From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Tue, 19 Jan 2021 16:01:09 +0000 (+0000)
Subject: Merge pull request #2705 in SNORT/snort3 from ~KATHARVE/snort3:file_context to master
X-Git-Tag: 3.1.1.0~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de36e8e5a0ba79121a3a48f5533ab66bbf3cb83d;p=thirdparty%2Fsnort3.git

Merge pull request #2705 in SNORT/snort3 from ~KATHARVE/snort3:file_context to master

Squashed commit of the following:

commit 43e965a50c52225c8abf584a511f75db6923b00b
Author: Katura Harvey <katharve@cisco.com>
Date:   Thu Jan 14 15:55:38 2021 -0500

    mime: provide file_id to set file name and read new return value

commit e6de4fd92c3ce02a905aa18ed095d80e847413c9
Author: Katura Harvey <katharve@cisco.com>
Date:   Thu Jan 14 15:55:04 2021 -0500

    http_inspect: provide file_id to set file name and read new return value

commit 1197b3c8a80b2703a739704e11aeb4032e76ef90
Author: Katura Harvey <katharve@cisco.com>
Date:   Tue Jan 12 17:25:06 2021 -0500

    file_api: remove file context after file name set if processing is complete
---

diff --git a/src/file_api/file_flows.cc b/src/file_api/file_flows.cc
index cc6c0090b..aea524667 100644
--- a/src/file_api/file_flows.cc
+++ b/src/file_api/file_flows.cc
@@ -350,21 +350,38 @@ bool FileFlows::file_process(Packet* p, const uint8_t* file_data, int data_size,
     return context->process(p, file_data, data_size, position, file_policy);
 }
 
-void FileFlows::set_file_name(const uint8_t* fname, uint32_t name_size, uint64_t file_id)
+/*
+ * Return:
+ *    true: continue processing this file
+ *    false: ignore this file
+ */
+bool FileFlows::set_file_name(const uint8_t* fname, uint32_t name_size, uint64_t file_id,
+    uint64_t multi_file_processing_id)
 {
     FileContext* context;
     if (file_id)
-        context = get_file_context(file_id, false);
+        context = get_file_context(file_id, false, multi_file_processing_id);
     else
         context = get_current_file_context();
     if ( !context )
-        return;
+        return false;
 
     if ( !context->is_file_name_set() )
     {
         context->set_file_name((const char*)fname, name_size);
         context->log_file_event(flow, file_policy);
     }
+
+    if ((context->get_processed_bytes() == (uint64_t)FileService::get_max_file_depth()) or
+        ((context->get_file_type() != SNORT_FILE_TYPE_CONTINUE) and
+            (!context->is_file_capture_enabled()) and (!context->is_file_signature_enabled())))
+    {
+        context->processing_complete = true;
+        // this can be called by inspector also if needed instead of here based on return value
+        remove_processed_file_context(multi_file_processing_id);
+        return false;
+    }
+    return true;
 }
 
 void FileFlows::add_pending_file(uint64_t file_id)
diff --git a/src/file_api/file_flows.h b/src/file_api/file_flows.h
index f6321caa1..df77560c6 100644
--- a/src/file_api/file_flows.h
+++ b/src/file_api/file_flows.h
@@ -82,7 +82,8 @@ public:
 
     uint64_t get_new_file_instance();
 
-    void set_file_name(const uint8_t* fname, uint32_t name_size, uint64_t file_id=0);
+    bool set_file_name(const uint8_t* fname, uint32_t name_size, uint64_t file_id=0,
+        uint64_t multi_file_processing_id=0);
 
     void set_sig_gen_state( bool enable )
     {
diff --git a/src/mime/file_mime_process.cc b/src/mime/file_mime_process.cc
index 426865d8d..8a9dca9b4 100644
--- a/src/mime/file_mime_process.cc
+++ b/src/mime/file_mime_process.cc
@@ -836,7 +836,7 @@ uint64_t MimeSession::get_file_cache_file_id()
 // file counter
 uint64_t MimeSession::get_multiprocessing_file_id()
 {
-    if (!current_multiprocessing_file_id)
+    if (!current_multiprocessing_file_id and session_base_file_id)
     {
         const int data_len = sizeof(session_base_file_id) + sizeof(file_counter);
         uint8_t data[data_len];
@@ -872,7 +872,8 @@ void MimeSession::mime_file_process(Packet* p, const uint8_t* data, int data_siz
         file_process_offset += data_size;
         if (continue_inspecting_file and (isFileStart(position)) && log_state)
         {
-            file_flows->set_file_name((const uint8_t*)filename.c_str(), filename.length());
+            continue_inspecting_file = file_flows->set_file_name((const uint8_t*)filename.c_str(),
+                filename.length(), 0, get_multiprocessing_file_id());
             filename.clear();
         }
     }
diff --git a/src/service_inspectors/http_inspect/http_msg_body.cc b/src/service_inspectors/http_inspect/http_msg_body.cc
index 253dab51e..2e10c7344 100644
--- a/src/service_inspectors/http_inspect/http_msg_body.cc
+++ b/src/service_inspectors/http_inspect/http_msg_body.cc
@@ -277,9 +277,10 @@ void HttpMsgBody::do_file_processing(const Field& file_data)
 
         const uint64_t file_index = get_header(source_id)->get_file_cache_index();
 
-        if (file_flows->file_process(p, file_index, file_data.start(), fp_length,
-            session_data->file_octets[source_id], dir,
-            get_header(source_id)->get_multi_file_processing_id(), file_position))
+        bool continue_processing_file = file_flows->file_process(p, file_index, file_data.start(),
+            fp_length, session_data->file_octets[source_id], dir,
+            get_header(source_id)->get_multi_file_processing_id(), file_position);
+        if (continue_processing_file)
         {
             session_data->file_depth_remaining[source_id] -= fp_length;
 
@@ -296,7 +297,9 @@ void HttpMsgBody::do_file_processing(const Field& file_data)
                             get_content_disposition_filename();
                         if (cd_filename.length() > 0)
                         {
-                            file_flows->set_file_name(cd_filename.start(), cd_filename.length());
+                            continue_processing_file = file_flows->set_file_name(
+                                cd_filename.start(), cd_filename.length(), 0, 
+                                get_header(source_id)->get_multi_file_processing_id());
                             has_cd_filename = true;
                         }
                     }
@@ -305,14 +308,15 @@ void HttpMsgBody::do_file_processing(const Field& file_data)
                         const Field& transaction_uri = request->get_uri();
                         if (transaction_uri.length() > 0)
                         {
-                            file_flows->set_file_name(transaction_uri.start(),
-                                transaction_uri.length());
+                            continue_processing_file = file_flows->set_file_name(
+                                transaction_uri.start(), transaction_uri.length(), 0,
+                                get_header(source_id)->get_multi_file_processing_id());
                         }
                     }
                 }
             }
         }
-        else
+        if (!continue_processing_file)
         {
             // file processing doesn't want any more data
             session_data->file_depth_remaining[source_id] = 0;