Decompress files transferred via HTTP corresponding to file_data keyword. More...
#include "suricata-common.h"#include "suricata.h"#include "detect-engine.h"#include "app-layer-htp.h"#include "util-file-decompression.h"#include "util-file-swf-decompression.h"#include "util-misc.h"#include "util-print.h"
Go to the source code of this file.
Macros | |
| #define | SWF_ZLIB_MIN_VERSION 0x06 |
| #define | SWF_LZMA_MIN_VERSION 0x0D |
Functions | |
| int | FileIsSwfFile (const uint8_t *buffer, uint32_t buffer_len) |
| int | FileSwfDecompression (const uint8_t *buffer, uint32_t buffer_len, DetectEngineThreadCtx *det_ctx, InspectionBuffer *out_buffer, int swf_type, uint32_t decompress_depth, uint32_t compress_depth) |
| This function decompresses a buffer with zlib/lzma algorithm. More... | |
Detailed Description
Decompress files transferred via HTTP corresponding to file_data keyword.
Definition in file util-file-decompression.c.
Macro Definition Documentation
◆ SWF_LZMA_MIN_VERSION
| #define SWF_LZMA_MIN_VERSION 0x0D |
Definition at line 40 of file util-file-decompression.c.
◆ SWF_ZLIB_MIN_VERSION
| #define SWF_ZLIB_MIN_VERSION 0x06 |
Definition at line 39 of file util-file-decompression.c.
Function Documentation
◆ FileIsSwfFile()
| int FileIsSwfFile | ( | const uint8_t * | buffer, |
| uint32_t | buffer_len | ||
| ) |
Definition at line 41 of file util-file-decompression.c.
References FILE_IS_NOT_SWF, FILE_SWF_LZMA_COMPRESSION, FILE_SWF_NO_COMPRESSION, and FILE_SWF_ZLIB_COMPRESSION.
Referenced by FileSwfDecompression().
◆ FileSwfDecompression()
| int FileSwfDecompression | ( | const uint8_t * | buffer, |
| uint32_t | buffer_len, | ||
| DetectEngineThreadCtx * | det_ctx, | ||
| InspectionBuffer * | out_buffer, | ||
| int | swf_type, | ||
| uint32_t | decompress_depth, | ||
| uint32_t | compress_depth | ||
| ) |
This function decompresses a buffer with zlib/lzma algorithm.
- Parameters
-
buffer compressed buffer buffer_len compressed buffer length decompressed_buffer buffer that store decompressed data decompressed_buffer_len decompressed data length swf_type decompression algorithm to use decompress_depth how much decompressed data we want to store compress_depth how much compressed data we want to decompress
- Return values
-
1 if decompression works 0 an error occurred, and event set
Definition at line 71 of file util-file-decompression.c.
References InspectionBuffer::buf, DetectEngineSetEvent(), FILE_DECODER_EVENT_INVALID_SWF_LENGTH, FILE_DECODER_EVENT_INVALID_SWF_VERSION, FILE_DECODER_EVENT_NO_MEM, FILE_SWF_LZMA_COMPRESSION, FILE_SWF_NO_COMPRESSION, FILE_SWF_ZLIB_COMPRESSION, FileGetSwfDecompressedLen(), FileGetSwfVersion(), FileIsSwfFile(), FileSwfLzmaDecompression(), FileSwfZlibDecompression(), HTTP_SWF_COMPRESSION_BOTH, HTTP_SWF_COMPRESSION_LZMA, HTTP_SWF_COMPRESSION_ZLIB, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBufferCheckAndExpand(), InspectionBuffer::len, MIN_SWF_LEN, offset, InspectionBuffer::size, SWF_LZMA_MIN_VERSION, and SWF_ZLIB_MIN_VERSION.
