File: msc_gsb.c

package info (click to toggle)
modsecurity-apache 2.6.6-6%2Bdeb7u2
  • links: PTS
  • area: main
  • in suites: wheezy
  • size: 4,660 kB
  • sloc: ansic: 26,421; sh: 10,265; perl: 1,338; makefile: 240
file content (112 lines) | stat: -rw-r--r-- 3,024 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License.  You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*/

#include "msc_gsb.h"

static int gsb_db_create(directory_config *dcfg, char **error_msg)
{
    char errstr[1024];
    apr_pool_t *mp = dcfg->mp;
    gsb_db *gsb = dcfg->gsb;
    apr_int32_t wanted = APR_FINFO_SIZE;
    apr_finfo_t finfo;
    apr_status_t rc;
    apr_size_t nbytes;
    char *buf = NULL, *p = NULL, *savedptr = NULL;
    char *op = NULL;

    if ((rc = apr_file_open(&gsb->db, gsb->dbfn, APR_READ, APR_OS_DEFAULT, mp)) != APR_SUCCESS) {
        *error_msg = apr_psprintf(mp, "Could not open gsb database \"%s\": %s", gsb->dbfn, apr_strerror(rc, errstr, 1024));
        return 0;
    }

    if ((rc = apr_file_info_get(&finfo, wanted, gsb->db)) != APR_SUCCESS)  {
        *error_msg = apr_psprintf(mp, "Could not cannot get gsb malware file information \"%s\": %s", gsb->dbfn, apr_strerror(rc, errstr, 1024));
        apr_file_close(gsb->db);
        return 0;
    }

    buf = (char *)malloc(finfo.size+1);

    if (buf == NULL)   {
        *error_msg = apr_psprintf(mp, "Could not alloc memory for gsb data");
        apr_file_close(gsb->db);
        return 0;
    }

    rc = apr_file_read_full(gsb->db, buf, finfo.size, &nbytes);

    gsb->gsb_table = apr_hash_make(dcfg->mp);

    if (gsb->gsb_table == NULL)   {
        *error_msg = apr_psprintf(mp, "Could not alloc memory for gsb table");
        free(buf);
        buf = NULL;
        apr_file_close(gsb->db);
        return 0;
    }

    p = apr_strtok(buf,"\t",&savedptr);

    while (p != NULL)   {

        op = strchr(p,'+');

        if(op != NULL)   {
            char *hash = ++op;
            if(strlen(hash) == 32)
            apr_hash_set(gsb->gsb_table, hash, APR_HASH_KEY_STRING, "malware");
        }

        op = strchr(p,'-');

        if(op != NULL)   {
            char *hash = ++op;
            if(strlen(hash) == 32)
            apr_hash_set(gsb->gsb_table, hash, APR_HASH_KEY_STRING, NULL);
        }

        p = apr_strtok(NULL,"\t",&savedptr);
    }

    apr_file_close(gsb->db);

    free(buf);
    buf = NULL;

    return 1;
}


/**
 * Initialise Gsb malware data structure
 */
int gsb_db_init(directory_config *dcfg, const char *dbfn, char **error_msg)
{

    *error_msg = NULL;

    if ((dcfg->gsb == NULL) || (dcfg->gsb == NOT_SET_P)) {
        dcfg->gsb = apr_pcalloc(dcfg->mp, sizeof(gsb_db));
        if (dcfg->gsb == NULL)  {
            return -1;
        }
    }

    dcfg->gsb->db = NULL;
    dcfg->gsb->dbfn = apr_pstrdup(dcfg->mp, dbfn);

    return gsb_db_create(dcfg, error_msg);
}