suricata
util-decode-mime.c File Reference
#include "suricata-common.h"
#include "util-decode-mime.h"
#include "util-ip.h"
#include "util-spm-bs.h"
#include "util-unittest.h"
#include "util-memcmp.h"
#include "util-print.h"
Include dependency graph for util-decode-mime.c:

Go to the source code of this file.

Macros

#define CR   13
 
#define LF   10
 
#define CRLF   "\r\n"
 
#define COLON   58
 
#define DASH   45
 
#define PRINTABLE_START   33
 
#define PRINTABLE_END   126
 
#define UC_START   65
 
#define UC_END   90
 
#define LC_START   97
 
#define LC_END   122
 
#define UC_LC_DIFF   32
 
#define EOL_LEN   2
 
#define BASE64_STR   "Base64"
 
#define MAX_LINE_LEN   998 /* Def in RFC 2045, excluding CRLF sequence */
 
#define MAX_ENC_LINE_LEN   76 /* Def in RFC 2045, excluding CRLF sequence */
 
#define MAX_HEADER_NAME   75 /* 75 + ":" = 76 */
 
#define MAX_HEADER_VALUE   2000 /* Default - arbitrary limit */
 
#define BOUNDARY_BUF   256
 
#define CTNT_TYPE_STR   "content-type"
 
#define CTNT_DISP_STR   "content-disposition"
 
#define CTNT_TRAN_STR   "content-transfer-encoding"
 
#define MSG_ID_STR   "message-id"
 
#define BND_START_STR   "boundary="
 
#define TOK_END_STR   "\""
 
#define MSG_STR   "message/"
 
#define MULTIPART_STR   "multipart/"
 
#define QP_STR   "quoted-printable"
 
#define TXT_STR   "text/plain"
 
#define HTML_STR   "text/html"
 
#define URL_STR   "http://"
 
#define STACK_FREE_NODES   10
 
#define MAX_IP4_CHARS   15
 
#define MAX_IP6_CHARS   39
 
#define TEST(str, len, expect)
 
#define TEST(str, len, expect)
 

Functions

void MimeDecSetConfig (MimeDecConfig *config)
 Set global config policy. More...
 
MimeDecConfigMimeDecGetConfig (void)
 Get global config policy. More...
 
void MimeDecFreeEntity (MimeDecEntity *entity)
 Frees a mime entity tree. More...
 
void MimeDecFreeField (MimeDecField *field)
 Iteratively frees a header field entry list. More...
 
void MimeDecFreeUrl (MimeDecUrl *url)
 Iteratively frees a URL entry list. More...
 
MimeDecFieldMimeDecAddField (MimeDecEntity *entity)
 Creates and adds a header field entry to an entity. More...
 
int MimeDecFindFieldsForEach (const MimeDecEntity *entity, const char *name, int(*DataCallback)(const uint8_t *val, const size_t, void *data), void *data)
 Searches for header fields with the specified name. More...
 
MimeDecFieldMimeDecFindField (const MimeDecEntity *entity, const char *name)
 Searches for a header field with the specified name. More...
 
MimeDecEntityMimeDecAddEntity (MimeDecEntity *parent)
 Creates and adds a child entity to the specified parent entity. More...
 
const char * MimeDecParseStateGetStatus (MimeDecParseState *state)
 
MimeDecParseStateMimeDecInitParser (void *data, int(*DataChunkProcessorFunc)(const uint8_t *chunk, uint32_t len, MimeDecParseState *state))
 Init the parser by allocating memory for the state and top-level entity. More...
 
void MimeDecDeInitParser (MimeDecParseState *state)
 De-Init parser by freeing up any residual memory. More...
 
int MimeDecParseComplete (MimeDecParseState *state)
 Called to indicate that the last message line has been processed and the parsing operation is complete. More...
 
int MimeDecParseLine (const uint8_t *line, const uint32_t len, const uint8_t delim_len, MimeDecParseState *state)
 Parse a line of a MIME message and update the parser state. More...
 
MimeDecEntityMimeDecParseFullMsg (const uint8_t *buf, uint32_t blen, void *data, int(*dcpfunc)(const uint8_t *chunk, uint32_t len, MimeDecParseState *state))
 Parses an entire message when available in its entirety (wraps the line-based parsing functions) More...
 
void MimeDecRegisterTests (void)
 

Detailed Description

Macro Definition Documentation

#define BASE64_STR   "Base64"

Definition at line 53 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define BND_START_STR   "boundary="

Definition at line 65 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define BOUNDARY_BUF   256

Definition at line 60 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define COLON   58

Definition at line 41 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define CR   13

Definition at line 36 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define CRLF   "\r\n"

Definition at line 40 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define CTNT_DISP_STR   "content-disposition"

Definition at line 62 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define CTNT_TRAN_STR   "content-transfer-encoding"

Definition at line 63 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define CTNT_TYPE_STR   "content-type"

Definition at line 61 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define DASH   45

Definition at line 42 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define EOL_LEN   2

Definition at line 50 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define HTML_STR   "text/html"

Definition at line 71 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define LC_END   122

Definition at line 48 of file util-decode-mime.c.

#define LC_START   97

Definition at line 47 of file util-decode-mime.c.

#define LF   10

Definition at line 37 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define MAX_ENC_LINE_LEN   76 /* Def in RFC 2045, excluding CRLF sequence */

Definition at line 57 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define MAX_HEADER_NAME   75 /* 75 + ":" = 76 */

Definition at line 58 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define MAX_HEADER_VALUE   2000 /* Default - arbitrary limit */

Definition at line 59 of file util-decode-mime.c.

Referenced by MimeDecSetConfig().

#define MAX_IP4_CHARS   15

Definition at line 78 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define MAX_IP6_CHARS   39

Definition at line 79 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define MAX_LINE_LEN   998 /* Def in RFC 2045, excluding CRLF sequence */

Definition at line 56 of file util-decode-mime.c.

Referenced by MimeDecParseStateGetStatus().

#define MSG_ID_STR   "message-id"

Definition at line 64 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define MSG_STR   "message/"

Definition at line 67 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define MULTIPART_STR   "multipart/"

Definition at line 68 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define PRINTABLE_END   126

Definition at line 44 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define PRINTABLE_START   33

Definition at line 43 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define QP_STR   "quoted-printable"

Definition at line 69 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define STACK_FREE_NODES   10

Definition at line 75 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define TEST (   str,
  len,
  expect 
)
Value:
{ \
SCLogDebug("str %s", (str)); \
int r = IsIpv4Host((const uint8_t *)(str),(len)); \
FAIL_IF_NOT(r == (expect)); \
}
#define SCLogDebug(...)
Definition: util-debug.h:335
#define str(s)
uint8_t len
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82

Definition at line 3016 of file util-decode-mime.c.

Referenced by MimeDecParseFullMsg().

#define TEST (   str,
  len,
  expect 
)
Value:
{ \
SCLogDebug("str %s", (str)); \
int r = IsIpv6Host((const uint8_t *)(str),(len)); \
FAIL_IF_NOT(r == (expect)); \
}
#define SCLogDebug(...)
Definition: util-debug.h:335
#define str(s)
uint8_t len
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82

Definition at line 3016 of file util-decode-mime.c.

#define TOK_END_STR   "\""

Definition at line 66 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define TXT_STR   "text/plain"

Definition at line 70 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

#define UC_END   90

Definition at line 46 of file util-decode-mime.c.

#define UC_LC_DIFF   32

Definition at line 49 of file util-decode-mime.c.

#define UC_START   65

Definition at line 45 of file util-decode-mime.c.

#define URL_STR   "http://"

Definition at line 72 of file util-decode-mime.c.

Referenced by MimeDecAddEntity().

Function Documentation

MimeDecEntity* MimeDecAddEntity ( MimeDecEntity parent)

Creates and adds a child entity to the specified parent entity.

Parameters
parentThe parent entity
Returns
The child entity, or NULL if the operation fails

Definition at line 398 of file util-decode-mime.c.

References ANOM_INVALID_BASE64, ANOM_INVALID_QP, ANOM_LONG_BOUNDARY, ANOM_LONG_ENC_LINE, ANOM_LONG_HEADER_NAME, ANOM_LONG_HEADER_VALUE, MimeDecEntity::anomaly_flags, ASCII_BLOCK, B64_BLOCK, BASE64_STR, BasicSearchNocase(), MimeDecStackNode::bdef, MimeDecStackNode::bdef_len, BND_START_STR, MimeDecParseState::body_begin, MimeDecParseState::body_end, BODY_END_BOUND, MimeDecEntity::body_len, BODY_STARTED, BOUNDARY_BUF, MimeDecParseState::bvr_len, MimeDecParseState::bvremain, MimeDecEntity::child, COLON, CR, CRLF, CTNT_DISP_STR, MimeDecEntity::ctnt_flags, CTNT_IS_ATTACHMENT, CTNT_IS_BASE64, CTNT_IS_BODYPART, CTNT_IS_ENCAP, CTNT_IS_ENV, CTNT_IS_HTML, CTNT_IS_MSG, CTNT_IS_MULTIPART, CTNT_IS_QP, CTNT_IS_TEXT, CTNT_TRAN_STR, MimeDecEntity::ctnt_type, MimeDecEntity::ctnt_type_len, CTNT_TYPE_STR, MimeDecParseState::current_line_delimiter_len, DASH, MimeDecStackNode::data, MimeDecParseState::data_chunk, MimeDecParseState::data_chunk_len, DATA_CHUNK_SIZE, MimeDecParseState::DataChunkProcessorFunc, MimeDecConfig::decode_base64, MimeDecConfig::decode_quoted_printable, DecodeBase64(), MimeDecEntity::decoded_body_len, EOL_LEN, MimeDecConfig::extract_urls, MimeDecEntity::filename, MimeDecEntity::filename_len, MimeDecParseState::found_child, MimeDecStack::free_nodes, MimeDecStack::free_nodes_cnt, HEADER_DONE, HEADER_READY, HEADER_STARTED, MimeDecConfig::header_value_depth, MimeDecParseState::hlen, MimeDecParseState::hname, HTML_STR, MimeDecParseState::hvalue, MimeDecParseState::hvlen, IPv4AddressStringIsValid(), IPv6AddressStringIsValid(), MimeDecStackNode::is_encap, len, LF, MimeDecParseState::linerem_len, MAX_ENC_LINE_LEN, MAX_HEADER_NAME, MAX_IP4_CHARS, MAX_IP6_CHARS, MIME_DEC_ERR_DATA, MIME_DEC_ERR_MEM, MIME_DEC_ERR_PARSE, MIME_DEC_OK, MimeDecAddEntity(), MimeDecAddField(), MimeDecFindField(), MimeDecGetConfig(), MimeDecParseState::msg, MimeDecEntity::msg_id, MimeDecEntity::msg_id_len, MSG_ID_STR, MSG_STR, MULTIPART_STR, MimeDecField::name, MimeDecField::name_len, MimeDecUrl::next, MimeDecEntity::next, MimeDecStackNode::next, DataValue::next, offset, PRINTABLE_END, PRINTABLE_START, QP_STR, res, SC_ERR_MEM_ALLOC, SC_LOG_DEBUG, SCCalloc, SCFree, SCLogDebug, SCLogError, SCMalloc, SCMemcmp, src, MimeDecParseState::stack, STACK_FREE_NODES, MimeDecParseState::state_flag, Asn1Generic_::strlen, TOK_END_STR, MimeDecStack::top, TXT_STR, unlikely, MimeDecUrl::url, URL_IS_EXE, URL_IS_IP4, URL_IS_IP6, MimeDecUrl::url_len, MimeDecEntity::url_list, URL_STR, Asn1Generic_::value, MimeDecField::value, DataValue::value, MimeDecField::value_len, and DataValue::value_len.

Referenced by MimeDecAddEntity().

Here is the call graph for this function:

Here is the caller graph for this function:

MimeDecField* MimeDecAddField ( MimeDecEntity entity)

Creates and adds a header field entry to an entity.

The entity is optional. If NULL is specified, than a new stand-alone field is created.

Parameters
entityThe parent entity
Returns
The field object, or NULL if the operation fails

Definition at line 278 of file util-decode-mime.c.

References MimeDecEntity::field_list, MimeDecField::next, SC_ERR_MEM_ALLOC, SCLogError, SCMalloc, and unlikely.

Referenced by MimeDecAddEntity().

Here is the caller graph for this function:

void MimeDecDeInitParser ( MimeDecParseState state)

De-Init parser by freeing up any residual memory.

Parameters
stateThe parser state
Returns
none

Definition at line 2441 of file util-decode-mime.c.

References ANOM_MALFORMED_MSG, MimeDecEntity::anomaly_flags, MimeDecStackNode::data, MimeDecParseState::hname, MimeDecParseState::hvalue, MimeDecParseState::msg, SCFree, SCLogDebug, MimeDecParseState::stack, and MimeDecStack::top.

Referenced by MimeDecParseFullMsg(), and SMTPStateAlloc().

Here is the caller graph for this function:

MimeDecField* MimeDecFindField ( const MimeDecEntity entity,
const char *  name 
)

Searches for a header field with the specified name.

Parameters
entityThe entity to search
nameThe header name (lowercase)
Returns
The field object, or NULL if not found

Definition at line 338 of file util-decode-mime.c.

References MimeDecEntity::field_list, flags, MimeDecField::name, MimeDecField::name_len, MimeDecField::next, MimeDecUrl::next, SC_ERR_MEM_ALLOC, SCLogError, SCMalloc, SCMemcmp, Asn1Generic_::strlen, unlikely, MimeDecUrl::url, MimeDecUrl::url_flags, MimeDecUrl::url_len, and MimeDecEntity::url_list.

Referenced by MimeDecAddEntity(), and MimeDecParseFullMsg().

Here is the caller graph for this function:

int MimeDecFindFieldsForEach ( const MimeDecEntity entity,
const char *  name,
int(*)(const uint8_t *val, const size_t, void *data)  DataCallback,
void *  data 
)

Searches for header fields with the specified name.

Parameters
entityThe entity to search
nameThe header name (lowercase)
Returns
number of items found

Definition at line 310 of file util-decode-mime.c.

References MimeDecEntity::field_list, MimeDecField::name, MimeDecField::name_len, MimeDecField::next, SCMemcmp, Asn1Generic_::strlen, MimeDecField::value, and MimeDecField::value_len.

void MimeDecFreeEntity ( MimeDecEntity entity)

Frees a mime entity tree.

Parameters
entityThe root entity
Returns
none

Move child to next Transform tree into list

Move to next element

Definition at line 181 of file util-decode-mime.c.

References MimeDecEntity::child, MimeDecEntity::field_list, MimeDecEntity::filename, MimeDecFreeField(), MimeDecFreeUrl(), MimeDecEntity::next, SCFree, and MimeDecEntity::url_list.

Referenced by MimeDecParseFullMsg(), and SMTPStateAlloc().

Here is the call graph for this function:

Here is the caller graph for this function:

void MimeDecFreeField ( MimeDecField field)

Iteratively frees a header field entry list.

Parameters
fieldThe header field
Returns
none

Definition at line 220 of file util-decode-mime.c.

References MimeDecField::name, MimeDecField::next, SCFree, and MimeDecField::value.

Referenced by MimeDecFreeEntity().

Here is the caller graph for this function:

void MimeDecFreeUrl ( MimeDecUrl url)

Iteratively frees a URL entry list.

Parameters
urlThe url entry
Returns
none

Definition at line 249 of file util-decode-mime.c.

References MimeDecUrl::next, SCFree, and MimeDecUrl::url.

Referenced by MimeDecFreeEntity().

Here is the caller graph for this function:

MimeDecConfig* MimeDecGetConfig ( void  )

Get global config policy.

Returns
config data structure

Definition at line 151 of file util-decode-mime.c.

References MimeDecEntity::next.

Referenced by MimeDecAddEntity(), and MimeDecParseFullMsg().

Here is the caller graph for this function:

MimeDecParseState* MimeDecInitParser ( void *  data,
int(*)(const uint8_t *chunk, uint32_t len, MimeDecParseState *state)  DataChunkProcessorFunc 
)

Init the parser by allocating memory for the state and top-level entity.

Parameters
dataA caller-specified pointer to data for access within the data chunk processor callback function
dcpfuncThe data chunk processor callback function
Returns
A pointer to the state object, or NULL if the operation fails

Definition at line 2385 of file util-decode-mime.c.

References MimeDecEntity::ctnt_flags, CTNT_IS_MSG, MimeDecStackNode::data, MimeDecParseState::data, MimeDecParseState::DataChunkProcessorFunc, HEADER_READY, MimeDecParseState::msg, SC_ERR_MEM_ALLOC, SCFree, SCLogError, SCMalloc, MimeDecParseState::stack, MimeDecParseState::state_flag, MimeDecStack::top, and unlikely.

Referenced by MimeDecParseFullMsg(), SMTPParserCleanup(), and SMTPProcessDataChunk().

Here is the caller graph for this function:

int MimeDecParseComplete ( MimeDecParseState state)

Called to indicate that the last message line has been processed and the parsing operation is complete.

This function should be called directly by the caller.

Parameters
stateThe parser state
Returns
MIME_DEC_OK on success, otherwise < 0 on failure

Definition at line 2479 of file util-decode-mime.c.

References ANOM_MALFORMED_MSG, MimeDecEntity::anomaly_flags, MimeDecStackNode::is_encap, MIME_DEC_ERR_DATA, MIME_DEC_ERR_STATE, MIME_DEC_OK, MimeDecParseState::msg, MimeDecStackNode::next, PARSE_DONE, PARSE_ERROR, SCLogDebug, MimeDecParseState::stack, MimeDecParseState::state_flag, and MimeDecStack::top.

Referenced by MimeDecParseFullMsg(), and SMTPProcessDataChunk().

Here is the caller graph for this function:

MimeDecEntity* MimeDecParseFullMsg ( const uint8_t *  buf,
uint32_t  blen,
void *  data,
int(*)(const uint8_t *chunk, uint32_t len, MimeDecParseState *state)  dcpfunc 
)

Parses an entire message when available in its entirety (wraps the line-based parsing functions)

Parameters
bufBuffer pointing to the full message
blenLength of the buffer
dataCaller data to be available in callback
dcpfuncCallback for processing each decoded body data chunk
Returns
A pointer to the decoded MIME message, or NULL if the operation fails

Definition at line 2575 of file util-decode-mime.c.

References MimeDecParseState::body_begin, MimeDecParseState::body_end, BUG_ON, MimeDecEntity::child, MimeDecParseState::current_line_delimiter_len, MimeDecParseState::data, MimeDecConfig::decode_base64, MimeDecConfig::decode_quoted_printable, DecodeBase64(), dst, MimeDecConfig::extract_urls, MIME_DEC_OK, MimeDecDeInitParser(), MimeDecFindField(), MimeDecFreeEntity(), MimeDecGetConfig(), MimeDecInitParser(), MimeDecParseComplete(), MimeDecParseFullMsg(), MimeDecParseLine(), MimeDecParseState::msg, msg, MimeDecEntity::next, PASS, SC_LOG_DEBUG, SCFree, SCLogDebug, SCLogInfo, SCMalloc, str, TEST, MimeDecUrl::url_flags, URL_IS_EXE, MimeDecEntity::url_list, MimeDecField::value, and MimeDecField::value_len.

Referenced by MimeDecParseFullMsg().

Here is the call graph for this function:

Here is the caller graph for this function:

int MimeDecParseLine ( const uint8_t *  line,
const uint32_t  len,
const uint8_t  delim_len,
MimeDecParseState state 
)

Parse a line of a MIME message and update the parser state.

Parameters
lineA string representing the line (w/out CRLF)
lenThe length of the line
delim_lenThe length of the line end delimiter
stateThe parser state
Returns
MIME_DEC_OK on success, otherwise < 0 on failure

Definition at line 2541 of file util-decode-mime.c.

References MimeDecParseState::current_line_delimiter_len, MIME_DEC_OK, PARSE_ERROR, SC_LOG_DEBUG, SCLogDebug, and MimeDecParseState::state_flag.

Referenced by MimeDecParseFullMsg(), and SMTPProcessDataChunk().

Here is the caller graph for this function:

void MimeDecRegisterTests ( void  )

Definition at line 3040 of file util-decode-mime.c.

References UtRegisterTest().

Here is the call graph for this function:

void MimeDecSetConfig ( MimeDecConfig config)

Set global config policy.

Parameters
configConfig policy to set
Returns
none

Definition at line 132 of file util-decode-mime.c.

References MimeDecConfig::header_value_depth, MAX_HEADER_VALUE, SC_ERR_MISSING_CONFIG_PARAM, and SCLogWarning.

Referenced by SMTPParserCleanup().

Here is the caller graph for this function: