[Bro-Dev] [Bro-Commits] [git/bro] topic/jsiwek/file-analysis: FileAnalysis: load custom mime magic database just once. (0141f51)

Siwek, Jonathan Luke jsiwek at illinois.edu
Wed May 1 07:55:13 PDT 2013 

For reference, a link to my libmagic bug report explaining what this commit works around:

http://bugs.gw.com/view.php?id=248


On Apr 29, 2013, at 12:55 PM, Jonathan Siwek <jsiwek at ncsa.illinois.edu> wrote:

> Repository : ssh://git@bro-ids.icir.org/bro
> 
> On branch  : topic/jsiwek/file-analysis
> Link       : http://tracker.bro-ids.org/bro/changeset/0141f5180171f42981bcce58c6fdc457b779f551/bro
> 
>> ---------------------------------------------------------------
> 
> commit 0141f5180171f42981bcce58c6fdc457b779f551
> Author: Jon Siwek <jsiwek at ncsa.illinois.edu>
> Date:   Mon Apr 29 11:34:27 2013 -0500
> 
>    FileAnalysis: load custom mime magic database just once.
> 
>    This works around a bug in libmagic since version 5.12 (current at
>    time of writing is 5.14) -- second call to magic_load() w/ non-default
>    database segfaults.
> 
> 
>> ---------------------------------------------------------------
> 
> 0141f5180171f42981bcce58c6fdc457b779f551
> src/FileAnalyzer.cc       | 18 +++---------------
> src/FileAnalyzer.h        |  4 ----
> src/bro.bif               |  6 +-----
> src/file_analysis/File.cc |  6 +-----
> src/file_analysis/File.h  |  3 ---
> src/main.cc               |  7 +++++++
> src/util.h                |  3 +++
> 7 files changed, 15 insertions(+), 32 deletions(-)
> 
> diff --git a/src/FileAnalyzer.cc b/src/FileAnalyzer.cc
> index 508ae23..a43bba2 100644
> --- a/src/FileAnalyzer.cc
> +++ b/src/FileAnalyzer.cc
> @@ -5,16 +5,10 @@
> #include "Reporter.h"
> #include "util.h"
> 
> -magic_t File_Analyzer::magic = 0;
> -magic_t File_Analyzer::magic_mime = 0;
> -
> File_Analyzer::File_Analyzer(AnalyzerTag::Tag tag, Connection* conn)
> : TCP_ApplicationAnalyzer(tag, conn)
> 	{
> 	buffer_len = 0;
> -
> -	bro_init_magic(&magic, MAGIC_NONE);
> -	bro_init_magic(&magic_mime, MAGIC_MIME);
> 	}
> 
> void File_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
> @@ -49,19 +43,13 @@ void File_Analyzer::Done()
> 
> void File_Analyzer::Identify()
> 	{
> -	const char* descr = 0;
> -	const char* mime = 0;
> -
> -	if ( magic )
> -		descr = bro_magic_buffer(magic, buffer, buffer_len);
> -
> -	if ( magic_mime )
> -		mime = bro_magic_buffer(magic_mime, buffer, buffer_len);
> +	const char* desc = bro_magic_buffer(magic_desc_cookie, buffer, buffer_len);
> +	const char* mime = bro_magic_buffer(magic_mime_cookie, buffer, buffer_len);
> 
> 	val_list* vl = new val_list;
> 	vl->append(BuildConnVal());
> 	vl->append(new StringVal(buffer_len, buffer));
> -	vl->append(new StringVal(descr ? descr : "<unknown>"));
> +	vl->append(new StringVal(desc ? desc : "<unknown>"));
> 	vl->append(new StringVal(mime ? mime : "<unknown>"));
> 	ConnectionEvent(file_transferred, vl);
> 	}
> diff --git a/src/FileAnalyzer.h b/src/FileAnalyzer.h
> index c4bd084..59ec5cd 100644
> --- a/src/FileAnalyzer.h
> +++ b/src/FileAnalyzer.h
> @@ -6,7 +6,6 @@
> #include "TCP.h"
> 
> #include <string>
> -#include <magic.h>
> 
> class File_Analyzer : public TCP_ApplicationAnalyzer {
> public:
> @@ -31,9 +30,6 @@ protected:
> 	static const int BUFFER_SIZE = 1024;
> 	char buffer[BUFFER_SIZE];
> 	int buffer_len;
> -
> -	static magic_t magic;
> -	static magic_t magic_mime;
> };
> 
> class IRC_Data : public File_Analyzer {
> diff --git a/src/bro.bif b/src/bro.bif
> index ba300d1..b46ae41 100644
> --- a/src/bro.bif
> +++ b/src/bro.bif
> @@ -849,11 +849,7 @@ extern "C" {
> ## Returns: The MIME type of *data*, or "<unknown>" if there was an error.
> function identify_data%(data: string, return_mime: bool%): string
> 	%{
> -	static magic_t magic_mime = 0;
> -	static magic_t magic_descr = 0;
> -
> -	magic_t* magic = return_mime ? &magic_mime : &magic_descr;
> -	bro_init_magic(magic, return_mime ? MAGIC_MIME : MAGIC_NONE);
> +	magic_t* magic = return_mime ? &magic_mime_cookie : &magic_desc_cookie;
> 
> 	if( ! *magic )
> 		return new StringVal("<unknown>");
> diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc
> index f70257a..70f7b17 100644
> --- a/src/file_analysis/File.cc
> +++ b/src/file_analysis/File.cc
> @@ -49,8 +49,6 @@ int File::bof_buffer_size_idx = -1;
> int File::bof_buffer_idx = -1;
> int File::mime_type_idx = -1;
> 
> -magic_t File::magic_mime = 0;
> -
> string File::salt;
> 
> void File::StaticInit()
> @@ -72,8 +70,6 @@ void File::StaticInit()
> 	bof_buffer_idx = Idx("bof_buffer");
> 	mime_type_idx = Idx("mime_type");
> 
> -	bro_init_magic(&magic_mime, MAGIC_MIME);
> -
> 	salt = BifConst::FileAnalysis::salt->CheckString();
> 	}
> 
> @@ -250,7 +246,7 @@ bool File::BufferBOF(const u_char* data, uint64 len)
> 
> bool File::DetectMIME(const u_char* data, uint64 len)
> 	{
> -	const char* mime = bro_magic_buffer(magic_mime, data, len);
> +	const char* mime = bro_magic_buffer(magic_mime_cookie, data, len);
> 
> 	if ( mime )
> 		{
> diff --git a/src/file_analysis/File.h b/src/file_analysis/File.h
> index 07d8d66..e6438a9 100644
> --- a/src/file_analysis/File.h
> +++ b/src/file_analysis/File.h
> @@ -3,7 +3,6 @@
> 
> #include <string>
> #include <vector>
> -#include <magic.h>
> 
> #include "AnalyzerTags.h"
> #include "Conn.h"
> @@ -207,8 +206,6 @@ protected:
> 	 */
> 	static void StaticInit();
> 
> -	static magic_t magic_mime;
> -
> 	static string salt;
> 
> 	static int id_idx;
> diff --git a/src/main.cc b/src/main.cc
> index 7318058..fe44516 100644
> --- a/src/main.cc
> +++ b/src/main.cc
> @@ -23,6 +23,7 @@ extern "C" {
> #endif
> 
> #include <openssl/md5.h>
> +#include <magic.h>
> 
> extern "C" void OPENSSL_add_all_algorithms_conf(void);
> 
> @@ -64,6 +65,9 @@ extern "C" void OPENSSL_add_all_algorithms_conf(void);
> 
> Brofiler brofiler;
> 
> +magic_t magic_desc_cookie = 0;
> +magic_t magic_mime_cookie = 0;
> +
> #ifndef HAVE_STRSEP
> extern "C" {
> char* strsep(char**, const char*);
> @@ -730,6 +734,9 @@ int main(int argc, char** argv)
> 	curl_global_init(CURL_GLOBAL_ALL);
> #endif
> 
> +	bro_init_magic(&magic_desc_cookie, MAGIC_NONE);
> +	bro_init_magic(&magic_mime_cookie, MAGIC_MIME);
> +
> 	// FIXME: On systems that don't provide /dev/urandom, OpenSSL doesn't
> 	// seed the PRNG. We should do this here (but at least Linux, FreeBSD
> 	// and Solaris provide /dev/urandom).
> diff --git a/src/util.h b/src/util.h
> index 4e35245..b0ac760 100644
> --- a/src/util.h
> +++ b/src/util.h
> @@ -370,6 +370,9 @@ struct CompareString
> 		}
> 	};
> 
> +extern magic_t magic_desc_cookie;
> +extern magic_t magic_mime_cookie;
> +
> void bro_init_magic(magic_t* cookie_ptr, int flags);
> const char* bro_magic_buffer(magic_t cookie, const void* buffer, size_t length);
> 
> 
> _______________________________________________
> bro-commits mailing list
> bro-commits at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-commits
>

More information about the bro-dev mailing list