suricata
|
#include "detect.h"
Go to the source code of this file.
Enumerations | |
enum | { FILE_IS_NOT_SWF = 0, FILE_SWF_NO_COMPRESSION, FILE_SWF_ZLIB_COMPRESSION, FILE_SWF_LZMA_COMPRESSION } |
Functions | |
int | FileIsSwfFile (const uint8_t *buffer, uint32_t buffer_len) |
int | FileSwfDecompression (const uint8_t *buffer, uint32_t buffer_len, DetectEngineThreadCtx *det_ctx, InspectionBuffer *out_buffer, int swf_type, uint32_t decompress_depth, uint32_t compress_depth) |
This function decompresses a buffer with zlib/lzma algorithm. More... | |
Definition in file util-file-decompression.h.
anonymous enum |
Enumerator | |
---|---|
FILE_IS_NOT_SWF | |
FILE_SWF_NO_COMPRESSION | |
FILE_SWF_ZLIB_COMPRESSION | |
FILE_SWF_LZMA_COMPRESSION |
Definition at line 30 of file util-file-decompression.h.
int FileIsSwfFile | ( | const uint8_t * | buffer, |
uint32_t | buffer_len | ||
) |
Definition at line 41 of file util-file-decompression.c.
References FILE_IS_NOT_SWF, FILE_SWF_LZMA_COMPRESSION, FILE_SWF_NO_COMPRESSION, and FILE_SWF_ZLIB_COMPRESSION.
Referenced by FileSwfDecompression().
int FileSwfDecompression | ( | const uint8_t * | buffer, |
uint32_t | buffer_len, | ||
DetectEngineThreadCtx * | det_ctx, | ||
InspectionBuffer * | out_buffer, | ||
int | swf_type, | ||
uint32_t | decompress_depth, | ||
uint32_t | compress_depth | ||
) |
This function decompresses a buffer with zlib/lzma algorithm.
buffer | compressed buffer |
buffer_len | compressed buffer length |
decompressed_buffer | buffer that store decompressed data |
decompressed_buffer_len | decompressed data length |
swf_type | decompression algorithm to use |
decompress_depth | how much decompressed data we want to store |
compress_depth | how much compressed data we want to decompress |
1 | if decompression works |
0 | an error occurred, and event set |
Definition at line 71 of file util-file-decompression.c.
References InspectionBuffer::buf, DetectEngineSetEvent(), FILE_DECODER_EVENT_INVALID_SWF_LENGTH, FILE_DECODER_EVENT_INVALID_SWF_VERSION, FILE_DECODER_EVENT_NO_MEM, FILE_SWF_LZMA_COMPRESSION, FILE_SWF_NO_COMPRESSION, FILE_SWF_ZLIB_COMPRESSION, FileGetSwfDecompressedLen(), FileGetSwfVersion(), FileIsSwfFile(), FileSwfLzmaDecompression(), FileSwfZlibDecompression(), HTTP_SWF_COMPRESSION_BOTH, HTTP_SWF_COMPRESSION_LZMA, HTTP_SWF_COMPRESSION_ZLIB, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBufferCheckAndExpand(), InspectionBuffer::len, MIN_SWF_LEN, offset, InspectionBuffer::size, SWF_LZMA_MIN_VERSION, and SWF_ZLIB_MIN_VERSION.