[Bro-Dev] #465: Fix up the MIME analyzer
Bro Tracker
bro at tracker.bro-ids.org
Wed Jun 1 11:38:38 PDT 2011
#465: Fix up the MIME analyzer
---------------------+------------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: git/master
Keywords: |
---------------------+------------------------
The mime analyzer has a lot of inconsistency issues and is broken in a few
places.
* mime_all_headers loops and could potentially be a bad idea. More prone
to DoS as well. Delete it?
* mime_all_data is probably also a bad idea. Especially for large files.
Delete it?
* mime_entity_data seems very similar to mime_all_data and is not chunked
as the similarity to the http_entity_data would imply. The current
mime_entity_data should be removed and the current mime_all_data should be
renamed to mime_entity_data.
* mime_next_entity is never generated by the core or policy scripts and
should either be fixed or deleted.
* mime_one_header should probably be renamed to mime_header for
consistency.
* I have no clue what mime_event is for. Is it necessary?
* mime_content_hash gives a non printable hash value and it could be
removed since hash generation is done in the script now and eventually
will be done in the file analyzer.
* The wrong ifdef is used in the source: #ifdef DEBUG_BRO used instead of
#ifdef DEBUG
* mime_end_entity is generated generated multiple times in some cases when
it shouldn't be. It's something to keep an eye out for, I never dug into
it enough to find out what caused it.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/465>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list