eve-log: catch and log URLs in basic text emails without mime encapsulation.

expand pointer walk protection.
pull/1195/head
Tom DeCanio 11 years ago committed by Victor Julien
parent 471967aafd
commit 746da75615

@ -1090,7 +1090,6 @@ static int FindUrlStrings(const char *line, uint32_t len,
} else {
SCFree(tempUrl);
}
/* Increment counter */
url->url_cnt++;
} else {
@ -1120,12 +1119,14 @@ static int ProcessDecodedDataChunk(const uint8_t *chunk, uint32_t len,
char *remainPtr, *tok;
uint32_t tokLen;
MimeDecConfig *mdcfg = MimeDecGetConfig();
if (mdcfg != NULL && mdcfg->extract_urls) {
if ((state->stack != NULL) && (state->stack->top != NULL)) {
if ((state->stack != NULL) && (state->stack->top != NULL) &&
(state->stack->top->data != NULL)) {
MimeDecConfig *mdcfg = MimeDecGetConfig();
if (mdcfg != NULL && mdcfg->extract_urls) {
MimeDecEntity *entity = (MimeDecEntity *) state->stack->top->data;
/* If plain text or html, then look for URLs */
if (((entity->ctnt_flags & CTNT_IS_TEXT) ||
(entity->ctnt_flags & CTNT_IS_MSG) ||
(entity->ctnt_flags & CTNT_IS_HTML)) &&
((entity->ctnt_flags & CTNT_IS_ATTACHMENT) == 0)) {
@ -1161,18 +1162,19 @@ static int ProcessDecodedDataChunk(const uint8_t *chunk, uint32_t len,
} while (tok != remainPtr && remainPtr - (char *) chunk < len);
}
}
} else {
SCLogDebug("Error: Stack pointer missing");
}
}
/* Now invoke callback */
if (state->dataChunkProcessor != NULL) {
ret = state->dataChunkProcessor(chunk, len, state);
if (ret != MIME_DEC_OK) {
SCLogDebug("Error: state->dataChunkProcessor() callback function"
" failed");
/* Now invoke callback */
if (state->dataChunkProcessor != NULL) {
ret = state->dataChunkProcessor(chunk, len, state);
if (ret != MIME_DEC_OK) {
SCLogDebug("Error: state->dataChunkProcessor() callback function"
" failed");
}
}
} else {
SCLogDebug("Error: Stack pointer missing");
ret = MIME_DEC_ERR_DATA;
}
/* Reset data chunk buffer */

@ -166,7 +166,7 @@ static TmEcode JsonEmailLogJson(JsonEmailLogThread *aft,
/* Subject: */
field = MimeDecFindField(entity, "Subject");
if (field != NULL) {
char *s = strndup(field->value, (int) field->value_len);
char *s = BytesToString((uint8_t *)field->value, (size_t) field->value_len);
if (likely(s != NULL)) {
//printf("Subject: \"%s\"\n", s);
json_object_set_new(sjs, "subject", json_string(s));
@ -181,6 +181,20 @@ static TmEcode JsonEmailLogJson(JsonEmailLogThread *aft,
int url_cnt = 0;
json_t *js_attch = json_array();
json_t *js_url = json_array();
if (entity->url_list != NULL) {
MimeDecUrl *url;
for (url = entity->url_list; url != NULL; url = url->next) {
char *s = BytesToString((uint8_t *)url->url,
(size_t)url->url_len);
if (s != NULL) {
//printf("URL: \"%s\"\n", s);
json_array_append_new(js_url,
json_string(s));
SCFree(s);
url_cnt += 1;
}
}
}
for (entity = entity->child; entity != NULL; entity = entity->next) {
if (entity->ctnt_flags & CTNT_IS_ATTACHMENT) {

Loading…
Cancel
Save