50 const uint8_t *data, uint32_t data_len, uint64_t txid, uint8_t direction)
56 SCLogDebug(
"data %p data_len %"PRIu32, data, data_len);
58 if (direction & STREAM_TOCLIENT) {
70 data_len,
flags) != 0) {
89 uint32_t
len = bstr_len(rawvalue);
90 return rs_http_parse_content_range(range, bstr_ptr(rawvalue),
len);
101 static int HTPParseAndCheckContentRange(
108 SCLogDebug(
"parsing range failed, going back to normal file");
116 if (range->end <= 0 || range->size <= 0) {
119 }
else if (range->end == range->size - 1 && range->start == 0) {
122 }
else if (range->start > range->end || range->end > range->size - 1) {
141 uint16_t filename_len,
const uint8_t *data, uint32_t data_len, uint64_t txid,
150 HTTPContentRange crparsed;
151 if (HTPParseAndCheckContentRange(rawvalue, &crparsed, s, htud) != 0) {
153 return HTPFileOpen(s, txud, filename, filename_len, data, data_len, txid, STREAM_TOCLIENT);
160 data_len,
flags) != 0) {
165 if (
FileSetRange(files, crparsed.start, crparsed.end) < 0) {
170 htp_tx_t *tx = htp_list_get(s->
conn->transactions, txid);
176 if (tx->request_hostname != NULL) {
177 keylen = bstr_len(tx->request_hostname) + filename_len;
179 if (keyurl == NULL) {
182 memcpy(keyurl, bstr_ptr(tx->request_hostname), bstr_len(tx->request_hostname));
183 memcpy(keyurl + bstr_len(tx->request_hostname), filename, filename_len);
190 filename, filename_len,
flags, data, data_len);
220 if (direction & STREAM_TOCLIENT) {
225 SCLogDebug(
"files %p data %p data_len %" PRIu32, files, data, data_len);
243 }
else if (result == -2) {
271 if (ranged && files) {
299 uint8_t
flags, uint8_t direction)
309 if (direction & STREAM_TOCLIENT) {
315 SCLogDebug(
"files %p data %p data_len %" PRIu32, files, data, data_len);
325 }
else if (result == -2) {
349 static int HTPFileParserTest01(
void)
351 uint8_t httpbuf1[] =
"POST /upload.cgi HTTP/1.1\r\n"
352 "Host: www.server.lan\r\n"
353 "Content-Type: multipart/form-data; boundary=---------------------------277531038314945\r\n"
354 "Content-Length: 215\r\n"
356 "-----------------------------277531038314945\r\n"
357 "Content-Disposition: form-data; name=\"uploadfile_0\"; filename=\"somepicture1.jpg\"\r\n"
358 "Content-Type: image/jpeg\r\n"
361 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
362 uint8_t httpbuf2[] =
"filecontent\r\n"
363 "-----------------------------277531038314945--";
364 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
369 memset(&ssn, 0,
sizeof(ssn));
374 f->
proto = IPPROTO_TCP;
379 SCLogDebug(
"\n>>>> processing chunk 1 <<<<\n");
384 SCLogDebug(
"\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
396 FAIL_IF(memcmp(bstr_util_strdup_to_c(tx->request_method),
"POST", 4) != 0);
404 static int HTPFileParserTest02(
void)
406 uint8_t httpbuf1[] =
"POST /upload.cgi HTTP/1.1\r\n"
407 "Host: www.server.lan\r\n"
408 "Content-Type: multipart/form-data; boundary=---------------------------277531038314945\r\n"
409 "Content-Length: 337\r\n"
411 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
413 uint8_t httpbuf2[] =
"-----------------------------277531038314945\r\n"
414 "Content-Disposition: form-data; name=\"email\"\r\n"
416 "someaddress@somedomain.lan\r\n";
417 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
419 uint8_t httpbuf3[] =
"-----------------------------277531038314945\r\n"
420 "Content-Disposition: form-data; name=\"uploadfile_0\"; filename=\"somepicture1.jpg\"\r\n"
421 "Content-Type: image/jpeg\r\n"
423 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
425 uint8_t httpbuf4[] =
"filecontent\r\n"
426 "-----------------------------277531038314945--";
427 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
433 memset(&ssn, 0,
sizeof(ssn));
438 f->
proto = IPPROTO_TCP;
443 SCLogDebug(
"\n>>>> processing chunk 1 <<<<\n");
448 SCLogDebug(
"\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
453 SCLogDebug(
"\n>>>> processing chunk 3 size %u <<<<\n", httplen3);
458 SCLogDebug(
"\n>>>> processing chunk 4 size %u <<<<\n", httplen4);
469 FAIL_IF(memcmp(bstr_util_strdup_to_c(tx->request_method),
"POST", 4) != 0);
481 static int HTPFileParserTest03(
void)
483 uint8_t httpbuf1[] =
"POST /upload.cgi HTTP/1.1\r\n"
484 "Host: www.server.lan\r\n"
485 "Content-Type: multipart/form-data; boundary=---------------------------277531038314945\r\n"
486 "Content-Length: 337\r\n"
488 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
490 uint8_t httpbuf2[] =
"-----------------------------277531038314945\r\n"
491 "Content-Disposition: form-data; name=\"email\"\r\n"
493 "someaddress@somedomain.lan\r\n";
494 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
496 uint8_t httpbuf3[] =
"-----------------------------277531038314945\r\n"
497 "Content-Disposition: form-data; name=\"uploadfile_0\"; filename=\"somepicture1.jpg\"\r\n"
498 "Content-Type: image/jpeg\r\n"
500 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
502 uint8_t httpbuf4[] =
"file";
503 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
505 uint8_t httpbuf5[] =
"content\r\n";
506 uint32_t httplen5 =
sizeof(httpbuf5) - 1;
508 uint8_t httpbuf6[] =
"-----------------------------277531038314945--";
509 uint32_t httplen6 =
sizeof(httpbuf6) - 1;
515 memset(&ssn, 0,
sizeof(ssn));
520 f->
proto = IPPROTO_TCP;
525 SCLogDebug(
"\n>>>> processing chunk 1 <<<<\n");
530 SCLogDebug(
"\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
535 SCLogDebug(
"\n>>>> processing chunk 3 size %u <<<<\n", httplen3);
540 SCLogDebug(
"\n>>>> processing chunk 4 size %u <<<<\n", httplen4);
545 SCLogDebug(
"\n>>>> processing chunk 5 size %u <<<<\n", httplen5);
550 SCLogDebug(
"\n>>>> processing chunk 6 size %u <<<<\n", httplen6);
562 FAIL_IF(memcmp(bstr_util_strdup_to_c(tx->request_method),
"POST", 4) != 0);
577 static int HTPFileParserTest04(
void)
579 uint8_t httpbuf1[] =
"POST /upload.cgi HTTP/1.1\r\n"
580 "Host: www.server.lan\r\n"
581 "Content-Type: multipart/form-data; boundary=---------------------------277531038314945\r\n"
582 "Content-Length: 373\r\n"
584 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
586 uint8_t httpbuf2[] =
"-----------------------------277531038314945\r\n"
587 "Content-Disposition: form-data; name=\"email\"\r\n"
589 "someaddress@somedomain.lan\r\n";
590 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
592 uint8_t httpbuf3[] =
"-----------------------------277531038314945\r\n"
593 "Content-Disposition: form-data; name=\"uploadfile_0\"; filename=\"somepicture1.jpg\"\r\n"
594 "Content-Type: image/jpeg\r\n"
596 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
598 uint8_t httpbuf4[] =
"file0123456789abcdefghijklmnopqrstuvwxyz";
599 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
601 uint8_t httpbuf5[] =
"content\r\n";
602 uint32_t httplen5 =
sizeof(httpbuf5) - 1;
604 uint8_t httpbuf6[] =
"-----------------------------277531038314945--";
605 uint32_t httplen6 =
sizeof(httpbuf6) - 1;
611 memset(&ssn, 0,
sizeof(ssn));
616 f->
proto = IPPROTO_TCP;
621 SCLogDebug(
"\n>>>> processing chunk 1 <<<<\n");
626 SCLogDebug(
"\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
631 SCLogDebug(
"\n>>>> processing chunk 3 size %u <<<<\n", httplen3);
636 SCLogDebug(
"\n>>>> processing chunk 4 size %u <<<<\n", httplen4);
641 SCLogDebug(
"\n>>>> processing chunk 5 size %u <<<<\n", httplen5);
646 SCLogDebug(
"\n>>>> processing chunk 6 size %u <<<<\n", httplen6);
658 FAIL_IF(memcmp(bstr_util_strdup_to_c(tx->request_method),
"POST", 4) != 0);
672 static int HTPFileParserTest05(
void)
674 uint8_t httpbuf1[] =
"POST /upload.cgi HTTP/1.1\r\n"
675 "Host: www.server.lan\r\n"
676 "Content-Type: multipart/form-data; boundary=---------------------------277531038314945\r\n"
677 "Content-Length: 544\r\n"
679 "-----------------------------277531038314945\r\n"
680 "Content-Disposition: form-data; name=\"uploadfile_0\"; filename=\"somepicture1.jpg\"\r\n"
681 "Content-Type: image/jpeg\r\n"
684 "-----------------------------277531038314945\r\n";
685 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
686 uint8_t httpbuf2[] =
"Content-Disposition: form-data; name=\"uploadfile_1\"; filename=\"somepicture2.jpg\"\r\n"
687 "Content-Type: image/jpeg\r\n"
690 "-----------------------------277531038314945--";
691 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
697 memset(&ssn, 0,
sizeof(ssn));
702 f->
proto = IPPROTO_TCP;
707 SCLogDebug(
"\n>>>> processing chunk 1 size %u <<<<\n", httplen1);
712 SCLogDebug(
"\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
724 FAIL_IF(memcmp(bstr_util_strdup_to_c(tx->request_method),
"POST", 4) != 0);
747 static int HTPFileParserTest06(
void)
749 uint8_t httpbuf1[] =
"POST /upload.cgi HTTP/1.1\r\n"
750 "Host: www.server.lan\r\n"
751 "Content-Type: multipart/form-data; boundary=---------------------------277531038314945\r\n"
752 "Content-Length: 544\r\n"
754 "-----------------------------277531038314945\r\n"
755 "Content-Disposition: form-data; name=\"uploadfile_0\"; filename=\"somepicture1.jpg\"\r\n"
756 "Content-Type: image/jpeg\r\n"
759 "-----------------------------27753103831494";
760 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
761 uint8_t httpbuf2[] =
"5\r\nContent-Disposition: form-data; name=\"uploadfile_1\"; filename=\"somepicture2.jpg\"\r\n"
762 "Content-Type: image/jpeg\r\n"
765 "-----------------------------277531038314945--";
766 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
772 memset(&ssn, 0,
sizeof(ssn));
777 f->
proto = IPPROTO_TCP;
782 SCLogDebug(
"\n>>>> processing chunk 1 size %u <<<<\n", httplen1);
787 SCLogDebug(
"\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
799 FAIL_IF(memcmp(bstr_util_strdup_to_c(tx->request_method),
"POST", 4) != 0);
823 static int HTPFileParserTest07(
void)
825 uint8_t httpbuf1[] =
"POST /filename HTTP/1.1\r\n"
826 "Host: www.server.lan\r\n"
827 "Content-Length: 11\r\n"
829 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
830 uint8_t httpbuf2[] =
"FILECONTENT";
831 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
837 memset(&ssn, 0,
sizeof(ssn));
842 f->
proto = IPPROTO_TCP;
847 SCLogDebug(
"\n>>>> processing chunk 1 size %u <<<<\n", httplen1);
852 SCLogDebug(
"\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
863 FAIL_IF(memcmp(bstr_util_strdup_to_c(tx->request_method),
"POST", 4) != 0);
880 static int HTPFileParserTest08(
void)
882 uint8_t httpbuf1[] =
"POST /upload.cgi HTTP/1.1\r\n"
883 "Host: www.server.lan\r\n"
884 "Content-Type: multipart/form-data; boundary=---------------------------277531038314945\r\n"
885 "Content-Length: 215\r\n"
887 "-----------------------------277531038314945\r\n"
888 "Content-Disposition: form-data; name=\"uploadfile_0\"; filename=\"somepicture1.jpg\"\r\n"
889 "Content-Type: image/jpeg\r\n";
891 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
892 uint8_t httpbuf2[] =
"filecontent\r\n\r\n"
893 "-----------------------------277531038314945--";
894 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
899 memset(&ssn, 0,
sizeof(ssn));
904 f->
proto = IPPROTO_TCP;
909 SCLogDebug(
"\n>>>> processing chunk 1 <<<<\n");
914 SCLogDebug(
"\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
938 static int HTPFileParserTest09(
void)
940 uint8_t httpbuf1[] =
"POST /upload.cgi HTTP/1.1\r\n"
941 "Host: www.server.lan\r\n"
942 "Content-Type: multipart/form-data; boundary=---------------------------277531038314945\r\n"
943 "Content-Length: 337\r\n"
945 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
947 uint8_t httpbuf2[] =
"-----------------------------277531038314945\r\n"
948 "Content-Disposition: form-data; name=\"email\"\r\n"
950 "someaddress@somedomain.lan\r\n";
951 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
953 uint8_t httpbuf3[] =
"-----------------------------277531038314945\r\n"
954 "Content-Disposition: form-data; name=\"uploadfile_0\"; filename=\"somepicture1.jpg\"\r\n"
955 "Somereallylongheaderstr:\r\n"
957 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
959 uint8_t httpbuf4[] =
"filecontent\r\n"
960 "-----------------------------277531038314945--";
961 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
967 memset(&ssn, 0,
sizeof(ssn));
972 f->
proto = IPPROTO_TCP;
977 SCLogDebug(
"\n>>>> processing chunk 1 <<<<\n");
982 SCLogDebug(
"\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
987 SCLogDebug(
"\n>>>> processing chunk 3 size %u <<<<\n", httplen3);
992 SCLogDebug(
"\n>>>> processing chunk 4 size %u <<<<\n", httplen4);
1016 static int HTPFileParserTest10(
void)
1018 uint8_t httpbuf1[] =
"POST /upload.cgi HTTP/1.1\r\n"
1019 "Host: www.server.lan\r\n"
1020 "Content-Type: multipart/form-data; boundary=---------------------------277531038314945\r\n"
1021 "Content-Length: 337\r\n"
1023 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1025 uint8_t httpbuf2[] =
"-----------------------------277531038314945\r\n"
1027 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1029 uint8_t httpbuf3[] =
"-----------------------------277531038314945\r\n"
1030 "Content-Disposition: form-data; name=\"uploadfile_0\"; filename=\"somepicture1.jpg\"\r\n"
1031 "Somereallylongheaderstr: with a good value\r\n"
1033 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
1035 uint8_t httpbuf4[] =
"filecontent\r\n"
1036 "-----------------------------277531038314945--";
1037 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
1043 memset(&ssn, 0,
sizeof(ssn));
1048 f->
proto = IPPROTO_TCP;
1053 SCLogDebug(
"\n>>>> processing chunk 1 <<<<\n");
1058 SCLogDebug(
"\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
1063 SCLogDebug(
"\n>>>> processing chunk 3 size %u <<<<\n", httplen3);
1068 SCLogDebug(
"\n>>>> processing chunk 4 size %u <<<<\n", httplen4);
1089 static int HTPFileParserTest11(
void)
1091 uint8_t httpbuf1[] =
"POST /upload.cgi HTTP/1.1\r\n"
1092 "Host: www.server.lan\r\n"
1093 "Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBRDbP74mBhBxsIdo\r\n"
1094 "Content-Length: 1102\r\n"
1096 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1098 uint8_t httpbuf2[] =
"------WebKitFormBoundaryBRDbP74mBhBxsIdo\r\n";
1099 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1101 uint8_t httpbuf3[] =
"Content-Disposition: form-data; name=\"PROGRESS_URL\"\r\n"
1103 "http://somserver.com/progress.php?UPLOAD_IDENTIFIER=XXXXXXXXX.XXXXXXXXXX.XXXXXXXX.XX.X\r\n"
1104 "------WebKitFormBoundaryBRDbP74mBhBxsIdo\r\n"
1105 "Content-Disposition: form-data; name=\"DESTINATION_DIR\"\r\n"
1108 "------WebKitFormBoundaryBRDbP74mBhBxsIdo\r\n"
1109 "Content-Disposition: form-data; name=\"js_enabled\"\r\n"
1112 "------WebKitFormBoundaryBRDbP74mBhBxsIdo\r\n"
1113 "Content-Disposition: form-data; name=\"signature\"\r\n"
1115 "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\r\n"
1116 "------WebKitFormBoundaryBRDbP74mBhBxsIdo\r\n"
1117 "Content-Disposition: form-data; name=\"upload_files\"\r\n"
1119 "------WebKitFormBoundaryBRDbP74mBhBxsIdo\r\n"
1120 "Content-Disposition: form-data; name=\"terms\"\r\n"
1123 "------WebKitFormBoundaryBRDbP74mBhBxsIdo\r\n"
1124 "Content-Disposition: form-data; name=\"file[]\"\r\n"
1126 "------WebKitFormBoundaryBRDbP74mBhBxsIdo\r\n"
1127 "Content-Disposition: form-data; name=\"description[]\"\r\n"
1129 "------WebKitFormBoundaryBRDbP74mBhBxsIdo\r\n"
1130 "Content-Disposition: form-data; name=\"upload_file[]\"; filename=\"filename.doc\"\r\n"
1131 "Content-Type: application/msword\r\n"
1134 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
1136 uint8_t httpbuf4[] =
"CONTENT\r\n"
1137 "------WebKitFormBoundaryBRDbP74mBhBxsIdo--";
1138 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
1144 memset(&ssn, 0,
sizeof(ssn));
1149 f->
proto = IPPROTO_TCP;
1154 SCLogDebug(
"\n>>>> processing chunk 1 <<<<\n");
1159 SCLogDebug(
"\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
1163 SCLogDebug(
"\n>>>> processing chunk 3 size %u <<<<\n", httplen3);
1167 SCLogDebug(
"\n>>>> processing chunk 4 size %u <<<<\n", httplen4);
1186 FAIL_IF(memcmp(bstr_util_strdup_to_c(tx->request_method),
"POST", 4) != 0);