Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

FileAnalysis: load custom mime magic database just once.

Browse source 
This works around a bug in libmagic since version 5.12 (current at
time of writing is 5.14) -- second call to magic_load() w/ non-default
database segfaults.
This commit is contained in:
Jon Siwek 2013-04-29 11:34:27 -05:00
parent d22f30e9a1
commit 0141f51801
7 changed files with 15 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/FileAnalyzer.cc
View file

@ -5,16 +5,10 @@
#include "Reporter.h" #include "Reporter.h"
#include "util.h" #include "util.h"
magic_t File_Analyzer::magic = 0;
magic_t File_Analyzer::magic_mime = 0;
File_Analyzer::File_Analyzer(AnalyzerTag::Tag tag, Connection* conn) File_Analyzer::File_Analyzer(AnalyzerTag::Tag tag, Connection* conn)
: TCP_ApplicationAnalyzer(tag, conn) : TCP_ApplicationAnalyzer(tag, conn)
{ {
buffer_len = 0; buffer_len = 0;
bro_init_magic(&magic, MAGIC_NONE);
bro_init_magic(&magic_mime, MAGIC_MIME);
} }
void File_Analyzer::DeliverStream(int len, const u_char* data, bool orig) void File_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
@ -49,19 +43,13 @@ void File_Analyzer::Done()
void File_Analyzer::Identify() void File_Analyzer::Identify()
{ {
const char* descr = 0; const char* desc = bro_magic_buffer(magic_desc_cookie, buffer, buffer_len);
const char* mime = 0; const char* mime = bro_magic_buffer(magic_mime_cookie, buffer, buffer_len);
if ( magic )
descr = bro_magic_buffer(magic, buffer, buffer_len);
if ( magic_mime )
mime = bro_magic_buffer(magic_mime, buffer, buffer_len);
val_list* vl = new val_list; val_list* vl = new val_list;
vl->append(BuildConnVal()); vl->append(BuildConnVal());
vl->append(new StringVal(buffer_len, buffer)); vl->append(new StringVal(buffer_len, buffer));
vl->append(new StringVal(descr ? descr : "<unknown>")); vl->append(new StringVal(desc ? desc : "<unknown>"));
vl->append(new StringVal(mime ? mime : "<unknown>")); vl->append(new StringVal(mime ? mime : "<unknown>"));
ConnectionEvent(file_transferred, vl); ConnectionEvent(file_transferred, vl);
} }

4
src/FileAnalyzer.h
View file

@ -6,7 +6,6 @@
#include "TCP.h" #include "TCP.h"
#include <string> #include <string>
#include <magic.h>
class File_Analyzer : public TCP_ApplicationAnalyzer { class File_Analyzer : public TCP_ApplicationAnalyzer {
public: public:
@ -31,9 +30,6 @@ protected:
static const int BUFFER_SIZE = 1024; static const int BUFFER_SIZE = 1024;
char buffer[BUFFER_SIZE]; char buffer[BUFFER_SIZE];
int buffer_len; int buffer_len;
static magic_t magic;
static magic_t magic_mime;
}; };
class IRC_Data : public File_Analyzer { class IRC_Data : public File_Analyzer {

6
src/bro.bif
View file

@ -849,11 +849,7 @@ extern "C" {
## Returns: The MIME type of *data*, or "<unknown>" if there was an error. ## Returns: The MIME type of *data*, or "<unknown>" if there was an error.
function identify_data%(data: string, return_mime: bool%): string function identify_data%(data: string, return_mime: bool%): string
%{ %{
static magic_t magic_mime = 0; magic_t* magic = return_mime ? &magic_mime_cookie : &magic_desc_cookie;
static magic_t magic_descr = 0;
magic_t* magic = return_mime ? &magic_mime : &magic_descr;
bro_init_magic(magic, return_mime ? MAGIC_MIME : MAGIC_NONE);
if( ! *magic ) if( ! *magic )
return new StringVal("<unknown>"); return new StringVal("<unknown>");

6
src/file_analysis/File.cc
View file

@ -49,8 +49,6 @@ int File::bof_buffer_size_idx = -1;
int File::bof_buffer_idx = -1; int File::bof_buffer_idx = -1;
int File::mime_type_idx = -1; int File::mime_type_idx = -1;
magic_t File::magic_mime = 0;
string File::salt; string File::salt;
void File::StaticInit() void File::StaticInit()
@ -72,8 +70,6 @@ void File::StaticInit()
bof_buffer_idx = Idx("bof_buffer"); bof_buffer_idx = Idx("bof_buffer");
mime_type_idx = Idx("mime_type"); mime_type_idx = Idx("mime_type");
bro_init_magic(&magic_mime, MAGIC_MIME);
salt = BifConst::FileAnalysis::salt->CheckString(); salt = BifConst::FileAnalysis::salt->CheckString();
} }
@ -250,7 +246,7 @@ bool File::BufferBOF(const u_char* data, uint64 len)
bool File::DetectMIME(const u_char* data, uint64 len) bool File::DetectMIME(const u_char* data, uint64 len)
{ {
const char* mime = bro_magic_buffer(magic_mime, data, len); const char* mime = bro_magic_buffer(magic_mime_cookie, data, len);
if ( mime ) if ( mime )
{ {

3
src/file_analysis/File.h
View file

@ -3,7 +3,6 @@
#include <string> #include <string>
#include <vector> #include <vector>
#include <magic.h>
#include "AnalyzerTags.h" #include "AnalyzerTags.h"
#include "Conn.h" #include "Conn.h"
@ -207,8 +206,6 @@ protected:
*/ */
static void StaticInit(); static void StaticInit();
static magic_t magic_mime;
static string salt; static string salt;
static int id_idx; static int id_idx;

7
src/main.cc
View file

@ -23,6 +23,7 @@ extern "C" {
#endif #endif
#include <openssl/md5.h> #include <openssl/md5.h>
#include <magic.h>
extern "C" void OPENSSL_add_all_algorithms_conf(void); extern "C" void OPENSSL_add_all_algorithms_conf(void);
@ -64,6 +65,9 @@ extern "C" void OPENSSL_add_all_algorithms_conf(void);
Brofiler brofiler; Brofiler brofiler;
magic_t magic_desc_cookie = 0;
magic_t magic_mime_cookie = 0;
#ifndef HAVE_STRSEP #ifndef HAVE_STRSEP
extern "C" { extern "C" {
char* strsep(char**, const char*); char* strsep(char**, const char*);
@ -730,6 +734,9 @@ int main(int argc, char** argv)
curl_global_init(CURL_GLOBAL_ALL); curl_global_init(CURL_GLOBAL_ALL);
#endif #endif
bro_init_magic(&magic_desc_cookie, MAGIC_NONE);
bro_init_magic(&magic_mime_cookie, MAGIC_MIME);
// FIXME: On systems that don't provide /dev/urandom, OpenSSL doesn't // FIXME: On systems that don't provide /dev/urandom, OpenSSL doesn't
// seed the PRNG. We should do this here (but at least Linux, FreeBSD // seed the PRNG. We should do this here (but at least Linux, FreeBSD
// and Solaris provide /dev/urandom). // and Solaris provide /dev/urandom).

3
src/util.h
View file

@ -370,6 +370,9 @@ struct CompareString
} }
}; };
extern magic_t magic_desc_cookie;
extern magic_t magic_mime_cookie;
void bro_init_magic(magic_t* cookie_ptr, int flags); void bro_init_magic(magic_t* cookie_ptr, int flags);
const char* bro_magic_buffer(magic_t cookie, const void* buffer, size_t length); const char* bro_magic_buffer(magic_t cookie, const void* buffer, size_t length);