diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index 81b25d9568..49fcd94d2a 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -3042,6 +3042,14 @@ export { ## buffered because no handle was available yet (e.g. when the necessary ## events to construct the handle may not have been flushed yet). const pending_file_timeout = 10 sec &redef; + + ## The salt concatenated to unique file handle strings generated by + ## :bro:see:`FileAnalysis::handle_callbacks` before hashing them + ## in to a file id (the *file_id* field of :bro:see:`FileAnalysis::Info`). + ## Provided to help mitigate the possiblility of manipulating parts of + ## network connections that factor in to the file handle in order to + ## generate two handles that would hash to the same file id. + const salt = "I recommend changing this." &redef; } module GLOBAL; diff --git a/src/const.bif b/src/const.bif index 0b843e34a9..7fdb444c2c 100644 --- a/src/const.bif +++ b/src/const.bif @@ -26,3 +26,4 @@ const Threading::heartbeat_interval: interval; const FileAnalysis::pending_file_drain_interval: interval; const FileAnalysis::pending_file_timeout: interval; +const FileAnalysis::salt: string; diff --git a/src/file_analysis/Info.cc b/src/file_analysis/Info.cc index f1af9ffff1..d3a89fd825 100644 --- a/src/file_analysis/Info.cc +++ b/src/file_analysis/Info.cc @@ -1,4 +1,5 @@ #include +#include #include "Info.h" #include "InfoTimer.h" @@ -54,9 +55,12 @@ int Info::actions_idx = -1; magic_t Info::magic = 0; magic_t Info::magic_mime = 0; -void Info::InitFieldIndices() +string Info::salt; + +void Info::StaticInit() { if ( file_id_idx != -1 ) return; + file_id_idx = Idx("file_id"); parent_file_id_idx = Idx("parent_file_id"); source_idx = Idx("source"); @@ -72,6 +76,11 @@ void Info::InitFieldIndices() file_type_idx = Idx("file_type"); mime_type_idx = Idx("mime_type"); actions_idx = Idx("actions"); + + bro_init_magic(&magic, MAGIC_NONE); + bro_init_magic(&magic_mime, MAGIC_MIME); + + salt = BifConst::FileAnalysis::salt->CheckString(); } Info::Info(const string& unique, Connection* conn) @@ -79,13 +88,14 @@ Info::Info(const string& unique, Connection* conn) postpone_timeout(false), need_reassembly(false), done(false), actions(this) { - InitFieldIndices(); - - bro_init_magic(&magic, MAGIC_NONE); - bro_init_magic(&magic_mime, MAGIC_MIME); + StaticInit(); char id[20]; - uitoa_n(calculate_unique_id(), id, sizeof(id), 62); + uint64 hash[2]; + string msg(unique + salt); + MD5(reinterpret_cast(msg.data()), msg.size(), + reinterpret_cast(hash)); + uitoa_n(hash[0], id, sizeof(id), 62); DBG_LOG(DBG_FILE_ANALYSIS, "Creating new Info object %s", id); diff --git a/src/file_analysis/Info.h b/src/file_analysis/Info.h index 8b4c10473c..2ec9efef6e 100644 --- a/src/file_analysis/Info.h +++ b/src/file_analysis/Info.h @@ -179,13 +179,15 @@ protected: static int Idx(const string& field_name); /** - * Initializes the index offsets for fields in \c FileAnalysis::info record. + * Initializes static member. */ - static void InitFieldIndices(); + static void StaticInit(); static magic_t magic; static magic_t magic_mime; + static string salt; + public: static int file_id_idx; static int parent_file_id_idx;