosition(&position, file_process_offset); + updateFilePosition(&position, file_offset); process_mime_data_paf(p, attach_start, data_end_marker, upload, position); } @@ -886,16 +886,15 @@ void MimeSession::mime_file_process(Packet* p, const uint8_t* data, int data_siz if (session_base_file_id) { const FileDirection dir = upload? FILE_UPLOAD : FILE_DOWNLOAD; - uint64_t offset = file_process_offset; continue_inspecting_file = file_flows->file_process(p, get_file_cache_file_id(), data, - data_size, offset, dir, get_multiprocessing_file_id(), position); + data_size, file_offset, dir, get_multiprocessing_file_id(), position); } else { continue_inspecting_file = file_flows->file_process(p, data, data_size, position, upload); } - file_process_offset += data_size; + file_offset += data_size; if (continue_inspecting_file and (isFileStart(position)) && log_state) { continue_inspecting_file = file_flows->set_file_name((const uint8_t*)filename.c_str(), diff --git a/src/mime/file_mime_process.h b/src/mime/file_mime_process.h index 1ec2a1621..8eca8a757 100644 --- a/src/mime/file_mime_process.h +++ b/src/mime/file_mime_process.h @@ -99,7 +99,7 @@ private: bool continue_inspecting_file = true; // This counter is not an accurate count of files; used only for creating a unique mime_file_id uint32_t file_counter = 0; - uint32_t file_process_offset = 0; + uint32_t file_offset = 0; uint64_t session_base_file_id = 0; uint64_t current_file_cache_file_id = 0; uint64_t current_multiprocessing_file_id = 0; @@ -111,7 +111,7 @@ private: FilePosition position, bool upload); void reset_part_state(); - // SMTP, IMAP, POP might have different implementation for this + // Individual service inspectors may have different implementations for these virtual int handle_header_line(const uint8_t*, const uint8_t*, int, Packet*) { return 0; } virtual int normalize_data(const uint8_t*, const uint8_t*, Packet*) { return 0; } virtual void decode_alert() { } diff --git a/src/service_inspectors/http_inspect/http_flow_data.cc b/src/service_inspectors/http_inspect/http_flow_data.cc index baacbfeb0..4f55e8c72 100644 --- a/src/service_inspectors/http_inspect/http_flow_data.cc +++ b/src/service_inspectors/http_inspect/http_flow_data.cc @@ -25,6 +25,7 @@ #include "decompress/file_decomp.h" #include "main/snort_debug.h" +#include "mime/file_mime_process.h" #include "service_inspectors/http2_inspect/http2_flow_data.h" #include "utils/js_identifier_ctx.h" #include "utils/js_normalizer.h" @@ -205,6 +206,10 @@ void HttpFlowData::trailer_prep(SourceId source_id) delete compress_stream[source_id]; compress_stream[source_id] = nullptr; } + delete mime_state[source_id]; + mime_state[source_id] = nullptr; + delete utf_state[source_id]; + utf_state[source_id] = nullptr; } void HttpFlowData::garbage_collect() diff --git a/src/service_inspectors/http_inspect/http_flow_data.h b/src/service_inspectors/http_inspect/http_flow_data.h index 6fb942f6d..fa7b7c7cc 100644 --- a/src/service_inspectors/http_inspect/http_flow_data.h +++ b/src/service_inspectors/http_inspect/http_flow_data.h @@ -25,7 +25,6 @@ #include #include "flow/flow.h" -#include "mime/file_mime_process.h" #include "utils/util_utf.h" #include "decompress/file_decomp.h" @@ -44,6 +43,7 @@ class JSIdentifierCtxBase; namespace snort { class JSNormalizer; +class MimeSession; } class HttpFlowData : public snort::FlowData diff --git a/src/service_inspectors/http_inspect/http_msg_body.h b/src/service_inspectors/http_inspect/http_msg_body.h index 4241cdb82..fd241ed09 100644 --- a/src/service_inspectors/http_inspect/http_msg_body.h +++ b/src/service_inspectors/http_inspect/http_msg_body.h @@ -20,6 +20,8 @@ #ifndef HTTP_MSG_BODY_H #define HTTP_MSG_BODY_H +#include "file_api/file_api.h" + #include "http_common.h" #include "http_enum.h" #include "http_field.h" diff --git a/src/service_inspectors/http_inspect/http_msg_body_chunk.cc b/src/service_inspectors/http_inspect/http_msg_body_chunk.cc index a6992080e..77f596288 100644 --- a/src/service_inspectors/http_inspect/http_msg_body_chunk.cc +++ b/src/service_inspectors/http_inspect/http_msg_body_chunk.cc @@ -32,24 +32,9 @@ void HttpMsgBodyChunk::update_flow() // Cutter was deleted by splitter when zero-length chunk received or at TCP close if (session_data->cutter[source_id] == nullptr) - { session_data->trailer_prep(source_id); - if (session_data->mime_state[source_id] != nullptr) - { - delete session_data->mime_state[source_id]; - session_data->mime_state[source_id] = nullptr; - } - - if ((source_id == SRC_SERVER) && (session_data->utf_state[source_id] != nullptr)) - { - delete session_data->utf_state[source_id]; - session_data->utf_state[source_id] = nullptr; - } - } else - { update_depth(); - } } #ifdef REG_TEST diff --git a/src/service_inspectors/http_inspect/http_msg_header.h b/src/service_inspectors/http_inspect/http_msg_header.h index 06f9fc3d3..13d9249c5 100644 --- a/src/service_inspectors/http_inspect/http_msg_header.h +++ b/src/service_inspectors/http_inspect/http_msg_header.h @@ -21,6 +21,7 @@ #define HTTP_MSG_HEADER_H #include "file_api/file_api.h" +#include "mime/file_mime_process.h" #include "http_common.h" #include "http_enum.h"