[Bro-Dev] #465: Fix up the MIME analyzer

Bro Tracker bro at tracker.bro-ids.org
Wed Jun 1 11:38:38 PDT 2011

#465: Fix up the MIME analyzer
 Reporter:  seth     |      Owner:
     Type:  Problem  |     Status:  new
 Priority:  Normal   |  Milestone:  Bro1.6
Component:  Bro      |    Version:  git/master
 Keywords:           |
 The mime analyzer has a lot of inconsistency issues and is broken in a few

 * mime_all_headers loops and could potentially be a bad idea. More prone
 to DoS as well.  Delete it?
 * mime_all_data is probably also a bad idea.  Especially for large files.
 Delete it?
 * mime_entity_data seems very similar to mime_all_data and is not chunked
 as the similarity to the http_entity_data would imply.  The current
 mime_entity_data should be removed and the current mime_all_data should be
 renamed to mime_entity_data.
 * mime_next_entity is never generated by the core or policy scripts and
 should either be fixed or deleted.
 * mime_one_header should probably be renamed to mime_header for
 * I have no clue what mime_event is for.  Is it necessary?
 * mime_content_hash gives a non printable hash value and it could be
 removed since hash generation is done in the script now and eventually
 will be done in the file analyzer.
 * The wrong ifdef is used in the source: #ifdef DEBUG_BRO used instead of
 #ifdef DEBUG
 * mime_end_entity is generated generated multiple times in some cases when
 it shouldn't be.  It's something to keep an eye out for, I never dug into
 it enough to find out what caused it.

Ticket URL: <http://tracker.bro-ids.org/bro/ticket/465>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list