38 #define SWF_ZLIB_MIN_VERSION 0x06 39 #define SWF_LZMA_MIN_VERSION 0x0D 43 if (buffer_len >= 3 && buffer[1] ==
'W' && buffer[2] ==
'S') {
46 else if (buffer[0] ==
'C')
48 else if (buffer[0] ==
'Z')
75 uint32_t decompress_depth,
76 uint32_t compress_depth)
94 if (buffer_len <= offset) {
99 uint32_t compressed_data_len = 0;
100 if (buffer_len > offset && compress_depth == 0) {
101 compressed_data_len = buffer_len -
offset;
102 }
else if (compress_depth > 0 && compress_depth <= buffer_len) {
103 compressed_data_len = compress_depth;
104 }
else if (compress_depth > 0 && compress_depth > buffer_len) {
105 compressed_data_len = buffer_len;
125 if (decompressed_swf_len == 0) {
130 uint32_t decompressed_data_len = (decompress_depth == 0) ? decompressed_swf_len : decompress_depth;
131 decompressed_data_len += 8;
135 if (out_buffer->
size < decompressed_data_len) {
139 out_buffer->
len = decompressed_data_len;
146 out_buffer->
buf[0] =
'F';
147 out_buffer->
buf[1] =
'W';
148 out_buffer->
buf[2] =
'S';
149 out_buffer->
buf[3] = swf_version;
150 memcpy(out_buffer->
buf + 4, &decompressed_swf_len, 4);
151 memset(out_buffer->
buf + 8, 0, decompressed_data_len - 8);
160 (uint8_t *)buffer + offset, compressed_data_len,
161 out_buffer->
buf + 8, out_buffer->
len - 8);
176 compressed_data_len += 13;
177 uint8_t compressed_data[compressed_data_len];
179 memcpy(compressed_data, buffer + 12, 5);
181 memset(compressed_data + 5, 0xFF, 8);
183 memcpy(compressed_data + 13, buffer + offset, compressed_data_len - 13);
188 r = FileSwfLzmaDecompression(det_ctx,
189 compressed_data, compressed_data_len,
190 out_buffer->
buf + 8, out_buffer->
len - 8);
void DetectEngineSetEvent(DetectEngineThreadCtx *det_ctx, uint8_t e)
void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size)
make sure that the buffer has at least 'min_size' bytes Expand the buffer if necessary ...
int FileIsSwfFile(const uint8_t *buffer, uint32_t buffer_len)
#define SWF_LZMA_MIN_VERSION
uint32_t FileGetSwfDecompressedLen(const uint8_t *buffer, const uint32_t buffer_len)
#define SWF_ZLIB_MIN_VERSION
int FileSwfDecompression(const uint8_t *buffer, uint32_t buffer_len, DetectEngineThreadCtx *det_ctx, InspectionBuffer *out_buffer, int swf_type, uint32_t decompress_depth, uint32_t compress_depth)
This function decompresses a buffer with zlib/lzma algorithm.
int FileSwfZlibDecompression(DetectEngineThreadCtx *det_ctx, uint8_t *compressed_data, uint32_t compressed_data_len, uint8_t *decompressed_data, uint32_t decompressed_data_len)
uint8_t FileGetSwfVersion(const uint8_t *buffer, const uint32_t buffer_len)