suricata
util-magic.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Wrappers and tests for libmagic usage.
24  *
25  * Libmagic's API is not thread safe. The data the pointer returned by
26  * magic_buffer is overwritten by the next magic_buffer call. This is
27  * why we need to lock calls and copy the returned string.
28  */
29 
30 #include "suricata-common.h"
31 #include "conf.h"
32 #include "util-unittest.h"
33 #include "util-magic.h"
34 #include "util-debug.h"
35 
36 #ifdef HAVE_MAGIC
37 
38 /**
39  * \brief Initialize a "magic" context.
40  */
41 magic_t MagicInitContext(void)
42 {
43  magic_t ctx;
44  const char *filename = NULL;
45  FILE *fd = NULL;
46 
47  ctx = magic_open(0);
48  if (ctx == NULL) {
49  SCLogError("magic_open failed: %s", magic_error(ctx));
50  goto error;
51  }
52 
53  (void)ConfGet("magic-file", &filename);
54 
55 
56  if (filename != NULL) {
57  if (strlen(filename) == 0) {
58  /* set filename to NULL on *nix systems so magic_load uses system
59  * default path (see man libmagic) */
60  SCLogConfig("using system default magic-file");
61  filename = NULL;
62  }
63  else {
64  SCLogConfig("using magic-file %s", filename);
65 
66  if ( (fd = fopen(filename, "r")) == NULL) {
67  SCLogWarning("Error opening file: \"%s\": %s", filename, strerror(errno));
68  goto error;
69  }
70  fclose(fd);
71  }
72  }
73 
74  if (magic_load(ctx, filename) != 0) {
75  SCLogError("magic_load failed: %s", magic_error(ctx));
76  goto error;
77  }
78  return ctx;
79 
80 error:
81  if (ctx != NULL) {
82  magic_close(ctx);
83  ctx = NULL;
84  }
85  return NULL;
86 }
87 
88 
89 void MagicDeinitContext(magic_t ctx)
90 {
91  if (ctx != NULL)
92  magic_close(ctx);
93 }
94 
95 /**
96  * \brief Find the magic value for a buffer.
97  *
98  * \param buf the buffer
99  * \param buflen length of the buffer
100  *
101  * \retval result pointer to null terminated string
102  */
103 char *MagicThreadLookup(magic_t *ctx, const uint8_t *buf, uint32_t buflen)
104 {
105  const char *result = NULL;
106  char *magic = NULL;
107 
108  if (buf != NULL && buflen > 0) {
109  result = magic_buffer(*ctx, (void *)buf, (size_t)buflen);
110  if (result != NULL) {
111  magic = SCStrdup(result);
112  if (unlikely(magic == NULL)) {
113  SCLogError("Unable to dup magic");
114  }
115  }
116  }
117 
118  SCReturnPtr(magic, "const char");
119 }
120 
121 #ifdef UNITTESTS
122 
123 #if defined OS_FREEBSD || defined OS_DARWIN
124 #define MICROSOFT_OFFICE_DOC "OLE 2 Compound Document"
125 #else
126 #define MICROSOFT_OFFICE_DOC "Microsoft Office Document"
127 #endif
128 
129 /** \test magic lib calls -- init */
130 static int MagicInitTest01(void)
131 {
132  int result = 0;
133  magic_t magic_ctx;
134 
135  magic_ctx = magic_open(0);
136  if (magic_ctx == NULL) {
137  printf("failure retrieving magic_ctx\n");
138  return 0;
139  }
140 
141  if (magic_load(magic_ctx, NULL) == -1) {
142  printf("failure magic_load\n");
143  goto end;
144  }
145 
146  result = 1;
147  end:
148  magic_close(magic_ctx);
149  return result;
150 }
151 
152 /** \test magic lib calls -- lookup */
153 static int MagicDetectTest01(void)
154 {
155  magic_t magic_ctx;
156  char *result = NULL;
157  char buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
158  size_t buffer_len = sizeof(buffer);
159  int retval = 0;
160 
161  magic_ctx = magic_open(0);
162  if (magic_ctx == NULL) {
163  printf("failure retrieving magic_ctx\n");
164  return 0;
165  }
166 
167  if (magic_load(magic_ctx, NULL) == -1) {
168  printf("magic_load failure\n");
169  goto end;
170  }
171 
172  result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
173  if (result == NULL || strncmp(result, "PDF document", 12) != 0) {
174  printf("result %p:%s, not \"PDF document\": ", result,result?result:"(null)");
175  goto end;
176  }
177 
178  retval = 1;
179 end:
180  magic_close(magic_ctx);
181  return retval;
182 }
183 #if 0
184 /** \test magic lib calls -- lookup */
185 static int MagicDetectTest02(void)
186 {
187  magic_t magic_ctx;
188  char *result = NULL;
189 
190  char buffer[] = {
191  0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1,
192  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
193  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
194  0x3e, 0x00, 0x03, 0x00, 0xfe, 0xff, 0x09, 0x00,
195 
196  0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
197  0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
198  0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
199  0x00, 0x10, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00,
200 
201  0x01, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff,
202  0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00,
203  0x97, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
204  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
205  };
206  size_t buffer_len = sizeof(buffer);
207  int retval = 0;
208 
209  magic_ctx = magic_open(0);
210  if (magic_ctx == NULL) {
211  printf("failure retrieving magic_ctx\n");
212  return 0;
213  }
214 
215  if (magic_load(magic_ctx, NULL) == -1) {
216  printf("magic_load failure\n");
217  goto end;
218  }
219 
220  result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
221  if (result == NULL || strcmp(result, MICROSOFT_OFFICE_DOC) != 0) {
222  printf("result %p:%s, not \"Microsoft Office Document\": ", result,result?result:"(null)");
223  goto end;
224  }
225 
226  retval = 1;
227 end:
228  magic_close(magic_ctx);
229  return retval;
230 }
231 #endif
232 /** \test magic lib calls -- lookup */
233 static int MagicDetectTest03(void)
234 {
235  char buffer[] = {
236  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00,
237  0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6,
238  0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00,
239  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
240 
241  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
242  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
243  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61,
244  0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
245 
246  0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
247  0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03,
248  0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
249  0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,
250 
251  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
252  0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69,
253  0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
254  0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75,
255 
256  0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03,
257  0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b,
258  };
259  size_t buffer_len = sizeof(buffer);
260 
261  magic_t magic_ctx = magic_open(0);
262  FAIL_IF_NULL(magic_ctx);
263 
264  FAIL_IF(magic_load(magic_ctx, NULL) == -1);
265 
266  char *result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
267  FAIL_IF_NULL(result);
268 
269  char *str = strstr(result, "OpenDocument Text");
270  FAIL_IF_NULL(str);
271 
272  magic_close(magic_ctx);
273  PASS;
274 }
275 
276 /** \test magic lib calls -- lookup */
277 static int MagicDetectTest04(void)
278 {
279  magic_t magic_ctx;
280  char *result = NULL;
281 
282  char buffer[] = {
283  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x08,
284  0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, 0x8b, 0x70,
285  0x96, 0x08, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00,
286  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
287 
288  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
289  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
290  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x73, 0x75,
291  0x6e, 0x2e, 0x78, 0x6d, 0x6c, 0x2e, 0x62, 0x61,
292 
293  0x73, 0x65, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
294  0x00, 0x08, 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c,
295  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
296  0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
297 
298  0x4d, 0x45, 0x54, 0x41, 0x2d, 0x49, 0x4e, 0x46,
299  0x2f, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00,
300  0x08, 0x08, 0x00, 0xa8, 0x42, 0x1d, 0x37, 0x5d,
301  0xa7, 0xb2, 0xc1, 0xde, 0x01, 0x00, 0x00, 0x7e,
302 
303  0x04, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x63,
304  0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x78,
305  0x6d, 0x6c, 0x95, 0x54, 0x4d, 0x6f, 0xdb, 0x30,
306  0x0c, 0xbd, 0xe7, 0x57, 0x18, 0x02, 0x06, 0x6c,
307 
308  0x07, 0xc5, 0xe9, 0xb6, 0xc3, 0x22, 0xc4, 0x29,
309  0x86, 0x7d, 0x00, 0x05, 0x8a, 0x9d, 0xb2, 0x43,
310  0x8f, 0xb2, 0x24, 0xa7, 0xc2, 0x64, 0xc9, 0x15,
311  };
312  size_t buffer_len = sizeof(buffer);
313  int retval = 0;
314 
315  magic_ctx = magic_open(0);
316  if (magic_ctx == NULL) {
317  printf("failure retrieving magic_ctx\n");
318  return 0;
319  }
320 
321  if (magic_load(magic_ctx, NULL) == -1) {
322  printf("magic_load failure\n");
323  goto end;
324  }
325 
326  result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
327  if (result == NULL || strncmp(result, "OpenOffice.org 1.x", 18) != 0) {
328  printf("result %p:%s, not \"OpenOffice.org 1.x\": ", result,result?result:"(null)");
329  goto end;
330  }
331 
332  retval = 1;
333 end:
334  magic_close(magic_ctx);
335  return retval;
336 }
337 
338 
339 /** \test magic api calls -- lookup */
340 static int MagicDetectTest05(void)
341 {
342  const char *result = NULL;
343  magic_t ctx = NULL;
344  uint8_t buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
345  size_t buffer_len = sizeof(buffer);
346  int retval = 0;
347 
348 
349  ctx = MagicInitContext();
350  FAIL_IF(ctx == NULL);
351 
352  result = MagicThreadLookup(&ctx, buffer, buffer_len);
353  if (result == NULL || strncmp(result, "PDF document", 12) != 0) {
354  printf("result %p:%s, not \"PDF document\": ", result,result?result:"(null)");
355  goto end;
356  }
357 
358  retval = 1;
359 end:
360  MagicDeinitContext(ctx);
361  return retval;
362 }
363 
364 #if 0
365 /** \test magic api calls -- lookup */
366 static int MagicDetectTest06(void)
367 {
368  const char *result = NULL;
369  uint8_t buffer[] = {
370  0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1,
371  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
372  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
373  0x3e, 0x00, 0x03, 0x00, 0xfe, 0xff, 0x09, 0x00,
374 
375  0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
376  0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
377  0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
378  0x00, 0x10, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00,
379 
380  0x01, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff,
381  0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00,
382  0x97, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
383  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
384  };
385  size_t buffer_len = sizeof(buffer);
386  int retval = 0;
387 
388  if (MagicInit() < 0) {
389  printf("MagicInit() failure\n");
390  return 0;
391  }
392 
393  result = MagicGlobalLookup(buffer, buffer_len);
394  if (result == NULL || strcmp(result, MICROSOFT_OFFICE_DOC) != 0) {
395  printf("result %p:%s, not \"Microsoft Office Document\": ", result,result?result:"(null)");
396  goto end;
397  }
398 
399  retval = 1;
400 
401 end:
402  MagicDeinit();
403  return retval;
404 }
405 #endif
406 /** \test magic api calls -- lookup */
407 static int MagicDetectTest07(void)
408 {
409  const char *result = NULL;
410  magic_t ctx = NULL;
411  uint8_t buffer[] = {
412  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00,
413  0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6,
414  0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00,
415  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
416 
417  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
418  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
419  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61,
420  0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
421 
422  0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
423  0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03,
424  0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
425  0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,
426 
427  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
428  0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69,
429  0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
430  0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75,
431 
432  0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03,
433  0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b,
434  };
435  size_t buffer_len = sizeof(buffer);
436 
437  ctx = MagicInitContext();
438  FAIL_IF(ctx == NULL);
439 
440  result = MagicThreadLookup(&ctx, buffer, buffer_len);
441  FAIL_IF_NULL(result);
442 
443  char *str = strstr(result, "OpenDocument Text");
444  FAIL_IF_NULL(str);
445 
446  MagicDeinitContext(ctx);
447  PASS;
448 }
449 
450 /** \test magic api calls -- lookup */
451 static int MagicDetectTest08(void)
452 {
453  const char *result = NULL;
454  magic_t ctx = NULL;
455  uint8_t buffer[] = {
456  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x08,
457  0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, 0x8b, 0x70,
458  0x96, 0x08, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00,
459  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
460 
461  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
462  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
463  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x73, 0x75,
464  0x6e, 0x2e, 0x78, 0x6d, 0x6c, 0x2e, 0x62, 0x61,
465 
466  0x73, 0x65, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
467  0x00, 0x08, 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c,
468  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
469  0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
470 
471  0x4d, 0x45, 0x54, 0x41, 0x2d, 0x49, 0x4e, 0x46,
472  0x2f, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00,
473  0x08, 0x08, 0x00, 0xa8, 0x42, 0x1d, 0x37, 0x5d,
474  0xa7, 0xb2, 0xc1, 0xde, 0x01, 0x00, 0x00, 0x7e,
475 
476  0x04, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x63,
477  0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x78,
478  0x6d, 0x6c, 0x95, 0x54, 0x4d, 0x6f, 0xdb, 0x30,
479 
480  0x0c, 0xbd, 0xe7, 0x57, 0x18, 0x02, 0x06, 0x6c,
481  0x07, 0xc5, 0xe9, 0xb6, 0xc3, 0x22, 0xc4, 0x29,
482  0x86, 0x7d, 0x00, 0x05, 0x8a, 0x9d, 0xb2, 0x43,
483  0x8f, 0xb2, 0x24, 0xa7, 0xc2, 0x64, 0xc9, 0x15,
484  };
485  size_t buffer_len = sizeof(buffer);
486  int retval = 0;
487 
488  ctx = MagicInitContext();
489  FAIL_IF(ctx == NULL);
490 
491  result = MagicThreadLookup(&ctx, buffer, buffer_len);
492  if (result == NULL || strncmp(result, "OpenOffice.org 1.x", 18) != 0) {
493  printf("result %p:%s, not \"OpenOffice.org 1.x\": ", result,result?result:"(null)");
494  goto end;
495  }
496 
497  retval = 1;
498 end:
499  MagicDeinitContext(ctx);
500  return retval;
501 }
502 #if 0
503 /** \test magic api calls -- make sure memory is shared */
504 static int MagicDetectTest09(void)
505 {
506  const char *result1 = NULL;
507  const char *result2 = NULL;
508  uint8_t buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
509  size_t buffer_len = sizeof(buffer);
510  int retval = 0;
511 
512  if (MagicInit() < 0) {
513  printf("MagicInit() failure\n");
514  return 0;
515  }
516 
517  result1 = MagicGlobalLookup(buffer, buffer_len);
518  if (result1 == NULL || strncmp(result1, "PDF document", 12) != 0) {
519  printf("result %p:%s, not \"PDF document\": ", result1,result1?result1:"(null)");
520  goto end;
521  }
522 
523  result2 = MagicGlobalLookup(buffer, buffer_len);
524  if (result2 == NULL || strncmp(result2, "PDF document", 12) != 0) {
525  printf("result %p:%s, not \"PDF document\": ", result2,result2?result2:"(null)");
526  goto end;
527  }
528 
529  if (result1 != result2) {
530  printf("pointers not equal, weird... %p != %p: ", result1, result2);
531  goto end;
532  }
533 
534  retval = 1;
535 end:
536  MagicDeinit();
537  return retval;
538 }
539 #endif
540 /** \test results in valgrind warning about invalid read, tested with
541  * file 5.09 and 5.11 */
542 static int MagicDetectTest10ValgrindError(void)
543 {
544  const char *result = NULL;
545  magic_t ctx = NULL;
546  uint8_t buffer[] = {
547  0xFF,0xD8,0xFF,0xE0,0x00,0x10,0x4A,0x46,0x49,0x46,0x00,0x01,0x01,0x01,0x01,0x2C,
548  0x01,0x2C,0x00,0x00,0xFF,0xFE,0x00,0x4C,0x53,0x69,0x67,0x6E,0x61,0x74,0x75,0x72,
549  0x65,0x3A,0x34,0x31,0x31,0x65,0x33,0x38,0x61,0x61,0x61,0x31,0x37,0x65,0x33,0x30,
550  0x66,0x30,0x32,0x38,0x62,0x61,0x30,0x31,0x36,0x32,0x36,0x37,0x66,0x66,0x30,0x31,
551  0x36,0x36,0x61,0x65,0x35,0x39,0x65,0x38,0x31,0x39,0x62,0x61,0x32,0x34,0x63,0x39,
552  0x62,0x31,0x33,0x37,0x33,0x62,0x31,0x61,0x35,0x61,0x38,0x65,0x64,0x63,0x36,0x30,
553  0x65,0x37,0xFF,0xE2,0x02,0x2C,0x49,0x43,0x43,0x5F,0x50,0x52,0x4F,0x46,0x49,0x4C,
554  0x45,0x00,0x01,0x01,0x00,0x00,0x02,0x1C,0x41,0x44,0x42,0x45,0x02,0x10,0x00,0x00,
555  0x6D,0x6E,0x74,0x72,0x52,0x47,0x42,0x20,0x58,0x59,0x5A,0x20,0x07,0xCF,0x00,0x05,
556  0x00,0x09,0x00,0x15,0x00,0x0B,0x00,0x21,0x61,0x63,0x73,0x70,0x41,0x50,0x50,0x4C,
557  0x00,0x00,0x00,0x00,0x6E,0x6F,0x6E,0x65,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
558  };
559  size_t buffer_len = sizeof(buffer);
560  int retval = 0;
561 
562 
563  ctx = MagicInitContext();
564  FAIL_IF(ctx == NULL);
565 
566  result = MagicThreadLookup(&ctx, buffer, buffer_len);
567  if (result == NULL || strncmp(result, "JPEG", 4) != 0) {
568  printf("result %p:%s, not \"JPEG\": ", result,result?result:"(null)");
569  goto end;
570  }
571 
572  retval = 1;
573 end:
574  MagicDeinitContext(ctx);
575  return retval;
576 }
577 
578 #endif /* UNITTESTS */
579 #endif
580 
581 void MagicRegisterTests(void)
582 {
583 #ifdef HAVE_MAGIC
584 #ifdef UNITTESTS
585  UtRegisterTest("MagicInitTest01", MagicInitTest01);
586  UtRegisterTest("MagicDetectTest01", MagicDetectTest01);
587  //UtRegisterTest("MagicDetectTest02", MagicDetectTest02, 1);
588  UtRegisterTest("MagicDetectTest03", MagicDetectTest03);
589  UtRegisterTest("MagicDetectTest04", MagicDetectTest04);
590  UtRegisterTest("MagicDetectTest05", MagicDetectTest05);
591  //UtRegisterTest("MagicDetectTest06", MagicDetectTest06, 1);
592  UtRegisterTest("MagicDetectTest07", MagicDetectTest07);
593  UtRegisterTest("MagicDetectTest08", MagicDetectTest08);
594  /* fails in valgrind, somehow it returns different pointers then.
595  UtRegisterTest("MagicDetectTest09", MagicDetectTest09, 1); */
596 
597  UtRegisterTest("MagicDetectTest10ValgrindError",
598  MagicDetectTest10ValgrindError);
599 #endif /* UNITTESTS */
600 #endif /* HAVE_MAGIC */
601 }
602 
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
MagicRegisterTests
void MagicRegisterTests(void)
Definition: util-magic.c:581
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
util-unittest.h
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:335
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
conf.h
util-magic.h
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:287
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
str
#define str(s)
Definition: suricata-common.h:286
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
MacSet_::buf
MacAddr * buf[2]
Definition: util-macset.c:54