From f4a6f4b293ebd05c3088b95ceba18fb8978f128a Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 28 Jun 2011 15:19:30 +0200 Subject: [PATCH] Add libmagic detection, linking and a basic API. --- configure.in | 29 +++ src/Makefile.am | 2 + src/suricata.c | 7 + src/util-error.h | 2 + src/util-magic.c | 516 +++++++++++++++++++++++++++++++++++++++++++++++ src/util-magic.h | 34 ++++ 6 files changed, 590 insertions(+) create mode 100644 src/util-magic.c create mode 100644 src/util-magic.h diff --git a/configure.in b/configure.in index 990e6c61be..19410ce024 100644 --- a/configure.in +++ b/configure.in @@ -1018,6 +1018,35 @@ AC_CHECK_HEADER(pcap.h,,[AC_ERROR(pcap.h not found ...)]) fi fi +#libmagic + AC_ARG_WITH(libmagic_includes, + [ --with-libmagic-includes=DIR libmagic include directory], + [with_libmagic_includes="$withval"],[with_libmagic_includes=no]) + AC_ARG_WITH(libmagic_libraries, + [ --with-libmagic-libraries=DIR libmagic library directory], + [with_libmagic_libraries="$withval"],[with_libmagic_libraries="no"]) + + if test "$with_libmagic_includes" != "no"; then + CPPFLAGS="${CPPFLAGS} -I${with_libmagic_includes}" + fi + + AC_CHECK_HEADER(magic.h,,[AC_ERROR(magic.h not found ...)]) + + if test "$with_libmagic_libraries" != "no"; then + LDFLAGS="${LDFLAGS} -L${with_libmagic_libraries}" + fi + + MAGIC="" + AC_CHECK_LIB(magic, magic_open,, MAGIC="no") + + if test "$MAGIC" = "no"; then + echo + echo " ERROR! magic library not found, go get it" + echo " from http://www.darwinsys.com/file/." + echo + exit 1 + fi + # get revision if test -f ./revision; then REVISION=`cat ./revision` diff --git a/src/Makefile.am b/src/Makefile.am index f190a5bd03..a61cbdf0e0 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -159,6 +159,8 @@ detect-ssl-version.c detect-ssl-version.h \ detect-ssl-state.c detect-ssl-state.h \ detect-byte-extract.c detect-byte-extract.h \ detect-replace.c detect-replace.h \ +util-filetype.c util-filetype.h \ +util-magic.c util-magic.h \ util-atomic.h \ util-print.c util-print.h \ util-fmemopen.c util-fmemopen.h \ diff --git a/src/suricata.c b/src/suricata.c index 7768bb5763..3aaf7626f3 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -137,6 +137,7 @@ #include "util-threshold-config.h" #include "util-reference-config.h" #include "util-profiling.h" +#include "util-magic.h" #include "defrag.h" @@ -1359,6 +1360,8 @@ int main(int argc, char **argv) DetectEngineRegisterTests(); SCLogRegisterTests(); SMTPParserRegisterTests(); + MagicRegisterTests(); + if (list_unittests) { UtListTests(regex_arg); } @@ -1467,6 +1470,9 @@ int main(int argc, char **argv) ActionInitConfig(); + if (MagicInit() != 0) + exit(EXIT_FAILURE); + if (SigLoadSignatures(de_ctx, sig_file, sig_file_exclusive) < 0) { if (sig_file == NULL) { SCLogError(SC_ERR_OPENING_FILE, "Signature file has not been provided"); @@ -1724,6 +1730,7 @@ int main(int argc, char **argv) SCProtoNameDeInit(); DefragDestroy(); TmqhPacketpoolDestroy(); + MagicDeinit(); #ifdef PROFILING if (profiling_rules_enabled) diff --git a/src/util-error.h b/src/util-error.h index e8e8223e7f..4462b57e2f 100644 --- a/src/util-error.h +++ b/src/util-error.h @@ -223,6 +223,8 @@ typedef enum { SC_ERR_NO_AF_PACKET, SC_ERR_PCAP_FILE_DELETE_FAILED, SC_ERR_CMD_LINE, + SC_ERR_MAGIC_OPEN, + SC_ERR_MAGIC_LOAD, } SCError; const char *SCErrorToString(SCError); diff --git a/src/util-magic.c b/src/util-magic.c new file mode 100644 index 0000000000..41f780e64b --- /dev/null +++ b/src/util-magic.c @@ -0,0 +1,516 @@ +/* Copyright (C) 2007-2011 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + * + * Wrappers and tests for libmagic usage. + */ + +#include "suricata-common.h" +#include "conf.h" + +#include "util-unittest.h" + +#include + +static magic_t g_magic_ctx = NULL; + +/** + * \brief Initialize the "magic" context. + */ +int MagicInit(void) { + char *filename = NULL; + FILE *fd = NULL; + + SCEnter(); + + if (g_magic_ctx == NULL) { + g_magic_ctx = magic_open(0); + if (g_magic_ctx == NULL) { + SCLogError(SC_ERR_MAGIC_OPEN, "magic_open failed: %s", magic_error(g_magic_ctx)); + goto error; + } + + ConfGet("magic-file", &filename); + if (filename != NULL) { + SCLogInfo("using magic-file %s", filename); + + if ( (fd = fopen(filename, "r")) == NULL) { + SCLogWarning(SC_ERR_FOPEN, "Error opening file: \"%s\": %s", filename, strerror(errno)); + goto error; + } + fclose(fd); + } + + if (magic_load(g_magic_ctx, filename) != 0) { + SCLogError(SC_ERR_MAGIC_LOAD, "magic_load failed: %s", magic_error(g_magic_ctx)); + goto error; + } + } + + SCReturnInt(0); + +error: + if (g_magic_ctx != NULL) { + magic_close(g_magic_ctx); + g_magic_ctx = NULL; + } + + SCReturnInt(-1); +} + +/** + * \brief Find the magic value for a buffer. + * + * \param buf the buffer + * \param buflen length of the buffer + * + * \retval result pointer to const string + */ +const char *MagicLookup(uint8_t *buf, uint32_t buflen) { + const char *result = NULL; + + if (buf != NULL && buflen > 0) { + result = magic_buffer(g_magic_ctx, (void *)buf, (size_t)buflen); + } + + SCReturnPtr(result, "const char"); +} + +void MagicDeinit(void) { + if (g_magic_ctx != NULL) { + magic_close(g_magic_ctx); + g_magic_ctx = NULL; + } +} + +#ifdef UNITTESTS + +/** \test magic lib calls -- init */ +int MagicInitTest01(void) { + magic_t magic_ctx; + + magic_ctx = magic_open(0); + + if (magic_load(magic_ctx, NULL) == -1) + return 0; + + magic_close(magic_ctx); + return 1; +} + +/** \test magic init through api */ +int MagicInitTest02(void) { + if (g_magic_ctx != NULL) { + printf("g_magic_ctx != NULL at start of the test: "); + return 0; + } + + MagicInit(); + + if (g_magic_ctx == NULL) { + printf("g_magic_ctx == NULL: "); + return 0; + } + + MagicDeinit(); + + if (g_magic_ctx != NULL) { + printf("g_magic_ctx != NULL at end of the test: "); + return 0; + } + + return 1; +} + +/** \test magic lib calls -- lookup */ +int MagicDetectTest01(void) { + magic_t magic_ctx; + char *result = NULL; + char buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a}; + size_t buffer_len = sizeof(buffer); + int retval = 0; + + magic_ctx = magic_open(0); + + if (magic_load(magic_ctx, NULL) == -1) + return 0; + + result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len); + if (result == NULL || strncmp(result, "PDF document", 12) != 0) { + printf("result %p:%s, not \"PDF document\": ", result,result?result:"(null)"); + goto end; + } + + retval = 1; +end: + magic_close(magic_ctx); + return retval; +} + +/** \test magic lib calls -- lookup */ +int MagicDetectTest02(void) { + magic_t magic_ctx; + char *result = NULL; + + char buffer[] = { + 0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x3e, 0x00, 0x03, 0x00, 0xfe, 0xff, 0x09, 0x00, + + 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, + 0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x10, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00, + + 0x01, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00, + 0x97, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + }; + size_t buffer_len = sizeof(buffer); + int retval = 0; + + magic_ctx = magic_open(0); + + if (magic_load(magic_ctx, NULL) == -1) + return 0; + + result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len); + if (result == NULL || strcmp(result, "Microsoft Office Document") != 0) { + printf("result %p:%s, not \"Microsoft Office Document\": ", result,result?result:"(null)"); + goto end; + } + + retval = 1; +end: + magic_close(magic_ctx); + return retval; +} + +/** \test magic lib calls -- lookup */ +int MagicDetectTest03(void) { + magic_t magic_ctx; + char *result = NULL; + + char buffer[] = { + 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6, + 0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00, + 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69, + + 0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70, + 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61, + 0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e, + + 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, + 0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03, + 0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, + 0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a, + 0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, + + 0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03, + 0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b, + }; + size_t buffer_len = sizeof(buffer); + int retval = 0; + + magic_ctx = magic_open(0); + + if (magic_load(magic_ctx, NULL) == -1) + return 0; + + result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len); + if (result == NULL || strcmp(result, "OpenDocument Text") != 0) { + printf("result %p:%s, not \"OpenDocument Text\": ", result,result?result:"(null)"); + goto end; + } + + retval = 1; +end: + magic_close(magic_ctx); + return retval; +} + +/** \test magic lib calls -- lookup */ +int MagicDetectTest04(void) { + magic_t magic_ctx; + char *result = NULL; + + char buffer[] = { + 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x08, + 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, 0x8b, 0x70, + 0x96, 0x08, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00, + 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69, + + 0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70, + 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x73, 0x75, + 0x6e, 0x2e, 0x78, 0x6d, 0x6c, 0x2e, 0x62, 0x61, + + 0x73, 0x65, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, + 0x00, 0x08, 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, + + 0x4d, 0x45, 0x54, 0x41, 0x2d, 0x49, 0x4e, 0x46, + 0x2f, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, + 0x08, 0x08, 0x00, 0xa8, 0x42, 0x1d, 0x37, 0x5d, + 0xa7, 0xb2, 0xc1, 0xde, 0x01, 0x00, 0x00, 0x7e, + + 0x04, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x63, + 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x78, + 0x6d, 0x6c, 0x95, 0x54, 0x4d, 0x6f, 0xdb, 0x30, + 0x0c, 0xbd, 0xe7, 0x57, 0x18, 0x02, 0x06, 0x6c, + + 0x07, 0xc5, 0xe9, 0xb6, 0xc3, 0x22, 0xc4, 0x29, + 0x86, 0x7d, 0x00, 0x05, 0x8a, 0x9d, 0xb2, 0x43, + 0x8f, 0xb2, 0x24, 0xa7, 0xc2, 0x64, 0xc9, 0x15, + }; + size_t buffer_len = sizeof(buffer); + int retval = 0; + + magic_ctx = magic_open(0); + + if (magic_load(magic_ctx, NULL) == -1) + return 0; + + result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len); + if (result == NULL || strcmp(result, "OpenOffice.org 1.x Database file") != 0) { + printf("result %p:%s, not \"OpenOffice.org 1.x Database file\": ", result,result?result:"(null)"); + goto end; + } + + retval = 1; +end: + magic_close(magic_ctx); + return retval; +} + +/** \test magic api calls -- lookup */ +int MagicDetectTest05(void) { + const char *result = NULL; + uint8_t buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a}; + size_t buffer_len = sizeof(buffer); + int retval = 0; + + MagicInit(); + + result = MagicLookup(buffer, buffer_len); + if (result == NULL || strncmp(result, "PDF document", 12) != 0) { + printf("result %p:%s, not \"PDF document\": ", result,result?result:"(null)"); + goto end; + } + + retval = 1; +end: + MagicDeinit(); + return retval; +} + +/** \test magic api calls -- lookup */ +int MagicDetectTest06(void) { + const char *result = NULL; + uint8_t buffer[] = { + 0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x3e, 0x00, 0x03, 0x00, 0xfe, 0xff, 0x09, 0x00, + + 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, + 0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x10, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00, + + 0x01, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00, + 0x97, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + }; + size_t buffer_len = sizeof(buffer); + int retval = 0; + + MagicInit(); + + result = MagicLookup(buffer, buffer_len); + if (result == NULL || strcmp(result, "Microsoft Office Document") != 0) { + printf("result %p:%s, not \"Microsoft Office Document\": ", result,result?result:"(null)"); + goto end; + } + + retval = 1; + +end: + MagicDeinit(); + return retval; +} + +/** \test magic api calls -- lookup */ +int MagicDetectTest07(void) { + const char *result = NULL; + uint8_t buffer[] = { + 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6, + 0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00, + 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69, + + 0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70, + 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61, + 0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e, + + 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, + 0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03, + 0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, + 0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a, + 0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, + + 0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03, + 0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b, + }; + size_t buffer_len = sizeof(buffer); + int retval = 0; + + MagicInit(); + + result = MagicLookup(buffer, buffer_len); + if (result == NULL || strcmp(result, "OpenDocument Text") != 0) { + printf("result %p:%s, not \"OpenDocument Text\": ", result,result?result:"(null)"); + goto end; + } + + retval = 1; +end: + MagicDeinit(); + return retval; +} + +/** \test magic api calls -- lookup */ +int MagicDetectTest08(void) { + const char *result = NULL; + uint8_t buffer[] = { + 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x08, + 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, 0x8b, 0x70, + 0x96, 0x08, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00, + 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69, + + 0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70, + 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x73, 0x75, + 0x6e, 0x2e, 0x78, 0x6d, 0x6c, 0x2e, 0x62, 0x61, + + 0x73, 0x65, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, + 0x00, 0x08, 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, + + 0x4d, 0x45, 0x54, 0x41, 0x2d, 0x49, 0x4e, 0x46, + 0x2f, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, + 0x08, 0x08, 0x00, 0xa8, 0x42, 0x1d, 0x37, 0x5d, + 0xa7, 0xb2, 0xc1, 0xde, 0x01, 0x00, 0x00, 0x7e, + + 0x04, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x63, + 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x78, + 0x6d, 0x6c, 0x95, 0x54, 0x4d, 0x6f, 0xdb, 0x30, + + 0x0c, 0xbd, 0xe7, 0x57, 0x18, 0x02, 0x06, 0x6c, + 0x07, 0xc5, 0xe9, 0xb6, 0xc3, 0x22, 0xc4, 0x29, + 0x86, 0x7d, 0x00, 0x05, 0x8a, 0x9d, 0xb2, 0x43, + 0x8f, 0xb2, 0x24, 0xa7, 0xc2, 0x64, 0xc9, 0x15, + }; + size_t buffer_len = sizeof(buffer); + int retval = 0; + + MagicInit(); + + result = MagicLookup(buffer, buffer_len); + if (result == NULL || strcmp(result, "OpenOffice.org 1.x Database file") != 0) { + printf("result %p:%s, not \"OpenOffice.org 1.x Database file\": ", result,result?result:"(null)"); + goto end; + } + + retval = 1; +end: + MagicDeinit(); + return retval; +} + +/** \test magic api calls -- make sure memory is shared */ +int MagicDetectTest09(void) { + const char *result1 = NULL; + const char *result2 = NULL; + uint8_t buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a}; + size_t buffer_len = sizeof(buffer); + int retval = 0; + + MagicInit(); + + result1 = MagicLookup(buffer, buffer_len); + if (result1 == NULL || strncmp(result1, "PDF document", 12) != 0) { + printf("result %p:%s, not \"PDF document\": ", result1,result1?result1:"(null)"); + goto end; + } + + result2 = MagicLookup(buffer, buffer_len); + if (result2 == NULL || strncmp(result2, "PDF document", 12) != 0) { + printf("result %p:%s, not \"PDF document\": ", result2,result2?result2:"(null)"); + goto end; + } + + if (result1 != result2) { + printf("pointers not equal, weird... %p != %p: ", result1, result2); + goto end; + } + + retval = 1; +end: + MagicDeinit(); + return retval; +} + +#endif /* UNITTESTS */ + + +void MagicRegisterTests(void) { +#ifdef UNITTESTS + UtRegisterTest("MagicInitTest01", MagicInitTest01, 1); + UtRegisterTest("MagicInitTest02", MagicInitTest02, 1); + UtRegisterTest("MagicDetectTest01", MagicDetectTest01, 1); + UtRegisterTest("MagicDetectTest02", MagicDetectTest02, 1); + UtRegisterTest("MagicDetectTest03", MagicDetectTest03, 1); + UtRegisterTest("MagicDetectTest04", MagicDetectTest04, 1); + UtRegisterTest("MagicDetectTest05", MagicDetectTest05, 1); + UtRegisterTest("MagicDetectTest06", MagicDetectTest06, 1); + UtRegisterTest("MagicDetectTest07", MagicDetectTest07, 1); + UtRegisterTest("MagicDetectTest08", MagicDetectTest08, 1); + /* fails in valgrind, somehow it returns different pointers then. + UtRegisterTest("MagicDetectTest09", MagicDetectTest09, 1); */ +#endif /* UNITTESTS */ +} diff --git a/src/util-magic.h b/src/util-magic.h new file mode 100644 index 0000000000..5d801fa81f --- /dev/null +++ b/src/util-magic.h @@ -0,0 +1,34 @@ +/* Copyright (C) 2007-2011 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + */ + +#ifndef __UTIL_MAGIC_H__ +#define __UTIL_MAGIC_H__ + +int MagicInit(void); +void MagicDeinit(void); + +const char *MagicLookup(uint8_t *, uint32_t); + +void MagicRegisterTests(void); + +#endif /* __UTIL_MAGIC_H__ */