[Bro-Dev] [Bro-Commits] [git/bro] topic/jsiwek/file-analysis: FileAnalysis: load custom mime magic database just once. (0141f51)
Siwek, Jonathan Luke
jsiwek at illinois.edu
Wed May 1 07:55:13 PDT 2013
For reference, a link to my libmagic bug report explaining what this commit works around:
http://bugs.gw.com/view.php?id=248
On Apr 29, 2013, at 12:55 PM, Jonathan Siwek <jsiwek at ncsa.illinois.edu> wrote:
> Repository : ssh://git@bro-ids.icir.org/bro
>
> On branch : topic/jsiwek/file-analysis
> Link : http://tracker.bro-ids.org/bro/changeset/0141f5180171f42981bcce58c6fdc457b779f551/bro
>
>> ---------------------------------------------------------------
>
> commit 0141f5180171f42981bcce58c6fdc457b779f551
> Author: Jon Siwek <jsiwek at ncsa.illinois.edu>
> Date: Mon Apr 29 11:34:27 2013 -0500
>
> FileAnalysis: load custom mime magic database just once.
>
> This works around a bug in libmagic since version 5.12 (current at
> time of writing is 5.14) -- second call to magic_load() w/ non-default
> database segfaults.
>
>
>> ---------------------------------------------------------------
>
> 0141f5180171f42981bcce58c6fdc457b779f551
> src/FileAnalyzer.cc | 18 +++---------------
> src/FileAnalyzer.h | 4 ----
> src/bro.bif | 6 +-----
> src/file_analysis/File.cc | 6 +-----
> src/file_analysis/File.h | 3 ---
> src/main.cc | 7 +++++++
> src/util.h | 3 +++
> 7 files changed, 15 insertions(+), 32 deletions(-)
>
> diff --git a/src/FileAnalyzer.cc b/src/FileAnalyzer.cc
> index 508ae23..a43bba2 100644
> --- a/src/FileAnalyzer.cc
> +++ b/src/FileAnalyzer.cc
> @@ -5,16 +5,10 @@
> #include "Reporter.h"
> #include "util.h"
>
> -magic_t File_Analyzer::magic = 0;
> -magic_t File_Analyzer::magic_mime = 0;
> -
> File_Analyzer::File_Analyzer(AnalyzerTag::Tag tag, Connection* conn)
> : TCP_ApplicationAnalyzer(tag, conn)
> {
> buffer_len = 0;
> -
> - bro_init_magic(&magic, MAGIC_NONE);
> - bro_init_magic(&magic_mime, MAGIC_MIME);
> }
>
> void File_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
> @@ -49,19 +43,13 @@ void File_Analyzer::Done()
>
> void File_Analyzer::Identify()
> {
> - const char* descr = 0;
> - const char* mime = 0;
> -
> - if ( magic )
> - descr = bro_magic_buffer(magic, buffer, buffer_len);
> -
> - if ( magic_mime )
> - mime = bro_magic_buffer(magic_mime, buffer, buffer_len);
> + const char* desc = bro_magic_buffer(magic_desc_cookie, buffer, buffer_len);
> + const char* mime = bro_magic_buffer(magic_mime_cookie, buffer, buffer_len);
>
> val_list* vl = new val_list;
> vl->append(BuildConnVal());
> vl->append(new StringVal(buffer_len, buffer));
> - vl->append(new StringVal(descr ? descr : "<unknown>"));
> + vl->append(new StringVal(desc ? desc : "<unknown>"));
> vl->append(new StringVal(mime ? mime : "<unknown>"));
> ConnectionEvent(file_transferred, vl);
> }
> diff --git a/src/FileAnalyzer.h b/src/FileAnalyzer.h
> index c4bd084..59ec5cd 100644
> --- a/src/FileAnalyzer.h
> +++ b/src/FileAnalyzer.h
> @@ -6,7 +6,6 @@
> #include "TCP.h"
>
> #include <string>
> -#include <magic.h>
>
> class File_Analyzer : public TCP_ApplicationAnalyzer {
> public:
> @@ -31,9 +30,6 @@ protected:
> static const int BUFFER_SIZE = 1024;
> char buffer[BUFFER_SIZE];
> int buffer_len;
> -
> - static magic_t magic;
> - static magic_t magic_mime;
> };
>
> class IRC_Data : public File_Analyzer {
> diff --git a/src/bro.bif b/src/bro.bif
> index ba300d1..b46ae41 100644
> --- a/src/bro.bif
> +++ b/src/bro.bif
> @@ -849,11 +849,7 @@ extern "C" {
> ## Returns: The MIME type of *data*, or "<unknown>" if there was an error.
> function identify_data%(data: string, return_mime: bool%): string
> %{
> - static magic_t magic_mime = 0;
> - static magic_t magic_descr = 0;
> -
> - magic_t* magic = return_mime ? &magic_mime : &magic_descr;
> - bro_init_magic(magic, return_mime ? MAGIC_MIME : MAGIC_NONE);
> + magic_t* magic = return_mime ? &magic_mime_cookie : &magic_desc_cookie;
>
> if( ! *magic )
> return new StringVal("<unknown>");
> diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc
> index f70257a..70f7b17 100644
> --- a/src/file_analysis/File.cc
> +++ b/src/file_analysis/File.cc
> @@ -49,8 +49,6 @@ int File::bof_buffer_size_idx = -1;
> int File::bof_buffer_idx = -1;
> int File::mime_type_idx = -1;
>
> -magic_t File::magic_mime = 0;
> -
> string File::salt;
>
> void File::StaticInit()
> @@ -72,8 +70,6 @@ void File::StaticInit()
> bof_buffer_idx = Idx("bof_buffer");
> mime_type_idx = Idx("mime_type");
>
> - bro_init_magic(&magic_mime, MAGIC_MIME);
> -
> salt = BifConst::FileAnalysis::salt->CheckString();
> }
>
> @@ -250,7 +246,7 @@ bool File::BufferBOF(const u_char* data, uint64 len)
>
> bool File::DetectMIME(const u_char* data, uint64 len)
> {
> - const char* mime = bro_magic_buffer(magic_mime, data, len);
> + const char* mime = bro_magic_buffer(magic_mime_cookie, data, len);
>
> if ( mime )
> {
> diff --git a/src/file_analysis/File.h b/src/file_analysis/File.h
> index 07d8d66..e6438a9 100644
> --- a/src/file_analysis/File.h
> +++ b/src/file_analysis/File.h
> @@ -3,7 +3,6 @@
>
> #include <string>
> #include <vector>
> -#include <magic.h>
>
> #include "AnalyzerTags.h"
> #include "Conn.h"
> @@ -207,8 +206,6 @@ protected:
> */
> static void StaticInit();
>
> - static magic_t magic_mime;
> -
> static string salt;
>
> static int id_idx;
> diff --git a/src/main.cc b/src/main.cc
> index 7318058..fe44516 100644
> --- a/src/main.cc
> +++ b/src/main.cc
> @@ -23,6 +23,7 @@ extern "C" {
> #endif
>
> #include <openssl/md5.h>
> +#include <magic.h>
>
> extern "C" void OPENSSL_add_all_algorithms_conf(void);
>
> @@ -64,6 +65,9 @@ extern "C" void OPENSSL_add_all_algorithms_conf(void);
>
> Brofiler brofiler;
>
> +magic_t magic_desc_cookie = 0;
> +magic_t magic_mime_cookie = 0;
> +
> #ifndef HAVE_STRSEP
> extern "C" {
> char* strsep(char**, const char*);
> @@ -730,6 +734,9 @@ int main(int argc, char** argv)
> curl_global_init(CURL_GLOBAL_ALL);
> #endif
>
> + bro_init_magic(&magic_desc_cookie, MAGIC_NONE);
> + bro_init_magic(&magic_mime_cookie, MAGIC_MIME);
> +
> // FIXME: On systems that don't provide /dev/urandom, OpenSSL doesn't
> // seed the PRNG. We should do this here (but at least Linux, FreeBSD
> // and Solaris provide /dev/urandom).
> diff --git a/src/util.h b/src/util.h
> index 4e35245..b0ac760 100644
> --- a/src/util.h
> +++ b/src/util.h
> @@ -370,6 +370,9 @@ struct CompareString
> }
> };
>
> +extern magic_t magic_desc_cookie;
> +extern magic_t magic_mime_cookie;
> +
> void bro_init_magic(magic_t* cookie_ptr, int flags);
> const char* bro_magic_buffer(magic_t cookie, const void* buffer, size_t length);
>
>
> _______________________________________________
> bro-commits mailing list
> bro-commits at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-commits
>
More information about the bro-dev
mailing list