suricata
util-file-decompression.h File Reference
#include "detect.h"
Include dependency graph for util-file-decompression.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Enumerations

enum  { FILE_IS_NOT_SWF = 0, FILE_SWF_NO_COMPRESSION, FILE_SWF_ZLIB_COMPRESSION, FILE_SWF_LZMA_COMPRESSION }
 

Functions

int FileIsSwfFile (const uint8_t *buffer, uint32_t buffer_len)
 
int FileSwfDecompression (const uint8_t *buffer, uint32_t buffer_len, DetectEngineThreadCtx *det_ctx, InspectionBuffer *out_buffer, int swf_type, uint32_t decompress_depth, uint32_t compress_depth)
 This function decompresses a buffer with zlib/lzma algorithm. More...
 

Detailed Description

Enumeration Type Documentation

anonymous enum
Enumerator
FILE_IS_NOT_SWF 
FILE_SWF_NO_COMPRESSION 
FILE_SWF_ZLIB_COMPRESSION 
FILE_SWF_LZMA_COMPRESSION 

Definition at line 30 of file util-file-decompression.h.

Function Documentation

int FileIsSwfFile ( const uint8_t *  buffer,
uint32_t  buffer_len 
)

Definition at line 41 of file util-file-decompression.c.

References FILE_IS_NOT_SWF, FILE_SWF_LZMA_COMPRESSION, FILE_SWF_NO_COMPRESSION, and FILE_SWF_ZLIB_COMPRESSION.

Referenced by FileSwfDecompression().

Here is the caller graph for this function:

int FileSwfDecompression ( const uint8_t *  buffer,
uint32_t  buffer_len,
DetectEngineThreadCtx det_ctx,
InspectionBuffer out_buffer,
int  swf_type,
uint32_t  decompress_depth,
uint32_t  compress_depth 
)

This function decompresses a buffer with zlib/lzma algorithm.

Parameters
buffercompressed buffer
buffer_lencompressed buffer length
decompressed_bufferbuffer that store decompressed data
decompressed_buffer_lendecompressesd data length
swf_typedecompression algorithm to use
decompress_depthhow much decompressed data we want to store
compress_depthhow much compressed data we want to decompress
Return values
1if decompression works
0an error occured, and event set

Definition at line 71 of file util-file-decompression.c.

References InspectionBuffer::buf, DetectEngineSetEvent(), FILE_DECODER_EVENT_INVALID_SWF_LENGTH, FILE_DECODER_EVENT_INVALID_SWF_VERSION, FILE_DECODER_EVENT_NO_MEM, FILE_SWF_LZMA_COMPRESSION, FILE_SWF_NO_COMPRESSION, FILE_SWF_ZLIB_COMPRESSION, FileGetSwfDecompressedLen(), FileGetSwfVersion(), FileIsSwfFile(), FileSwfZlibDecompression(), HTTP_SWF_COMPRESSION_BOTH, HTTP_SWF_COMPRESSION_LZMA, HTTP_SWF_COMPRESSION_ZLIB, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBufferCheckAndExpand(), InspectionBuffer::len, MIN_SWF_LEN, offset, InspectionBuffer::size, SWF_LZMA_MIN_VERSION, and SWF_ZLIB_MIN_VERSION.

Here is the call graph for this function: