lzma: replaces liblzma with own sdk for swf decompression

so as to avoid memory exhaustion
6 years ago · 94aa36df1b
parent a121c7b460
commit 94aa36df1b
2 changed files with 34 additions and 66 deletions
--- a/configure.ac
+++ b/configure.ac
@ -580,46 +580,6 @@
        LIBS="${TMPLIBS} -lz"
    fi
  # liblzma
    enable_liblzma=no
    AC_ARG_WITH(liblzma_includes,
            [  --with-liblzma-includes=DIR  liblzma include directory],
            [with_liblzma_includes="$withval"],[with_liblzma_includes="no"])
    AC_ARG_WITH(liblzma_libraries,
            [  --with-liblzma-libraries=DIR    liblzma library directory],
            [with_liblzma_libraries="$withval"],[with_liblzma_libraries="no"])
    if test "$with_liblzma_includes" != "no"; then
        CPPFLAGS="${CPPFLAGS} -I${with_liblzma_includes}"
    fi
    TMPLIBS="${LIBS}"
    AC_CHECK_HEADER(lzma.h,
        AC_CHECK_LIB(lzma,lzma_code,[
 	    AC_DEFINE([HAVE_LIBLZMA],[1],[liblzma available])
 	    LIBLZMA="yes"
            if test "$LIBLZMA" = "yes"; then
                if test "$with_liblzma_libraries" != "no"; then
                    LDFLAGS="${LDFLAGS}  -L${with_liblzma_libraries}"
                    LIBS="${TMPLIBS} -llzma"
                else
                    LIBS="${TMPLIBS} -llzma"
                fi
            fi]),LIBLZMA="no")
    if test "$LIBLZMA" != "yes"; then
        echo
        echo "   Error! liblzma library not found."
        echo "   Debian/Ubuntu: apt install liblzma-dev"
        echo "   Fedora: dnf install xz-devel"
        echo "   CentOS/RHEL: yum install xz-devel"
        echo
        exit 1
    fi
    enable_liblzma=yes
    LIBS="${TMPLIBS} -llzma"
  #libpcre
    AC_ARG_WITH(libpcre_includes,
            [  --with-libpcre-includes=DIR  libpcre include directory],
@ -2587,7 +2547,6 @@ SURICATA_BUILD_CONF="Suricata Configuration:
  libnss support:                          ${enable_nss}
  libnspr support:                         ${enable_nspr}
  libjansson support:                      ${enable_jansson}
  liblzma support:                         ${enable_liblzma}
  hiredis support:                         ${enable_hiredis}
  hiredis async with libevent:             ${enable_hiredis_async}
  Prelude support:                         ${enable_prelude}
--- a/src/util-file-swf-decompression.c
+++ b/src/util-file-swf-decompression.c
@ -34,7 +34,7 @@
 #include <zlib.h>
-#include <lzma.h>
+#include <htp/lzma/LzmaDec.h>
 #define MAX_SWF_DECOMPRESSED_LEN 50000000
 /*
@ -123,6 +123,10 @@ int FileSwfZlibDecompression(DetectEngineThreadCtx *det_ctx,
    return ret;
 }
 static void *SzAlloc(ISzAllocPtr p, size_t size) { return malloc(size); }
 static void SzFree(ISzAllocPtr p, void *address) { free(address); }
 static const ISzAlloc suri_lzma_Alloc = { SzAlloc, SzFree };
 /* ZWS format */
 /*
 * | 4 bytes         | 4 bytes    | 4 bytes        | 5 bytes    | n bytes   | 6 bytes         |
@ -132,42 +136,47 @@ int FileSwfLzmaDecompression(DetectEngineThreadCtx *det_ctx,
                             uint8_t *compressed_data, uint32_t compressed_data_len,
                             uint8_t *decompressed_data, uint32_t decompressed_data_len)
 {
-    int ret = 1;
+    int ret = 0;
-    lzma_stream strm = LZMA_STREAM_INIT;
+
-    lzma_ret result = lzma_alone_decoder(&strm, UINT64_MAX /* memlimit */);
+    CLzmaDec strm;
-    if (result != LZMA_OK) {
+    LzmaDec_Construct(&strm);
    ELzmaStatus status;
    if (compressed_data_len < LZMA_PROPS_SIZE + 8) {
        DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_LZMA_FORMAT_ERROR);
        return 0;
    }
    ret = LzmaDec_Allocate(&strm, compressed_data, LZMA_PROPS_SIZE, &suri_lzma_Alloc);
    if (ret != SZ_OK) {
        DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_LZMA_DECODER_ERROR);
        return 0;
    }
-
+    LzmaDec_Init(&strm);
-    strm.avail_in = compressed_data_len;
+    compressed_data += LZMA_PROPS_SIZE + 8;
-    strm.next_in = compressed_data;
+    compressed_data_len -= LZMA_PROPS_SIZE + 8;
-    strm.avail_out = decompressed_data_len;
+    size_t inprocessed = compressed_data_len;
-    strm.next_out = decompressed_data;
+    size_t outprocessed = decompressed_data_len;
-
+
-    result = lzma_code(&strm, LZMA_RUN);
+    ret = LzmaDec_DecodeToBuf(&strm, decompressed_data, &outprocessed,
-    switch(result) {
+                             compressed_data, &inprocessed, LZMA_FINISH_ANY, &status, MAX_SWF_DECOMPRESSED_LEN);
-        case LZMA_STREAM_END:
+
    switch(ret) {
        case SZ_OK:
            ret = 1;
            break;
-        case LZMA_OK:
+        case SZ_ERROR_MEM:
            break;
        case LZMA_MEMLIMIT_ERROR:
            DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_LZMA_MEMLIMIT_ERROR);
            ret = 0;
            break;
-        case LZMA_OPTIONS_ERROR:
+        case SZ_ERROR_UNSUPPORTED:
            DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_LZMA_OPTIONS_ERROR);
            ret = 0;
            break;
-        case LZMA_FORMAT_ERROR:
+        case SZ_ERROR_DATA:
            DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_LZMA_FORMAT_ERROR);
            ret = 0;
            break;
        case LZMA_DATA_ERROR:
            DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_LZMA_DATA_ERROR);
            ret = 0;
            break;
-        case LZMA_BUF_ERROR:
+        case SZ_ERROR_INPUT_EOF:
            DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_LZMA_BUF_ERROR);
            ret = 0;
            break;
@ -177,6 +186,6 @@ int FileSwfLzmaDecompression(DetectEngineThreadCtx *det_ctx,
            break;
    }
-    lzma_end(&strm);
+    LzmaDec_Free(&strm, &suri_lzma_Alloc);
    return ret;
 }