📄 snort_httpinspect.c
字号:
SnortSnprintf(ErrorString, ErrStrLen, "Unable to open the IIS Unicode Map file '%s'.", filename); } else if(iRet == HI_FATAL_ERR) { SnortSnprintf(ErrorString, ErrStrLen, "Did not find specified IIS Unicode codemap in " "the specified IIS Unicode Map file."); } else { SnortSnprintf(ErrorString, ErrStrLen, "There was an error while parsing the IIS Unicode Map file."); } return -1; } return 0;}static int ProcessOversizeDir(HTTPINSPECT_CONF *ServerConf, char *ErrorString, int ErrStrLen){ char *pcToken; char *pcEnd; int iDirLen; pcToken = strtok(NULL, CONF_SEPARATORS); if(pcToken == NULL) { SnortSnprintf(ErrorString, ErrStrLen, "No argument to token '%s'.", OVERSIZE_DIR); return -1; } /* ** Grab the oversize directory length */ iDirLen = strtol(pcToken, &pcEnd, 10); if(*pcEnd || iDirLen < 0) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid argument to token '%s'.", OVERSIZE_DIR); return -1; } ServerConf->long_dir = iDirLen; return 0;}/*** NAME** ProcessGlobalConf::*//**** This is where we process the global configuration for HttpInspect.**** We set the values of the global configuraiton here. Any errors that** are encountered are specified in the error string and the type of** error is returned through the return code, i.e. fatal, non-fatal.**** The configuration options that are dealt with here are:** - global_alert** This tells us whether to do any internal alerts or not, on** a global scale.** - max_pipeline** Tells HttpInspect how many pipeline requests to buffer looking** for a response before inspection.** - inspection_type** What type of inspection for HttpInspect to do, stateless or** stateful.**** @param GlobalConf pointer to the global configuration** @param ErrorString error string buffer** @param ErrStrLen the lenght of the error string buffer**** @return an error code integer ** (0 = success, >0 = non-fatal error, <0 = fatal error)**** @retval 0 successs** @retval -1 generic fatal error** @retval 1 generic non-fatal error*/static int ProcessGlobalConf(HTTPINSPECT_GLOBAL_CONF *GlobalConf, char *ErrorString, int ErrStrLen){ int iRet; char *pcToken; int iTokens = 0; while ((pcToken = strtok(NULL, CONF_SEPARATORS)) != NULL) { /* ** Show that we at least got one token */ iTokens = 1; /* ** Search for configuration keywords */ if(!strcmp(MAX_PIPELINE, pcToken)) { iRet = ProcessMaxPipeline(GlobalConf, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(INSPECT_TYPE, pcToken)) { iRet = ProcessInspectType(GlobalConf, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(IIS_UNICODE_MAP, pcToken)) { iRet = ProcessIISUnicodeMap(&GlobalConf->iis_unicode_map, &GlobalConf->iis_unicode_map_filename, &GlobalConf->iis_unicode_codepage, ErrorString,ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(ANOMALOUS_SERVERS, pcToken)) { /* ** This is easy to configure since we just look for the token ** and turn on the option. */ GlobalConf->anomalous_servers = 1; } else if(!strcmp(PROXY_ALERT, pcToken)) { GlobalConf->proxy_alert = 1; } else { SnortSnprintf(ErrorString, ErrStrLen, "Invalid keyword '%s' for '%s' configuration.", pcToken, GLOBAL); return -1; } } /* ** If there are not any tokens to the configuration, then ** we let the user know and log the error. return non-fatal ** error. */ if(!iTokens) { SnortSnprintf(ErrorString, ErrStrLen, "No tokens to '%s' configuration.", GLOBAL); return -1; } /* ** Let's check to make sure that we get a default IIS Unicode Codemap */ if(!GlobalConf->iis_unicode_map) { SnortSnprintf(ErrorString, ErrStrLen, "Global configuration must contain an IIS Unicode Map " "configuration. Use token '%s'.", IIS_UNICODE_MAP); return -1; } return 0;}/*** NAME** ProcessProfile::*//** Returns error messages for failed hi_ui_config_set_profile calls. ** ** Called exclusively by ProcessProfile. */static inline int _ProcessProfileErr(int iRet, char* ErrorString, int ErrStrLen, char *token){ if(iRet == HI_MEM_ALLOC_FAIL) { SnortSnprintf(ErrorString, ErrStrLen, "Memory allocation failed while setting the '%s' " "profile.", token); return -1; } else { SnortSnprintf(ErrorString, ErrStrLen, "Undefined error code for set_profile_%s.", token); return -1; }}/*** NAME** ProcessProfile::*//**** Process the PROFILE configuration.**** This function verifies that the argument to the profile configuration** is valid. We also check to make sure there is no additional** configuration after the PROFILE. This is no allowed, so we** alert on that fact.**** @param ServerConf pointer to the server configuration** @param ErrorString error string buffer** @param ErrStrLen the length of the error string buffer**** @return an error code integer ** (0 = success, >0 = non-fatal error, <0 = fatal error)**** @retval 0 successs** @retval -1 generic fatal error** @retval 1 generic non-fatal error*/static int ProcessProfile(HTTPINSPECT_GLOBAL_CONF *GlobalConf, HTTPINSPECT_CONF *ServerConf, char *ErrorString, int ErrStrLen){ char *pcToken; int iRet; pcToken = strtok(NULL, CONF_SEPARATORS); if(pcToken == NULL) { SnortSnprintf(ErrorString, ErrStrLen, "No argument to '%s'.", PROFILE); return -1; } /* ** Load the specific type of profile */ if(!strcmp(APACHE, pcToken)) { iRet = hi_ui_config_set_profile_apache(ServerConf); if (iRet) { /* returns -1 */ return _ProcessProfileErr(iRet, ErrorString, ErrStrLen, pcToken); } ServerConf->profile = HI_APACHE; } else if(!strcmp(IIS, pcToken)) { iRet = hi_ui_config_set_profile_iis(ServerConf, GlobalConf->iis_unicode_map); if (iRet) { /* returns -1 */ return _ProcessProfileErr(iRet, ErrorString, ErrStrLen, pcToken); } ServerConf->profile = HI_IIS; } else if(!strcmp(IIS4_0, pcToken) || !strcmp(IIS5_0, pcToken)) { iRet = hi_ui_config_set_profile_iis_4or5(ServerConf, GlobalConf->iis_unicode_map); if (iRet) { /* returns -1 */ return _ProcessProfileErr(iRet, ErrorString, ErrStrLen, pcToken); } ServerConf->profile = (pcToken[3]=='4'?HI_IIS4:HI_IIS5); } else if(!strcmp(ALL, pcToken)) { iRet = hi_ui_config_set_profile_all(ServerConf, GlobalConf->iis_unicode_map); if (iRet) { /* returns -1 */ return _ProcessProfileErr(iRet, ErrorString, ErrStrLen, pcToken); } ServerConf->profile = HI_ALL; } else { SnortSnprintf(ErrorString, ErrStrLen, "Invalid profile argument '%s'.", pcToken); return -1; } return 0;}/*** NAME** ProcessPorts::*//**** Process the port list for the server configuration.**** This configuration is a list of valid ports and is ended by a ** delimiter.**** @param ServerConf pointer to the server configuration** @param ErrorString error string buffer** @param ErrStrLen the length of the error string buffer**** @return an error code integer ** (0 = success, >0 = non-fatal error, <0 = fatal error)**** @retval 0 successs** @retval -1 generic fatal error** @retval 1 generic non-fatal error*/static int ProcessPorts(HTTPINSPECT_CONF *ServerConf, char *ErrorString, int ErrStrLen){ char *pcToken; char *pcEnd; int iPort; int iEndPorts = 0; pcToken = strtok(NULL, CONF_SEPARATORS); if(!pcToken) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid port list format."); return -1; } if(strcmp(START_PORT_LIST, pcToken)) { SnortSnprintf(ErrorString, ErrStrLen, "Must start a port list with the '%s' token.", START_PORT_LIST); return -1; } memset(ServerConf->ports, 0, 65536); while ((pcToken = strtok(NULL, CONF_SEPARATORS)) != NULL) { if(!strcmp(END_PORT_LIST, pcToken)) { iEndPorts = 1; break; } iPort = strtol(pcToken, &pcEnd, 10); /* ** Validity check for port */ if(*pcEnd) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid port number."); return -1; } if(iPort < 0 || iPort > 65535) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid port number. Must be between 0 and 65535."); return -1; } ServerConf->ports[iPort] = 1; if(ServerConf->port_count < 65536) ServerConf->port_count++; } if(!iEndPorts) { SnortSnprintf(ErrorString, ErrStrLen, "Must end '%s' configuration with '%s'.", PORTS, END_PORT_LIST); return -1; } return 0;}/*** NAME** ProcessFlowDepth::*//**** Configure the flow depth for a server.**** Check that the value for flow depth is within bounds** and is a valid number.**** @param ServerConf pointer to the server configuration** @param ErrorString error string buffer** @param ErrStrLen the length of the error string buffer**** @return an error code integer ** (0 = success, >0 = non-fatal error, <0 = fatal error)**** @retval 0 successs** @retval -1 generic fatal error** @retval 1 generic non-fatal error*/static int ProcessFlowDepth(HTTPINSPECT_CONF *ServerConf, char *ErrorString, int ErrStrLen){ char *pcToken; int iFlowDepth; char *pcEnd; pcToken = strtok(NULL, CONF_SEPARATORS); if(pcToken == NULL) { SnortSnprintf(ErrorString, ErrStrLen, "No argument to '%s' token.", FLOW_DEPTH); return -1; } iFlowDepth = strtol(pcToken, &pcEnd, 10); if(*pcEnd) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid argument to '%s'.", FLOW_DEPTH); return -1; } /* -1 here is okay, which means ignore ALL server side traffic */ if(iFlowDepth < -1 || iFlowDepth > 1460) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid argument to '%s'. Must be between 0 and 1460.", FLOW_DEPTH); return -1; } ServerConf->flow_depth = iFlowDepth; return 0;}/*** NAME** ProcessPostDepth::*//**** Configure the post depth for client requests**** Checks that the value for flow depth is within bounds** and is a valid number.**** @param ServerConf pointer to the server configuration** @param ErrorString error string buffer** @param ErrStrLen the length of the error string buffer**** @return an error code integer ** (0 = success, >0 = non-fatal error, <0 = fatal error)**** @retval 0 successs** @retval -1 generic fatal error** @retval 1 generic non-fatal error*/static int ProcessPostDepth(HTTPINSPECT_CONF *ServerConf,⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -