📄 snort_ftptelnet.c
字号:
ThisFmt->choices = tmpChoices; NextFmt->prev_param_fmt = ThisFmt; iRet = DoNextFormat(NextFmt, 1, ErrorString, ErrStrLen); numChoices++; } while (iRet == FTPP_OR_FOUND); if (iRet != FTPP_CHOICE_END_FOUND) { return FTPP_INVALID_ARG; } return DoNextFormat(ThisFmt, 0, ErrorString, ErrStrLen); } if (!allocated) { NextFmt = (FTP_PARAM_FMT *)calloc(1, sizeof(FTP_PARAM_FMT)); if (NextFmt == NULL) { DynamicPreprocessorFatalMessage("%s(%d) => Failed to allocate memory\n", *(_dpd.config_file), *(_dpd.config_line)); } NextFmt->prev_param_fmt = ThisFmt; ThisFmt->next_param_fmt = NextFmt; if (ThisFmt->optional) NextFmt->prev_optional = 1; } else { NextFmt = ThisFmt; } /* If its not an end cmd, OR, START/END Opt... * it must be a parameter specification. */ /* Setup the type & format specs */ if (!strcmp(fmt, F_INT)) { NextFmt->type = e_int; } else if (!strcmp(fmt, F_NUMBER)) { NextFmt->type = e_number; } else if (!strcmp(fmt, F_CHAR)) { char *chars_allowed = NextToken(CONF_SEPARATORS); NextFmt->type = e_char; NextFmt->format.chars_allowed = 0; while (*chars_allowed != 0) { int bitNum = (*chars_allowed & 0x1f); NextFmt->format.chars_allowed |= (1 << (bitNum-1)); chars_allowed++; } } else if (!strcmp(fmt, F_DATE)) { FTP_DATE_FMT *DateFmt; char *format = NextToken(CONF_SEPARATORS); NextFmt->type = e_date; DateFmt = (FTP_DATE_FMT *)calloc(1, sizeof(FTP_DATE_FMT)); if (DateFmt == NULL) { DynamicPreprocessorFatalMessage("%s(%d) => Failed to allocate memory\n", *(_dpd.config_file), *(_dpd.config_line)); } NextFmt->format.date_fmt = DateFmt; iRet = ProcessDateFormat(DateFmt, NULL, &format); if (iRet) { snprintf(ErrorString, ErrStrLen, "Illegal format %s for token '%s'.", format, CMD_VALIDITY); return FTPP_INVALID_ARG; } } else if (!strcmp(fmt, F_STRING)) { NextFmt->type = e_unrestricted; } else if (!strcmp(fmt, F_HOST_PORT)) { NextFmt->type = e_host_port; } else { snprintf(ErrorString, ErrStrLen, "Illegal format type %s for token '%s'.", fmt, CMD_VALIDITY); return FTPP_INVALID_ARG; } return DoNextFormat(NextFmt, 0, ErrorString, ErrStrLen);}/* * Function: ProcessFTPCmdValidity(FTP_SERVER_PROTO_CONF *ServerConf, * char *ErrorString, int ErrStrLen) * * Purpose: Process the ftp cmd validity configuration. * This sets the FTP command parameter validation tree. * * Arguments: ServerConf => pointer to the FTP server configuration * confOption => pointer to the name of the option * ErrorString => error string buffer * ErrStrLen => the length of the error string buffer * * Returns: int => an error code integer (0 = success, * >0 = non-fatal error, <0 = fatal error) * */static int ProcessFTPCmdValidity(FTP_SERVER_PROTO_CONF *ServerConf, char *ErrorString, int ErrStrLen){ FTP_CMD_CONF *FTPCmd = NULL; FTP_PARAM_FMT *HeadFmt = NULL; char *cmd; char *fmt; int iRet; fmt = NextToken(CONF_SEPARATORS); if(fmt == NULL) { snprintf(ErrorString, ErrStrLen, "No argument to token '%s'.", CMD_VALIDITY); return FTPP_FATAL_ERR; } cmd = fmt; if (strlen(cmd) > 4) { snprintf(ErrorString, ErrStrLen, "FTP Commands are no longer than 4 characters: '%s'.", cmd); return FTPP_FATAL_ERR; } fmt = NextToken(CONF_SEPARATORS); if(!fmt) { snprintf(ErrorString, ErrStrLen, "Invalid cmd validity format."); return FTPP_FATAL_ERR; } if(strcmp(START_CMD_FORMAT, fmt)) { snprintf(ErrorString, ErrStrLen, "Must start a cmd validity with the '%s' token.", START_CMD_FORMAT); return FTPP_FATAL_ERR; } HeadFmt = (FTP_PARAM_FMT *)calloc(1, sizeof(FTP_PARAM_FMT)); if (HeadFmt == NULL) { DynamicPreprocessorFatalMessage("%s(%d) => Failed to allocate memory\n", *(_dpd.config_file), *(_dpd.config_line)); } HeadFmt->type = e_head; iRet = DoNextFormat(HeadFmt, 0, ErrorString, ErrStrLen); /* Need to check to be sure we got a complete command */ if (iRet) { return FTPP_FATAL_ERR; } SetOptionalsNext(HeadFmt, NULL, NULL, 0); FTPCmd = ftp_cmd_lookup_find(ServerConf->cmd_lookup, cmd, strlen(cmd), &iRet); if (FTPCmd == NULL) { /* Add it to the list */ FTPCmd = (FTP_CMD_CONF *)calloc(1, sizeof(FTP_CMD_CONF)); if (FTPCmd == NULL) { DynamicPreprocessorFatalMessage("%s(%d) => Failed to allocate memory\n", *(_dpd.config_file), *(_dpd.config_line)); } strncpy(FTPCmd->cmd_name, cmd, sizeof(FTPCmd->cmd_name) - 1); FTPCmd->cmd_name[sizeof(FTPCmd->cmd_name) - 1] = '\0'; FTPCmd->max_param_len = ServerConf->def_max_param_len; ftp_cmd_lookup_add(ServerConf->cmd_lookup, cmd, strlen(cmd), FTPCmd); } FTPCmd->check_validity = 1; if (FTPCmd->param_format) { ftpp_ui_config_reset_ftp_cmd_format(FTPCmd->param_format); FTPCmd->param_format = NULL; } FTPCmd->param_format = HeadFmt; return FTPP_SUCCESS;}/* * Function: PrintFormatDate(FTP_DATE_FMT *DateFmt) * * Purpose: Recursively prints the FTP date validation tree * * Arguments: DateFmt => pointer to the date format node * * Returns: None * */static void PrintFormatDate(char *buf, FTP_DATE_FMT *DateFmt){ FTP_DATE_FMT *OptChild; if (!DateFmt->empty) _dpd.printfappend(buf, BUF_SIZE, "%s", DateFmt->format_string); if (DateFmt->optional) { OptChild = DateFmt->optional; _dpd.printfappend(buf, BUF_SIZE, "["); PrintFormatDate(buf, OptChild); _dpd.printfappend(buf, BUF_SIZE, "]"); } if (DateFmt->next_a) { if (DateFmt->next_b) _dpd.printfappend(buf, BUF_SIZE, "{"); OptChild = DateFmt->next_a; PrintFormatDate(buf, OptChild); if (DateFmt->next_b) { _dpd.printfappend(buf, BUF_SIZE, "|"); OptChild = DateFmt->next_b; PrintFormatDate(buf, OptChild); _dpd.printfappend(buf, BUF_SIZE, "}"); } } if (DateFmt->next) PrintFormatDate(buf, DateFmt->next);}/* * Function: PrintCmdFmt(FTP_PARAM_FMT *CmdFmt) * * Purpose: Recursively prints the FTP command parameter validation tree * * Arguments: CmdFmt => pointer to the parameter validation node * * Returns: None * */static void PrintCmdFmt(char *buf, FTP_PARAM_FMT *CmdFmt){ FTP_PARAM_FMT *OptChild; switch(CmdFmt->type) { case e_int: _dpd.printfappend(buf, BUF_SIZE, " %s", F_INT); break; case e_number: _dpd.printfappend(buf, BUF_SIZE, " %s", F_NUMBER); break; case e_char: _dpd.printfappend(buf, BUF_SIZE, " %s 0x%x", F_CHAR, CmdFmt->format.chars_allowed); break; case e_date: _dpd.printfappend(buf, BUF_SIZE, " %s", F_DATE); PrintFormatDate(buf, CmdFmt->format.date_fmt); break; case e_unrestricted: _dpd.printfappend(buf, BUF_SIZE, " %s", F_STRING); break; case e_strformat: _dpd.printfappend(buf, BUF_SIZE, " %s", F_STRING_FMT); break; case e_host_port: _dpd.printfappend(buf, BUF_SIZE, " %s", F_HOST_PORT); break; case e_head: break; } if (CmdFmt->optional_fmt) { OptChild = CmdFmt->optional_fmt; _dpd.printfappend(buf, BUF_SIZE, "["); PrintCmdFmt(buf, OptChild); _dpd.printfappend(buf, BUF_SIZE, "]"); } if (CmdFmt->numChoices) { int i; _dpd.printfappend(buf, BUF_SIZE, "{"); for (i=0;i<CmdFmt->numChoices;i++) { if (i) _dpd.printfappend(buf, BUF_SIZE, "|"); OptChild = CmdFmt->choices[i]; PrintCmdFmt(buf, OptChild); } _dpd.printfappend(buf, BUF_SIZE, "}"); } if (CmdFmt->next_param_fmt && CmdFmt->next_param_fmt->prev_optional) PrintCmdFmt(buf, CmdFmt->next_param_fmt);}/* * Function: ProcessFTPMaxRespLen(FTP_CLIENT_PROTO_CONF *ClientConf, * char *ErrorString, int ErrStrLen) * * Purpose: Process the max response length configuration * This sets the max length of an FTP response that we * will tolerate, before alerting. * * Arguments: ClientConf => pointer to the FTP client configuration * ErrorString => error string buffer * ErrStrLen => the length of the error string buffer * * Returns: int => an error code integer (0 = success, * >0 = non-fatal error, <0 = fatal error) * */static int ProcessFTPMaxRespLen(FTP_CLIENT_PROTO_CONF *ClientConf, char *ErrorString, int ErrStrLen){ char *pcToken; char *pcEnd = NULL; pcToken = NextToken(CONF_SEPARATORS); if(pcToken == NULL) { snprintf(ErrorString, ErrStrLen, "No argument to token '%s'.", MAX_RESP_LEN); return FTPP_FATAL_ERR; } ClientConf->max_resp_len = strtol(pcToken, &pcEnd, 10); /* * Let's check to see if the entire string was valid. * If there is an address here, then there was an * invalid character in the string. */ if ((*pcEnd) || (ClientConf->max_resp_len < 0)) { snprintf(ErrorString, ErrStrLen, "Invalid argument to token '%s'. Must be a positive " "number.", MAX_RESP_LEN); return FTPP_FATAL_ERR; } return FTPP_SUCCESS;}/* * Function: parseIP(char *token, * u_int32_t* ipaddr, int *bits, * u_int16_t *portlo, u_int16_t *porthi) * * Purpose: Extract the IP address, masking bits (CIDR format), and * port information from an FTP Bounce To configuration. * * Arguments: token => string pointer to the FTP bounce configuration * ipaddr => pointer to returned ip address * bits => pointer to returned bit mask * portlo => pointer to port (or beginning of port range) * porthi => pointer to end of the port range if it exists * * Returns: int => an error code integer (0 = success, * >0 = non-fatal error, <0 = fatal error) * */int parseIP(char *token, u_int32_t* ipaddr, int *bits, u_int16_t *portlo, u_int16_t *porthi){ char *ptr = token; int octet = 0; int bitsseen = 0; int port = 0; int val = 0; if ((!token) || (!ipaddr) || (!bits) || (!portlo) || (!porthi)) return FTPP_INVALID_ARG; *porthi = 0; *portlo = 0; *ipaddr = 0; *bits = 32; do { if (isdigit((int)(*ptr))) { val = val * 10 + (*ptr - '0'); } else if (*ptr == '.') { /* End of octet */ *ipaddr = *ipaddr + (val << (octet * 8)); val = 0; octet++; } else if (*ptr == '/') { bitsseen = 1; /* End last of octet */ *ipaddr = *ipaddr + (val << (octet * 8)); octet++; val = 0; ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -