suricata
util-magic.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Wrappers and tests for libmagic usage.
24  *
25  * Libmagic's API is not thread safe. The data the pointer returned by
26  * magic_buffer is overwritten by the next magic_buffer call. This is
27  * why we need to lock calls and copy the returned string.
28  */
29 
30 #include "suricata-common.h"
31 #include "conf.h"
32 #include "util-unittest.h"
33 #include "util-magic.h"
34 #include "util-debug.h"
35 
36 #ifdef HAVE_MAGIC
37 
38 /**
39  * \brief Initialize a "magic" context.
40  */
41 magic_t MagicInitContext(void)
42 {
43  magic_t ctx;
44  const char *filename = NULL;
45  FILE *fd = NULL;
46 
47  ctx = magic_open(0);
48  if (ctx == NULL) {
49  SCLogError("magic_open failed: %s", magic_error(ctx));
50  goto error;
51  }
52 
53  (void)ConfGet("magic-file", &filename);
54 
55 
56  if (filename != NULL) {
57  if (strlen(filename) == 0) {
58  /* set filename to NULL on *nix systems so magic_load uses system
59  * default path (see man libmagic) */
60  SCLogConfig("using system default magic-file");
61  filename = NULL;
62  }
63  else {
64  SCLogConfig("using magic-file %s", filename);
65 
66  if ( (fd = fopen(filename, "r")) == NULL) {
67  SCLogWarning("Error opening file: \"%s\": %s", filename, strerror(errno));
68  goto error;
69  }
70  fclose(fd);
71  }
72  }
73 
74  if (magic_load(ctx, filename) != 0) {
75  SCLogError("magic_load failed: %s", magic_error(ctx));
76  goto error;
77  }
78  return ctx;
79 
80 error:
81  if (ctx != NULL) {
82  magic_close(ctx);
83  ctx = NULL;
84  }
85  return NULL;
86 }
87 
88 
89 void MagicDeinitContext(magic_t ctx)
90 {
91  if (ctx != NULL)
92  magic_close(ctx);
93 }
94 
95 /**
96  * \brief Find the magic value for a buffer.
97  *
98  * \param buf the buffer
99  * \param buflen length of the buffer
100  *
101  * \retval result pointer to null terminated string
102  */
103 char *MagicThreadLookup(magic_t *ctx, const uint8_t *buf, uint32_t buflen)
104 {
105  const char *result = NULL;
106  char *magic = NULL;
107 
108  if (buf != NULL && buflen > 0) {
109  result = magic_buffer(*ctx, (void *)buf, (size_t)buflen);
110  if (result != NULL) {
111  magic = SCStrdup(result);
112  if (unlikely(magic == NULL)) {
113  SCLogError("Unable to dup magic");
114  }
115  }
116  }
117 
118  SCReturnPtr(magic, "const char");
119 }
120 
121 #ifdef UNITTESTS
122 
123 /** \test magic lib calls -- init */
124 static int MagicInitTest01(void)
125 {
126  int result = 0;
127  magic_t magic_ctx;
128 
129  magic_ctx = magic_open(0);
130  if (magic_ctx == NULL) {
131  printf("failure retrieving magic_ctx\n");
132  return 0;
133  }
134 
135  if (magic_load(magic_ctx, NULL) == -1) {
136  printf("failure magic_load\n");
137  goto end;
138  }
139 
140  result = 1;
141  end:
142  magic_close(magic_ctx);
143  return result;
144 }
145 
146 /** \test magic lib calls -- lookup */
147 static int MagicDetectTest01(void)
148 {
149  magic_t magic_ctx;
150  char *result = NULL;
151  char buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
152  size_t buffer_len = sizeof(buffer);
153  int retval = 0;
154 
155  magic_ctx = magic_open(0);
156  if (magic_ctx == NULL) {
157  printf("failure retrieving magic_ctx\n");
158  return 0;
159  }
160 
161  if (magic_load(magic_ctx, NULL) == -1) {
162  printf("magic_load failure\n");
163  goto end;
164  }
165 
166  result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
167  if (result == NULL || strncmp(result, "PDF document", 12) != 0) {
168  printf("result %p:%s, not \"PDF document\": ", result,result?result:"(null)");
169  goto end;
170  }
171 
172  retval = 1;
173 end:
174  magic_close(magic_ctx);
175  return retval;
176 }
177 #if 0
178 /** \test magic lib calls -- lookup */
179 static int MagicDetectTest02(void)
180 {
181  magic_t magic_ctx;
182  char *result = NULL;
183 
184  char buffer[] = {
185  0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1,
186  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
187  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
188  0x3e, 0x00, 0x03, 0x00, 0xfe, 0xff, 0x09, 0x00,
189 
190  0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
191  0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
192  0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
193  0x00, 0x10, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00,
194 
195  0x01, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff,
196  0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00,
197  0x97, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
198  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
199  };
200  size_t buffer_len = sizeof(buffer);
201  int retval = 0;
202 
203  magic_ctx = magic_open(0);
204  if (magic_ctx == NULL) {
205  printf("failure retrieving magic_ctx\n");
206  return 0;
207  }
208 
209  if (magic_load(magic_ctx, NULL) == -1) {
210  printf("magic_load failure\n");
211  goto end;
212  }
213 
214  result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
215  if (result == NULL || strcmp(result, MICROSOFT_OFFICE_DOC) != 0) {
216  printf("result %p:%s, not \"Microsoft Office Document\": ", result,result?result:"(null)");
217  goto end;
218  }
219 
220  retval = 1;
221 end:
222  magic_close(magic_ctx);
223  return retval;
224 }
225 #endif
226 /** \test magic lib calls -- lookup */
227 static int MagicDetectTest03(void)
228 {
229  char buffer[] = {
230  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00,
231  0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6,
232  0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00,
233  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
234 
235  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
236  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
237  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61,
238  0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
239 
240  0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
241  0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03,
242  0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
243  0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,
244 
245  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
246  0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69,
247  0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
248  0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75,
249 
250  0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03,
251  0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b,
252  };
253  size_t buffer_len = sizeof(buffer);
254 
255  magic_t magic_ctx = magic_open(0);
256  FAIL_IF_NULL(magic_ctx);
257 
258  FAIL_IF(magic_load(magic_ctx, NULL) == -1);
259 
260  char *result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
261  FAIL_IF_NULL(result);
262 
263  char *str = strstr(result, "OpenDocument Text");
264  FAIL_IF_NULL(str);
265 
266  magic_close(magic_ctx);
267  PASS;
268 }
269 
270 /** \test magic lib calls -- lookup */
271 static int MagicDetectTest04(void)
272 {
273  magic_t magic_ctx;
274  char *result = NULL;
275 
276  char buffer[] = {
277  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x08,
278  0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, 0x8b, 0x70,
279  0x96, 0x08, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00,
280  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
281 
282  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
283  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
284  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x73, 0x75,
285  0x6e, 0x2e, 0x78, 0x6d, 0x6c, 0x2e, 0x62, 0x61,
286 
287  0x73, 0x65, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
288  0x00, 0x08, 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c,
289  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
290  0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
291 
292  0x4d, 0x45, 0x54, 0x41, 0x2d, 0x49, 0x4e, 0x46,
293  0x2f, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00,
294  0x08, 0x08, 0x00, 0xa8, 0x42, 0x1d, 0x37, 0x5d,
295  0xa7, 0xb2, 0xc1, 0xde, 0x01, 0x00, 0x00, 0x7e,
296 
297  0x04, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x63,
298  0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x78,
299  0x6d, 0x6c, 0x95, 0x54, 0x4d, 0x6f, 0xdb, 0x30,
300  0x0c, 0xbd, 0xe7, 0x57, 0x18, 0x02, 0x06, 0x6c,
301 
302  0x07, 0xc5, 0xe9, 0xb6, 0xc3, 0x22, 0xc4, 0x29,
303  0x86, 0x7d, 0x00, 0x05, 0x8a, 0x9d, 0xb2, 0x43,
304  0x8f, 0xb2, 0x24, 0xa7, 0xc2, 0x64, 0xc9, 0x15,
305  };
306  size_t buffer_len = sizeof(buffer);
307  int retval = 0;
308 
309  magic_ctx = magic_open(0);
310  if (magic_ctx == NULL) {
311  printf("failure retrieving magic_ctx\n");
312  return 0;
313  }
314 
315  if (magic_load(magic_ctx, NULL) == -1) {
316  printf("magic_load failure\n");
317  goto end;
318  }
319 
320  result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
321  if (result == NULL || strncmp(result, "OpenOffice.org 1.x", 18) != 0) {
322  printf("result %p:%s, not \"OpenOffice.org 1.x\": ", result,result?result:"(null)");
323  goto end;
324  }
325 
326  retval = 1;
327 end:
328  magic_close(magic_ctx);
329  return retval;
330 }
331 
332 
333 /** \test magic api calls -- lookup */
334 static int MagicDetectTest05(void)
335 {
336  const char *result = NULL;
337  magic_t ctx = NULL;
338  uint8_t buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
339  size_t buffer_len = sizeof(buffer);
340  int retval = 0;
341 
342 
343  ctx = MagicInitContext();
344  FAIL_IF(ctx == NULL);
345 
346  result = MagicThreadLookup(&ctx, buffer, buffer_len);
347  if (result == NULL || strncmp(result, "PDF document", 12) != 0) {
348  printf("result %p:%s, not \"PDF document\": ", result,result?result:"(null)");
349  goto end;
350  }
351 
352  retval = 1;
353 end:
354  MagicDeinitContext(ctx);
355  return retval;
356 }
357 
358 #if 0
359 /** \test magic api calls -- lookup */
360 static int MagicDetectTest06(void)
361 {
362  const char *result = NULL;
363  uint8_t buffer[] = {
364  0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1,
365  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
366  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
367  0x3e, 0x00, 0x03, 0x00, 0xfe, 0xff, 0x09, 0x00,
368 
369  0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
370  0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
371  0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
372  0x00, 0x10, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00,
373 
374  0x01, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff,
375  0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00,
376  0x97, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
377  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
378  };
379  size_t buffer_len = sizeof(buffer);
380  int retval = 0;
381 
382  if (MagicInit() < 0) {
383  printf("MagicInit() failure\n");
384  return 0;
385  }
386 
387  result = MagicGlobalLookup(buffer, buffer_len);
388  if (result == NULL || strcmp(result, MICROSOFT_OFFICE_DOC) != 0) {
389  printf("result %p:%s, not \"Microsoft Office Document\": ", result,result?result:"(null)");
390  goto end;
391  }
392 
393  retval = 1;
394 
395 end:
396  MagicDeinit();
397  return retval;
398 }
399 #endif
400 /** \test magic api calls -- lookup */
401 static int MagicDetectTest07(void)
402 {
403  const char *result = NULL;
404  magic_t ctx = NULL;
405  uint8_t buffer[] = {
406  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00,
407  0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6,
408  0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00,
409  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
410 
411  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
412  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
413  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61,
414  0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
415 
416  0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
417  0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03,
418  0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
419  0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,
420 
421  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
422  0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69,
423  0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
424  0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75,
425 
426  0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03,
427  0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b,
428  };
429  size_t buffer_len = sizeof(buffer);
430 
431  ctx = MagicInitContext();
432  FAIL_IF(ctx == NULL);
433 
434  result = MagicThreadLookup(&ctx, buffer, buffer_len);
435  FAIL_IF_NULL(result);
436 
437  char *str = strstr(result, "OpenDocument Text");
438  FAIL_IF_NULL(str);
439 
440  MagicDeinitContext(ctx);
441  PASS;
442 }
443 
444 /** \test magic api calls -- lookup */
445 static int MagicDetectTest08(void)
446 {
447  const char *result = NULL;
448  magic_t ctx = NULL;
449  uint8_t buffer[] = {
450  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x08,
451  0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, 0x8b, 0x70,
452  0x96, 0x08, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00,
453  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
454 
455  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
456  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
457  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x73, 0x75,
458  0x6e, 0x2e, 0x78, 0x6d, 0x6c, 0x2e, 0x62, 0x61,
459 
460  0x73, 0x65, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
461  0x00, 0x08, 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c,
462  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
463  0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
464 
465  0x4d, 0x45, 0x54, 0x41, 0x2d, 0x49, 0x4e, 0x46,
466  0x2f, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00,
467  0x08, 0x08, 0x00, 0xa8, 0x42, 0x1d, 0x37, 0x5d,
468  0xa7, 0xb2, 0xc1, 0xde, 0x01, 0x00, 0x00, 0x7e,
469 
470  0x04, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x63,
471  0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x78,
472  0x6d, 0x6c, 0x95, 0x54, 0x4d, 0x6f, 0xdb, 0x30,
473 
474  0x0c, 0xbd, 0xe7, 0x57, 0x18, 0x02, 0x06, 0x6c,
475  0x07, 0xc5, 0xe9, 0xb6, 0xc3, 0x22, 0xc4, 0x29,
476  0x86, 0x7d, 0x00, 0x05, 0x8a, 0x9d, 0xb2, 0x43,
477  0x8f, 0xb2, 0x24, 0xa7, 0xc2, 0x64, 0xc9, 0x15,
478  };
479  size_t buffer_len = sizeof(buffer);
480  int retval = 0;
481 
482  ctx = MagicInitContext();
483  FAIL_IF(ctx == NULL);
484 
485  result = MagicThreadLookup(&ctx, buffer, buffer_len);
486  if (result == NULL || strncmp(result, "OpenOffice.org 1.x", 18) != 0) {
487  printf("result %p:%s, not \"OpenOffice.org 1.x\": ", result,result?result:"(null)");
488  goto end;
489  }
490 
491  retval = 1;
492 end:
493  MagicDeinitContext(ctx);
494  return retval;
495 }
496 #if 0
497 /** \test magic api calls -- make sure memory is shared */
498 static int MagicDetectTest09(void)
499 {
500  const char *result1 = NULL;
501  const char *result2 = NULL;
502  uint8_t buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
503  size_t buffer_len = sizeof(buffer);
504  int retval = 0;
505 
506  if (MagicInit() < 0) {
507  printf("MagicInit() failure\n");
508  return 0;
509  }
510 
511  result1 = MagicGlobalLookup(buffer, buffer_len);
512  if (result1 == NULL || strncmp(result1, "PDF document", 12) != 0) {
513  printf("result %p:%s, not \"PDF document\": ", result1,result1?result1:"(null)");
514  goto end;
515  }
516 
517  result2 = MagicGlobalLookup(buffer, buffer_len);
518  if (result2 == NULL || strncmp(result2, "PDF document", 12) != 0) {
519  printf("result %p:%s, not \"PDF document\": ", result2,result2?result2:"(null)");
520  goto end;
521  }
522 
523  if (result1 != result2) {
524  printf("pointers not equal, weird... %p != %p: ", result1, result2);
525  goto end;
526  }
527 
528  retval = 1;
529 end:
530  MagicDeinit();
531  return retval;
532 }
533 #endif
534 /** \test results in valgrind warning about invalid read, tested with
535  * file 5.09 and 5.11 */
536 static int MagicDetectTest10ValgrindError(void)
537 {
538  const char *result = NULL;
539  magic_t ctx = NULL;
540  uint8_t buffer[] = {
541  0xFF,0xD8,0xFF,0xE0,0x00,0x10,0x4A,0x46,0x49,0x46,0x00,0x01,0x01,0x01,0x01,0x2C,
542  0x01,0x2C,0x00,0x00,0xFF,0xFE,0x00,0x4C,0x53,0x69,0x67,0x6E,0x61,0x74,0x75,0x72,
543  0x65,0x3A,0x34,0x31,0x31,0x65,0x33,0x38,0x61,0x61,0x61,0x31,0x37,0x65,0x33,0x30,
544  0x66,0x30,0x32,0x38,0x62,0x61,0x30,0x31,0x36,0x32,0x36,0x37,0x66,0x66,0x30,0x31,
545  0x36,0x36,0x61,0x65,0x35,0x39,0x65,0x38,0x31,0x39,0x62,0x61,0x32,0x34,0x63,0x39,
546  0x62,0x31,0x33,0x37,0x33,0x62,0x31,0x61,0x35,0x61,0x38,0x65,0x64,0x63,0x36,0x30,
547  0x65,0x37,0xFF,0xE2,0x02,0x2C,0x49,0x43,0x43,0x5F,0x50,0x52,0x4F,0x46,0x49,0x4C,
548  0x45,0x00,0x01,0x01,0x00,0x00,0x02,0x1C,0x41,0x44,0x42,0x45,0x02,0x10,0x00,0x00,
549  0x6D,0x6E,0x74,0x72,0x52,0x47,0x42,0x20,0x58,0x59,0x5A,0x20,0x07,0xCF,0x00,0x05,
550  0x00,0x09,0x00,0x15,0x00,0x0B,0x00,0x21,0x61,0x63,0x73,0x70,0x41,0x50,0x50,0x4C,
551  0x00,0x00,0x00,0x00,0x6E,0x6F,0x6E,0x65,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
552  };
553  size_t buffer_len = sizeof(buffer);
554  int retval = 0;
555 
556 
557  ctx = MagicInitContext();
558  FAIL_IF(ctx == NULL);
559 
560  result = MagicThreadLookup(&ctx, buffer, buffer_len);
561  if (result == NULL || strncmp(result, "JPEG", 4) != 0) {
562  printf("result %p:%s, not \"JPEG\": ", result,result?result:"(null)");
563  goto end;
564  }
565 
566  retval = 1;
567 end:
568  MagicDeinitContext(ctx);
569  return retval;
570 }
571 
572 #endif /* UNITTESTS */
573 #endif
574 
575 void MagicRegisterTests(void)
576 {
577 #ifdef HAVE_MAGIC
578 #ifdef UNITTESTS
579  UtRegisterTest("MagicInitTest01", MagicInitTest01);
580  UtRegisterTest("MagicDetectTest01", MagicDetectTest01);
581  //UtRegisterTest("MagicDetectTest02", MagicDetectTest02, 1);
582  UtRegisterTest("MagicDetectTest03", MagicDetectTest03);
583  UtRegisterTest("MagicDetectTest04", MagicDetectTest04);
584  UtRegisterTest("MagicDetectTest05", MagicDetectTest05);
585  //UtRegisterTest("MagicDetectTest06", MagicDetectTest06, 1);
586  UtRegisterTest("MagicDetectTest07", MagicDetectTest07);
587  UtRegisterTest("MagicDetectTest08", MagicDetectTest08);
588  /* fails in valgrind, somehow it returns different pointers then.
589  UtRegisterTest("MagicDetectTest09", MagicDetectTest09, 1); */
590 
591  UtRegisterTest("MagicDetectTest10ValgrindError",
592  MagicDetectTest10ValgrindError);
593 #endif /* UNITTESTS */
594 #endif /* HAVE_MAGIC */
595 }
596 
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
MagicRegisterTests
void MagicRegisterTests(void)
Definition: util-magic.c:575
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
ctx
struct Thresholds ctx
util-unittest.h
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:335
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
conf.h
util-magic.h
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:287
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
str
#define str(s)
Definition: suricata-common.h:291
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
MacSet_::buf
MacAddr * buf[2]
Definition: util-macset.c:55