mirror of https://github.com/OISF/suricata
				
				
				
			
			You cannot select more than 25 topics
			Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
		
		
		
		
		
			
		
			
				
	
	
		
			376 lines
		
	
	
		
			10 KiB
		
	
	
	
		
			C
		
	
			
		
		
	
	
			376 lines
		
	
	
		
			10 KiB
		
	
	
	
		
			C
		
	
| /*
 | |
|  * LibHTP (http://www.libhtp.org)
 | |
|  * Copyright 2009,2010 Ivan Ristic <ivanr@webkreator.com>
 | |
|  *
 | |
|  * LibHTP is an open source product, released under terms of the General Public Licence
 | |
|  * version 2 (GPLv2). Please refer to the file LICENSE, which contains the complete text
 | |
|  * of the license.
 | |
|  *
 | |
|  * In addition, there is a special exception that allows LibHTP to be freely
 | |
|  * used with any OSI-approved open source licence. Please refer to the file
 | |
|  * LIBHTP_LICENSING_EXCEPTION for the full text of the exception.
 | |
|  *
 | |
|  */
 | |
| 
 | |
| #include <fcntl.h>
 | |
| #include <unistd.h>
 | |
| #include <stdio.h>
 | |
| #include <stdlib.h>
 | |
| #include <sys/stat.h>
 | |
| #include <sys/time.h>
 | |
| #include <sys/types.h>
 | |
| 
 | |
| #include "../htp/htp.h"
 | |
| #include "test.h"
 | |
| 
 | |
| /**
 | |
|  * Destroys a test.
 | |
|  *
 | |
|  * @param test
 | |
|  */
 | |
| static void test_destroy(test_t *test) {
 | |
|     if (test->buf != NULL) {
 | |
|         free(test->buf);
 | |
|         test->buf = NULL;
 | |
|     }
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * Checks if there's a chunk boundary at the given position.
 | |
|  *
 | |
|  * @param test
 | |
|  * @param pos
 | |
|  * @return Zero if there is no boundary, SERVER or CLIENT if a boundary
 | |
|  *         was found, and a negative value on error (e.g., not enough data
 | |
|  *         to determine if a boundary is present).
 | |
|  */
 | |
| static int test_is_boundary(test_t *test, int pos) {
 | |
|     // Check that there's enough room
 | |
|     if (pos + 3 >= test->len) return -1;
 | |
| 
 | |
|     if ((test->buf[pos] == '<') && (test->buf[pos + 1] == '<') && (test->buf[pos + 2] == '<')) {
 | |
|         if (test->buf[pos + 3] == '\n') {
 | |
|             return SERVER;
 | |
|         }
 | |
| 
 | |
|         if (test->buf[pos + 3] == '\r') {
 | |
|             if (pos + 4 >= test->len) return -1;
 | |
|             else if (test->buf[pos + 4] == '\n') {
 | |
|                 return SERVER;
 | |
|             }
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     if ((test->buf[pos] == '>') && (test->buf[pos + 1] == '>') && (test->buf[pos + 2] == '>')) {
 | |
|         if (test->buf[pos + 3] == '\n') {
 | |
|             return CLIENT;
 | |
|         }
 | |
| 
 | |
|         if (test->buf[pos + 3] == '\r') {
 | |
|             if (pos + 4 >= test->len) return -1;
 | |
|             else if (test->buf[pos + 4] == '\n') {
 | |
|                 return CLIENT;
 | |
|             }
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     return 0;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * Initializes test by loading the entire data file into a memory block.
 | |
|  *
 | |
|  * @param test
 | |
|  * @param filename
 | |
|  * @return Non-negative value on success, negative value on error.
 | |
|  */
 | |
| static int test_init(test_t *test, const char *filename) {
 | |
|     memset(test, 0, sizeof (test_t));
 | |
| 
 | |
|     int fd = open(filename, O_RDONLY | O_BINARY);
 | |
|     if (fd < 0) return -1;
 | |
| 
 | |
|     struct stat buf;
 | |
|     if (fstat(fd, &buf) < 0) {
 | |
|         return -1;
 | |
|     }
 | |
| 
 | |
|     test->buf = malloc(buf.st_size);
 | |
|     test->len = 0;
 | |
|     test->pos = 0;
 | |
| 
 | |
|     int bytes_read = 0;
 | |
|     while ((bytes_read = read(fd, test->buf + test->len, buf.st_size - test->len)) > 0) {
 | |
|         test->len += bytes_read;
 | |
|     }
 | |
| 
 | |
|     if (test->len != buf.st_size) {
 | |
|         free(test->buf);
 | |
|         return -2;
 | |
|     }
 | |
| 
 | |
|     close(fd);
 | |
| 
 | |
|     return 1;
 | |
| }
 | |
| 
 | |
| void test_start(test_t *test) {
 | |
|     test->pos = 0;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * Finds the next data chunk in the given test.
 | |
|  *
 | |
|  * @param test
 | |
|  * @return One if a chunk is found or zero if there are no more chunks in the test. On
 | |
|  *         success, test->chunk will point to the beginning of the chunk, while
 | |
|  *         test->chunk_len will contain its length.
 | |
|  */
 | |
| static int test_next_chunk(test_t *test) {
 | |
|     if (test->pos >= test->len) {
 | |
|         return 0;
 | |
|     }
 | |
| 
 | |
|     test->chunk = NULL;
 | |
| 
 | |
|     while (test->pos < test->len) {
 | |
|         // Do we need to start another chunk?
 | |
|         if (test->chunk == NULL) {
 | |
|             // Are we at a boundary
 | |
|             test->chunk_direction = test_is_boundary(test, test->pos);
 | |
|             if (test->chunk_direction <= 0) {
 | |
|                 // Error
 | |
|                 return -1;
 | |
|             }
 | |
| 
 | |
|             // Move over the boundary
 | |
|             test->pos += 4;
 | |
|             if (test->buf[test->pos] == '\n') test->pos++;
 | |
| 
 | |
|             // Start new chunk
 | |
|             test->chunk = test->buf + test->pos;
 | |
|             test->chunk_offset = test->pos;
 | |
|         }
 | |
| 
 | |
|         // Are we at the end of a line?
 | |
|         if (test->buf[test->pos] == '\n') {
 | |
|             int r = test_is_boundary(test, test->pos + 1);
 | |
|             if ((r == CLIENT) || (r == SERVER)) {
 | |
|                 // We got ourselves a chunk
 | |
|                 test->chunk_len = test->pos - test->chunk_offset;
 | |
| 
 | |
|                 // Remove one '\r' (in addition to the '\n' that we've already removed),
 | |
|                 // which belongs to the next boundary
 | |
|                 if ((test->chunk_len > 0) && (test->chunk[test->chunk_len - 1] == '\r')) {
 | |
|                     test->chunk_len--;
 | |
|                 }
 | |
| 
 | |
|                 // Position at the next boundary line
 | |
|                 test->pos++;
 | |
| 
 | |
|                 return 1;
 | |
|             }
 | |
|         }
 | |
| 
 | |
|         test->pos++;
 | |
|     }
 | |
| 
 | |
| 
 | |
|     if (test->chunk != NULL) {
 | |
|         test->chunk_len = test->pos - test->chunk_offset;
 | |
|         return 1;
 | |
|     }
 | |
| 
 | |
|     return 0;
 | |
| }
 | |
| 
 | |
| static int parse_filename(const char *filename, char **remote_addr, int *remote_port, char **local_addr, int *local_port) {
 | |
|     char *copy = strdup(filename);
 | |
|     char *p, *saveptr;
 | |
| 
 | |
|     char *start = copy;
 | |
|     char *q = strrchr(copy, '/');
 | |
|     if (q != NULL) start = q;
 | |
| 
 | |
|     q = strrchr(start, '\\');
 | |
|     if (q != NULL) start = q;
 | |
| 
 | |
|     int count = 0;
 | |
|     p = strtok_r(start, "_", &saveptr);
 | |
|     while (p != NULL) {
 | |
|         count++;
 | |
|         // printf("%i %s\n", count, p);
 | |
| 
 | |
|         switch (count) {
 | |
|             case 2:
 | |
|                 *remote_addr = strdup(p);
 | |
|                 break;
 | |
|             case 3:
 | |
|                 *remote_port = atoi(p);
 | |
|                 break;
 | |
|             case 4:
 | |
|                 *local_addr = strdup(p);
 | |
|             case 5:
 | |
|                 *local_port = atoi(p);
 | |
|                 break;
 | |
|         }
 | |
| 
 | |
|         p = strtok_r(NULL, "_", &saveptr);
 | |
|     }
 | |
| 
 | |
|     free(copy);
 | |
| 
 | |
|     return 0;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * Runs a single test.
 | |
|  *
 | |
|  * @param filename
 | |
|  * @param cfg
 | |
|  * @return A pointer to the instance of htp_connp_t created during
 | |
|  *         the test, or NULL if the test failed for some reason.
 | |
|  */
 | |
| int test_run(const char *testsdir, const char *testname, htp_cfg_t *cfg, htp_connp_t **connp) {
 | |
|     char filename[1025];
 | |
|     test_t test;
 | |
|     struct timeval tv_start, tv_end;
 | |
|     int rc;
 | |
| 
 | |
|     *connp = NULL;
 | |
| 
 | |
|     strncpy(filename, testsdir, 1024);
 | |
|     strncat(filename, "/", 1024 - strlen(filename));
 | |
|     strncat(filename, testname, 1024 - strlen(filename));
 | |
| 
 | |
|     printf("Filename: %s\n", filename);
 | |
| 
 | |
|     // Initinialize test
 | |
| 
 | |
|     rc = test_init(&test, filename);
 | |
|     if (rc < 0) {
 | |
|         return rc;
 | |
|     }
 | |
| 
 | |
|     gettimeofday(&tv_start, NULL);
 | |
| 
 | |
|     test_start(&test);
 | |
| 
 | |
|     // Create parser
 | |
|     *connp = htp_connp_create(cfg);
 | |
|     if (*connp == NULL) {
 | |
|         fprintf(stderr, "Failed to create connection parser\n");
 | |
|         exit(1);
 | |
|     }
 | |
| 
 | |
|     htp_connp_set_user_data(*connp, (void *) 0x02);
 | |
| 
 | |
|     // Does the filename contain connection metdata?
 | |
|     if (strncmp(testname, "stream", 6) == 0) {
 | |
|         // It does; use it
 | |
|         char *remote_addr, *local_addr;
 | |
|         int remote_port, local_port;
 | |
| 
 | |
|         parse_filename(testname, &remote_addr, &remote_port, &local_addr, &local_port);
 | |
|         htp_connp_open(*connp, (const char *) remote_addr, remote_port, (const char *) local_addr, local_port, tv_start.tv_usec);
 | |
|         free(remote_addr);
 | |
|         free(local_addr);
 | |
|     } else {
 | |
|         // No connection metadata; provide some fake information instead
 | |
|         htp_connp_open(*connp, (const char *) "127.0.0.1", 10000, (const char *) "127.0.0.1", 80, tv_start.tv_usec);
 | |
|     }
 | |
| 
 | |
|     // Find all chunks and feed them to the parser
 | |
|     int in_data_other = 0;
 | |
|     char *in_data;
 | |
|     size_t in_data_len;
 | |
|     size_t in_data_offset;
 | |
| 
 | |
|     int out_data_other = 0;
 | |
|     char *out_data;
 | |
|     size_t out_data_len;
 | |
|     size_t out_data_offset;
 | |
| 
 | |
|     for (;;) {
 | |
|         if (test_next_chunk(&test) <= 0) {
 | |
|             break;
 | |
|         }
 | |
| 
 | |
|         if (test.chunk_direction == CLIENT) {
 | |
|             if (in_data_other) {
 | |
|                 test_destroy(&test);
 | |
|                 fprintf(stderr, "Unable to buffer more than one inbound chunk.\n");
 | |
|                 return -1;
 | |
|             }
 | |
| 
 | |
|             int rc = htp_connp_req_data(*connp, tv_start.tv_usec, test.chunk, test.chunk_len);
 | |
|             if (rc == STREAM_STATE_ERROR) {
 | |
|                 test_destroy(&test);
 | |
|                 return -101;
 | |
|             }
 | |
|             if (rc == STREAM_STATE_DATA_OTHER) {
 | |
|                 // Parser needs to see the outbound stream in order to continue
 | |
|                 // parsing the inbound stream.
 | |
|                 in_data_other = 1;
 | |
|                 in_data = test.chunk;
 | |
|                 in_data_len = test.chunk_len;
 | |
|                 in_data_offset = htp_connp_req_data_consumed(*connp);                
 | |
|             }
 | |
|         } else {
 | |
|             if (out_data_other) {
 | |
|                 int rc = htp_connp_res_data(*connp, tv_start.tv_usec, out_data + out_data_offset, out_data_len - out_data_offset);
 | |
|                 if (rc == STREAM_STATE_ERROR) {
 | |
|                     test_destroy(&test);
 | |
|                     return -104;
 | |
|                 }
 | |
|                 out_data_other = 0;
 | |
|             }
 | |
| 
 | |
|             int rc = htp_connp_res_data(*connp, tv_start.tv_usec, test.chunk, test.chunk_len);
 | |
|             if (rc == STREAM_STATE_ERROR) {
 | |
|                 test_destroy(&test);
 | |
|                 return -102;
 | |
|             }
 | |
|             if (rc == STREAM_STATE_DATA_OTHER) {
 | |
|                 // Parser needs to see the outbound stream in order to continue
 | |
|                 // parsing the inbound stream.
 | |
|                 out_data_other = 1;
 | |
|                 out_data = test.chunk;
 | |
|                 out_data_len = test.chunk_len;
 | |
|                 out_data_offset = htp_connp_res_data_consumed(*connp);
 | |
|                 // printf("# YYY out offset is %d\n", out_data_offset);
 | |
|             }
 | |
| 
 | |
|             if (in_data_other) {
 | |
|                 int rc = htp_connp_req_data(*connp, tv_start.tv_usec, in_data + in_data_offset, in_data_len - in_data_offset);
 | |
|                 if (rc == STREAM_STATE_ERROR) {
 | |
|                     test_destroy(&test);
 | |
|                     return -103;
 | |
|                 }
 | |
|                 in_data_other = 0;
 | |
|             }
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     if (out_data_other) {
 | |
|         int rc = htp_connp_res_data(*connp, tv_start.tv_usec, out_data + out_data_offset, out_data_len - out_data_offset);
 | |
|         if (rc == STREAM_STATE_ERROR) {
 | |
|             test_destroy(&test);
 | |
|             return -104;
 | |
|         }
 | |
|         out_data_other = 0;
 | |
|     }
 | |
| 
 | |
|     gettimeofday(&tv_end, NULL);
 | |
| 
 | |
|     // Close the connection
 | |
|     htp_connp_close(*connp, tv_end.tv_usec);
 | |
| 
 | |
|     // printf("Parsing time: %i\n", tv_end.tv_usec - tv_start.tv_usec);
 | |
| 
 | |
|     // Clean up
 | |
|     test_destroy(&test);
 | |
| 
 | |
|     return 1;
 | |
| }
 |