suricata
util-magic.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Wrappers and tests for libmagic usage.
24  *
25  * Libmagic's API is not thread safe. The data the pointer returned by
26  * magic_buffer is overwritten by the next magic_buffer call. This is
27  * why we need to lock calls and copy the returned string.
28  */
29 
30 #include "suricata-common.h"
31 #include "conf.h"
32 #include "util-unittest.h"
33 #include "util-magic.h"
34 #include "util-debug.h"
35 
36 #ifdef HAVE_MAGIC
37 
38 /**
39  * \brief Initialize a "magic" context.
40  */
41 magic_t MagicInitContext(void)
42 {
43  magic_t ctx;
44  const char *filename = NULL;
45  FILE *fd = NULL;
46 
47  ctx = magic_open(0);
48  if (ctx == NULL) {
49  SCLogError("magic_open failed: %s", magic_error(ctx));
50  goto error;
51  }
52 
53  (void)SCConfGet("magic-file", &filename);
54 
55  if (filename != NULL) {
56  if (strlen(filename) == 0) {
57  /* set filename to NULL on *nix systems so magic_load uses system
58  * default path (see man libmagic) */
59  SCLogConfig("using system default magic-file");
60  filename = NULL;
61  }
62  else {
63  SCLogConfig("using magic-file %s", filename);
64 
65  if ( (fd = fopen(filename, "r")) == NULL) {
66  SCLogWarning("Error opening file: \"%s\": %s", filename, strerror(errno));
67  goto error;
68  }
69  fclose(fd);
70  }
71  }
72 
73  if (magic_load(ctx, filename) != 0) {
74  SCLogError("magic_load failed: %s", magic_error(ctx));
75  goto error;
76  }
77  return ctx;
78 
79 error:
80  if (ctx != NULL) {
81  magic_close(ctx);
82  ctx = NULL;
83  }
84  return NULL;
85 }
86 
87 
88 void MagicDeinitContext(magic_t ctx)
89 {
90  if (ctx != NULL)
91  magic_close(ctx);
92 }
93 
94 /**
95  * \brief Find the magic value for a buffer.
96  *
97  * \param buf the buffer
98  * \param buflen length of the buffer
99  *
100  * \retval result pointer to null terminated string
101  */
102 char *MagicThreadLookup(magic_t *ctx, const uint8_t *buf, uint32_t buflen)
103 {
104  const char *result = NULL;
105  char *magic = NULL;
106 
107  if (buf != NULL && buflen > 0) {
108  result = magic_buffer(*ctx, (void *)buf, (size_t)buflen);
109  if (result != NULL) {
110  magic = SCStrdup(result);
111  if (unlikely(magic == NULL)) {
112  SCLogError("Unable to dup magic");
113  }
114  }
115  }
116 
117  SCReturnPtr(magic, "const char");
118 }
119 
120 #ifdef UNITTESTS
121 
122 /** \test magic lib calls -- init */
123 static int MagicInitTest01(void)
124 {
125  int result = 0;
126  magic_t magic_ctx;
127 
128  magic_ctx = magic_open(0);
129  if (magic_ctx == NULL) {
130  printf("failure retrieving magic_ctx\n");
131  return 0;
132  }
133 
134  if (magic_load(magic_ctx, NULL) == -1) {
135  printf("failure magic_load\n");
136  goto end;
137  }
138 
139  result = 1;
140  end:
141  magic_close(magic_ctx);
142  return result;
143 }
144 
145 /** \test magic lib calls -- lookup */
146 static int MagicDetectTest01(void)
147 {
148  magic_t magic_ctx;
149  char *result = NULL;
150  char buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
151  size_t buffer_len = sizeof(buffer);
152  int retval = 0;
153 
154  magic_ctx = magic_open(0);
155  if (magic_ctx == NULL) {
156  printf("failure retrieving magic_ctx\n");
157  return 0;
158  }
159 
160  if (magic_load(magic_ctx, NULL) == -1) {
161  printf("magic_load failure\n");
162  goto end;
163  }
164 
165  result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
166  if (result == NULL || strncmp(result, "PDF document", 12) != 0) {
167  printf("result %p:%s, not \"PDF document\": ", result,result?result:"(null)");
168  goto end;
169  }
170 
171  retval = 1;
172 end:
173  magic_close(magic_ctx);
174  return retval;
175 }
176 #if 0
177 /** \test magic lib calls -- lookup */
178 static int MagicDetectTest02(void)
179 {
180  magic_t magic_ctx;
181  char *result = NULL;
182 
183  char buffer[] = {
184  0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1,
185  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
186  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
187  0x3e, 0x00, 0x03, 0x00, 0xfe, 0xff, 0x09, 0x00,
188 
189  0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
190  0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
191  0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
192  0x00, 0x10, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00,
193 
194  0x01, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff,
195  0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00,
196  0x97, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
197  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
198  };
199  size_t buffer_len = sizeof(buffer);
200  int retval = 0;
201 
202  magic_ctx = magic_open(0);
203  if (magic_ctx == NULL) {
204  printf("failure retrieving magic_ctx\n");
205  return 0;
206  }
207 
208  if (magic_load(magic_ctx, NULL) == -1) {
209  printf("magic_load failure\n");
210  goto end;
211  }
212 
213  result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
214  if (result == NULL || strcmp(result, MICROSOFT_OFFICE_DOC) != 0) {
215  printf("result %p:%s, not \"Microsoft Office Document\": ", result,result?result:"(null)");
216  goto end;
217  }
218 
219  retval = 1;
220 end:
221  magic_close(magic_ctx);
222  return retval;
223 }
224 #endif
225 /** \test magic lib calls -- lookup */
226 static int MagicDetectTest03(void)
227 {
228  char buffer[] = {
229  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00,
230  0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6,
231  0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00,
232  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
233 
234  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
235  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
236  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61,
237  0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
238 
239  0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
240  0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03,
241  0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
242  0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,
243 
244  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
245  0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69,
246  0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
247  0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75,
248 
249  0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03,
250  0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b,
251  };
252  size_t buffer_len = sizeof(buffer);
253 
254  magic_t magic_ctx = magic_open(0);
255  FAIL_IF_NULL(magic_ctx);
256 
257  FAIL_IF(magic_load(magic_ctx, NULL) == -1);
258 
259  char *result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
260  FAIL_IF_NULL(result);
261 
262  char *str = strstr(result, "OpenDocument Text");
263  FAIL_IF_NULL(str);
264 
265  magic_close(magic_ctx);
266  PASS;
267 }
268 
269 /** \test magic lib calls -- lookup */
270 static int MagicDetectTest04(void)
271 {
272  magic_t magic_ctx;
273  char *result = NULL;
274 
275  char buffer[] = {
276  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x08,
277  0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, 0x8b, 0x70,
278  0x96, 0x08, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00,
279  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
280 
281  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
282  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
283  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x73, 0x75,
284  0x6e, 0x2e, 0x78, 0x6d, 0x6c, 0x2e, 0x62, 0x61,
285 
286  0x73, 0x65, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
287  0x00, 0x08, 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c,
288  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
289  0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
290 
291  0x4d, 0x45, 0x54, 0x41, 0x2d, 0x49, 0x4e, 0x46,
292  0x2f, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00,
293  0x08, 0x08, 0x00, 0xa8, 0x42, 0x1d, 0x37, 0x5d,
294  0xa7, 0xb2, 0xc1, 0xde, 0x01, 0x00, 0x00, 0x7e,
295 
296  0x04, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x63,
297  0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x78,
298  0x6d, 0x6c, 0x95, 0x54, 0x4d, 0x6f, 0xdb, 0x30,
299  0x0c, 0xbd, 0xe7, 0x57, 0x18, 0x02, 0x06, 0x6c,
300 
301  0x07, 0xc5, 0xe9, 0xb6, 0xc3, 0x22, 0xc4, 0x29,
302  0x86, 0x7d, 0x00, 0x05, 0x8a, 0x9d, 0xb2, 0x43,
303  0x8f, 0xb2, 0x24, 0xa7, 0xc2, 0x64, 0xc9, 0x15,
304  };
305  size_t buffer_len = sizeof(buffer);
306  int retval = 0;
307 
308  magic_ctx = magic_open(0);
309  if (magic_ctx == NULL) {
310  printf("failure retrieving magic_ctx\n");
311  return 0;
312  }
313 
314  if (magic_load(magic_ctx, NULL) == -1) {
315  printf("magic_load failure\n");
316  goto end;
317  }
318 
319  result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
320  if (result == NULL || strncmp(result, "OpenOffice.org 1.x", 18) != 0) {
321  printf("result %p:%s, not \"OpenOffice.org 1.x\": ", result,result?result:"(null)");
322  goto end;
323  }
324 
325  retval = 1;
326 end:
327  magic_close(magic_ctx);
328  return retval;
329 }
330 
331 
332 /** \test magic api calls -- lookup */
333 static int MagicDetectTest05(void)
334 {
335  const char *result = NULL;
336  magic_t ctx = NULL;
337  uint8_t buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
338  size_t buffer_len = sizeof(buffer);
339  int retval = 0;
340 
341 
342  ctx = MagicInitContext();
343  FAIL_IF(ctx == NULL);
344 
345  result = MagicThreadLookup(&ctx, buffer, buffer_len);
346  if (result == NULL || strncmp(result, "PDF document", 12) != 0) {
347  printf("result %p:%s, not \"PDF document\": ", result,result?result:"(null)");
348  goto end;
349  }
350 
351  retval = 1;
352 end:
353  MagicDeinitContext(ctx);
354  return retval;
355 }
356 
357 #if 0
358 /** \test magic api calls -- lookup */
359 static int MagicDetectTest06(void)
360 {
361  const char *result = NULL;
362  uint8_t buffer[] = {
363  0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1,
364  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
365  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
366  0x3e, 0x00, 0x03, 0x00, 0xfe, 0xff, 0x09, 0x00,
367 
368  0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
369  0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
370  0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
371  0x00, 0x10, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00,
372 
373  0x01, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff,
374  0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00,
375  0x97, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
376  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
377  };
378  size_t buffer_len = sizeof(buffer);
379  int retval = 0;
380 
381  if (MagicInit() < 0) {
382  printf("MagicInit() failure\n");
383  return 0;
384  }
385 
386  result = MagicGlobalLookup(buffer, buffer_len);
387  if (result == NULL || strcmp(result, MICROSOFT_OFFICE_DOC) != 0) {
388  printf("result %p:%s, not \"Microsoft Office Document\": ", result,result?result:"(null)");
389  goto end;
390  }
391 
392  retval = 1;
393 
394 end:
395  MagicDeinit();
396  return retval;
397 }
398 #endif
399 /** \test magic api calls -- lookup */
400 static int MagicDetectTest07(void)
401 {
402  const char *result = NULL;
403  magic_t ctx = NULL;
404  uint8_t buffer[] = {
405  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00,
406  0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6,
407  0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00,
408  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
409 
410  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
411  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
412  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61,
413  0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
414 
415  0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
416  0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03,
417  0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
418  0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,
419 
420  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
421  0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69,
422  0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
423  0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75,
424 
425  0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03,
426  0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b,
427  };
428  size_t buffer_len = sizeof(buffer);
429 
430  ctx = MagicInitContext();
431  FAIL_IF(ctx == NULL);
432 
433  result = MagicThreadLookup(&ctx, buffer, buffer_len);
434  FAIL_IF_NULL(result);
435 
436  char *str = strstr(result, "OpenDocument Text");
437  FAIL_IF_NULL(str);
438 
439  MagicDeinitContext(ctx);
440  PASS;
441 }
442 
443 /** \test magic api calls -- lookup */
444 static int MagicDetectTest08(void)
445 {
446  const char *result = NULL;
447  magic_t ctx = NULL;
448  uint8_t buffer[] = {
449  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x08,
450  0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, 0x8b, 0x70,
451  0x96, 0x08, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00,
452  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
453 
454  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
455  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
456  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x73, 0x75,
457  0x6e, 0x2e, 0x78, 0x6d, 0x6c, 0x2e, 0x62, 0x61,
458 
459  0x73, 0x65, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
460  0x00, 0x08, 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c,
461  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
462  0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
463 
464  0x4d, 0x45, 0x54, 0x41, 0x2d, 0x49, 0x4e, 0x46,
465  0x2f, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00,
466  0x08, 0x08, 0x00, 0xa8, 0x42, 0x1d, 0x37, 0x5d,
467  0xa7, 0xb2, 0xc1, 0xde, 0x01, 0x00, 0x00, 0x7e,
468 
469  0x04, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x63,
470  0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x78,
471  0x6d, 0x6c, 0x95, 0x54, 0x4d, 0x6f, 0xdb, 0x30,
472 
473  0x0c, 0xbd, 0xe7, 0x57, 0x18, 0x02, 0x06, 0x6c,
474  0x07, 0xc5, 0xe9, 0xb6, 0xc3, 0x22, 0xc4, 0x29,
475  0x86, 0x7d, 0x00, 0x05, 0x8a, 0x9d, 0xb2, 0x43,
476  0x8f, 0xb2, 0x24, 0xa7, 0xc2, 0x64, 0xc9, 0x15,
477  };
478  size_t buffer_len = sizeof(buffer);
479  int retval = 0;
480 
481  ctx = MagicInitContext();
482  FAIL_IF(ctx == NULL);
483 
484  result = MagicThreadLookup(&ctx, buffer, buffer_len);
485  if (result == NULL || strncmp(result, "OpenOffice.org 1.x", 18) != 0) {
486  printf("result %p:%s, not \"OpenOffice.org 1.x\": ", result,result?result:"(null)");
487  goto end;
488  }
489 
490  retval = 1;
491 end:
492  MagicDeinitContext(ctx);
493  return retval;
494 }
495 #if 0
496 /** \test magic api calls -- make sure memory is shared */
497 static int MagicDetectTest09(void)
498 {
499  const char *result1 = NULL;
500  const char *result2 = NULL;
501  uint8_t buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
502  size_t buffer_len = sizeof(buffer);
503  int retval = 0;
504 
505  if (MagicInit() < 0) {
506  printf("MagicInit() failure\n");
507  return 0;
508  }
509 
510  result1 = MagicGlobalLookup(buffer, buffer_len);
511  if (result1 == NULL || strncmp(result1, "PDF document", 12) != 0) {
512  printf("result %p:%s, not \"PDF document\": ", result1,result1?result1:"(null)");
513  goto end;
514  }
515 
516  result2 = MagicGlobalLookup(buffer, buffer_len);
517  if (result2 == NULL || strncmp(result2, "PDF document", 12) != 0) {
518  printf("result %p:%s, not \"PDF document\": ", result2,result2?result2:"(null)");
519  goto end;
520  }
521 
522  if (result1 != result2) {
523  printf("pointers not equal, weird... %p != %p: ", result1, result2);
524  goto end;
525  }
526 
527  retval = 1;
528 end:
529  MagicDeinit();
530  return retval;
531 }
532 #endif
533 /** \test results in valgrind warning about invalid read, tested with
534  * file 5.09 and 5.11 */
535 static int MagicDetectTest10ValgrindError(void)
536 {
537  const char *result = NULL;
538  magic_t ctx = NULL;
539  uint8_t buffer[] = {
540  0xFF,0xD8,0xFF,0xE0,0x00,0x10,0x4A,0x46,0x49,0x46,0x00,0x01,0x01,0x01,0x01,0x2C,
541  0x01,0x2C,0x00,0x00,0xFF,0xFE,0x00,0x4C,0x53,0x69,0x67,0x6E,0x61,0x74,0x75,0x72,
542  0x65,0x3A,0x34,0x31,0x31,0x65,0x33,0x38,0x61,0x61,0x61,0x31,0x37,0x65,0x33,0x30,
543  0x66,0x30,0x32,0x38,0x62,0x61,0x30,0x31,0x36,0x32,0x36,0x37,0x66,0x66,0x30,0x31,
544  0x36,0x36,0x61,0x65,0x35,0x39,0x65,0x38,0x31,0x39,0x62,0x61,0x32,0x34,0x63,0x39,
545  0x62,0x31,0x33,0x37,0x33,0x62,0x31,0x61,0x35,0x61,0x38,0x65,0x64,0x63,0x36,0x30,
546  0x65,0x37,0xFF,0xE2,0x02,0x2C,0x49,0x43,0x43,0x5F,0x50,0x52,0x4F,0x46,0x49,0x4C,
547  0x45,0x00,0x01,0x01,0x00,0x00,0x02,0x1C,0x41,0x44,0x42,0x45,0x02,0x10,0x00,0x00,
548  0x6D,0x6E,0x74,0x72,0x52,0x47,0x42,0x20,0x58,0x59,0x5A,0x20,0x07,0xCF,0x00,0x05,
549  0x00,0x09,0x00,0x15,0x00,0x0B,0x00,0x21,0x61,0x63,0x73,0x70,0x41,0x50,0x50,0x4C,
550  0x00,0x00,0x00,0x00,0x6E,0x6F,0x6E,0x65,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
551  };
552  size_t buffer_len = sizeof(buffer);
553  int retval = 0;
554 
555 
556  ctx = MagicInitContext();
557  FAIL_IF(ctx == NULL);
558 
559  result = MagicThreadLookup(&ctx, buffer, buffer_len);
560  if (result == NULL || strncmp(result, "JPEG", 4) != 0) {
561  printf("result %p:%s, not \"JPEG\": ", result,result?result:"(null)");
562  goto end;
563  }
564 
565  retval = 1;
566 end:
567  MagicDeinitContext(ctx);
568  return retval;
569 }
570 
571 #endif /* UNITTESTS */
572 #endif
573 
574 void MagicRegisterTests(void)
575 {
576 #ifdef HAVE_MAGIC
577 #ifdef UNITTESTS
578  UtRegisterTest("MagicInitTest01", MagicInitTest01);
579  UtRegisterTest("MagicDetectTest01", MagicDetectTest01);
580  //UtRegisterTest("MagicDetectTest02", MagicDetectTest02, 1);
581  UtRegisterTest("MagicDetectTest03", MagicDetectTest03);
582  UtRegisterTest("MagicDetectTest04", MagicDetectTest04);
583  UtRegisterTest("MagicDetectTest05", MagicDetectTest05);
584  //UtRegisterTest("MagicDetectTest06", MagicDetectTest06, 1);
585  UtRegisterTest("MagicDetectTest07", MagicDetectTest07);
586  UtRegisterTest("MagicDetectTest08", MagicDetectTest08);
587  /* fails in valgrind, somehow it returns different pointers then.
588  UtRegisterTest("MagicDetectTest09", MagicDetectTest09, 1); */
589 
590  UtRegisterTest("MagicDetectTest10ValgrindError",
591  MagicDetectTest10ValgrindError);
592 #endif /* UNITTESTS */
593 #endif /* HAVE_MAGIC */
594 }
595 
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
MagicRegisterTests
void MagicRegisterTests(void)
Definition: util-magic.c:574
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
ctx
struct Thresholds ctx
SCConfGet
int SCConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:350
util-unittest.h
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:255
conf.h
util-magic.h
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:293
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
str
#define str(s)
Definition: suricata-common.h:308
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:267
MacSet_::buf
MacAddr * buf[2]
Definition: util-macset.c:55