suricata
util-file-decompression.c File Reference

Decompress files transfered via HTTP corresponding to file_data keyword. More...

#include "suricata-common.h"
#include "suricata.h"
#include "detect-engine.h"
#include "app-layer-htp.h"
#include "util-file-decompression.h"
#include "util-file-swf-decompression.h"
#include "util-misc.h"
#include "util-print.h"
Include dependency graph for util-file-decompression.c:

Go to the source code of this file.

Macros

#define SWF_ZLIB_MIN_VERSION   0x06
 
#define SWF_LZMA_MIN_VERSION   0x0D
 

Functions

int FileIsSwfFile (const uint8_t *buffer, uint32_t buffer_len)
 
int FileSwfDecompression (const uint8_t *buffer, uint32_t buffer_len, DetectEngineThreadCtx *det_ctx, InspectionBuffer *out_buffer, int swf_type, uint32_t decompress_depth, uint32_t compress_depth)
 This function decompresses a buffer with zlib/lzma algorithm. More...
 

Detailed Description

Decompress files transfered via HTTP corresponding to file_data keyword.

Author
Giuseppe Longo giuse.nosp@m.ppe@.nosp@m.glong.nosp@m.o.it

Definition in file util-file-decompression.c.

Macro Definition Documentation

#define SWF_LZMA_MIN_VERSION   0x0D

Definition at line 39 of file util-file-decompression.c.

Referenced by FileSwfDecompression().

#define SWF_ZLIB_MIN_VERSION   0x06

Definition at line 38 of file util-file-decompression.c.

Referenced by FileSwfDecompression().

Function Documentation

int FileIsSwfFile ( const uint8_t *  buffer,
uint32_t  buffer_len 
)

Definition at line 41 of file util-file-decompression.c.

References FILE_IS_NOT_SWF, FILE_SWF_LZMA_COMPRESSION, FILE_SWF_NO_COMPRESSION, and FILE_SWF_ZLIB_COMPRESSION.

Referenced by FileSwfDecompression().

Here is the caller graph for this function:

int FileSwfDecompression ( const uint8_t *  buffer,
uint32_t  buffer_len,
DetectEngineThreadCtx det_ctx,
InspectionBuffer out_buffer,
int  swf_type,
uint32_t  decompress_depth,
uint32_t  compress_depth 
)

This function decompresses a buffer with zlib/lzma algorithm.

Parameters
buffercompressed buffer
buffer_lencompressed buffer length
decompressed_bufferbuffer that store decompressed data
decompressed_buffer_lendecompressesd data length
swf_typedecompression algorithm to use
decompress_depthhow much decompressed data we want to store
compress_depthhow much compressed data we want to decompress
Return values
1if decompression works
0an error occured, and event set

Definition at line 71 of file util-file-decompression.c.

References InspectionBuffer::buf, DetectEngineSetEvent(), FILE_DECODER_EVENT_INVALID_SWF_LENGTH, FILE_DECODER_EVENT_INVALID_SWF_VERSION, FILE_DECODER_EVENT_NO_MEM, FILE_SWF_LZMA_COMPRESSION, FILE_SWF_NO_COMPRESSION, FILE_SWF_ZLIB_COMPRESSION, FileGetSwfDecompressedLen(), FileGetSwfVersion(), FileIsSwfFile(), FileSwfZlibDecompression(), HTTP_SWF_COMPRESSION_BOTH, HTTP_SWF_COMPRESSION_LZMA, HTTP_SWF_COMPRESSION_ZLIB, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBufferCheckAndExpand(), InspectionBuffer::len, MIN_SWF_LEN, offset, InspectionBuffer::size, SWF_LZMA_MIN_VERSION, and SWF_ZLIB_MIN_VERSION.

Here is the call graph for this function: