📄 snort_httpinspect.c
字号:
do { if(!strcmp(PORTS, pcToken)) { iRet = ProcessPorts(ServerConf, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(FLOW_DEPTH, pcToken)) { iRet = ProcessFlowDepth(ServerConf, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(POST_DEPTH, pcToken)) { iRet = ProcessPostDepth(ServerConf, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(IIS_UNICODE_MAP, pcToken)) { iRet = ProcessIISUnicodeMap(&ServerConf->iis_unicode_map, &ServerConf->iis_unicode_map_filename, &ServerConf->iis_unicode_codepage, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(CHUNK_LENGTH, pcToken)) { iRet = ProcessChunkLength(ServerConf,ErrorString,ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(PIPELINE, pcToken)) { ServerConf->no_pipeline = 1; } else if(!strcmp(NON_STRICT, pcToken)) { ServerConf->non_strict = 1; } else if(!strcmp(ALLOW_PROXY, pcToken)) { ServerConf->allow_proxy = 1; } else if(!strcmp(GLOBAL_ALERT, pcToken)) { ServerConf->no_alerts = 1; } else if(!strcmp(TAB_URI_DELIMITER, pcToken)) { ServerConf->tab_uri_delimiter = 1; } else if(!strcmp(OVERSIZE_DIR, pcToken)) { iRet = ProcessOversizeDir(ServerConf, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(INSPECT_URI_ONLY, pcToken)) { ServerConf->uri_only = 1; } /* ** Start the CONF_OPT configurations. */ else if(!strcmp(ASCII, pcToken)) { ConfOpt = &ServerConf->ascii; iRet = ProcessConfOpt(ConfOpt, ASCII, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(UTF_8, pcToken)) { /* ** In order for this to work we also need to set ASCII */ ServerConf->ascii.on = 1; ConfOpt = &ServerConf->utf_8; iRet = ProcessConfOpt(ConfOpt, UTF_8, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(IIS_UNICODE, pcToken)) { if(ServerConf->iis_unicode_map == NULL) { ServerConf->iis_unicode_map = GlobalConf->iis_unicode_map; } /* ** We need to set up: ** - ASCII ** - DOUBLE_DECODE ** - U_ENCODE ** - BARE_BYTE ** - IIS_UNICODE ** - BASE36 */ ServerConf->ascii.on = 1; ConfOpt = &ServerConf->iis_unicode; iRet = ProcessConfOpt(ConfOpt, IIS_UNICODE, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(DOUBLE_DECODE, pcToken)) { ServerConf->ascii.on = 1; ConfOpt = &ServerConf->double_decoding; iRet = ProcessConfOpt(ConfOpt, DOUBLE_DECODE, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(U_ENCODE, pcToken)) { /* ** With %U encoding, we don't want base36 on. */ ServerConf->base36.on = 0; ServerConf->base36.alert = 0; /* ** We set the unicode map to default if it's not already ** set. */ if(ServerConf->iis_unicode_map == NULL) { ServerConf->iis_unicode_map = GlobalConf->iis_unicode_map; } ConfOpt = &ServerConf->u_encoding; iRet = ProcessConfOpt(ConfOpt, U_ENCODE, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(BARE_BYTE, pcToken)) { ConfOpt = &ServerConf->bare_byte; iRet = ProcessConfOpt(ConfOpt, BARE_BYTE, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(BASE36, pcToken)) { ServerConf->ascii.on = 1; /* ** With Base36 encoding, we don't want to have %U encoding ** turned on. */ ServerConf->u_encoding.on = 0; ServerConf->u_encoding.alert = 0; ConfOpt = &ServerConf->base36; iRet = ProcessConfOpt(ConfOpt, BASE36, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(NON_RFC_CHAR, pcToken)) { iRet = ProcessNonRfcChar(ServerConf, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(MULTI_SLASH, pcToken)) { ConfOpt = &ServerConf->multiple_slash; iRet = ProcessConfOpt(ConfOpt, MULTI_SLASH, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(IIS_BACKSLASH, pcToken)) { ConfOpt = &ServerConf->iis_backslash; iRet = ProcessConfOpt(ConfOpt, IIS_BACKSLASH, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(DIRECTORY, pcToken)) { ConfOpt = &ServerConf->directory; iRet = ProcessConfOpt(ConfOpt, DIRECTORY, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(APACHE_WS, pcToken)) { ConfOpt = &ServerConf->apache_whitespace; iRet = ProcessConfOpt(ConfOpt, APACHE_WS, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(WHITESPACE, pcToken)) { iRet = ProcessWhitespaceChars(ServerConf, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(IIS_DELIMITER, pcToken)) { ConfOpt = &ServerConf->iis_delimiter; iRet = ProcessConfOpt(ConfOpt, IIS_DELIMITER, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(WEBROOT, pcToken)) { ConfOpt = &ServerConf->webroot; iRet = ProcessConfOpt(ConfOpt, WEBROOT, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else { SnortSnprintf(ErrorString, ErrStrLen, "Invalid keyword '%s' for server configuration.", pcToken); return -1; } } while ((pcToken = strtok(NULL, CONF_SEPARATORS)) != NULL); return 0;}static int PrintConfOpt(HTTPINSPECT_CONF_OPT *ConfOpt, char *Option){ if(!ConfOpt || !Option) { return HI_INVALID_ARG; } if(ConfOpt->on) { LogMessage(" %s: YES alert: %s\n", Option, ConfOpt->alert ? "YES" : "NO"); } else { LogMessage(" %s: OFF\n", Option); } return 0;}static int PrintServerConf(HTTPINSPECT_CONF *ServerConf){ char buf[STD_BUF+1]; int iCtr; int iChar = 0; PROFILES prof; if(!ServerConf) { return HI_INVALID_ARG; } prof = ServerConf->profile; LogMessage(" Server profile: %s\n", prof==HI_ALL?"All": prof==HI_APACHE?"Apache": prof==HI_IIS?"IIS": prof==HI_IIS4?"IIS4":"IIS5"); memset(buf, 0, STD_BUF+1); SnortSnprintf(buf, STD_BUF + 1, " Ports: "); /* ** Print out all the applicable ports. */ for(iCtr = 0; iCtr < 65536; iCtr++) { if(ServerConf->ports[iCtr]) { sfsnprintfappend(buf, STD_BUF, "%d ", iCtr); } } LogMessage("%s\n", buf); LogMessage(" Flow Depth: %d\n", ServerConf->flow_depth); LogMessage(" Max Chunk Length: %d\n", ServerConf->chunk_length); LogMessage(" Inspect Pipeline Requests: %s\n", ServerConf->no_pipeline ? "NO" : "YES"); LogMessage(" URI Discovery Strict Mode: %s\n", ServerConf->non_strict ? "NO" : "YES"); LogMessage(" Allow Proxy Usage: %s\n", ServerConf->allow_proxy ? "YES" : "NO"); LogMessage(" Disable Alerting: %s\n", ServerConf->no_alerts ? "YES":"NO"); LogMessage(" Oversize Dir Length: %d\n", ServerConf->long_dir); LogMessage(" Only inspect URI: %s\n", ServerConf->uri_only ? "YES" : "NO"); PrintConfOpt(&ServerConf->ascii, "Ascii"); PrintConfOpt(&ServerConf->double_decoding, "Double Decoding"); PrintConfOpt(&ServerConf->u_encoding, "%U Encoding"); PrintConfOpt(&ServerConf->bare_byte, "Bare Byte"); PrintConfOpt(&ServerConf->base36, "Base36"); PrintConfOpt(&ServerConf->utf_8, "UTF 8"); PrintConfOpt(&ServerConf->iis_unicode, "IIS Unicode"); PrintConfOpt(&ServerConf->multiple_slash, "Multiple Slash"); PrintConfOpt(&ServerConf->iis_backslash, "IIS Backslash"); PrintConfOpt(&ServerConf->directory, "Directory Traversal"); PrintConfOpt(&ServerConf->webroot, "Web Root Traversal"); PrintConfOpt(&ServerConf->apache_whitespace, "Apache WhiteSpace"); PrintConfOpt(&ServerConf->iis_delimiter, "IIS Delimiter"); if(ServerConf->iis_unicode_map_filename) { LogMessage(" IIS Unicode Map Filename: %s\n", ServerConf->iis_unicode_map_filename); LogMessage(" IIS Unicode Map Codepage: %d\n", ServerConf->iis_unicode_codepage); } else if(ServerConf->iis_unicode_map) { LogMessage(" IIS Unicode Map: " "GLOBAL IIS UNICODE MAP CONFIG\n"); } else { LogMessage(" IIS Unicode Map: NOT CONFIGURED\n"); } /* ** Print out the non-rfc chars */ memset(buf, 0, STD_BUF+1); SnortSnprintf(buf, STD_BUF + 1, " Non-RFC Compliant Characters: "); for(iCtr = 0; iCtr < 256; iCtr++) { if(ServerConf->non_rfc_chars[iCtr]) { sfsnprintfappend(buf, STD_BUF, "0x%.2x ", (u_char)iCtr); iChar = 1; } } if(!iChar) { sfsnprintfappend(buf, STD_BUF, "NONE"); } LogMessage("%s\n", buf); /* ** Print out the whitespace chars */ iChar = 0; memset(buf, 0, STD_BUF+1); SnortSnprintf(buf, STD_BUF + 1, " Whitespace Characters: "); for(iCtr = 0; iCtr < 256; iCtr++) { if(ServerConf->whitespace[iCtr]) { sfsnprintfappend(buf, STD_BUF, "0x%.2x ", (u_char)iCtr); iChar = 1; } } if(!iChar) { sfsnprintfappend(buf, STD_BUF, "NONE"); } LogMessage("%s\n", buf); return 0;}static int s_iDefaultServer = 0;static int ProcessUniqueServerConf(HTTPINSPECT_GLOBAL_CONF *GlobalConf, char *ErrorString, int ErrStrLen){ char *pcToken;#ifdef SUP_IP6 ip_p Ip;#else unsigned long Ip; struct in_addr ip_addr;#endif HTTPINSPECT_CONF *ServerConf; int iRet; pcToken = strtok(NULL, CONF_SEPARATORS); if(!pcToken) { SnortSnprintf(ErrorString, ErrStrLen, "No arguments to '%s' token.", SERVER); return -1; } /* ** Check for the default configuration first */ if(!strcmp(SERVER_DEFAULT, pcToken)) { if(s_iDefaultServer) { SnortSnprintf(ErrorString, ErrStrLen, "Cannot configure '%s' settings more than once.", GLOBAL_SERVER); return -1; } s_iDefaultServer = 1; ServerConf = &GlobalConf->global_server; iRet = ProcessServerConf(GlobalConf, ServerConf, ErrorString, ErrStrLen); if (iRet) { return iRet; } /* ** Start writing out the Default Server Config */ LogMessage(" DEFAULT SERVER CONFIG:\n"); } else { /* ** Convert string to IP address */#ifdef SUP_IP6 if(!(Ip = sfip_alloc(pcToken, NULL)))⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -