From: Philippe Antoine Date: Sun, 19 Jan 2025 20:45:54 +0000 (+0100) Subject: http: aliases for htp opaque htp_header_t X-Git-Tag: suricata-8.0.0-beta1~530 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b0db4e2dbe84a0077945a6894f0adf7378d15842;p=thirdparty%2Fsuricata.git http: aliases for htp opaque htp_header_t In preparation of libhtp rust --- diff --git a/src/app-layer-htp-libhtp.h b/src/app-layer-htp-libhtp.h index 7e4e57f52e..726b5e0e07 100644 --- a/src/app-layer-htp-libhtp.h +++ b/src/app-layer-htp-libhtp.h @@ -124,6 +124,14 @@ #define htp_tx_request_header(tx, header) htp_table_get_c(tx->request_headers, header) #define htp_tx_response_header(tx, header) htp_table_get_c(tx->response_headers, header) +// Functions introduced to handle opaque htp_header_t +#define htp_header_name_len(h) bstr_len(h->name) +#define htp_header_name_ptr(h) bstr_ptr(h->name) +#define htp_header_name(h) h->name +#define htp_header_value_len(h) bstr_len(h->value) +#define htp_header_value_ptr(h) bstr_ptr(h->value) +#define htp_header_value(h) h->value + bstr *SCHTPGenerateNormalizedUri(htp_tx_t *tx, htp_uri_t *uri, bool uri_include_all); #endif /* SURICATA_APP_LAYER_HTP_LIBHTP__H */ diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index e1e4031a1b..5b514cb450 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -983,7 +983,7 @@ static AppLayerResult HTPHandleResponseData(Flow *f, void *htp_state, AppLayerPa dp = (uint16_t)htp_tx_request_port_number(tx); } consumed = (uint32_t)htp_connp_res_data_consumed(hstate->connp); - if (bstr_cmp_c(h->value, "h2c") == 0) { + if (bstr_cmp_c(htp_header_value(h), "h2c") == 0) { if (AppLayerProtoDetectGetProtoName(ALPROTO_HTTP2) == NULL) { // if HTTP2 is disabled, keep the HTP_STREAM_STATE_TUNNEL mode break; @@ -999,7 +999,7 @@ static AppLayerResult HTPHandleResponseData(Flow *f, void *htp_state, AppLayerPa SCReturnStruct(APP_LAYER_INCOMPLETE(consumed, input_len - consumed)); } SCReturnStruct(APP_LAYER_OK); - } else if (bstr_cmp_c_nocase(h->value, "WebSocket") == 0) { + } else if (bstr_cmp_c_nocase(htp_header_value(h), "WebSocket") == 0) { if (AppLayerProtoDetectGetProtoName(ALPROTO_WEBSOCKET) == NULL) { // if WS is disabled, keep the HTP_STREAM_STATE_TUNNEL mode break; @@ -1141,8 +1141,9 @@ static int HTTPParseContentDispositionHeader(uint8_t *name, size_t name_len, static int HtpRequestBodySetupMultipart(htp_tx_t *tx, HtpTxUserData *htud) { htp_header_t *h = (htp_header_t *)htp_tx_request_header(tx, "Content-Type"); - if (h != NULL && bstr_len(h->value) > 0) { - htud->mime_state = SCMimeStateInit(bstr_ptr(h->value), (uint32_t)bstr_len(h->value)); + if (h != NULL && htp_header_value_len(h) > 0) { + htud->mime_state = + SCMimeStateInit(htp_header_value_ptr(h), (uint32_t)htp_header_value_len(h)); if (htud->mime_state) { htud->tsflags |= HTP_BOUNDARY_SET; SCReturnInt(1); @@ -1362,10 +1363,11 @@ static int HtpResponseBodyHandle(HtpState *hstate, HtpTxUserData *htud, /* try Content-Disposition header first */ htp_header_t *h = (htp_header_t *)htp_tx_response_header(tx, "Content-Disposition"); - if (h != NULL && bstr_len(h->value) > 0) { + if (h != NULL && htp_header_value_len(h) > 0) { /* parse content-disposition */ (void)HTTPParseContentDispositionHeader((uint8_t *)"filename=", 9, - (uint8_t *) bstr_ptr(h->value), bstr_len(h->value), &filename, &filename_len); + (uint8_t *)htp_header_value_ptr(h), htp_header_value_len(h), &filename, + &filename_len); } /* fall back to name from the uri */ @@ -2943,7 +2945,7 @@ static int HTPParserTest01(void) htp_header_t *h = htp_table_get_index(htp_tx_request_headers(tx), 0, NULL); FAIL_IF_NULL(h); - FAIL_IF(strcmp(bstr_util_strdup_to_c(h->value), "Victor/1.0")); + FAIL_IF(strcmp(bstr_util_strdup_to_c(htp_header_value(h)), "Victor/1.0")); FAIL_IF(htp_tx_request_method_number(tx) != HTP_METHOD_POST); FAIL_IF(htp_tx_request_protocol_number(tx) != HTP_PROTOCOL_V1_0); @@ -2987,7 +2989,7 @@ static int HTPParserTest01b(void) htp_header_t *h = htp_table_get_index(htp_tx_request_headers(tx), 0, NULL); FAIL_IF_NULL(h); - FAIL_IF(strcmp(bstr_util_strdup_to_c(h->value), "Victor/1.0")); + FAIL_IF(strcmp(bstr_util_strdup_to_c(htp_header_value(h)), "Victor/1.0")); FAIL_IF(htp_tx_request_method_number(tx) != HTP_METHOD_POST); FAIL_IF(htp_tx_request_protocol_number(tx) != HTP_PROTOCOL_V1_0); @@ -3042,7 +3044,7 @@ static int HTPParserTest01c(void) htp_header_t *h = htp_table_get_index(htp_tx_request_headers(tx), 0, NULL); FAIL_IF_NULL(h); - FAIL_IF(strcmp(bstr_util_strdup_to_c(h->value), "Victor/1.0")); + FAIL_IF(strcmp(bstr_util_strdup_to_c(htp_header_value(h)), "Victor/1.0")); FAIL_IF(htp_tx_request_method_number(tx) != HTP_METHOD_POST); FAIL_IF(htp_tx_request_protocol_number(tx) != HTP_PROTOCOL_V1_0); @@ -3098,7 +3100,7 @@ static int HTPParserTest01a(void) htp_header_t *h = htp_table_get_index(htp_tx_request_headers(tx), 0, NULL); FAIL_IF_NULL(h); - FAIL_IF(strcmp(bstr_util_strdup_to_c(h->value), "Victor/1.0")); + FAIL_IF(strcmp(bstr_util_strdup_to_c(htp_header_value(h)), "Victor/1.0")); FAIL_IF(htp_tx_request_method_number(tx) != HTP_METHOD_POST); FAIL_IF(htp_tx_request_protocol_number(tx) != HTP_PROTOCOL_V1_0); @@ -3639,11 +3641,11 @@ static int HTPParserTest10(void) htp_header_t *h = htp_table_get_index(htp_tx_request_headers(tx), 0, NULL); FAIL_IF_NULL(h); - char *name = bstr_util_strdup_to_c(h->name); + char *name = bstr_util_strdup_to_c(htp_header_name(h)); FAIL_IF_NULL(name); FAIL_IF(strcmp(name, "Host") != 0); - char *value = bstr_util_strdup_to_c(h->value); + char *value = bstr_util_strdup_to_c(htp_header_value(h)); FAIL_IF_NULL(value); FAIL_IF(strcmp(value, "www.google.com") != 0); @@ -3817,11 +3819,11 @@ static int HTPParserTest13(void) htp_header_t *h = htp_table_get_index(htp_tx_request_headers(tx), 0, NULL); FAIL_IF_NULL(h); - char *name = bstr_util_strdup_to_c(h->name); + char *name = bstr_util_strdup_to_c(htp_header_name(h)); FAIL_IF_NULL(name); FAIL_IF(strcmp(name, "Host") != 0); - char *value = bstr_util_strdup_to_c(h->value); + char *value = bstr_util_strdup_to_c(htp_header_value(h)); FAIL_IF_NULL(value); FAIL_IF(strcmp(value, "www.google.com\rName: Value") != 0); diff --git a/src/app-layer-http2.c b/src/app-layer-http2.c index 1a12fd1582..f214d2210d 100644 --- a/src/app-layer-http2.c +++ b/src/app-layer-http2.c @@ -93,7 +93,7 @@ void HTTP2MimicHttp1Request(void *alstate_orig, void *h2s) size_t nbheaders = htp_table_size(htp_tx_request_headers(h1tx)); for (size_t i = 0; i < nbheaders; i++) { htp_header_t *h = htp_table_get_index(htp_tx_request_headers(h1tx), i, NULL); - rs_http2_tx_add_header(h2s, bstr_ptr(h->name), (uint32_t)bstr_len(h->name), - bstr_ptr(h->value), (uint32_t)bstr_len(h->value)); + rs_http2_tx_add_header(h2s, htp_header_name_ptr(h), (uint32_t)htp_header_name_len(h), + htp_header_value_ptr(h), (uint32_t)htp_header_value_len(h)); } } diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c index 1f6ac77b67..7397edf079 100644 --- a/src/detect-http-cookie.c +++ b/src/detect-http-cookie.c @@ -182,13 +182,13 @@ static InspectionBuffer *GetRequestData(DetectEngineThreadCtx *det_ctx, return NULL; htp_header_t *h = (htp_header_t *)htp_tx_request_header(tx, "Cookie"); - if (h == NULL || h->value == NULL) { + if (h == NULL || htp_header_value(h) == NULL) { SCLogDebug("HTTP cookie header not present in this request"); return NULL; } - const uint32_t data_len = bstr_len(h->value); - const uint8_t *data = bstr_ptr(h->value); + const uint32_t data_len = htp_header_value_len(h); + const uint8_t *data = htp_header_value_ptr(h); InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); @@ -209,13 +209,13 @@ static InspectionBuffer *GetResponseData(DetectEngineThreadCtx *det_ctx, return NULL; htp_header_t *h = (htp_header_t *)htp_tx_response_header(tx, "Set-Cookie"); - if (h == NULL || h->value == NULL) { + if (h == NULL || htp_header_value(h) == NULL) { SCLogDebug("HTTP cookie header not present in this request"); return NULL; } - const uint32_t data_len = bstr_len(h->value); - const uint8_t *data = bstr_ptr(h->value); + const uint32_t data_len = htp_header_value_len(h); + const uint8_t *data = htp_header_value_ptr(h); InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); diff --git a/src/detect-http-header-names.c b/src/detect-http-header-names.c index 96678d8635..84f3fe5e7e 100644 --- a/src/detect-http-header-names.c +++ b/src/detect-http-header-names.c @@ -106,7 +106,7 @@ static uint8_t *GetBufferForTX( size_t no_of_headers = htp_table_size(headers); for (; i < no_of_headers; i++) { htp_header_t *h = htp_table_get_index(headers, i, NULL); - size_t size = bstr_size(h->name) + 2; // for \r\n + size_t size = htp_header_name_len(h) + 2; // for \r\n if (i == 0) size += 2; if (i + 1 == no_of_headers) @@ -126,8 +126,8 @@ static uint8_t *GetBufferForTX( buf->buffer[buf->len++] = '\n'; } - memcpy(buf->buffer + buf->len, bstr_ptr(h->name), bstr_size(h->name)); - buf->len += bstr_size(h->name); + memcpy(buf->buffer + buf->len, htp_header_name_ptr(h), htp_header_name_len(h)); + buf->len += htp_header_name_len(h); buf->buffer[buf->len++] = '\r'; buf->buffer[buf->len++] = '\n'; diff --git a/src/detect-http-header.c b/src/detect-http-header.c index c6104bd38f..81fde351be 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -98,17 +98,15 @@ static uint8_t *GetBufferForTX( size_t no_of_headers = htp_table_size(headers); for (; i < no_of_headers; i++) { htp_header_t *h = htp_table_get_index(headers, i, NULL); - size_t size1 = bstr_size(h->name); - size_t size2 = bstr_size(h->value); + size_t size1 = htp_header_name_len(h); + size_t size2 = htp_header_value_len(h); if (flags & STREAM_TOSERVER) { - if (size1 == 6 && - SCMemcmpLowercase("cookie", bstr_ptr(h->name), 6) == 0) { + if (size1 == 6 && SCMemcmpLowercase("cookie", htp_header_name_ptr(h), 6) == 0) { continue; } } else { - if (size1 == 10 && - SCMemcmpLowercase("set-cookie", bstr_ptr(h->name), 10) == 0) { + if (size1 == 10 && SCMemcmpLowercase("set-cookie", htp_header_name_ptr(h), 10) == 0) { continue; } } @@ -124,12 +122,12 @@ static uint8_t *GetBufferForTX( } } - memcpy(buf->buffer + buf->len, bstr_ptr(h->name), bstr_size(h->name)); - buf->len += bstr_size(h->name); + memcpy(buf->buffer + buf->len, htp_header_name_ptr(h), htp_header_name_len(h)); + buf->len += htp_header_name_len(h); buf->buffer[buf->len++] = ':'; buf->buffer[buf->len++] = ' '; - memcpy(buf->buffer + buf->len, bstr_ptr(h->value), bstr_size(h->value)); - buf->len += bstr_size(h->value); + memcpy(buf->buffer + buf->len, htp_header_value_ptr(h), htp_header_value_len(h)); + buf->len += htp_header_value_len(h); buf->buffer[buf->len++] = '\r'; buf->buffer[buf->len++] = '\n'; #if 0 // looks like this breaks existing rules @@ -578,8 +576,8 @@ static InspectionBuffer *GetHttp1HeaderData(DetectEngineThreadCtx *det_ctx, } for (size_t i = 0; i < no_of_headers; i++) { htp_header_t *h = htp_table_get_index(headers, i, NULL); - size_t size1 = bstr_size(h->name); - size_t size2 = bstr_size(h->value); + size_t size1 = htp_header_name_len(h); + size_t size2 = htp_header_value_len(h); size_t size = size1 + size2 + 2; if (hdr_td->items[i].len < size) { // Use realloc, as this pointer is not freed until HttpMultiBufHeaderThreadDataFree @@ -589,10 +587,10 @@ static InspectionBuffer *GetHttp1HeaderData(DetectEngineThreadCtx *det_ctx, } hdr_td->items[i].buffer = tmp; } - memcpy(hdr_td->items[i].buffer, bstr_ptr(h->name), size1); + memcpy(hdr_td->items[i].buffer, htp_header_name_ptr(h), size1); hdr_td->items[i].buffer[size1] = ':'; hdr_td->items[i].buffer[size1 + 1] = ' '; - memcpy(hdr_td->items[i].buffer + size1 + 2, bstr_ptr(h->value), size2); + memcpy(hdr_td->items[i].buffer + size1 + 2, htp_header_value_ptr(h), size2); hdr_td->items[i].len = size; } hdr_td->len = no_of_headers; diff --git a/src/detect-http-headers-stub.h b/src/detect-http-headers-stub.h index a4679fbf24..cadae73e08 100644 --- a/src/detect-http-headers-stub.h +++ b/src/detect-http-headers-stub.h @@ -58,14 +58,14 @@ static InspectionBuffer *GetRequestData(DetectEngineThreadCtx *det_ctx, return NULL; htp_header_t *h = (htp_header_t *)htp_tx_request_header(tx, HEADER_NAME); - if (h == NULL || h->value == NULL) { + if (h == NULL || htp_header_value(h) == NULL) { SCLogDebug("HTTP %s header not present in this request", HEADER_NAME); return NULL; } - const uint32_t data_len = bstr_len(h->value); - const uint8_t *data = bstr_ptr(h->value); + const uint32_t data_len = htp_header_value_len(h); + const uint8_t *data = htp_header_value_ptr(h); InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); @@ -113,14 +113,14 @@ static InspectionBuffer *GetResponseData(DetectEngineThreadCtx *det_ctx, return NULL; htp_header_t *h = (htp_header_t *)htp_tx_response_header(tx, HEADER_NAME); - if (h == NULL || h->value == NULL) { + if (h == NULL || htp_header_value(h) == NULL) { SCLogDebug("HTTP %s header not present in this request", HEADER_NAME); return NULL; } - const uint32_t data_len = bstr_len(h->value); - const uint8_t *data = bstr_ptr(h->value); + const uint32_t data_len = htp_header_value_len(h); + const uint8_t *data = htp_header_value_ptr(h); InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); diff --git a/src/detect-http-host.c b/src/detect-http-host.c index a723900c5c..0df8911eeb 100644 --- a/src/detect-http-host.c +++ b/src/detect-http-host.c @@ -353,11 +353,11 @@ static InspectionBuffer *GetRawData(DetectEngineThreadCtx *det_ctx, return NULL; htp_header_t *h = (htp_header_t *)htp_tx_request_header(tx, "Host"); - if (h == NULL || h->value == NULL) + if (h == NULL || htp_header_value(h) == NULL) return NULL; - data = (const uint8_t *)bstr_ptr(h->value); - data_len = bstr_len(h->value); + data = (const uint8_t *)htp_header_value_ptr(h); + data_len = htp_header_value_len(h); } else { data = (const uint8_t *)bstr_ptr(tx->parsed_uri->hostname); data_len = bstr_len(tx->parsed_uri->hostname); diff --git a/src/detect-http-start.c b/src/detect-http-start.c index fce6f63d94..d1f7708a15 100644 --- a/src/detect-http-start.c +++ b/src/detect-http-start.c @@ -118,8 +118,8 @@ static uint8_t *GetBufferForTX( size_t no_of_headers = htp_table_size(headers); for (; i < no_of_headers; i++) { htp_header_t *h = htp_table_get_index(headers, i, NULL); - size_t size1 = bstr_size(h->name); - size_t size2 = bstr_size(h->value); + size_t size1 = htp_header_name_len(h); + size_t size2 = htp_header_value_len(h); size_t size = size1 + size2 + 4; if (i + 1 == no_of_headers) size += 2; @@ -129,12 +129,12 @@ static uint8_t *GetBufferForTX( } } - memcpy(buf->buffer + buf->len, bstr_ptr(h->name), bstr_size(h->name)); - buf->len += bstr_size(h->name); + memcpy(buf->buffer + buf->len, htp_header_name_ptr(h), htp_header_name_len(h)); + buf->len += htp_header_name_len(h); buf->buffer[buf->len++] = ':'; buf->buffer[buf->len++] = ' '; - memcpy(buf->buffer + buf->len, bstr_ptr(h->value), bstr_size(h->value)); - buf->len += bstr_size(h->value); + memcpy(buf->buffer + buf->len, htp_header_value_ptr(h), htp_header_value_len(h)); + buf->len += htp_header_value_len(h); buf->buffer[buf->len++] = '\r'; buf->buffer[buf->len++] = '\n'; if (i + 1 == no_of_headers) { diff --git a/src/detect-http-ua.c b/src/detect-http-ua.c index bd479fdefd..a643bf913f 100644 --- a/src/detect-http-ua.c +++ b/src/detect-http-ua.c @@ -166,13 +166,13 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, return NULL; htp_header_t *h = (htp_header_t *)htp_tx_request_header(tx, "User-Agent"); - if (h == NULL || h->value == NULL) { + if (h == NULL || htp_header_value(h) == NULL) { SCLogDebug("HTTP UA header not present in this request"); return NULL; } - const uint32_t data_len = bstr_len(h->value); - const uint8_t *data = bstr_ptr(h->value); + const uint32_t data_len = htp_header_value_len(h); + const uint8_t *data = htp_header_value_ptr(h); InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); diff --git a/src/output-json-http.c b/src/output-json-http.c index 4d8c03c957..c8e3723aec 100644 --- a/src/output-json-http.c +++ b/src/output-json-http.c @@ -333,7 +333,7 @@ static void EveHttpLogJSONHeaders( if (((http_ctx->flags & LOG_HTTP_EXTENDED) == 0) || ((http_ctx->flags & LOG_HTTP_EXTENDED) != (http_fields[f].flags & LOG_HTTP_EXTENDED))) { - if (bstr_cmp_c_nocase(h->name, http_fields[f].htp_field) == 0) { + if (bstr_cmp_c_nocase(htp_header_name(h), http_fields[f].htp_field) == 0) { tolog = true; break; } @@ -346,14 +346,16 @@ static void EveHttpLogJSONHeaders( } array_empty = false; jb_start_object(js); - size_t size_name = bstr_len(h->name) < MAX_SIZE_HEADER_NAME - 1 ? - bstr_len(h->name) : MAX_SIZE_HEADER_NAME - 1; - memcpy(name, bstr_ptr(h->name), size_name); + size_t size_name = htp_header_name_len(h) < MAX_SIZE_HEADER_NAME - 1 + ? htp_header_name_len(h) + : MAX_SIZE_HEADER_NAME - 1; + memcpy(name, htp_header_name_ptr(h), size_name); name[size_name] = '\0'; jb_set_string(js, "name", name); - size_t size_value = bstr_len(h->value) < MAX_SIZE_HEADER_VALUE - 1 ? - bstr_len(h->value) : MAX_SIZE_HEADER_VALUE - 1; - memcpy(value, bstr_ptr(h->value), size_value); + size_t size_value = htp_header_value_len(h) < MAX_SIZE_HEADER_VALUE - 1 + ? htp_header_value_len(h) + : MAX_SIZE_HEADER_VALUE - 1; + memcpy(value, htp_header_value_ptr(h), size_value); value[size_value] = '\0'; jb_set_string(js, "value", value); jb_close(js); diff --git a/src/util-lua-http.c b/src/util-lua-http.c index 48d69c0395..a8924c42fb 100644 --- a/src/util-lua-http.c +++ b/src/util-lua-http.c @@ -161,11 +161,10 @@ static int HttpGetHeader(lua_State *luastate, int dir) return LuaCallbackError(luastate, "tx has no headers"); htp_header_t *h = (htp_header_t *)htp_table_get_c(headers, name); - if (h == NULL || bstr_len(h->value) == 0) + if (h == NULL || htp_header_value_len(h) == 0) return LuaCallbackError(luastate, "header not found"); - return LuaPushStringBuffer(luastate, - bstr_ptr(h->value), bstr_len(h->value)); + return LuaPushStringBuffer(luastate, htp_header_value_ptr(h), htp_header_value_len(h)); } static int HttpGetRequestHeader(lua_State *luastate) @@ -236,8 +235,8 @@ static int HttpGetHeaders(lua_State *luastate, int dir) size_t no_of_headers = htp_table_size(table); for (; i < no_of_headers; i++) { h = htp_table_get_index(table, i, NULL); - LuaPushStringBuffer(luastate, bstr_ptr(h->name), bstr_len(h->name)); - LuaPushStringBuffer(luastate, bstr_ptr(h->value), bstr_len(h->value)); + LuaPushStringBuffer(luastate, htp_header_name_ptr(h), htp_header_name_len(h)); + LuaPushStringBuffer(luastate, htp_header_value_ptr(h), htp_header_value_len(h)); lua_settable(luastate, -3); } return 1;