From dd9f361bc739f5aa4bc11f70569499e9115d0d50 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 22 Feb 2013 10:45:22 -0600 Subject: [PATCH 1/2] Fix build on OpenBSD 5.2. --- src/bro_inet_ntop.h | 1 + src/threading/SerialTypes.h | 1 + 2 files changed, 2 insertions(+) diff --git a/src/bro_inet_ntop.h b/src/bro_inet_ntop.h index 00326b092e..c018403893 100644 --- a/src/bro_inet_ntop.h +++ b/src/bro_inet_ntop.h @@ -5,6 +5,7 @@ extern "C" { #endif +#include #include const char * diff --git a/src/threading/SerialTypes.h b/src/threading/SerialTypes.h index 60aee2411e..f4f0bc0957 100644 --- a/src/threading/SerialTypes.h +++ b/src/threading/SerialTypes.h @@ -2,6 +2,7 @@ #ifndef THREADING_SERIALIZATIONTYPES_H #define THREADING_SERIALIZATIONTYPES_H +#include #include #include #include From 2481f9f83772a4e934f72c1bf9ac35fd0ea7c096 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 27 Feb 2013 16:04:36 -0600 Subject: [PATCH 2/2] Fix possible null pointer dereference in identify_data BIF. There was no check/handling for if magic_buffer() returns null. Also centralized libmagic calls for consistent error handling/output. --- src/FileAnalyzer.cc | 27 +++++---------------------- src/FileAnalyzer.h | 2 -- src/bro.bif | 28 ++++++---------------------- src/util.cc | 32 ++++++++++++++++++++++++++++++++ src/util.h | 4 ++++ 5 files changed, 47 insertions(+), 46 deletions(-) diff --git a/src/FileAnalyzer.cc b/src/FileAnalyzer.cc index d4064e8144..172f1aaa1d 100644 --- a/src/FileAnalyzer.cc +++ b/src/FileAnalyzer.cc @@ -2,6 +2,7 @@ #include "FileAnalyzer.h" #include "Reporter.h" +#include "util.h" magic_t File_Analyzer::magic = 0; magic_t File_Analyzer::magic_mime = 0; @@ -11,11 +12,8 @@ File_Analyzer::File_Analyzer(Connection* conn) { buffer_len = 0; - if ( ! magic ) - { - InitMagic(&magic, MAGIC_NONE); - InitMagic(&magic_mime, MAGIC_MIME); - } + bro_init_magic(&magic, MAGIC_NONE); + bro_init_magic(&magic_mime, MAGIC_MIME); } void File_Analyzer::DeliverStream(int len, const u_char* data, bool orig) @@ -49,10 +47,10 @@ void File_Analyzer::Identify() const char* mime = 0; if ( magic ) - descr = magic_buffer(magic, buffer, buffer_len); + descr = bro_magic_buffer(magic, buffer, buffer_len); if ( magic_mime ) - mime = magic_buffer(magic_mime, buffer, buffer_len); + mime = bro_magic_buffer(magic_mime, buffer, buffer_len); val_list* vl = new val_list; vl->append(BuildConnVal()); @@ -61,18 +59,3 @@ void File_Analyzer::Identify() vl->append(new StringVal(mime ? mime : "")); ConnectionEvent(file_transferred, vl); } - -void File_Analyzer::InitMagic(magic_t* magic, int flags) - { - *magic = magic_open(flags); - - if ( ! *magic ) - reporter->Error("can't init libmagic: %s", magic_error(*magic)); - - else if ( magic_load(*magic, 0) < 0 ) - { - reporter->Error("can't load magic file: %s", magic_error(*magic)); - magic_close(*magic); - *magic = 0; - } - } diff --git a/src/FileAnalyzer.h b/src/FileAnalyzer.h index dcf9d22e8e..ac5c783e6b 100644 --- a/src/FileAnalyzer.h +++ b/src/FileAnalyzer.h @@ -29,8 +29,6 @@ protected: char buffer[BUFFER_SIZE]; int buffer_len; - static void InitMagic(magic_t* magic, int flags); - static magic_t magic; static magic_t magic_mime; }; diff --git a/src/bro.bif b/src/bro.bif index 8cea9d9123..29aa178316 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -16,6 +16,7 @@ #include "digest.h" #include "Reporter.h" #include "IPAddr.h" +#include "util.h" using namespace std; @@ -844,38 +845,21 @@ extern "C" { ## return_mime: If true, the function returns a short MIME type string (e.g., ## ``text/plain`` instead of a more elaborate textual description). ## -## Returns: The MIME type of *data*. +## Returns: The MIME type of *data*, or "" if there was an error. function identify_data%(data: string, return_mime: bool%): string %{ - const char* descr = ""; - static magic_t magic_mime = 0; static magic_t magic_descr = 0; magic_t* magic = return_mime ? &magic_mime : &magic_descr; + bro_init_magic(magic, return_mime ? MAGIC_MIME : MAGIC_NONE); if( ! *magic ) - { - *magic = magic_open(return_mime ? MAGIC_MIME : MAGIC_NONE); + return new StringVal(""); - if ( ! *magic ) - { - reporter->Error("can't init libmagic: %s", magic_error(*magic)); - return new StringVal(""); - } + const char* desc = bro_magic_buffer(*magic, data->Bytes(), data->Len()); - if ( magic_load(*magic, 0) < 0 ) - { - reporter->Error("can't load magic file: %s", magic_error(*magic)); - magic_close(*magic); - *magic = 0; - return new StringVal(""); - } - } - - descr = magic_buffer(*magic, data->Bytes(), data->Len()); - - return new StringVal(descr); + return new StringVal(desc ? desc : ""); %} ## Performs an entropy test on the given data. diff --git a/src/util.cc b/src/util.cc index c36ff6a31c..1c3de862a5 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1527,3 +1527,35 @@ void operator delete[](void* v) } #endif + +void bro_init_magic(magic_t* cookie_ptr, int flags) + { + if ( ! cookie_ptr || *cookie_ptr ) return; + + *cookie_ptr = magic_open(flags); + + if ( ! *cookie_ptr ) + { + const char* err = magic_error(*cookie_ptr); + reporter->Error("can't init libmagic: %s", err ? err : "unknown"); + } + + else if ( magic_load(*cookie_ptr, 0) < 0 ) + { + const char* err = magic_error(*cookie_ptr); + reporter->Error("can't load magic file: %s", err ? err : "unknown"); + magic_close(*cookie_ptr); + *cookie_ptr = 0; + } + } + +const char* bro_magic_buffer(magic_t cookie, const void* buffer, size_t length) + { + const char* rval = magic_buffer(cookie, buffer, length); + if ( ! rval ) + { + const char* err = magic_error(cookie); + reporter->Error("magic_buffer error: %s", err ? err : "unknown"); + } + return rval; + } diff --git a/src/util.h b/src/util.h index 7d65f42fa8..5d4115773d 100644 --- a/src/util.h +++ b/src/util.h @@ -15,6 +15,7 @@ #include #include #include +#include #include "config.h" #if __STDC__ @@ -364,4 +365,7 @@ struct CompareString } }; +void bro_init_magic(magic_t* cookie_ptr, int flags); +const char* bro_magic_buffer(magic_t cookie, const void* buffer, size_t length); + #endif