From: Russ Combs (rucombs) Date: Fri, 26 Oct 2018 15:57:22 +0000 (-0400) Subject: Merge pull request #1395 in SNORT/snort3 from offload_mime_decode to master X-Git-Tag: 3.0.0-249~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c345faae1e2eecbd3e88619b331341243246a7ee;p=thirdparty%2Fsnort3.git Merge pull request #1395 in SNORT/snort3 from offload_mime_decode to master Squashed commit of the following: commit 3922aab0afd5e880353a70281d166a2d2516de6d Author: Bhagya Tholpady Date: Tue Oct 23 13:42:17 2018 -0400 delete commented lines commit 2cdc9ca78a9527636f566146802c6168d3509436 Author: Bhagya Tholpady Date: Mon Oct 22 15:24:50 2018 -0400 allocate buffer only once per mime context data commit d1d11e4e669d38f0c06165e6e1af25c62f6c0704 Author: Bhagya Tholpady Date: Fri Oct 19 14:34:23 2018 -0400 changes per code review commit 622759823ffb87f6fabe7f1a381204370463a4a7 Author: Bhagya Tholpady Date: Wed Oct 17 23:45:25 2018 -0400 mime: move the decode buffer used by mime attachments to mime context data --- diff --git a/src/detection/CMakeLists.txt b/src/detection/CMakeLists.txt index 9e08575cd..02d3f2629 100644 --- a/src/detection/CMakeLists.txt +++ b/src/detection/CMakeLists.txt @@ -6,6 +6,7 @@ set (DETECTION_INCLUDES detection_util.h detect_trace.h ips_context.h + ips_context_data.h regex_offload.h rule_option_types.h rules.h @@ -32,6 +33,7 @@ add_library (detection OBJECT fp_utils.cc fp_utils.h ips_context.cc + ips_context_data.cc pattern_match_data.h pcrm.cc pcrm.h diff --git a/src/detection/context_switcher.cc b/src/detection/context_switcher.cc index c5887f326..d9bd750de 100644 --- a/src/detection/context_switcher.cc +++ b/src/detection/context_switcher.cc @@ -32,6 +32,7 @@ #include "detect_trace.h" #include "ips_context.h" +#include "ips_context_data.h" #ifdef UNIT_TEST #include "catch/snort_catch.h" diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc index c8a6c210e..377be8da6 100644 --- a/src/detection/detection_engine.cc +++ b/src/detection/detection_engine.cc @@ -50,6 +50,7 @@ #include "fp_config.h" #include "fp_detect.h" #include "ips_context.h" +#include "ips_context_data.h" #include "regex_offload.h" static THREAD_LOCAL RegexOffload* offloader = nullptr; diff --git a/src/detection/ips_context.cc b/src/detection/ips_context.cc index 75c3f6fb1..194cf6372 100644 --- a/src/detection/ips_context.cc +++ b/src/detection/ips_context.cc @@ -25,6 +25,8 @@ #include "ips_context.h" #include +#include "detection/detection_engine.h" +#include "detection/ips_context_data.h" #include "events/event_queue.h" #include "events/sfeventq.h" #include "main/snort_config.h" @@ -37,25 +39,6 @@ using namespace snort; -//-------------------------------------------------------------------------- -// context data -//-------------------------------------------------------------------------- - -// ips_id is not a member of context data so that -// tests (and only tests) can reset the id -static unsigned ips_id = 0; - -// Only 5 inspectors currently use the ips context data. -// FIXIT-L This limit should to be updated if any more inspectors/modules use it. -constexpr unsigned max_ips_id = 32; - -unsigned IpsContextData::get_ips_id() -{ - ++ips_id; - assert( ips_id < max_ips_id ); - return ips_id; -} - //-------------------------------------------------------------------------- // context methods //-------------------------------------------------------------------------- @@ -151,17 +134,7 @@ public: }; int TestData::count = 0; - -TEST_CASE("IpsContextData id", "[IpsContextData]") -{ - ips_id = 0; - - auto id1 = IpsContextData::get_ips_id(); - auto id2 = IpsContextData::get_ips_id(); - CHECK(id1 != id2); - - CHECK(max_ips_id > id2 ); -} +static unsigned ips_id = 0; TEST_CASE("IpsContext basic", "[IpsContext]") { diff --git a/src/detection/ips_context.h b/src/detection/ips_context.h index 519c6401a..6d518168b 100644 --- a/src/detection/ips_context.h +++ b/src/detection/ips_context.h @@ -39,6 +39,7 @@ struct SF_EVENTQ; namespace snort { +class IpsContextData; struct SnortConfig; struct Replacement { @@ -52,18 +53,6 @@ struct FlowSnapshot SnortProtocolId proto_id; }; -class SO_PUBLIC IpsContextData -{ -public: - virtual ~IpsContextData() = default; - - static unsigned get_ips_id(); - virtual void clear() {} - -protected: - IpsContextData() = default; -}; - class SO_PUBLIC IpsContext { public: @@ -126,6 +115,9 @@ public: std::vector rpl; static const unsigned buf_size = Codec::PKT_MAX; + // Only 5 inspectors currently use the ips context data. + // FIXIT-L This limit should to be updated if any more inspectors/modules use it. + static constexpr unsigned max_ips_id = 32; private: FlowSnapshot flow; diff --git a/src/detection/ips_context_data.cc b/src/detection/ips_context_data.cc new file mode 100644 index 000000000..44e38a5c4 --- /dev/null +++ b/src/detection/ips_context_data.cc @@ -0,0 +1,70 @@ +//-------------------------------------------------------------------------- +// Copyright (C) 2018-2018 Cisco and/or its affiliates. All rights reserved. +// +// This program is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License Version 2 as published +// by the Free Software Foundation. You may not use, modify or distribute +// this program under any other version of the GNU General Public License. +// +// This program is distributed in the hope that it will be useful, but +// WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +//-------------------------------------------------------------------------- + +// ips_context_data.cc author Russ Combs + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "ips_context_data.h" + +#include +#include "detection/ips_context.h" + +#ifdef UNIT_TEST +#include "catch/snort_catch.h" +#endif + +using namespace snort; + +//-------------------------------------------------------------------------- +// context data +//-------------------------------------------------------------------------- + +// ips_id is not a member of context data so that +// tests (and only tests) can reset the id +static unsigned ips_id = 0; +static unsigned max_id = IpsContext::max_ips_id; + +unsigned IpsContextData::get_ips_id() +{ + ++ips_id; + assert( ips_id < max_id ); + return ips_id; +} + +//-------------------------------------------------------------------------- +// unit tests +//-------------------------------------------------------------------------- + +#ifdef UNIT_TEST + +TEST_CASE("IpsContextData id", "[IpsContextData]") +{ + ips_id = 0; + + auto id1 = IpsContextData::get_ips_id(); + auto id2 = IpsContextData::get_ips_id(); + CHECK(id1 != id2); + + CHECK(max_id > id2 ); +} + +#endif + diff --git a/src/detection/ips_context_data.h b/src/detection/ips_context_data.h new file mode 100644 index 000000000..5b79df863 --- /dev/null +++ b/src/detection/ips_context_data.h @@ -0,0 +1,54 @@ +//-------------------------------------------------------------------------- +// Copyright (C) 2018-2018 Cisco and/or its affiliates. All rights reserved. +// +// This program is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License Version 2 as published +// by the Free Software Foundation. You may not use, modify or distribute +// this program under any other version of the GNU General Public License. +// +// This program is distributed in the hope that it will be useful, but +// WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +//-------------------------------------------------------------------------- + +// ips_context_data.h author Russ Combs + +#ifndef IPS_CONTEXT_DATA_H +#define IPS_CONTEXT_DATA_H + +#include "main/snort_types.h" + +#include "detection/detection_engine.h" + +namespace snort +{ +class SO_PUBLIC IpsContextData +{ +public: + virtual ~IpsContextData() = default; + + static unsigned get_ips_id(); + template + static T* get(unsigned ips_id) + { + T* data = (T*)DetectionEngine::get_data(ips_id); + if ( ! data ) + { + data = new T; + DetectionEngine::set_data(ips_id, data); + } + return data; + } + virtual void clear() {} + +protected: + IpsContextData() = default; +}; +} +#endif + diff --git a/src/mime/CMakeLists.txt b/src/mime/CMakeLists.txt index 4deecbaa4..713be80a8 100644 --- a/src/mime/CMakeLists.txt +++ b/src/mime/CMakeLists.txt @@ -3,6 +3,7 @@ set( MIME_INCLUDES decode_b64.h decode_base.h file_mime_config.h + file_mime_context_data.h file_mime_decode.h file_mime_log.h file_mime_paf.h @@ -12,6 +13,7 @@ set( MIME_INCLUDES add_library ( mime OBJECT ${MIME_INCLUDES} file_mime_config.cc + file_mime_context_data.cc file_mime_decode.cc file_mime_log.cc file_mime_paf.cc diff --git a/src/mime/decode_b64.cc b/src/mime/decode_b64.cc index f4b92b625..281d54d6e 100644 --- a/src/mime/decode_b64.cc +++ b/src/mime/decode_b64.cc @@ -34,12 +34,12 @@ void B64Decode::reset_decode_state() buffer->reset_saved(); } -DecodeResult B64Decode::decode_data(const uint8_t* start, const uint8_t* end) +DecodeResult B64Decode::decode_data(const uint8_t* start, const uint8_t* end, uint8_t* decode_buf) { uint32_t act_encode_size = 0, act_decode_size = 0; uint32_t i = 0; - if (!buffer->check_restore_buffer()) + if (!buffer->check_restore_buffer() || !decode_buf) { reset_decode_state(); return DECODE_EXCEEDED; @@ -69,7 +69,7 @@ DecodeResult B64Decode::decode_data(const uint8_t* start, const uint8_t* end) buffer->reset_saved(); if (snort::sf_base64decode(buffer->get_encode_buff(), act_encode_size, - buffer->get_decode_buff(), buffer->get_decode_avail(), &act_decode_size) != 0) + decode_buf, buffer->get_decode_avail(), &act_decode_size) != 0) { reset_decode_state(); return DECODE_FAIL; @@ -81,7 +81,7 @@ DecodeResult B64Decode::decode_data(const uint8_t* start, const uint8_t* end) } decoded_bytes = act_decode_size; - decodePtr = buffer->get_decode_buff(); + decodePtr = decode_buf; buffer->update_buffer(act_encode_size, act_decode_size); decode_bytes_read = buffer->get_decode_bytes_read(); return DECODE_SUCCESS; diff --git a/src/mime/decode_b64.h b/src/mime/decode_b64.h index 2415f4ff8..345b5fc92 100644 --- a/src/mime/decode_b64.h +++ b/src/mime/decode_b64.h @@ -32,7 +32,7 @@ public: ~B64Decode() override; // Main function to decode file data - DecodeResult decode_data(const uint8_t* start, const uint8_t* end) override; + DecodeResult decode_data(const uint8_t* start, const uint8_t* end, uint8_t* decode_buf) override; void reset_decode_state() override; diff --git a/src/mime/decode_base.h b/src/mime/decode_base.h index d3149ff8c..73364d37d 100644 --- a/src/mime/decode_base.h +++ b/src/mime/decode_base.h @@ -38,7 +38,7 @@ public: virtual ~DataDecode() = default; // Main function to decode file data - virtual DecodeResult decode_data(const uint8_t* start, const uint8_t* end) = 0; + virtual DecodeResult decode_data(const uint8_t* start, const uint8_t* end, uint8_t* decode_buf) = 0; // Retrieve the decoded data the previous decode_data() call int get_decoded_data(const uint8_t** buf, uint32_t* size); diff --git a/src/mime/decode_bit.cc b/src/mime/decode_bit.cc index 18f68ce38..5a1da2e57 100644 --- a/src/mime/decode_bit.cc +++ b/src/mime/decode_bit.cc @@ -29,7 +29,7 @@ void BitDecode::reset_decode_state() reset_decoded_bytes(); } -DecodeResult BitDecode::decode_data(const uint8_t* start, const uint8_t* end) +DecodeResult BitDecode::decode_data(const uint8_t* start, const uint8_t* end, uint8_t*) { uint32_t bytes_avail = 0; uint32_t act_size = end - start; diff --git a/src/mime/decode_bit.h b/src/mime/decode_bit.h index b5bb05415..8369c7dba 100644 --- a/src/mime/decode_bit.h +++ b/src/mime/decode_bit.h @@ -30,7 +30,7 @@ public: BitDecode(int max_depth, int detect_depth); // Main function to decode file data - DecodeResult decode_data(const uint8_t* start, const uint8_t* end) override; + DecodeResult decode_data(const uint8_t* start, const uint8_t* end, uint8_t* decode_buf) override; void reset_decode_state() override; diff --git a/src/mime/decode_buffer.cc b/src/mime/decode_buffer.cc index 7f01ffb7c..f1af6c1db 100644 --- a/src/mime/decode_buffer.cc +++ b/src/mime/decode_buffer.cc @@ -42,7 +42,7 @@ bool DecodeBuffer::check_restore_buffer() uint32_t encode_avail = get_encode_avail(); if (encode_avail ==0 || decode_avail ==0 || - (!encodeBuf) || (!decodeBuf)) + (!encodeBuf)) { return false; } @@ -111,15 +111,12 @@ DecodeBuffer::DecodeBuffer(int max_depth) return; encodeBuf = (uint8_t*)snort_alloc(buf_size); - decodeBuf = (uint8_t*)snort_alloc(buf_size); } DecodeBuffer::~DecodeBuffer() { if (encodeBuf) snort_free(encodeBuf); - if (decodeBuf) - snort_free(decodeBuf); } void DecodeBuffer::update_buffer(uint32_t act_encode_size, uint32_t act_decode_size) diff --git a/src/mime/decode_buffer.h b/src/mime/decode_buffer.h index 4bf936c59..5f8580b65 100644 --- a/src/mime/decode_buffer.h +++ b/src/mime/decode_buffer.h @@ -40,7 +40,6 @@ public: void update_buffer(uint32_t act_encode_size, uint32_t act_decode_size); void reset_saved(); - uint8_t* get_decode_buff() { return decodeBuf; } uint8_t* get_encode_buff() { return encodeBuf; } uint32_t get_decode_bytes_read() { return decode_bytes_read; } uint32_t get_decode_avail(); @@ -52,7 +51,6 @@ private: uint32_t prev_encoded_bytes; uint8_t* prev_encoded_buf; uint8_t* encodeBuf = nullptr; - uint8_t* decodeBuf = nullptr; uint32_t encode_bytes_read; uint32_t decode_bytes_read; int code_depth; diff --git a/src/mime/decode_qp.cc b/src/mime/decode_qp.cc index 8daf8968b..7b96c60cd 100644 --- a/src/mime/decode_qp.cc +++ b/src/mime/decode_qp.cc @@ -37,11 +37,11 @@ void QPDecode::reset_decode_state() buffer->reset_saved(); } -DecodeResult QPDecode::decode_data(const uint8_t* start, const uint8_t* end) +DecodeResult QPDecode::decode_data(const uint8_t* start, const uint8_t* end, uint8_t *decode_buf) { uint32_t act_encode_size = 0, act_decode_size = 0, bytes_read = 0; - if (!buffer->check_restore_buffer()) + if (!buffer->check_restore_buffer() || !decode_buf) { reset_decode_state(); return DECODE_EXCEEDED; @@ -59,8 +59,8 @@ DecodeResult QPDecode::decode_data(const uint8_t* start, const uint8_t* end) act_encode_size = act_encode_size + buffer->get_prev_encoded_bytes(); if (sf_qpdecode((char *)buffer->get_encode_buff(), act_encode_size, - (char *)buffer->get_decode_buff(), buffer->get_decode_avail(), - &bytes_read, &act_decode_size) != 0) + (char *)decode_buf, buffer->get_decode_avail(), &bytes_read, + &act_decode_size) != 0) { reset_decode_state(); return DECODE_FAIL; @@ -80,7 +80,7 @@ DecodeResult QPDecode::decode_data(const uint8_t* start, const uint8_t* end) buffer->reset_saved(); decoded_bytes = act_decode_size; - decodePtr = buffer->get_decode_buff(); + decodePtr = decode_buf; buffer->update_buffer(act_encode_size, act_decode_size); decode_bytes_read = buffer->get_decode_bytes_read(); return DECODE_SUCCESS; diff --git a/src/mime/decode_qp.h b/src/mime/decode_qp.h index 0a4713746..77a173cd2 100644 --- a/src/mime/decode_qp.h +++ b/src/mime/decode_qp.h @@ -31,7 +31,7 @@ public: ~QPDecode() override; // Main function to decode file data - DecodeResult decode_data(const uint8_t* start, const uint8_t* end) override; + DecodeResult decode_data(const uint8_t* start, const uint8_t* end, uint8_t* decode_buf) override; void reset_decode_state() override; diff --git a/src/mime/decode_uu.cc b/src/mime/decode_uu.cc index d4fdecf7e..3ce600dd7 100644 --- a/src/mime/decode_uu.cc +++ b/src/mime/decode_uu.cc @@ -43,11 +43,11 @@ void UUDecode::reset_decode_state() begin_found = end_found = false; } -DecodeResult UUDecode::decode_data(const uint8_t* start, const uint8_t* end) +DecodeResult UUDecode::decode_data(const uint8_t* start, const uint8_t* end, uint8_t* decode_buf) { uint32_t act_encode_size = 0, act_decode_size = 0, bytes_read = 0; - if (!buffer->check_restore_buffer()) + if (!buffer->check_restore_buffer() || !decode_buf) { reset_decode_state(); return DECODE_EXCEEDED; @@ -74,7 +74,7 @@ DecodeResult UUDecode::decode_data(const uint8_t* start, const uint8_t* end) act_encode_size = act_encode_size + buffer->get_prev_encoded_bytes(); - if (sf_uudecode(buffer->get_encode_buff(), act_encode_size, buffer->get_decode_buff(), + if (sf_uudecode(buffer->get_encode_buff(), act_encode_size, decode_buf, buffer->get_decode_avail(), &bytes_read, &act_decode_size, &(begin_found), &(end_found)) != 0) { @@ -105,7 +105,7 @@ DecodeResult UUDecode::decode_data(const uint8_t* start, const uint8_t* end) buffer->reset_saved(); decoded_bytes = act_decode_size; - decodePtr = buffer->get_decode_buff(); + decodePtr = decode_buf; buffer->update_buffer(act_encode_size, act_decode_size); decode_bytes_read = buffer->get_decode_bytes_read(); return DECODE_SUCCESS; diff --git a/src/mime/decode_uu.h b/src/mime/decode_uu.h index 857542bd2..6d510bba1 100644 --- a/src/mime/decode_uu.h +++ b/src/mime/decode_uu.h @@ -31,7 +31,7 @@ public: ~UUDecode() override; // Main function to decode file data - DecodeResult decode_data(const uint8_t* start, const uint8_t* end) override; + DecodeResult decode_data(const uint8_t* start, const uint8_t* end, uint8_t* decode_buf) override; void reset_decode_state() override; diff --git a/src/mime/file_mime_context_data.cc b/src/mime/file_mime_context_data.cc new file mode 100644 index 000000000..4e6b7c5f5 --- /dev/null +++ b/src/mime/file_mime_context_data.cc @@ -0,0 +1,53 @@ +//-------------------------------------------------------------------------- +// Copyright (C) 2018-2018 Cisco and/or its affiliates. All rights reserved. +// +// This program is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License Version 2 as published +// by the Free Software Foundation. You may not use, modify or distribute +// this program under any other version of the GNU General Public License. +// +// This program is distributed in the hope that it will be useful, but +// WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +//-------------------------------------------------------------------------- +// file_mime_context_data.cc author Bhagya Tholpady + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "file_mime_context_data.h" + +#include "detection/detection_engine.h" +#include "utils/util.h" + +using namespace snort; + +#define MAX_DEPTH 65536 +unsigned MimeDecodeContextData::mime_ips_id = 0; + +MimeDecodeContextData::MimeDecodeContextData() +{ + decode_buf = (uint8_t*)snort_alloc(MAX_DEPTH); +} +MimeDecodeContextData::~MimeDecodeContextData() +{ + snort_free(decode_buf); + decode_buf = nullptr; +} + +void MimeDecodeContextData::init() +{ mime_ips_id = IpsContextData::get_ips_id(); } + +uint8_t* MimeDecodeContextData::get_decode_buf() +{ + MimeDecodeContextData* data = IpsContextData::get(mime_ips_id); + + return data->decode_buf; +} + diff --git a/src/mime/file_mime_context_data.h b/src/mime/file_mime_context_data.h new file mode 100644 index 000000000..6ca7ed949 --- /dev/null +++ b/src/mime/file_mime_context_data.h @@ -0,0 +1,40 @@ +//-------------------------------------------------------------------------- +// Copyright (C) 2018-2018 Cisco and/or its affiliates. All rights reserved. +// +// This program is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License Version 2 as published +// by the Free Software Foundation. You may not use, modify or distribute +// this program under any other version of the GNU General Public License. +// +// This program is distributed in the hope that it will be useful, but +// WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +//-------------------------------------------------------------------------- +// file_mime_context_data.h author Bhagya Tholpady + +#ifndef FILE_MIME_CONTEXT_DATA_H +#define FILE_MIME_CONTEXT_DATA_H + +#include "detection/ips_context_data.h" + +class MimeDecodeContextData : public snort::IpsContextData +{ +public: + MimeDecodeContextData(); + ~MimeDecodeContextData() override; + + static unsigned mime_ips_id; + + uint8_t* decode_buf = nullptr; + + static void init(); + static uint8_t* get_decode_buf(); +}; + +#endif + diff --git a/src/mime/file_mime_decode.cc b/src/mime/file_mime_decode.cc index 17afe3e0c..ec6f1a589 100644 --- a/src/mime/file_mime_decode.cc +++ b/src/mime/file_mime_decode.cc @@ -16,7 +16,7 @@ // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// file_mime_decode.cc author Bhagyashree Bantwal +// file_mime_decode.cc author Bhagya Tholpady #ifdef HAVE_CONFIG_H #include "config.h" @@ -30,9 +30,13 @@ #include "decode_bit.h" #include "decode_qp.h" #include "decode_uu.h" +#include "file_mime_context_data.h" using namespace snort; +void MimeDecode::init() +{ MimeDecodeContextData::init(); } + void MimeDecode::reset_decoded_bytes() { if (decoder) @@ -66,7 +70,7 @@ void MimeDecode::process_decode_type(const char* start, int length, bool cnt_xf, if (mime_stats) mime_stats->b64_attachments++; decoder = new B64Decode(config->get_max_depth(config->get_b64_depth()), - config->get_b64_depth()); + config->get_b64_depth()); return; } } @@ -81,7 +85,7 @@ void MimeDecode::process_decode_type(const char* start, int length, bool cnt_xf, if (mime_stats) mime_stats->qp_attachments++; decoder = new QPDecode(config->get_max_depth(config->get_qp_depth()), - config->get_qp_depth()); + config->get_qp_depth()); return; } } @@ -96,7 +100,7 @@ void MimeDecode::process_decode_type(const char* start, int length, bool cnt_xf, if (mime_stats) mime_stats->uu_attachments++; decoder = new UUDecode(config->get_max_depth(config->get_uu_depth()), - config->get_uu_depth()); + config->get_uu_depth()); return; } } @@ -115,7 +119,8 @@ void MimeDecode::process_decode_type(const char* start, int length, bool cnt_xf, DecodeResult MimeDecode::decode_data(const uint8_t* start, const uint8_t* end) { - return (decoder ? decoder->decode_data(start,end) : DECODE_SUCCESS); + uint8_t* decode_buf = MimeDecodeContextData::get_decode_buf(); + return (decoder ? decoder->decode_data(start,end, decode_buf) : DECODE_SUCCESS); } int MimeDecode::get_detection_depth() diff --git a/src/mime/file_mime_decode.h b/src/mime/file_mime_decode.h index 87b484e5f..e2ade2a41 100644 --- a/src/mime/file_mime_decode.h +++ b/src/mime/file_mime_decode.h @@ -15,7 +15,7 @@ // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// sf_email_attach_decode.h author Bhagyashree Bantwal +// file_mime_decode.h author Bhagya Bantwal #ifndef FILE_MIME_DECODE_H #define FILE_MIME_DECODE_H @@ -75,6 +75,8 @@ public: DecodeType get_decode_type(); + static void init(); + private: DecodeType decode_type = DECODE_NONE; snort::DecodeConfig* config; diff --git a/src/mime/file_mime_process.cc b/src/mime/file_mime_process.cc index a454800e9..6eec1b185 100644 --- a/src/mime/file_mime_process.cc +++ b/src/mime/file_mime_process.cc @@ -689,6 +689,8 @@ void MimeSession::init() { const MimeToken* tmp; + MimeDecode::init(); + /* Header search */ mime_hdr_search_mpse = new SearchTool; if (mime_hdr_search_mpse == nullptr) diff --git a/src/service_inspectors/dce_rpc/dce_context_data.cc b/src/service_inspectors/dce_rpc/dce_context_data.cc index 82206335b..12d912bb0 100644 --- a/src/service_inspectors/dce_rpc/dce_context_data.cc +++ b/src/service_inspectors/dce_rpc/dce_context_data.cc @@ -117,13 +117,7 @@ void DceContextData::set_current_ropts(DCE2_SsnData* sd) if ( !ips_id ) return; - DceContextData* dcd = (DceContextData*)DetectionEngine::get_data(ips_id); - - if ( !dcd ) - { - dcd = new DceContextData; - DetectionEngine::set_data(ips_id, dcd); - } + DceContextData* dcd = IpsContextData::get(ips_id); if ( !dcd->current_ropts ) { diff --git a/src/service_inspectors/dce_rpc/dce_context_data.h b/src/service_inspectors/dce_rpc/dce_context_data.h index 8b0ed0773..e4c227a00 100644 --- a/src/service_inspectors/dce_rpc/dce_context_data.h +++ b/src/service_inspectors/dce_rpc/dce_context_data.h @@ -20,7 +20,7 @@ #ifndef DCE_CONTEXT_DATA_H #define DCE_CONTEXT_DATA_H -#include "detection/ips_context.h" +#include "detection/ips_context_data.h" #include "dce_utils.h" struct DCE2_Roptions; diff --git a/src/service_inspectors/gtp/gtp_inspect.cc b/src/service_inspectors/gtp/gtp_inspect.cc index 56c02e98e..a6b3b239e 100644 --- a/src/service_inspectors/gtp/gtp_inspect.cc +++ b/src/service_inspectors/gtp/gtp_inspect.cc @@ -26,7 +26,7 @@ #include "gtp_inspect.h" #include "detection/detection_engine.h" -#include "detection/ips_context.h" +#include "detection/ips_context_data.h" #include "managers/inspector_manager.h" #include "profiler/profiler.h" #include "protocols/packet.h" @@ -87,13 +87,8 @@ public: GTP_IEData* get_infos() { - GtpContextData* gcd = (GtpContextData*)DetectionEngine::get_data(ips_id); + GtpContextData* gcd = IpsContextData::get(ips_id); - if ( !gcd ) - { - gcd = new GtpContextData; - DetectionEngine::set_data(ips_id, gcd); - } return gcd->gtp_ies; } diff --git a/src/service_inspectors/http_inspect/http_context_data.cc b/src/service_inspectors/http_inspect/http_context_data.cc index 8cde97e68..ca8b3e203 100644 --- a/src/service_inspectors/http_inspect/http_context_data.cc +++ b/src/service_inspectors/http_inspect/http_context_data.cc @@ -44,13 +44,7 @@ HttpMsgSection* HttpContextData::get_snapshot(const Packet* p) void HttpContextData::save_snapshot(HttpMsgSection* section) { - HttpContextData* hcd = (HttpContextData*)DetectionEngine::get_data(HttpContextData::ips_id); - - if ( !hcd ) - { - hcd = new HttpContextData; - DetectionEngine::set_data(HttpContextData::ips_id, hcd); - } + HttpContextData* hcd = IpsContextData::get(HttpContextData::ips_id); hcd->current_section = section; section->add_ips_context(DetectionEngine::get_context()); diff --git a/src/service_inspectors/http_inspect/http_context_data.h b/src/service_inspectors/http_inspect/http_context_data.h index 9396d0eed..52841710a 100644 --- a/src/service_inspectors/http_inspect/http_context_data.h +++ b/src/service_inspectors/http_inspect/http_context_data.h @@ -20,7 +20,7 @@ #ifndef HTTP_CONTEXT_DATA_H #define HTTP_CONTEXT_DATA_H -#include "detection/ips_context.h" +#include "detection/ips_context_data.h" class HttpMsgSection;