suricata
util-magic.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Wrappers and tests for libmagic usage.
24  *
25  * Libmagic's API is not thread safe. The data the pointer returned by
26  * magic_buffer is overwritten by the next magic_buffer call. This is
27  * why we need to lock calls and copy the returned string.
28  */
29 
30 #include "suricata-common.h"
31 
32 #include "conf.h"
33 
34 #include "util-unittest.h"
35 #include "util-magic.h"
36 
37 #ifdef HAVE_MAGIC
38 
39 /**
40  * \brief Initialize a "magic" context.
41  */
42 magic_t MagicInitContext(void)
43 {
44  magic_t ctx;
45  const char *filename = NULL;
46  FILE *fd = NULL;
47 
48  ctx = magic_open(0);
49  if (ctx == NULL) {
50  SCLogError(SC_ERR_MAGIC_OPEN, "magic_open failed: %s",
51  magic_error(ctx));
52  goto error;
53  }
54 
55  (void)ConfGet("magic-file", &filename);
56 
57 
58  if (filename != NULL) {
59  if (strlen(filename) == 0) {
60  /* set filename to NULL on *nix systems so magic_load uses system
61  * default path (see man libmagic) */
62  SCLogConfig("using system default magic-file");
63  filename = NULL;
64  }
65  else {
66  SCLogConfig("using magic-file %s", filename);
67 
68  if ( (fd = fopen(filename, "r")) == NULL) {
69  SCLogWarning(SC_ERR_FOPEN, "Error opening file: \"%s\": %s",
70  filename, strerror(errno));
71  goto error;
72  }
73  fclose(fd);
74  }
75  }
76 
77  if (magic_load(ctx, filename) != 0) {
78  SCLogError(SC_ERR_MAGIC_LOAD, "magic_load failed: %s",
79  magic_error(ctx));
80  goto error;
81  }
82  return ctx;
83 
84 error:
85  if (ctx != NULL) {
86  magic_close(ctx);
87  ctx = NULL;
88  }
89  return NULL;
90 }
91 
92 
93 void MagicDeinitContext(magic_t ctx)
94 {
95  if (ctx != NULL)
96  magic_close(ctx);
97 }
98 
99 /**
100  * \brief Find the magic value for a buffer.
101  *
102  * \param buf the buffer
103  * \param buflen length of the buffer
104  *
105  * \retval result pointer to null terminated string
106  */
107 char *MagicThreadLookup(magic_t *ctx, const uint8_t *buf, uint32_t buflen)
108 {
109  const char *result = NULL;
110  char *magic = NULL;
111 
112  if (buf != NULL && buflen > 0) {
113  result = magic_buffer(*ctx, (void *)buf, (size_t)buflen);
114  if (result != NULL) {
115  magic = SCStrdup(result);
116  if (unlikely(magic == NULL)) {
117  SCLogError(SC_ERR_MEM_ALLOC, "Unable to dup magic");
118  }
119  }
120  }
121 
122  SCReturnPtr(magic, "const char");
123 }
124 
125 #ifdef UNITTESTS
126 
127 #if defined OS_FREEBSD || defined OS_DARWIN
128 #define MICROSOFT_OFFICE_DOC "OLE 2 Compound Document"
129 #else
130 #define MICROSOFT_OFFICE_DOC "Microsoft Office Document"
131 #endif
132 
133 /** \test magic lib calls -- init */
134 static int MagicInitTest01(void)
135 {
136  int result = 0;
137  magic_t magic_ctx;
138 
139  magic_ctx = magic_open(0);
140  if (magic_ctx == NULL) {
141  printf("failure retrieving magic_ctx\n");
142  return 0;
143  }
144 
145  if (magic_load(magic_ctx, NULL) == -1) {
146  printf("failure magic_load\n");
147  goto end;
148  }
149 
150  result = 1;
151  end:
152  magic_close(magic_ctx);
153  return result;
154 }
155 
156 /** \test magic lib calls -- lookup */
157 static int MagicDetectTest01(void)
158 {
159  magic_t magic_ctx;
160  char *result = NULL;
161  char buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
162  size_t buffer_len = sizeof(buffer);
163  int retval = 0;
164 
165  magic_ctx = magic_open(0);
166  if (magic_ctx == NULL) {
167  printf("failure retrieving magic_ctx\n");
168  return 0;
169  }
170 
171  if (magic_load(magic_ctx, NULL) == -1) {
172  printf("magic_load failure\n");
173  goto end;
174  }
175 
176  result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
177  if (result == NULL || strncmp(result, "PDF document", 12) != 0) {
178  printf("result %p:%s, not \"PDF document\": ", result,result?result:"(null)");
179  goto end;
180  }
181 
182  retval = 1;
183 end:
184  magic_close(magic_ctx);
185  return retval;
186 }
187 #if 0
188 /** \test magic lib calls -- lookup */
189 static int MagicDetectTest02(void)
190 {
191  magic_t magic_ctx;
192  char *result = NULL;
193 
194  char buffer[] = {
195  0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1,
196  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
197  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
198  0x3e, 0x00, 0x03, 0x00, 0xfe, 0xff, 0x09, 0x00,
199 
200  0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
201  0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
202  0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
203  0x00, 0x10, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00,
204 
205  0x01, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff,
206  0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00,
207  0x97, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
208  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
209  };
210  size_t buffer_len = sizeof(buffer);
211  int retval = 0;
212 
213  magic_ctx = magic_open(0);
214  if (magic_ctx == NULL) {
215  printf("failure retrieving magic_ctx\n");
216  return 0;
217  }
218 
219  if (magic_load(magic_ctx, NULL) == -1) {
220  printf("magic_load failure\n");
221  goto end;
222  }
223 
224  result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
225  if (result == NULL || strcmp(result, MICROSOFT_OFFICE_DOC) != 0) {
226  printf("result %p:%s, not \"Microsoft Office Document\": ", result,result?result:"(null)");
227  goto end;
228  }
229 
230  retval = 1;
231 end:
232  magic_close(magic_ctx);
233  return retval;
234 }
235 #endif
236 /** \test magic lib calls -- lookup */
237 static int MagicDetectTest03(void)
238 {
239  char buffer[] = {
240  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00,
241  0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6,
242  0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00,
243  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
244 
245  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
246  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
247  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61,
248  0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
249 
250  0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
251  0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03,
252  0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
253  0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,
254 
255  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
256  0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69,
257  0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
258  0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75,
259 
260  0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03,
261  0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b,
262  };
263  size_t buffer_len = sizeof(buffer);
264 
265  magic_t magic_ctx = magic_open(0);
266  FAIL_IF_NULL(magic_ctx);
267 
268  FAIL_IF(magic_load(magic_ctx, NULL) == -1);
269 
270  char *result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
271  FAIL_IF_NULL(result);
272 
273  char *str = strstr(result, "OpenDocument Text");
274  FAIL_IF_NULL(str);
275 
276  magic_close(magic_ctx);
277  PASS;
278 }
279 
280 /** \test magic lib calls -- lookup */
281 static int MagicDetectTest04(void)
282 {
283  magic_t magic_ctx;
284  char *result = NULL;
285 
286  char buffer[] = {
287  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x08,
288  0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, 0x8b, 0x70,
289  0x96, 0x08, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00,
290  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
291 
292  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
293  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
294  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x73, 0x75,
295  0x6e, 0x2e, 0x78, 0x6d, 0x6c, 0x2e, 0x62, 0x61,
296 
297  0x73, 0x65, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
298  0x00, 0x08, 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c,
299  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
300  0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
301 
302  0x4d, 0x45, 0x54, 0x41, 0x2d, 0x49, 0x4e, 0x46,
303  0x2f, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00,
304  0x08, 0x08, 0x00, 0xa8, 0x42, 0x1d, 0x37, 0x5d,
305  0xa7, 0xb2, 0xc1, 0xde, 0x01, 0x00, 0x00, 0x7e,
306 
307  0x04, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x63,
308  0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x78,
309  0x6d, 0x6c, 0x95, 0x54, 0x4d, 0x6f, 0xdb, 0x30,
310  0x0c, 0xbd, 0xe7, 0x57, 0x18, 0x02, 0x06, 0x6c,
311 
312  0x07, 0xc5, 0xe9, 0xb6, 0xc3, 0x22, 0xc4, 0x29,
313  0x86, 0x7d, 0x00, 0x05, 0x8a, 0x9d, 0xb2, 0x43,
314  0x8f, 0xb2, 0x24, 0xa7, 0xc2, 0x64, 0xc9, 0x15,
315  };
316  size_t buffer_len = sizeof(buffer);
317  int retval = 0;
318 
319  magic_ctx = magic_open(0);
320  if (magic_ctx == NULL) {
321  printf("failure retrieving magic_ctx\n");
322  return 0;
323  }
324 
325  if (magic_load(magic_ctx, NULL) == -1) {
326  printf("magic_load failure\n");
327  goto end;
328  }
329 
330  result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
331  if (result == NULL || strncmp(result, "OpenOffice.org 1.x", 18) != 0) {
332  printf("result %p:%s, not \"OpenOffice.org 1.x\": ", result,result?result:"(null)");
333  goto end;
334  }
335 
336  retval = 1;
337 end:
338  magic_close(magic_ctx);
339  return retval;
340 }
341 
342 
343 /** \test magic api calls -- lookup */
344 static int MagicDetectTest05(void)
345 {
346  const char *result = NULL;
347  magic_t ctx = NULL;
348  uint8_t buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
349  size_t buffer_len = sizeof(buffer);
350  int retval = 0;
351 
352 
353  ctx = MagicInitContext();
354  FAIL_IF(ctx == NULL);
355 
356  result = MagicThreadLookup(&ctx, buffer, buffer_len);
357  if (result == NULL || strncmp(result, "PDF document", 12) != 0) {
358  printf("result %p:%s, not \"PDF document\": ", result,result?result:"(null)");
359  goto end;
360  }
361 
362  retval = 1;
363 end:
364  MagicDeinitContext(ctx);
365  return retval;
366 }
367 
368 #if 0
369 /** \test magic api calls -- lookup */
370 static int MagicDetectTest06(void)
371 {
372  const char *result = NULL;
373  uint8_t buffer[] = {
374  0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1,
375  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
376  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
377  0x3e, 0x00, 0x03, 0x00, 0xfe, 0xff, 0x09, 0x00,
378 
379  0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
380  0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
381  0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
382  0x00, 0x10, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00,
383 
384  0x01, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff,
385  0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00,
386  0x97, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
387  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
388  };
389  size_t buffer_len = sizeof(buffer);
390  int retval = 0;
391 
392  if (MagicInit() < 0) {
393  printf("MagicInit() failure\n");
394  return 0;
395  }
396 
397  result = MagicGlobalLookup(buffer, buffer_len);
398  if (result == NULL || strcmp(result, MICROSOFT_OFFICE_DOC) != 0) {
399  printf("result %p:%s, not \"Microsoft Office Document\": ", result,result?result:"(null)");
400  goto end;
401  }
402 
403  retval = 1;
404 
405 end:
406  MagicDeinit();
407  return retval;
408 }
409 #endif
410 /** \test magic api calls -- lookup */
411 static int MagicDetectTest07(void)
412 {
413  const char *result = NULL;
414  magic_t ctx = NULL;
415  uint8_t buffer[] = {
416  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00,
417  0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6,
418  0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00,
419  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
420 
421  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
422  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
423  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61,
424  0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
425 
426  0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
427  0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03,
428  0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
429  0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,
430 
431  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
432  0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69,
433  0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
434  0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75,
435 
436  0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03,
437  0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b,
438  };
439  size_t buffer_len = sizeof(buffer);
440 
441  ctx = MagicInitContext();
442  FAIL_IF(ctx == NULL);
443 
444  result = MagicThreadLookup(&ctx, buffer, buffer_len);
445  FAIL_IF_NULL(result);
446 
447  char *str = strstr(result, "OpenDocument Text");
448  FAIL_IF_NULL(str);
449 
450  MagicDeinitContext(ctx);
451  PASS;
452 }
453 
454 /** \test magic api calls -- lookup */
455 static int MagicDetectTest08(void)
456 {
457  const char *result = NULL;
458  magic_t ctx = NULL;
459  uint8_t buffer[] = {
460  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x08,
461  0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, 0x8b, 0x70,
462  0x96, 0x08, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00,
463  0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
464 
465  0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
466  0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
467  0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x73, 0x75,
468  0x6e, 0x2e, 0x78, 0x6d, 0x6c, 0x2e, 0x62, 0x61,
469 
470  0x73, 0x65, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
471  0x00, 0x08, 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c,
472  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
473  0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
474 
475  0x4d, 0x45, 0x54, 0x41, 0x2d, 0x49, 0x4e, 0x46,
476  0x2f, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00,
477  0x08, 0x08, 0x00, 0xa8, 0x42, 0x1d, 0x37, 0x5d,
478  0xa7, 0xb2, 0xc1, 0xde, 0x01, 0x00, 0x00, 0x7e,
479 
480  0x04, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x63,
481  0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x78,
482  0x6d, 0x6c, 0x95, 0x54, 0x4d, 0x6f, 0xdb, 0x30,
483 
484  0x0c, 0xbd, 0xe7, 0x57, 0x18, 0x02, 0x06, 0x6c,
485  0x07, 0xc5, 0xe9, 0xb6, 0xc3, 0x22, 0xc4, 0x29,
486  0x86, 0x7d, 0x00, 0x05, 0x8a, 0x9d, 0xb2, 0x43,
487  0x8f, 0xb2, 0x24, 0xa7, 0xc2, 0x64, 0xc9, 0x15,
488  };
489  size_t buffer_len = sizeof(buffer);
490  int retval = 0;
491 
492  ctx = MagicInitContext();
493  FAIL_IF(ctx == NULL);
494 
495  result = MagicThreadLookup(&ctx, buffer, buffer_len);
496  if (result == NULL || strncmp(result, "OpenOffice.org 1.x", 18) != 0) {
497  printf("result %p:%s, not \"OpenOffice.org 1.x\": ", result,result?result:"(null)");
498  goto end;
499  }
500 
501  retval = 1;
502 end:
503  MagicDeinitContext(ctx);
504  return retval;
505 }
506 #if 0
507 /** \test magic api calls -- make sure memory is shared */
508 static int MagicDetectTest09(void)
509 {
510  const char *result1 = NULL;
511  const char *result2 = NULL;
512  uint8_t buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
513  size_t buffer_len = sizeof(buffer);
514  int retval = 0;
515 
516  if (MagicInit() < 0) {
517  printf("MagicInit() failure\n");
518  return 0;
519  }
520 
521  result1 = MagicGlobalLookup(buffer, buffer_len);
522  if (result1 == NULL || strncmp(result1, "PDF document", 12) != 0) {
523  printf("result %p:%s, not \"PDF document\": ", result1,result1?result1:"(null)");
524  goto end;
525  }
526 
527  result2 = MagicGlobalLookup(buffer, buffer_len);
528  if (result2 == NULL || strncmp(result2, "PDF document", 12) != 0) {
529  printf("result %p:%s, not \"PDF document\": ", result2,result2?result2:"(null)");
530  goto end;
531  }
532 
533  if (result1 != result2) {
534  printf("pointers not equal, weird... %p != %p: ", result1, result2);
535  goto end;
536  }
537 
538  retval = 1;
539 end:
540  MagicDeinit();
541  return retval;
542 }
543 #endif
544 /** \test results in valgrind warning about invalid read, tested with
545  * file 5.09 and 5.11 */
546 static int MagicDetectTest10ValgrindError(void)
547 {
548  const char *result = NULL;
549  magic_t ctx = NULL;
550  uint8_t buffer[] = {
551  0xFF,0xD8,0xFF,0xE0,0x00,0x10,0x4A,0x46,0x49,0x46,0x00,0x01,0x01,0x01,0x01,0x2C,
552  0x01,0x2C,0x00,0x00,0xFF,0xFE,0x00,0x4C,0x53,0x69,0x67,0x6E,0x61,0x74,0x75,0x72,
553  0x65,0x3A,0x34,0x31,0x31,0x65,0x33,0x38,0x61,0x61,0x61,0x31,0x37,0x65,0x33,0x30,
554  0x66,0x30,0x32,0x38,0x62,0x61,0x30,0x31,0x36,0x32,0x36,0x37,0x66,0x66,0x30,0x31,
555  0x36,0x36,0x61,0x65,0x35,0x39,0x65,0x38,0x31,0x39,0x62,0x61,0x32,0x34,0x63,0x39,
556  0x62,0x31,0x33,0x37,0x33,0x62,0x31,0x61,0x35,0x61,0x38,0x65,0x64,0x63,0x36,0x30,
557  0x65,0x37,0xFF,0xE2,0x02,0x2C,0x49,0x43,0x43,0x5F,0x50,0x52,0x4F,0x46,0x49,0x4C,
558  0x45,0x00,0x01,0x01,0x00,0x00,0x02,0x1C,0x41,0x44,0x42,0x45,0x02,0x10,0x00,0x00,
559  0x6D,0x6E,0x74,0x72,0x52,0x47,0x42,0x20,0x58,0x59,0x5A,0x20,0x07,0xCF,0x00,0x05,
560  0x00,0x09,0x00,0x15,0x00,0x0B,0x00,0x21,0x61,0x63,0x73,0x70,0x41,0x50,0x50,0x4C,
561  0x00,0x00,0x00,0x00,0x6E,0x6F,0x6E,0x65,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
562  };
563  size_t buffer_len = sizeof(buffer);
564  int retval = 0;
565 
566 
567  ctx = MagicInitContext();
568  FAIL_IF(ctx == NULL);
569 
570  result = MagicThreadLookup(&ctx, buffer, buffer_len);
571  if (result == NULL || strncmp(result, "JPEG", 4) != 0) {
572  printf("result %p:%s, not \"JPEG\": ", result,result?result:"(null)");
573  goto end;
574  }
575 
576  retval = 1;
577 end:
578  MagicDeinitContext(ctx);
579  return retval;
580 }
581 
582 #endif /* UNITTESTS */
583 #endif
584 
586 {
587 #ifdef HAVE_MAGIC
588 #ifdef UNITTESTS
589  UtRegisterTest("MagicInitTest01", MagicInitTest01);
590  UtRegisterTest("MagicDetectTest01", MagicDetectTest01);
591  //UtRegisterTest("MagicDetectTest02", MagicDetectTest02, 1);
592  UtRegisterTest("MagicDetectTest03", MagicDetectTest03);
593  UtRegisterTest("MagicDetectTest04", MagicDetectTest04);
594  UtRegisterTest("MagicDetectTest05", MagicDetectTest05);
595  //UtRegisterTest("MagicDetectTest06", MagicDetectTest06, 1);
596  UtRegisterTest("MagicDetectTest07", MagicDetectTest07);
597  UtRegisterTest("MagicDetectTest08", MagicDetectTest08);
598  /* fails in valgrind, somehow it returns different pointers then.
599  UtRegisterTest("MagicDetectTest09", MagicDetectTest09, 1); */
600 
601  UtRegisterTest("MagicDetectTest10ValgrindError",
602  MagicDetectTest10ValgrindError);
603 #endif /* UNITTESTS */
604 #endif /* HAVE_MAGIC */
605 }
606 
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
MagicRegisterTests
void MagicRegisterTests(void)
Definition: util-magic.c:585
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ERR_MAGIC_OPEN
@ SC_ERR_MAGIC_OPEN
Definition: util-error.h:228
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
util-unittest.h
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:331
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
SC_ERR_FOPEN
@ SC_ERR_FOPEN
Definition: util-error.h:74
conf.h
util-magic.h
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:316
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:71
suricata-common.h
SC_ERR_MAGIC_LOAD
@ SC_ERR_MAGIC_LOAD
Definition: util-error.h:229
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
str
#define str(s)
Definition: suricata-common.h:273
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:244
SC_ERR_MEM_ALLOC
@ SC_ERR_MEM_ALLOC
Definition: util-error.h:31