From: Tom Peters (thopeter) Date: Thu, 20 Sep 2018 19:19:27 +0000 (-0400) Subject: Merge pull request #1365 in SNORT/snort3 from file_type_fix to master X-Git-Tag: 3.0.0-248~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b1cfe3e9a9025cf82759a305e7a1fb676fe984c1;p=thirdparty%2Fsnort3.git Merge pull request #1365 in SNORT/snort3 from file_type_fix to master Squashed commit of the following: commit 9c964722ee6e8eb1e56a86b4527a26abf9dbd10b Author: Masud Hasan Date: Tue Sep 18 17:29:10 2018 -0400 file_api: fix off-by-one bug that was hurting performance --- diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc index 97e842bbf..9e0f1f085 100644 --- a/src/file_api/file_lib.cc +++ b/src/file_api/file_lib.cc @@ -271,31 +271,6 @@ FileContext::~FileContext () InspectorManager::release(inspector); } -inline int FileContext::get_data_size_from_depth_limit(FileProcessType type, int - data_size) -{ - uint64_t max_depth; - - switch (type) - { - case SNORT_FILE_TYPE_ID: - max_depth = config->file_type_depth; - break; - case SNORT_FILE_SHA256: - max_depth = config->file_signature_depth; - break; - default: - return data_size; - } - - if (processed_bytes > max_depth) - data_size = -1; - else if (processed_bytes + data_size > max_depth) - data_size = (int)(max_depth - processed_bytes); - - return data_size; -} - /* stop file type identification */ inline void FileContext::finalize_file_type() { @@ -506,40 +481,33 @@ bool FileContext::process(Flow* flow, const uint8_t* file_data, int data_size, * 3) file magics are exhausted in depth * */ -void FileContext::process_file_type(const uint8_t* file_data, int size, FilePosition position) +void FileContext::process_file_type(const uint8_t* file_data, int data_size, FilePosition position) { - int data_size; - - /* file type already found and no magics to continue*/ + /* file type already found and no magics to continue */ if (file_type_id && !file_type_context) return; - /* Check whether file type depth is reached*/ - data_size = get_data_size_from_depth_limit(SNORT_FILE_TYPE_ID, size); + bool depth_exhausted = false; - if (data_size < 0) + if ((int64_t)processed_bytes + data_size >= config->file_type_depth) { - finalize_file_type(); - return; + data_size = config->file_type_depth - processed_bytes; + assert(data_size > 0); + depth_exhausted = true; } file_type_id = config->find_file_type_id(file_data, data_size, processed_bytes, &file_type_context); - /* Check whether file transfer is done or type depth is reached*/ - if ( (position == SNORT_FILE_END) || (position == SNORT_FILE_FULL) || - (data_size != size) ) - { + /* Check whether file transfer is done or type depth is reached */ + if ( (position == SNORT_FILE_END) || (position == SNORT_FILE_FULL) || depth_exhausted ) finalize_file_type(); - } } -void FileContext::process_file_signature_sha256(const uint8_t* file_data, int size, +void FileContext::process_file_signature_sha256(const uint8_t* file_data, int data_size, FilePosition position) { - int data_size = get_data_size_from_depth_limit(SNORT_FILE_SHA256, size); - - if (data_size != size) + if ((int64_t)processed_bytes + data_size > config->file_signature_depth) { file_state.sig_state = FILE_SIG_DEPTH_FAIL; return; diff --git a/src/file_api/file_lib.h b/src/file_api/file_lib.h index a25217e37..e6016035e 100644 --- a/src/file_api/file_lib.h +++ b/src/file_api/file_lib.h @@ -139,7 +139,6 @@ private: FileInspect* inspector; FileConfig* config; - inline int get_data_size_from_depth_limit(FileProcessType type, int data_size); inline void finalize_file_type(); inline void finish_signature_lookup(Flow*, bool, FilePolicyBase*); };