aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update libhtp to 0.2.6

Browse Source
remotes/origin/master-1.1.x
Gerardo Iglesias Galvan 14 years ago committed by Victor Julien
parent 7257fed0f3
commit 505c5d5cf5
11 changed files with 17 additions and 508 deletions
Show Stats Download Patch File Download Diff File

365
libhtp/INSTALL
Unescape Escape View File

@ -1,365 +0,0 @@
Installation Instructions
*************************
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
2006, 2007, 2008, 2009 Free Software Foundation, Inc.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved. This file is offered as-is,
without warranty of any kind.
Basic Installation
==================
Briefly, the shell commands `./configure; make; make install' should
configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
instructions specific to this package. Some packages provide this
`INSTALL' file but do not implement all of the features documented
below. The lack of an optional feature in a given package is not
necessarily a bug. More recommendations for GNU packages can be found
in *note Makefile Conventions: (standards)Makefile Conventions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for
debugging `configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
the results of its tests to speed up reconfiguring. Caching is
disabled by default to prevent problems with accidental use of stale
cache files.
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
`configure' by a program called `autoconf'. You need `configure.ac' if
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system.
Running `configure' might take a while. While running, it prints
some messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package, generally using the just-built uninstalled binaries.
4. Type `make install' to install the programs and any data files and
documentation. When installing into a prefix owned by root, it is
recommended that the package be configured and built as a regular
user, and only the `make install' phase executed with root
privileges.
5. Optionally, type `make installcheck' to repeat any self-tests, but
this time using the binaries in their final installed location.
This target does not install anything. Running this target as a
regular user, particularly if the prior `make install' required
root privileges, verifies that the installation completed
correctly.
6. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
7. Often, you can also type `make uninstall' to remove the installed
files again. In practice, not all packages have tested that
uninstallation works correctly, even though it is required by the
GNU Coding Standards.
8. Some packages, particularly those that use Automake, provide `make
distcheck', which can by used by developers to test that all other
targets like `make install' and `make uninstall' work correctly.
This target is generally not run by end users.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. Run `./configure --help'
for details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
./configure CC=c99 CFLAGS=-g LIBS=-lposix
*Note Defining Variables::, for more details.
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'. This
is known as a "VPATH" build.
With a non-GNU `make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
installed the package for one architecture, use `make distclean' before
reconfiguring for another architecture.
On MacOS X 10.5 and later systems, you can create libraries and
executables that work on multiple system types--known as "fat" or
"universal" binaries--by specifying multiple `-arch' options to the
compiler but only a single `-arch' option to the preprocessor. Like
this:
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CPP="gcc -E" CXXCPP="g++ -E"
This is not guaranteed to produce working output in all cases, you
may have to build one architecture at a time and combine the results
using the `lipo' tool if you have problems.
Installation Names
==================
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
`configure' the option `--prefix=PREFIX', where PREFIX must be an
absolute file name.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
PREFIX as the prefix for installing programs and libraries.
Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them. In general, the
default for these options is expressed in terms of `${prefix}', so that
specifying just `--prefix' will affect all of the other directory
specifications that were not explicitly provided.
The most portable way to affect installation locations is to pass the
correct locations to `configure'; however, many packages provide one or
both of the following shortcuts of passing variable assignments to the
`make install' command line to change installation locations without
having to reconfigure or recompile.
The first method involves providing an override variable for each
affected directory. For example, `make install
prefix=/alternate/directory' will choose an alternate location for all
directory configuration variables that were expressed in terms of
`${prefix}'. Any directories that were specified during `configure',
but not in terms of `${prefix}', must each be overridden at install
time for the entire installation to be relocated. The approach of
makefile variable overrides for each directory variable is required by
the GNU Coding Standards, and ideally causes no recompilation.
However, some platforms have known limitations with the semantics of
shared libraries that end up requiring recompilation when using this
method, particularly noticeable in packages that use GNU Libtool.
The second method involves providing the `DESTDIR' variable. For
example, `make install DESTDIR=/alternate/directory' will prepend
`/alternate/directory' before all installation names. The approach of
`DESTDIR' overrides is not required by the GNU Coding Standards, and
does not work on platforms that have drive letters. On the other hand,
it does better at avoiding recompilation issues, and works well even
when some directory options were not specified in terms of `${prefix}'
at `configure' time.
Optional Features
=================
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Some packages offer the ability to configure how verbose the
execution of `make' will be. For these packages, running `./configure
--enable-silent-rules' sets the default to minimal output, which can be
overridden with `make V=1'; while running `./configure
--disable-silent-rules' sets the default to verbose, which can be
overridden with `make V=0'.
Particular systems
==================
On HP-UX, the default C compiler is not ANSI C compatible. If GNU
CC is not installed, it is recommended to use the following options in
order to use an ANSI C compiler:
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
a workaround. If GNU CC is not installed, it is therefore recommended
to try
./configure CC="cc"
and if that doesn't work, try
./configure CC="cc -nodtk"
On Solaris, don't put `/usr/ucb' early in your `PATH'. This
directory contains several dysfunctional programs; working variants of
these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
in your `PATH', put it _after_ `/usr/bin'.
On Haiku, software installed for all users goes in `/boot/common',
not `/usr/local'. It is recommended to use the following options:
./configure --prefix=/boot/common
Specifying the System Type
==========================
There may be some features `configure' cannot figure out
automatically, but needs to determine by the type of machine the package
will run on. Usually, assuming the package is built to be run on the
_same_ architectures, `configure' can figure that out, but if it prints
a message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM
where SYSTEM can have one of these forms:
OS
KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
use the option `--target=TYPE' to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
causes the specified `gcc' to be used as the C compiler (unless it is
overridden in the site shell script).
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
an Autoconf bug. Until the bug is fixed you can use this workaround:
CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
`configure' Invocation
======================
`configure' recognizes the following options to control how it
operates.
`--help'
`-h'
Print a summary of all of the options to `configure', and exit.
`--help=short'
`--help=recursive'
Print a summary of the options unique to this package's
`configure', and exit. The `short' variant lists options used
only in the top level, while the `recursive' variant lists options
also present in any nested packages.
`--version'
`-V'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to
disable caching.
`--config-cache'
`-C'
Alias for `--cache-file=config.cache'.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`--prefix=DIR'
Use DIR as the installation prefix. *note Installation Names::
for more details, including other options available for fine-tuning
the installation locations.
`--no-create'
`-n'
Run the configure checks, but stop before creating any output
files.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.

6
libhtp/configure.ac
Unescape Escape View File

@ -15,7 +15,7 @@ GENERIC_LIBRARY_NAME=htp
GENERIC_MAJOR_VERSION=0
GENERIC_MINOR_VERSION=2
GENERIC_MICRO_VERSION=X
GENERIC_MICRO_VERSION=6
# API version (often = GENERIC_MAJOR_VERSION.GENERIC_MINOR_VERSION)
GENERIC_API_VERSION=1.0
@ -56,8 +56,8 @@ AM_INIT_AUTOMAKE($PACKAGE, $VERSION, no-define)
AC_CONFIG_MACRO_DIR([m4])
AC_ARG_ENABLE(htp-debug, [ --enable-htp-debug Enable debug output], [ enable_htp_debug=yes ])
if test "$enable_htp_debug" = "yes"; then
AC_ARG_ENABLE(debug, [ --enable-debug Enable debug output], [ enable_debug=yes ])
if test "$enable_debug" = "yes"; then
CFLAGS="${CFLAGS} -DHTP_DEBUG"
echo "Debug mode enabled"
fi

2
libhtp/htp.pc.in
Unescape Escape View File

@ -5,7 +5,7 @@ includedir=${prefix}/include
Name: HTP
Description: HTTP parser
Version: 0.2.X
Version: 0.2.6
Libs: -L${libdir} -lhtp
Cflags: -I${includedir}/htp -I${libdir}/htp/include

88
libhtp/htp/TODO
Unescape Escape View File

@ -1,88 +0,0 @@
TODO
====
- A failure to parse a part of a transaction does not necessarily mean we have to
give up (on the transaction and on the connection).
- Inspect storage size choices for all structures
- Table key storage and element retrieval is inefficient.
- We're currently using a fixed-size line buffer. Although one buffer isn't very big,
they add up if we want to supports tens of thousands of concurrent connections. For
example 20K connections x 20K buffer = 400M. We can perhaps start with a 2K buffer
(configurable) and grow as needed.
- Implement htp_get_version().
- Find all places where we use external information to determine input length. Ensure
the storage types are big enough to hold the biggest numbers we want to handle, and
ensure that we are able to detect wrapping and such.
MISC NOTES
==========
- Memory allocation strategies. We want to support two strategies:
#1 Supply a pair of functions (alloc and free) along with a void * pointer.
#2 Use memory pools for all allocations. Desired functions:
- create pool (w/hierarchy), destroy pool, clear pool
- alloc (calloc?), free
- register callback
The plan is to have a simple memory pool implementation that does not pool memory
but only tracks what is allocated so that it can free it all in one go. The library
users can provide an external implementation to use if they so wish.
- Consider enums where appropriate.
- The plan for SSL handling is as follows:
- For fully encrypted streams, upstream is free to decrypt SSL and feed the
parser just the data.
- On-demand SSL is not used with HTTP in practice but, in principle, the idea
is to have the parser return the HTP_TLS_UPGRADE code. Upon detecting the
code, upstream would handle the upgrade (either by passively decrypting the
traffic stream or handling SSL/TLS directly) and provide plain text data
to the HTTP parser on every subsequent invocation.
- Document the source for each request method
- At some point test the performance of the macros that fetch data and
determine if it makes more sense to implement the same functionality
as functions
- There will be two types of hook: connection and transaction hooks. If we want to allow
a hook to disconnect itself (as we should) then we need to make sure the disconnect is
applied to the correct scope. For example, a transaction hook that requires disconnection
should not be invoked for the same transaction, but should be invoked for the subsequent
transaction. This tells me that we need to keep a prototype of transaction hooks and to
make a copy of it whenever a new transaction begins.
- Does the API need to support closing one stream at a time? For example, when
a client sends his request(s), closes his side of a connection, then waits for
the server to respond.
- Detect if the request headers were submitted across several packets (which would
indicate manual access).
- Do we want to have separate limits for headers? Or should headers also use the line limits?
- Perhaps we also want to limit the size of the request line and headers combined, like the
IIS does?
- Chunk length evasion
- Chunk length limit
- Add callbacks to the list and table structures to automatically delete the elements
they contain when their respective destroy methods are invoked
- Perhaps best-fit maps should also have the replacement character?
- Test double-decoding with IIS4 or IIS5

2
libhtp/htp/htp.c
Unescape Escape View File

@ -19,7 +19,7 @@
* Returns the library version.
*/
const char *htp_get_version() {
return HTP_BASE_VERSION_TEXT " (r$REVISION_MISSING)";
return HTP_BASE_VERSION_TEXT;
}

2
libhtp/htp/htp.h
Unescape Escape View File

@ -41,7 +41,7 @@ typedef struct htp_urldecoder_t htp_urldecoder_t;
// -- Defines -------------------------------------------------------------------------------------
#define HTP_BASE_VERSION_TEXT "0.2.5"
#define HTP_BASE_VERSION_TEXT "0.2.6"
#define HTP_ERROR -1
#define HTP_OK 0

1
libhtp/htp/htp_decompressors.h
Unescape Escape View File

@ -18,7 +18,6 @@
typedef struct htp_decompressor_gzip_t htp_decompressor_gzip_t;
typedef struct htp_decompressor_t htp_decompressor_t;
#include "htp.h"
#include "zlib.h"
#define GZIP_BUF_SIZE 8192

26
libhtp/htp/htp_util.c
Unescape Escape View File

@ -307,6 +307,8 @@ void htp_log(htp_connp_t *connp, const char *file, int line, int level, int code
int r = vsnprintf(buf, 1023, fmt, args);
va_end(args);
if (r < 0) {
// TODO Will vsnprintf ever return an error?
snprintf(buf, 1024, "[vnsprintf returned error %d]", r);
@ -336,8 +338,6 @@ void htp_log(htp_connp_t *connp, const char *file, int line, int level, int code
}
hook_run_all(connp->cfg->hook_log, log);
va_end(args);
}
/**
@ -661,7 +661,7 @@ void htp_utf8_decode_path_inplace(htp_cfg_t *cfg, htp_tx_t *tx, bstr *path) {
size_t rpos = 0;
size_t wpos = 0;
size_t charpos = 0;
uint32_t codepoint;
uint32_t codepoint = 0;
uint32_t state = UTF8_ACCEPT;
uint32_t counter = 0;
uint8_t seen_valid = 0;
@ -690,6 +690,7 @@ void htp_utf8_decode_path_inplace(htp_cfg_t *cfg, htp_tx_t *tx, bstr *path) {
if (codepoint < 0x800) {
tx->flags |= HTP_PATH_UTF8_OVERLONG;
}
break;
case 4:
if (codepoint < 0x10000) {
tx->flags |= HTP_PATH_UTF8_OVERLONG;
@ -733,12 +734,8 @@ void htp_utf8_decode_path_inplace(htp_cfg_t *cfg, htp_tx_t *tx, bstr *path) {
data[wpos++] = data[charpos++];
}
// If this is the first invalid byte we will
// want to skip over it. Otherwise we will want
// to attempt to interpret it.
if (counter == 1) {
rpos++;
}
// Advance over the consumed byte
rpos++;
// Prepare for the next character
counter = 0;
@ -774,7 +771,7 @@ void htp_utf8_validate_path(htp_tx_t *tx, bstr *path) {
unsigned char *data = (unsigned char *) bstr_ptr(path);
size_t len = bstr_len(path);
size_t rpos = 0;
uint32_t codepoint;
uint32_t codepoint = 0;
uint32_t state = UTF8_ACCEPT;
uint32_t counter = 0;
uint8_t seen_valid = 0;
@ -802,6 +799,7 @@ void htp_utf8_validate_path(htp_tx_t *tx, bstr *path) {
if (codepoint < 0x800) {
tx->flags |= HTP_PATH_UTF8_OVERLONG;
}
break;
case 4:
if (codepoint < 0x10000) {
tx->flags |= HTP_PATH_UTF8_OVERLONG;
@ -831,12 +829,8 @@ void htp_utf8_validate_path(htp_tx_t *tx, bstr *path) {
// we want to ignore invalid characters
state = UTF8_ACCEPT;
// If this is the first invalid byte we will
// want to skip over it. Otherwise we will want
// to attempt to interpret it.
if (counter == 1) {
rpos++;
}
// Advance over the consumed byte
rpos++;
// Prepare for the next character
counter = 0;

2
libhtp/m4/.gitignore vendored
Unescape Escape View File

@ -1,2 +0,0 @@
*
!.gitignore

2
libhtp/test/files/01-get.t
Unescape Escape View File

@ -11,4 +11,4 @@ Connection: close
Content-Type: text/html
Content-Length: 12
Hello World!
Hello World!

29
libhtp/update_version.sh
Unescape Escape View File

@ -1,29 +0,0 @@
#!/bin/bash
# Are we in the correct working directory?
if [ ! -f ./htp/htp.c ]
then
echo "ERROR: Please invoke this script from the main directory (of libhtp)"
exit
fi
# Test for the presence of svnversion
if [ -z `which svnversion` ]
then
echo "ERROR: Unable to retrieve the revision number because 'svnversion' could not be found"
exit
fi
if [ -z `which sed` ]
then
echo "ERROR: Unable to retrieve the revision number because 'sed' could not be found"
exit
fi
# Retrieve the revision number
REV=`svnversion -n`
#echo $REV
sed -e "s/\$REVISION_MISSING/$REV/" -i ./htp/htp.c
Write Preview
Loading…
Cancel
Save