/src/suricata7/libhtp/htp/htp_config.c
Line | Count | Source (jump to first uncovered line) |
1 | | /*************************************************************************** |
2 | | * Copyright (c) 2009-2010 Open Information Security Foundation |
3 | | * Copyright (c) 2010-2013 Qualys, Inc. |
4 | | * All rights reserved. |
5 | | * |
6 | | * Redistribution and use in source and binary forms, with or without |
7 | | * modification, are permitted provided that the following conditions are |
8 | | * met: |
9 | | * |
10 | | * - Redistributions of source code must retain the above copyright |
11 | | * notice, this list of conditions and the following disclaimer. |
12 | | |
13 | | * - Redistributions in binary form must reproduce the above copyright |
14 | | * notice, this list of conditions and the following disclaimer in the |
15 | | * documentation and/or other materials provided with the distribution. |
16 | | |
17 | | * - Neither the name of the Qualys, Inc. nor the names of its |
18 | | * contributors may be used to endorse or promote products derived from |
19 | | * this software without specific prior written permission. |
20 | | * |
21 | | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
22 | | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
23 | | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
24 | | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
25 | | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
26 | | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
27 | | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
28 | | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
29 | | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
30 | | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
31 | | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
32 | | ***************************************************************************/ |
33 | | |
34 | | /** |
35 | | * @file |
36 | | * @author Ivan Ristic <ivanr@webkreator.com> |
37 | | */ |
38 | | |
39 | | #include "htp_config_auto.h" |
40 | | |
41 | | #include "htp_private.h" |
42 | | |
43 | | /** |
44 | | * This map is used by default for best-fit mapping from the Unicode |
45 | | * values U+0100-FFFF. |
46 | | */ |
47 | | static unsigned char bestfit_1252[] = { |
48 | | 0x01, 0x00, 0x41, 0x01, 0x01, 0x61, 0x01, 0x02, 0x41, 0x01, 0x03, 0x61, |
49 | | 0x01, 0x04, 0x41, 0x01, 0x05, 0x61, 0x01, 0x06, 0x43, 0x01, 0x07, 0x63, |
50 | | 0x01, 0x08, 0x43, 0x01, 0x09, 0x63, 0x01, 0x0a, 0x43, 0x01, 0x0b, 0x63, |
51 | | 0x01, 0x0c, 0x43, 0x01, 0x0d, 0x63, 0x01, 0x0e, 0x44, 0x01, 0x0f, 0x64, |
52 | | 0x01, 0x11, 0x64, 0x01, 0x12, 0x45, 0x01, 0x13, 0x65, 0x01, 0x14, 0x45, |
53 | | 0x01, 0x15, 0x65, 0x01, 0x16, 0x45, 0x01, 0x17, 0x65, 0x01, 0x18, 0x45, |
54 | | 0x01, 0x19, 0x65, 0x01, 0x1a, 0x45, 0x01, 0x1b, 0x65, 0x01, 0x1c, 0x47, |
55 | | 0x01, 0x1d, 0x67, 0x01, 0x1e, 0x47, 0x01, 0x1f, 0x67, 0x01, 0x20, 0x47, |
56 | | 0x01, 0x21, 0x67, 0x01, 0x22, 0x47, 0x01, 0x23, 0x67, 0x01, 0x24, 0x48, |
57 | | 0x01, 0x25, 0x68, 0x01, 0x26, 0x48, 0x01, 0x27, 0x68, 0x01, 0x28, 0x49, |
58 | | 0x01, 0x29, 0x69, 0x01, 0x2a, 0x49, 0x01, 0x2b, 0x69, 0x01, 0x2c, 0x49, |
59 | | 0x01, 0x2d, 0x69, 0x01, 0x2e, 0x49, 0x01, 0x2f, 0x69, 0x01, 0x30, 0x49, |
60 | | 0x01, 0x31, 0x69, 0x01, 0x34, 0x4a, 0x01, 0x35, 0x6a, 0x01, 0x36, 0x4b, |
61 | | 0x01, 0x37, 0x6b, 0x01, 0x39, 0x4c, 0x01, 0x3a, 0x6c, 0x01, 0x3b, 0x4c, |
62 | | 0x01, 0x3c, 0x6c, 0x01, 0x3d, 0x4c, 0x01, 0x3e, 0x6c, 0x01, 0x41, 0x4c, |
63 | | 0x01, 0x42, 0x6c, 0x01, 0x43, 0x4e, 0x01, 0x44, 0x6e, 0x01, 0x45, 0x4e, |
64 | | 0x01, 0x46, 0x6e, 0x01, 0x47, 0x4e, 0x01, 0x48, 0x6e, 0x01, 0x4c, 0x4f, |
65 | | 0x01, 0x4d, 0x6f, 0x01, 0x4e, 0x4f, 0x01, 0x4f, 0x6f, 0x01, 0x50, 0x4f, |
66 | | 0x01, 0x51, 0x6f, 0x01, 0x54, 0x52, 0x01, 0x55, 0x72, 0x01, 0x56, 0x52, |
67 | | 0x01, 0x57, 0x72, 0x01, 0x58, 0x52, 0x01, 0x59, 0x72, 0x01, 0x5a, 0x53, |
68 | | 0x01, 0x5b, 0x73, 0x01, 0x5c, 0x53, 0x01, 0x5d, 0x73, 0x01, 0x5e, 0x53, |
69 | | 0x01, 0x5f, 0x73, 0x01, 0x62, 0x54, 0x01, 0x63, 0x74, 0x01, 0x64, 0x54, |
70 | | 0x01, 0x65, 0x74, 0x01, 0x66, 0x54, 0x01, 0x67, 0x74, 0x01, 0x68, 0x55, |
71 | | 0x01, 0x69, 0x75, 0x01, 0x6a, 0x55, 0x01, 0x6b, 0x75, 0x01, 0x6c, 0x55, |
72 | | 0x01, 0x6d, 0x75, 0x01, 0x6e, 0x55, 0x01, 0x6f, 0x75, 0x01, 0x70, 0x55, |
73 | | 0x01, 0x71, 0x75, 0x01, 0x72, 0x55, 0x01, 0x73, 0x75, 0x01, 0x74, 0x57, |
74 | | 0x01, 0x75, 0x77, 0x01, 0x76, 0x59, 0x01, 0x77, 0x79, 0x01, 0x79, 0x5a, |
75 | | 0x01, 0x7b, 0x5a, 0x01, 0x7c, 0x7a, 0x01, 0x80, 0x62, 0x01, 0x97, 0x49, |
76 | | 0x01, 0x9a, 0x6c, 0x01, 0x9f, 0x4f, 0x01, 0xa0, 0x4f, 0x01, 0xa1, 0x6f, |
77 | | 0x01, 0xab, 0x74, 0x01, 0xae, 0x54, 0x01, 0xaf, 0x55, 0x01, 0xb0, 0x75, |
78 | | 0x01, 0xb6, 0x7a, 0x01, 0xc0, 0x7c, 0x01, 0xc3, 0x21, 0x01, 0xcd, 0x41, |
79 | | 0x01, 0xce, 0x61, 0x01, 0xcf, 0x49, 0x01, 0xd0, 0x69, 0x01, 0xd1, 0x4f, |
80 | | 0x01, 0xd2, 0x6f, 0x01, 0xd3, 0x55, 0x01, 0xd4, 0x75, 0x01, 0xd5, 0x55, |
81 | | 0x01, 0xd6, 0x75, 0x01, 0xd7, 0x55, 0x01, 0xd8, 0x75, 0x01, 0xd9, 0x55, |
82 | | 0x01, 0xda, 0x75, 0x01, 0xdb, 0x55, 0x01, 0xdc, 0x75, 0x01, 0xde, 0x41, |
83 | | 0x01, 0xdf, 0x61, 0x01, 0xe4, 0x47, 0x01, 0xe5, 0x67, 0x01, 0xe6, 0x47, |
84 | | 0x01, 0xe7, 0x67, 0x01, 0xe8, 0x4b, 0x01, 0xe9, 0x6b, 0x01, 0xea, 0x4f, |
85 | | 0x01, 0xeb, 0x6f, 0x01, 0xec, 0x4f, 0x01, 0xed, 0x6f, 0x01, 0xf0, 0x6a, |
86 | | 0x02, 0x61, 0x67, 0x02, 0xb9, 0x27, 0x02, 0xba, 0x22, 0x02, 0xbc, 0x27, |
87 | | 0x02, 0xc4, 0x5e, 0x02, 0xc8, 0x27, 0x02, 0xcb, 0x60, 0x02, 0xcd, 0x5f, |
88 | | 0x03, 0x00, 0x60, 0x03, 0x02, 0x5e, 0x03, 0x03, 0x7e, 0x03, 0x0e, 0x22, |
89 | | 0x03, 0x31, 0x5f, 0x03, 0x32, 0x5f, 0x03, 0x7e, 0x3b, 0x03, 0x93, 0x47, |
90 | | 0x03, 0x98, 0x54, 0x03, 0xa3, 0x53, 0x03, 0xa6, 0x46, 0x03, 0xa9, 0x4f, |
91 | | 0x03, 0xb1, 0x61, 0x03, 0xb4, 0x64, 0x03, 0xb5, 0x65, 0x03, 0xc0, 0x70, |
92 | | 0x03, 0xc3, 0x73, 0x03, 0xc4, 0x74, 0x03, 0xc6, 0x66, 0x04, 0xbb, 0x68, |
93 | | 0x05, 0x89, 0x3a, 0x06, 0x6a, 0x25, 0x20, 0x00, 0x20, 0x20, 0x01, 0x20, |
94 | | 0x20, 0x02, 0x20, 0x20, 0x03, 0x20, 0x20, 0x04, 0x20, 0x20, 0x05, 0x20, |
95 | | 0x20, 0x06, 0x20, 0x20, 0x10, 0x2d, 0x20, 0x11, 0x2d, 0x20, 0x17, 0x3d, |
96 | | 0x20, 0x32, 0x27, 0x20, 0x35, 0x60, 0x20, 0x44, 0x2f, 0x20, 0x74, 0x34, |
97 | | 0x20, 0x75, 0x35, 0x20, 0x76, 0x36, 0x20, 0x77, 0x37, 0x20, 0x78, 0x38, |
98 | | 0x20, 0x7f, 0x6e, 0x20, 0x80, 0x30, 0x20, 0x81, 0x31, 0x20, 0x82, 0x32, |
99 | | 0x20, 0x83, 0x33, 0x20, 0x84, 0x34, 0x20, 0x85, 0x35, 0x20, 0x86, 0x36, |
100 | | 0x20, 0x87, 0x37, 0x20, 0x88, 0x38, 0x20, 0x89, 0x39, 0x20, 0xa7, 0x50, |
101 | | 0x21, 0x02, 0x43, 0x21, 0x07, 0x45, 0x21, 0x0a, 0x67, 0x21, 0x0b, 0x48, |
102 | | 0x21, 0x0c, 0x48, 0x21, 0x0d, 0x48, 0x21, 0x0e, 0x68, 0x21, 0x10, 0x49, |
103 | | 0x21, 0x11, 0x49, 0x21, 0x12, 0x4c, 0x21, 0x13, 0x6c, 0x21, 0x15, 0x4e, |
104 | | 0x21, 0x18, 0x50, 0x21, 0x19, 0x50, 0x21, 0x1a, 0x51, 0x21, 0x1b, 0x52, |
105 | | 0x21, 0x1c, 0x52, 0x21, 0x1d, 0x52, 0x21, 0x24, 0x5a, 0x21, 0x28, 0x5a, |
106 | | 0x21, 0x2a, 0x4b, 0x21, 0x2c, 0x42, 0x21, 0x2d, 0x43, 0x21, 0x2e, 0x65, |
107 | | 0x21, 0x2f, 0x65, 0x21, 0x30, 0x45, 0x21, 0x31, 0x46, 0x21, 0x33, 0x4d, |
108 | | 0x21, 0x34, 0x6f, 0x22, 0x12, 0x2d, 0x22, 0x15, 0x2f, 0x22, 0x16, 0x5c, |
109 | | 0x22, 0x17, 0x2a, 0x22, 0x1a, 0x76, 0x22, 0x1e, 0x38, 0x22, 0x23, 0x7c, |
110 | | 0x22, 0x29, 0x6e, 0x22, 0x36, 0x3a, 0x22, 0x3c, 0x7e, 0x22, 0x61, 0x3d, |
111 | | 0x22, 0x64, 0x3d, 0x22, 0x65, 0x3d, 0x23, 0x03, 0x5e, 0x23, 0x20, 0x28, |
112 | | 0x23, 0x21, 0x29, 0x23, 0x29, 0x3c, 0x23, 0x2a, 0x3e, 0x25, 0x00, 0x2d, |
113 | | 0x25, 0x0c, 0x2b, 0x25, 0x10, 0x2b, 0x25, 0x14, 0x2b, 0x25, 0x18, 0x2b, |
114 | | 0x25, 0x1c, 0x2b, 0x25, 0x2c, 0x2d, 0x25, 0x34, 0x2d, 0x25, 0x3c, 0x2b, |
115 | | 0x25, 0x50, 0x2d, 0x25, 0x52, 0x2b, 0x25, 0x53, 0x2b, 0x25, 0x54, 0x2b, |
116 | | 0x25, 0x55, 0x2b, 0x25, 0x56, 0x2b, 0x25, 0x57, 0x2b, 0x25, 0x58, 0x2b, |
117 | | 0x25, 0x59, 0x2b, 0x25, 0x5a, 0x2b, 0x25, 0x5b, 0x2b, 0x25, 0x5c, 0x2b, |
118 | | 0x25, 0x5d, 0x2b, 0x25, 0x64, 0x2d, 0x25, 0x65, 0x2d, 0x25, 0x66, 0x2d, |
119 | | 0x25, 0x67, 0x2d, 0x25, 0x68, 0x2d, 0x25, 0x69, 0x2d, 0x25, 0x6a, 0x2b, |
120 | | 0x25, 0x6b, 0x2b, 0x25, 0x6c, 0x2b, 0x25, 0x84, 0x5f, 0x27, 0x58, 0x7c, |
121 | | 0x30, 0x00, 0x20, 0x30, 0x08, 0x3c, 0x30, 0x09, 0x3e, 0x30, 0x1a, 0x5b, |
122 | | 0x30, 0x1b, 0x5d, 0xff, 0x01, 0x21, 0xff, 0x02, 0x22, 0xff, 0x03, 0x23, |
123 | | 0xff, 0x04, 0x24, 0xff, 0x05, 0x25, 0xff, 0x06, 0x26, 0xff, 0x07, 0x27, |
124 | | 0xff, 0x08, 0x28, 0xff, 0x09, 0x29, 0xff, 0x0a, 0x2a, 0xff, 0x0b, 0x2b, |
125 | | 0xff, 0x0c, 0x2c, 0xff, 0x0d, 0x2d, 0xff, 0x0e, 0x2e, 0xff, 0x0f, 0x2f, |
126 | | 0xff, 0x10, 0x30, 0xff, 0x11, 0x31, 0xff, 0x12, 0x32, 0xff, 0x13, 0x33, |
127 | | 0xff, 0x14, 0x34, 0xff, 0x15, 0x35, 0xff, 0x16, 0x36, 0xff, 0x17, 0x37, |
128 | | 0xff, 0x18, 0x38, 0xff, 0x19, 0x39, 0xff, 0x1a, 0x3a, 0xff, 0x1b, 0x3b, |
129 | | 0xff, 0x1c, 0x3c, 0xff, 0x1d, 0x3d, 0xff, 0x1e, 0x3e, 0xff, 0x20, 0x40, |
130 | | 0xff, 0x21, 0x41, 0xff, 0x22, 0x42, 0xff, 0x23, 0x43, 0xff, 0x24, 0x44, |
131 | | 0xff, 0x25, 0x45, 0xff, 0x26, 0x46, 0xff, 0x27, 0x47, 0xff, 0x28, 0x48, |
132 | | 0xff, 0x29, 0x49, 0xff, 0x2a, 0x4a, 0xff, 0x2b, 0x4b, 0xff, 0x2c, 0x4c, |
133 | | 0xff, 0x2d, 0x4d, 0xff, 0x2e, 0x4e, 0xff, 0x2f, 0x4f, 0xff, 0x30, 0x50, |
134 | | 0xff, 0x31, 0x51, 0xff, 0x32, 0x52, 0xff, 0x33, 0x53, 0xff, 0x34, 0x54, |
135 | | 0xff, 0x35, 0x55, 0xff, 0x36, 0x56, 0xff, 0x37, 0x57, 0xff, 0x38, 0x58, |
136 | | 0xff, 0x39, 0x59, 0xff, 0x3a, 0x5a, 0xff, 0x3b, 0x5b, 0xff, 0x3c, 0x5c, |
137 | | 0xff, 0x3d, 0x5d, 0xff, 0x3e, 0x5e, 0xff, 0x3f, 0x5f, 0xff, 0x40, 0x60, |
138 | | 0xff, 0x41, 0x61, 0xff, 0x42, 0x62, 0xff, 0x43, 0x63, 0xff, 0x44, 0x64, |
139 | | 0xff, 0x45, 0x65, 0xff, 0x46, 0x66, 0xff, 0x47, 0x67, 0xff, 0x48, 0x68, |
140 | | 0xff, 0x49, 0x69, 0xff, 0x4a, 0x6a, 0xff, 0x4b, 0x6b, 0xff, 0x4c, 0x6c, |
141 | | 0xff, 0x4d, 0x6d, 0xff, 0x4e, 0x6e, 0xff, 0x4f, 0x6f, 0xff, 0x50, 0x70, |
142 | | 0xff, 0x51, 0x71, 0xff, 0x52, 0x72, 0xff, 0x53, 0x73, 0xff, 0x54, 0x74, |
143 | | 0xff, 0x55, 0x75, 0xff, 0x56, 0x76, 0xff, 0x57, 0x77, 0xff, 0x58, 0x78, |
144 | | 0xff, 0x59, 0x79, 0xff, 0x5a, 0x7a, 0xff, 0x5b, 0x7b, 0xff, 0x5c, 0x7c, |
145 | | 0xff, 0x5d, 0x7d, 0xff, 0x5e, 0x7e, 0x00, 0x00, 0x00 |
146 | | }; |
147 | | |
148 | 34 | #define HTP_HEADERS_LIMIT 1024 |
149 | | |
150 | 34 | htp_cfg_t *htp_config_create(void) { |
151 | 34 | htp_cfg_t *cfg = calloc(1, sizeof (htp_cfg_t)); |
152 | 34 | if (cfg == NULL) return NULL; |
153 | | |
154 | 34 | cfg->field_limit_hard = HTP_FIELD_LIMIT_HARD; |
155 | 34 | cfg->field_limit_soft = HTP_FIELD_LIMIT_SOFT; |
156 | 34 | cfg->log_level = HTP_LOG_NOTICE; |
157 | 34 | cfg->response_decompression_enabled = 1; |
158 | 34 | cfg->request_decompression_enabled = 0; // disabled by default |
159 | 34 | cfg->parse_request_cookies = 1; |
160 | 34 | cfg->parse_request_auth = 1; |
161 | 34 | cfg->extract_request_files = 0; |
162 | 34 | cfg->extract_request_files_limit = -1; // Use the parser default. |
163 | 34 | cfg->response_decompression_layer_limit = 2; // 2 layers seem fairly common |
164 | 34 | cfg->lzma_memlimit = HTP_LZMA_MEMLIMIT; |
165 | 34 | cfg->response_lzma_layer_limit = 1; // default is only one layer |
166 | 34 | cfg->compression_bomb_limit = HTP_COMPRESSION_BOMB_LIMIT; |
167 | 34 | cfg->compression_time_limit = HTP_COMPRESSION_TIME_LIMIT_USEC; |
168 | 34 | cfg->number_headers_limit = HTP_HEADERS_LIMIT; |
169 | 34 | cfg->allow_space_uri = 0; |
170 | | |
171 | | // Default settings for URL-encoded data. |
172 | | |
173 | 34 | htp_config_set_bestfit_map(cfg, HTP_DECODER_DEFAULTS, bestfit_1252); |
174 | 34 | htp_config_set_bestfit_replacement_byte(cfg, HTP_DECODER_DEFAULTS, '?'); |
175 | | |
176 | 34 | htp_config_set_url_encoding_invalid_handling(cfg, HTP_DECODER_DEFAULTS, HTP_URL_DECODE_PRESERVE_PERCENT); |
177 | 34 | htp_config_set_nul_raw_terminates(cfg, HTP_DECODER_DEFAULTS, 0); |
178 | 34 | htp_config_set_nul_encoded_terminates(cfg, HTP_DECODER_DEFAULTS, 0); |
179 | 34 | htp_config_set_u_encoding_decode(cfg, HTP_DECODER_DEFAULTS, 0); |
180 | | |
181 | 34 | htp_config_set_plusspace_decode(cfg, HTP_DECODER_URLENCODED, 1); |
182 | | |
183 | 34 | htp_config_set_server_personality(cfg, HTP_SERVER_MINIMAL); |
184 | | |
185 | 34 | return cfg; |
186 | 34 | } |
187 | | |
188 | 0 | htp_cfg_t *htp_config_copy(htp_cfg_t *cfg) { |
189 | 0 | if (cfg == NULL) return NULL; |
190 | | |
191 | | // Start by making a copy of the entire structure, |
192 | | // which is essentially a shallow copy. |
193 | 0 | htp_cfg_t *copy = malloc(sizeof (htp_cfg_t)); |
194 | 0 | if (copy == NULL) return NULL; |
195 | 0 | memcpy(copy, cfg, sizeof (htp_cfg_t)); |
196 | | |
197 | | // Now create copies of the hooks' structures. |
198 | |
|
199 | 0 | if (cfg->hook_request_start != NULL) { |
200 | 0 | copy->hook_request_start = htp_hook_copy(cfg->hook_request_start); |
201 | 0 | if (copy->hook_request_start == NULL) { |
202 | 0 | htp_config_destroy(copy); |
203 | 0 | return NULL; |
204 | 0 | } |
205 | 0 | } |
206 | | |
207 | 0 | if (cfg->hook_request_line != NULL) { |
208 | 0 | copy->hook_request_line = htp_hook_copy(cfg->hook_request_line); |
209 | 0 | if (copy->hook_request_line == NULL) { |
210 | 0 | htp_config_destroy(copy); |
211 | 0 | return NULL; |
212 | 0 | } |
213 | 0 | } |
214 | | |
215 | 0 | if (cfg->hook_request_uri_normalize != NULL) { |
216 | 0 | copy->hook_request_uri_normalize = htp_hook_copy(cfg->hook_request_uri_normalize); |
217 | 0 | if (copy->hook_request_uri_normalize == NULL) { |
218 | 0 | htp_config_destroy(copy); |
219 | 0 | return NULL; |
220 | 0 | } |
221 | 0 | } |
222 | | |
223 | 0 | if (cfg->hook_request_header_data != NULL) { |
224 | 0 | copy->hook_request_header_data = htp_hook_copy(cfg->hook_request_header_data); |
225 | 0 | if (copy->hook_request_header_data == NULL) { |
226 | 0 | htp_config_destroy(copy); |
227 | 0 | return NULL; |
228 | 0 | } |
229 | 0 | } |
230 | | |
231 | 0 | if (cfg->hook_request_headers != NULL) { |
232 | 0 | copy->hook_request_headers = htp_hook_copy(cfg->hook_request_headers); |
233 | 0 | if (copy->hook_request_headers == NULL) { |
234 | 0 | htp_config_destroy(copy); |
235 | 0 | return NULL; |
236 | 0 | } |
237 | 0 | } |
238 | | |
239 | 0 | if (cfg->hook_request_body_data != NULL) { |
240 | 0 | copy->hook_request_body_data = htp_hook_copy(cfg->hook_request_body_data); |
241 | 0 | if (copy->hook_request_body_data == NULL) { |
242 | 0 | htp_config_destroy(copy); |
243 | 0 | return NULL; |
244 | 0 | } |
245 | 0 | } |
246 | | |
247 | 0 | if (cfg->hook_request_file_data != NULL) { |
248 | 0 | copy->hook_request_file_data = htp_hook_copy(cfg->hook_request_file_data); |
249 | 0 | if (copy->hook_request_file_data == NULL) { |
250 | 0 | htp_config_destroy(copy); |
251 | 0 | return NULL; |
252 | 0 | } |
253 | 0 | } |
254 | | |
255 | 0 | if (cfg->hook_request_trailer != NULL) { |
256 | 0 | copy->hook_request_trailer = htp_hook_copy(cfg->hook_request_trailer); |
257 | 0 | if (copy->hook_request_trailer == NULL) { |
258 | 0 | htp_config_destroy(copy); |
259 | 0 | return NULL; |
260 | 0 | } |
261 | 0 | } |
262 | | |
263 | 0 | if (cfg->hook_request_trailer_data != NULL) { |
264 | 0 | copy->hook_request_trailer_data = htp_hook_copy(cfg->hook_request_trailer_data); |
265 | 0 | if (copy->hook_request_trailer_data == NULL) { |
266 | 0 | htp_config_destroy(copy); |
267 | 0 | return NULL; |
268 | 0 | } |
269 | 0 | } |
270 | | |
271 | 0 | if (cfg->hook_request_complete != NULL) { |
272 | 0 | copy->hook_request_complete = htp_hook_copy(cfg->hook_request_complete); |
273 | 0 | if (copy->hook_request_complete == NULL) { |
274 | 0 | htp_config_destroy(copy); |
275 | 0 | return NULL; |
276 | 0 | } |
277 | 0 | } |
278 | | |
279 | 0 | if (cfg->hook_response_start != NULL) { |
280 | 0 | copy->hook_response_start = htp_hook_copy(cfg->hook_response_start); |
281 | 0 | if (copy->hook_response_start == NULL) { |
282 | 0 | htp_config_destroy(copy); |
283 | 0 | return NULL; |
284 | 0 | } |
285 | 0 | } |
286 | | |
287 | 0 | if (cfg->hook_response_line != NULL) { |
288 | 0 | copy->hook_response_line = htp_hook_copy(cfg->hook_response_line); |
289 | 0 | if (copy->hook_response_line == NULL) { |
290 | 0 | htp_config_destroy(copy); |
291 | 0 | return NULL; |
292 | 0 | } |
293 | 0 | } |
294 | | |
295 | 0 | if (cfg->hook_response_header_data != NULL) { |
296 | 0 | copy->hook_response_header_data = htp_hook_copy(cfg->hook_response_header_data); |
297 | 0 | if (copy->hook_response_header_data == NULL) { |
298 | 0 | htp_config_destroy(copy); |
299 | 0 | return NULL; |
300 | 0 | } |
301 | 0 | } |
302 | | |
303 | 0 | if (cfg->hook_response_headers != NULL) { |
304 | 0 | copy->hook_response_headers = htp_hook_copy(cfg->hook_response_headers); |
305 | 0 | if (copy->hook_response_headers == NULL) { |
306 | 0 | htp_config_destroy(copy); |
307 | 0 | return NULL; |
308 | 0 | } |
309 | 0 | } |
310 | | |
311 | 0 | if (cfg->hook_response_body_data != NULL) { |
312 | 0 | copy->hook_response_body_data = htp_hook_copy(cfg->hook_response_body_data); |
313 | 0 | if (copy->hook_response_body_data == NULL) { |
314 | 0 | htp_config_destroy(copy); |
315 | 0 | return NULL; |
316 | 0 | } |
317 | 0 | } |
318 | | |
319 | 0 | if (cfg->hook_response_trailer != NULL) { |
320 | 0 | copy->hook_response_trailer = htp_hook_copy(cfg->hook_response_trailer); |
321 | 0 | if (copy->hook_response_trailer == NULL) { |
322 | 0 | htp_config_destroy(copy); |
323 | 0 | return NULL; |
324 | 0 | } |
325 | 0 | } |
326 | | |
327 | 0 | if (cfg->hook_response_trailer_data != NULL) { |
328 | 0 | copy->hook_response_trailer_data = htp_hook_copy(cfg->hook_response_trailer_data); |
329 | 0 | if (copy->hook_response_trailer_data == NULL) { |
330 | 0 | htp_config_destroy(copy); |
331 | 0 | return NULL; |
332 | 0 | } |
333 | 0 | } |
334 | | |
335 | 0 | if (cfg->hook_response_complete != NULL) { |
336 | 0 | copy->hook_response_complete = htp_hook_copy(cfg->hook_response_complete); |
337 | 0 | if (copy->hook_response_complete == NULL) { |
338 | 0 | htp_config_destroy(copy); |
339 | 0 | return NULL; |
340 | 0 | } |
341 | 0 | } |
342 | | |
343 | 0 | if (cfg->hook_transaction_complete != NULL) { |
344 | 0 | copy->hook_transaction_complete = htp_hook_copy(cfg->hook_transaction_complete); |
345 | 0 | if (copy->hook_transaction_complete == NULL) { |
346 | 0 | htp_config_destroy(copy); |
347 | 0 | return NULL; |
348 | 0 | } |
349 | 0 | } |
350 | | |
351 | 0 | if (cfg->hook_log != NULL) { |
352 | 0 | copy->hook_log = htp_hook_copy(cfg->hook_log); |
353 | 0 | if (copy->hook_log == NULL) { |
354 | 0 | htp_config_destroy(copy); |
355 | 0 | return NULL; |
356 | 0 | } |
357 | 0 | } |
358 | | |
359 | 0 | return copy; |
360 | 0 | } |
361 | | |
362 | 0 | void htp_config_destroy(htp_cfg_t *cfg) { |
363 | 0 | if (cfg == NULL) return; |
364 | | |
365 | 0 | htp_hook_destroy(cfg->hook_request_start); |
366 | 0 | htp_hook_destroy(cfg->hook_request_line); |
367 | 0 | htp_hook_destroy(cfg->hook_request_uri_normalize); |
368 | 0 | htp_hook_destroy(cfg->hook_request_header_data); |
369 | 0 | htp_hook_destroy(cfg->hook_request_headers); |
370 | 0 | htp_hook_destroy(cfg->hook_request_body_data); |
371 | 0 | htp_hook_destroy(cfg->hook_request_file_data); |
372 | 0 | htp_hook_destroy(cfg->hook_request_trailer); |
373 | 0 | htp_hook_destroy(cfg->hook_request_trailer_data); |
374 | 0 | htp_hook_destroy(cfg->hook_request_complete); |
375 | 0 | htp_hook_destroy(cfg->hook_response_start); |
376 | 0 | htp_hook_destroy(cfg->hook_response_line); |
377 | 0 | htp_hook_destroy(cfg->hook_response_header_data); |
378 | 0 | htp_hook_destroy(cfg->hook_response_headers); |
379 | 0 | htp_hook_destroy(cfg->hook_response_body_data); |
380 | 0 | htp_hook_destroy(cfg->hook_response_trailer); |
381 | 0 | htp_hook_destroy(cfg->hook_response_trailer_data); |
382 | 0 | htp_hook_destroy(cfg->hook_response_complete); |
383 | 0 | htp_hook_destroy(cfg->hook_transaction_complete); |
384 | 0 | htp_hook_destroy(cfg->hook_log); |
385 | |
|
386 | 0 | free(cfg); |
387 | 0 | } |
388 | | |
389 | 0 | void *htp_config_get_user_data(htp_cfg_t *cfg) { |
390 | 0 | if (cfg == NULL) return NULL; |
391 | 0 | return cfg->user_data; |
392 | 0 | } |
393 | | |
394 | 0 | void htp_config_register_log(htp_cfg_t *cfg, int (*callback_fn)(htp_log_t *)) { |
395 | 0 | if (cfg == NULL) return; |
396 | 0 | htp_hook_register(&cfg->hook_log, (htp_callback_fn_t) callback_fn); |
397 | 0 | } |
398 | | |
399 | 0 | void htp_config_register_multipart_parser(htp_cfg_t *cfg) { |
400 | 0 | if (cfg == NULL) return; |
401 | 0 | htp_config_register_request_headers(cfg, htp_ch_multipart_callback_request_headers); |
402 | 0 | } |
403 | | |
404 | 34 | void htp_config_register_request_complete(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_t *)) { |
405 | 34 | if (cfg == NULL) return; |
406 | 34 | htp_hook_register(&cfg->hook_request_complete, (htp_callback_fn_t) callback_fn); |
407 | 34 | } |
408 | | |
409 | 34 | void htp_config_register_request_body_data(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_data_t *)) { |
410 | 34 | if (cfg == NULL) return; |
411 | 34 | htp_hook_register(&cfg->hook_request_body_data, (htp_callback_fn_t) callback_fn); |
412 | 34 | } |
413 | | |
414 | 0 | void htp_config_register_request_file_data(htp_cfg_t *cfg, int (*callback_fn)(htp_file_data_t *)) { |
415 | 0 | if (cfg == NULL) return; |
416 | 0 | htp_hook_register(&cfg->hook_request_file_data, (htp_callback_fn_t) callback_fn); |
417 | 0 | } |
418 | | |
419 | 0 | void htp_config_register_request_uri_normalize(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_t *)) { |
420 | 0 | if (cfg == NULL) return; |
421 | 0 | htp_hook_register(&cfg->hook_request_uri_normalize, (htp_callback_fn_t) callback_fn); |
422 | 0 | } |
423 | | |
424 | 34 | void htp_config_register_request_header_data(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_data_t *)) { |
425 | 34 | if (cfg == NULL) return; |
426 | 34 | htp_hook_register(&cfg->hook_request_header_data, (htp_callback_fn_t) callback_fn); |
427 | 34 | } |
428 | | |
429 | 0 | void htp_config_register_request_headers(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_t *)) { |
430 | 0 | if (cfg == NULL) return; |
431 | 0 | htp_hook_register(&cfg->hook_request_headers, (htp_callback_fn_t) callback_fn); |
432 | 0 | } |
433 | | |
434 | 34 | void htp_config_register_request_line(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_t *)) { |
435 | 34 | if (cfg == NULL) return; |
436 | 34 | htp_hook_register(&cfg->hook_request_line, (htp_callback_fn_t) callback_fn); |
437 | 34 | } |
438 | | |
439 | 34 | void htp_config_register_request_start(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_t *)) { |
440 | 34 | if (cfg == NULL) return; |
441 | 34 | htp_hook_register(&cfg->hook_request_start, (htp_callback_fn_t) callback_fn); |
442 | 34 | } |
443 | | |
444 | 34 | void htp_config_register_request_trailer(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_t *)) { |
445 | 34 | if (cfg == NULL) return; |
446 | 34 | htp_hook_register(&cfg->hook_request_trailer, (htp_callback_fn_t) callback_fn); |
447 | 34 | } |
448 | | |
449 | 34 | void htp_config_register_request_trailer_data(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_data_t *d)) { |
450 | 34 | if (cfg == NULL) return; |
451 | 34 | htp_hook_register(&cfg->hook_request_trailer_data, (htp_callback_fn_t) callback_fn); |
452 | 34 | } |
453 | | |
454 | 34 | void htp_config_register_response_body_data(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_data_t *)) { |
455 | 34 | if (cfg == NULL) return; |
456 | 34 | htp_hook_register(&cfg->hook_response_body_data, (htp_callback_fn_t) callback_fn); |
457 | 34 | } |
458 | | |
459 | 34 | void htp_config_register_response_complete(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_t *)) { |
460 | 34 | if (cfg == NULL) return; |
461 | 34 | htp_hook_register(&cfg->hook_response_complete, (htp_callback_fn_t) callback_fn); |
462 | 34 | } |
463 | | |
464 | 34 | void htp_config_register_response_header_data(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_data_t *)) { |
465 | 34 | if (cfg == NULL) return; |
466 | 34 | htp_hook_register(&cfg->hook_response_header_data, (htp_callback_fn_t) callback_fn); |
467 | 34 | } |
468 | | |
469 | 0 | void htp_config_register_response_headers(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_t *)) { |
470 | 0 | if (cfg == NULL) return; |
471 | 0 | htp_hook_register(&cfg->hook_response_headers, (htp_callback_fn_t) callback_fn); |
472 | 0 | } |
473 | | |
474 | 0 | void htp_config_register_response_line(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_t *)) { |
475 | 0 | if (cfg == NULL) return; |
476 | 0 | htp_hook_register(&cfg->hook_response_line, (htp_callback_fn_t) callback_fn); |
477 | 0 | } |
478 | | |
479 | 34 | void htp_config_register_response_start(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_t *)) { |
480 | 34 | if (cfg == NULL) return; |
481 | 34 | htp_hook_register(&cfg->hook_response_start, (htp_callback_fn_t) callback_fn); |
482 | 34 | } |
483 | | |
484 | 34 | void htp_config_register_response_trailer(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_t *)) { |
485 | 34 | if (cfg == NULL) return; |
486 | 34 | htp_hook_register(&cfg->hook_response_trailer, (htp_callback_fn_t) callback_fn); |
487 | 34 | } |
488 | | |
489 | 34 | void htp_config_register_response_trailer_data(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_data_t *d)) { |
490 | 34 | if (cfg == NULL) return; |
491 | 34 | htp_hook_register(&cfg->hook_response_trailer_data, (htp_callback_fn_t) callback_fn); |
492 | 34 | } |
493 | | |
494 | 0 | void htp_config_register_transaction_complete(htp_cfg_t *cfg, int (*callback_fn)(htp_tx_t *)) { |
495 | 0 | if (cfg == NULL) return; |
496 | 0 | htp_hook_register(&cfg->hook_transaction_complete, (htp_callback_fn_t) callback_fn); |
497 | 0 | } |
498 | | |
499 | 0 | void htp_config_register_urlencoded_parser(htp_cfg_t *cfg) { |
500 | 0 | if (cfg == NULL) return; |
501 | 0 | htp_config_register_request_line(cfg, htp_ch_urlencoded_callback_request_line); |
502 | 0 | htp_config_register_request_headers(cfg, htp_ch_urlencoded_callback_request_headers); |
503 | 0 | } |
504 | | |
505 | 0 | htp_status_t htp_config_set_extract_request_files(htp_cfg_t *cfg, int extract_request_files, int limit) { |
506 | 0 | if (cfg == NULL) return HTP_ERROR; |
507 | 0 | if (cfg->tmpdir == NULL) return HTP_ERROR; |
508 | 0 | cfg->extract_request_files = extract_request_files; |
509 | 0 | cfg->extract_request_files_limit = limit; |
510 | 0 | return HTP_OK; |
511 | 0 | } |
512 | | |
513 | 34 | void htp_config_set_field_limits(htp_cfg_t *cfg, size_t soft_limit, size_t hard_limit) { |
514 | 34 | if (cfg == NULL) return; |
515 | 34 | cfg->field_limit_soft = soft_limit; |
516 | 34 | cfg->field_limit_hard = hard_limit; |
517 | 34 | } |
518 | | |
519 | 34 | void htp_config_set_lzma_memlimit(htp_cfg_t *cfg, size_t memlimit) { |
520 | 34 | if (cfg == NULL) return; |
521 | 34 | cfg->lzma_memlimit = memlimit; |
522 | 34 | } |
523 | | |
524 | 34 | void htp_config_set_lzma_layers(htp_cfg_t *cfg, int limit) { |
525 | 34 | if (cfg == NULL) return; |
526 | 34 | cfg->response_lzma_layer_limit = limit; |
527 | 34 | } |
528 | | |
529 | 34 | void htp_config_set_max_tx(htp_cfg_t *cfg, uint32_t limit) { |
530 | 34 | if (cfg == NULL) return; |
531 | 34 | cfg->max_tx = limit; |
532 | 34 | } |
533 | | |
534 | 34 | void htp_config_set_compression_bomb_limit(htp_cfg_t *cfg, size_t bomblimit) { |
535 | 34 | if (cfg == NULL) return; |
536 | 34 | if (bomblimit > INT32_MAX) { |
537 | 0 | cfg->compression_bomb_limit = INT32_MAX; |
538 | 34 | } else { |
539 | 34 | cfg->compression_bomb_limit = (int32_t) bomblimit; |
540 | 34 | } |
541 | 34 | } |
542 | | |
543 | 34 | void htp_config_set_compression_time_limit(htp_cfg_t *cfg, size_t useclimit) { |
544 | 34 | if (cfg == NULL) return; |
545 | | // max limit is one second |
546 | 34 | if (useclimit >= 1000000) { |
547 | 0 | cfg->compression_time_limit = 1000000; |
548 | 34 | } else { |
549 | 34 | cfg->compression_time_limit = (int32_t) useclimit; |
550 | 34 | } |
551 | 34 | } |
552 | | |
553 | 34 | void htp_config_set_number_headers_limit(htp_cfg_t *cfg, uint32_t limit) { |
554 | 34 | if (cfg == NULL) return; |
555 | 34 | cfg->number_headers_limit = limit; |
556 | 34 | } |
557 | | |
558 | 0 | void htp_config_set_log_level(htp_cfg_t *cfg, enum htp_log_level_t log_level) { |
559 | 0 | if (cfg == NULL) return; |
560 | 0 | cfg->log_level = log_level; |
561 | 0 | } |
562 | | |
563 | 0 | void htp_config_set_parse_request_auth(htp_cfg_t *cfg, int parse_request_auth) { |
564 | 0 | if (cfg == NULL) return; |
565 | 0 | cfg->parse_request_auth = parse_request_auth; |
566 | 0 | } |
567 | | |
568 | 34 | void htp_config_set_parse_request_cookies(htp_cfg_t *cfg, int parse_request_cookies) { |
569 | 34 | if (cfg == NULL) return; |
570 | 34 | cfg->parse_request_cookies = parse_request_cookies; |
571 | 34 | } |
572 | | |
573 | 0 | void htp_config_set_response_decompression(htp_cfg_t *cfg, int enabled) { |
574 | 0 | if (cfg == NULL) return; |
575 | 0 | cfg->response_decompression_enabled = enabled; |
576 | 0 | } |
577 | | |
578 | 34 | void htp_config_set_request_decompression(htp_cfg_t *cfg, int enabled) { |
579 | 34 | if (cfg == NULL) return; |
580 | 34 | cfg->request_decompression_enabled = enabled; |
581 | 34 | } |
582 | | |
583 | 0 | void htp_config_set_allow_space_uri(htp_cfg_t *cfg, int allow_space_uri) { |
584 | 0 | if (cfg == NULL) return; |
585 | 0 | cfg->allow_space_uri = allow_space_uri; |
586 | 0 | } |
587 | | |
588 | 34 | int htp_config_set_server_personality(htp_cfg_t *cfg, enum htp_server_personality_t personality) { |
589 | 34 | if (cfg == NULL) return HTP_ERROR; |
590 | | |
591 | 34 | switch (personality) { |
592 | | |
593 | 34 | case HTP_SERVER_MINIMAL: |
594 | 34 | cfg->parse_request_line = htp_parse_request_line_generic; |
595 | 34 | cfg->process_request_header = htp_process_request_header_generic; |
596 | 34 | cfg->parse_response_line = htp_parse_response_line_generic; |
597 | 34 | cfg->process_response_header = htp_process_response_header_generic; |
598 | 34 | break; |
599 | | |
600 | 0 | case HTP_SERVER_GENERIC: |
601 | 0 | cfg->parse_request_line = htp_parse_request_line_generic; |
602 | 0 | cfg->process_request_header = htp_process_request_header_generic; |
603 | 0 | cfg->parse_response_line = htp_parse_response_line_generic; |
604 | 0 | cfg->process_response_header = htp_process_response_header_generic; |
605 | |
|
606 | 0 | htp_config_set_backslash_convert_slashes(cfg, HTP_DECODER_URL_PATH, 1); |
607 | 0 | htp_config_set_path_separators_decode(cfg, HTP_DECODER_URL_PATH, 1); |
608 | 0 | htp_config_set_path_separators_compress(cfg, HTP_DECODER_URL_PATH, 1); |
609 | 0 | break; |
610 | | |
611 | 0 | case HTP_SERVER_IDS: |
612 | 0 | cfg->parse_request_line = htp_parse_request_line_generic; |
613 | 0 | cfg->process_request_header = htp_process_request_header_generic; |
614 | 0 | cfg->parse_response_line = htp_parse_response_line_generic; |
615 | 0 | cfg->process_response_header = htp_process_response_header_generic; |
616 | |
|
617 | 0 | htp_config_set_backslash_convert_slashes(cfg, HTP_DECODER_URL_PATH, 1); |
618 | 0 | htp_config_set_path_separators_decode(cfg, HTP_DECODER_URL_PATH, 1); |
619 | 0 | htp_config_set_path_separators_compress(cfg, HTP_DECODER_URL_PATH, 1); |
620 | 0 | htp_config_set_convert_lowercase(cfg, HTP_DECODER_URL_PATH, 1); |
621 | 0 | htp_config_set_utf8_convert_bestfit(cfg, HTP_DECODER_URL_PATH, 1); |
622 | 0 | htp_config_set_u_encoding_decode(cfg, HTP_DECODER_URL_PATH, 1); |
623 | 0 | htp_config_set_requestline_leading_whitespace_unwanted(cfg, HTP_DECODER_DEFAULTS, HTP_UNWANTED_IGNORE); |
624 | 0 | break; |
625 | | |
626 | 0 | case HTP_SERVER_APACHE_2: |
627 | 0 | cfg->parse_request_line = htp_parse_request_line_apache_2_2; |
628 | 0 | cfg->process_request_header = htp_process_request_header_apache_2_2; |
629 | 0 | cfg->parse_response_line = htp_parse_response_line_generic; |
630 | 0 | cfg->process_response_header = htp_process_response_header_generic; |
631 | |
|
632 | 0 | htp_config_set_backslash_convert_slashes(cfg, HTP_DECODER_URL_PATH, 0); |
633 | 0 | htp_config_set_path_separators_decode(cfg, HTP_DECODER_URL_PATH, 0); |
634 | 0 | htp_config_set_path_separators_compress(cfg, HTP_DECODER_URL_PATH, 1); |
635 | 0 | htp_config_set_u_encoding_decode(cfg, HTP_DECODER_URL_PATH, 0); |
636 | |
|
637 | 0 | htp_config_set_url_encoding_invalid_handling(cfg, HTP_DECODER_URL_PATH, HTP_URL_DECODE_PRESERVE_PERCENT); |
638 | 0 | htp_config_set_url_encoding_invalid_unwanted(cfg, HTP_DECODER_URL_PATH, HTP_UNWANTED_400); |
639 | 0 | htp_config_set_control_chars_unwanted(cfg, HTP_DECODER_URL_PATH, HTP_UNWANTED_IGNORE); |
640 | 0 | htp_config_set_requestline_leading_whitespace_unwanted(cfg, HTP_DECODER_DEFAULTS, HTP_UNWANTED_400); |
641 | 0 | break; |
642 | | |
643 | 0 | case HTP_SERVER_IIS_5_1: |
644 | 0 | cfg->parse_request_line = htp_parse_request_line_generic; |
645 | 0 | cfg->process_request_header = htp_process_request_header_generic; |
646 | 0 | cfg->parse_response_line = htp_parse_response_line_generic; |
647 | 0 | cfg->process_response_header = htp_process_response_header_generic; |
648 | |
|
649 | 0 | htp_config_set_backslash_convert_slashes(cfg, HTP_DECODER_URL_PATH, 1); |
650 | 0 | htp_config_set_path_separators_decode(cfg, HTP_DECODER_URL_PATH, 1); |
651 | 0 | htp_config_set_path_separators_compress(cfg, HTP_DECODER_URL_PATH, 1); |
652 | 0 | htp_config_set_u_encoding_decode(cfg, HTP_DECODER_URL_PATH, 0); |
653 | |
|
654 | 0 | htp_config_set_url_encoding_invalid_handling(cfg, HTP_DECODER_URL_PATH, HTP_URL_DECODE_PRESERVE_PERCENT); |
655 | 0 | htp_config_set_control_chars_unwanted(cfg, HTP_DECODER_URL_PATH, HTP_UNWANTED_IGNORE); |
656 | 0 | htp_config_set_requestline_leading_whitespace_unwanted(cfg, HTP_DECODER_DEFAULTS, HTP_UNWANTED_IGNORE); |
657 | 0 | break; |
658 | | |
659 | 0 | case HTP_SERVER_IIS_6_0: |
660 | 0 | cfg->parse_request_line = htp_parse_request_line_generic; |
661 | 0 | cfg->process_request_header = htp_process_request_header_generic; |
662 | 0 | cfg->parse_response_line = htp_parse_response_line_generic; |
663 | 0 | cfg->process_response_header = htp_process_response_header_generic; |
664 | |
|
665 | 0 | htp_config_set_backslash_convert_slashes(cfg, HTP_DECODER_URL_PATH, 1); |
666 | 0 | htp_config_set_path_separators_decode(cfg, HTP_DECODER_URL_PATH, 1); |
667 | 0 | htp_config_set_path_separators_compress(cfg, HTP_DECODER_URL_PATH, 1); |
668 | 0 | htp_config_set_u_encoding_decode(cfg, HTP_DECODER_URL_PATH, 1); |
669 | |
|
670 | 0 | htp_config_set_url_encoding_invalid_handling(cfg, HTP_DECODER_URL_PATH, HTP_URL_DECODE_PRESERVE_PERCENT); |
671 | 0 | htp_config_set_u_encoding_unwanted(cfg, HTP_DECODER_URL_PATH, HTP_UNWANTED_400); |
672 | 0 | htp_config_set_control_chars_unwanted(cfg, HTP_DECODER_URL_PATH, HTP_UNWANTED_400); |
673 | 0 | htp_config_set_requestline_leading_whitespace_unwanted(cfg, HTP_DECODER_DEFAULTS, HTP_UNWANTED_IGNORE); |
674 | 0 | break; |
675 | | |
676 | 0 | case HTP_SERVER_IIS_7_0: |
677 | 0 | case HTP_SERVER_IIS_7_5: |
678 | 0 | cfg->parse_request_line = htp_parse_request_line_generic; |
679 | 0 | cfg->process_request_header = htp_process_request_header_generic; |
680 | 0 | cfg->parse_response_line = htp_parse_response_line_generic; |
681 | 0 | cfg->process_response_header = htp_process_response_header_generic; |
682 | |
|
683 | 0 | htp_config_set_backslash_convert_slashes(cfg, HTP_DECODER_URL_PATH, 1); |
684 | 0 | htp_config_set_path_separators_decode(cfg, HTP_DECODER_URL_PATH, 1); |
685 | 0 | htp_config_set_path_separators_compress(cfg, HTP_DECODER_URL_PATH, 1); |
686 | 0 | htp_config_set_u_encoding_decode(cfg, HTP_DECODER_URL_PATH, 1); |
687 | |
|
688 | 0 | htp_config_set_url_encoding_invalid_handling(cfg, HTP_DECODER_URL_PATH, HTP_URL_DECODE_PRESERVE_PERCENT); |
689 | 0 | htp_config_set_url_encoding_invalid_unwanted(cfg, HTP_DECODER_URL_PATH, HTP_UNWANTED_400); |
690 | 0 | htp_config_set_control_chars_unwanted(cfg, HTP_DECODER_URL_PATH, HTP_UNWANTED_400); |
691 | 0 | htp_config_set_requestline_leading_whitespace_unwanted(cfg, HTP_DECODER_DEFAULTS, HTP_UNWANTED_IGNORE); |
692 | 0 | break; |
693 | | |
694 | 0 | default: |
695 | 0 | return HTP_ERROR; |
696 | 34 | } |
697 | | |
698 | | // Remember the personality |
699 | 34 | cfg->server_personality = personality; |
700 | | |
701 | 34 | return HTP_OK; |
702 | 34 | } |
703 | | |
704 | 0 | void htp_config_set_tmpdir(htp_cfg_t *cfg, char *tmpdir) { |
705 | 0 | if (cfg == NULL) return; |
706 | 0 | cfg->tmpdir = tmpdir; |
707 | 0 | } |
708 | | |
709 | 0 | void htp_config_set_tx_auto_destroy(htp_cfg_t *cfg, int tx_auto_destroy) { |
710 | 0 | if (cfg == NULL) return; |
711 | 0 | cfg->tx_auto_destroy = tx_auto_destroy; |
712 | 0 | } |
713 | | |
714 | 0 | void htp_config_set_user_data(htp_cfg_t *cfg, void *user_data) { |
715 | 0 | if (cfg == NULL) return; |
716 | 0 | cfg->user_data = user_data; |
717 | 0 | } |
718 | | |
719 | | |
720 | 476 | static int convert_to_0_or_1(int b) { |
721 | 476 | if (b) return 1; |
722 | 442 | return 0; |
723 | 476 | } |
724 | | |
725 | 34 | void htp_config_set_bestfit_map(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, void *map) { |
726 | 34 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
727 | | |
728 | 34 | cfg->decoder_cfgs[ctx].bestfit_map = map; |
729 | | |
730 | 34 | if (ctx == HTP_DECODER_DEFAULTS) { |
731 | 136 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
732 | 102 | cfg->decoder_cfgs[i].bestfit_map = map; |
733 | 102 | } |
734 | 34 | } |
735 | 34 | } |
736 | | |
737 | 34 | void htp_config_set_bestfit_replacement_byte(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, int b) { |
738 | 34 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
739 | | |
740 | 34 | cfg->decoder_cfgs[ctx].bestfit_replacement_byte = (unsigned char) b; |
741 | | |
742 | 34 | if (ctx == HTP_DECODER_DEFAULTS) { |
743 | 136 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
744 | 102 | cfg->decoder_cfgs[i].bestfit_replacement_byte = (unsigned char) b; |
745 | 102 | } |
746 | 34 | } |
747 | 34 | } |
748 | | |
749 | 34 | void htp_config_set_url_encoding_invalid_handling(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, enum htp_url_encoding_handling_t handling) { |
750 | 34 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
751 | | |
752 | 34 | cfg->decoder_cfgs[ctx].url_encoding_invalid_handling = handling; |
753 | | |
754 | 34 | if (ctx == HTP_DECODER_DEFAULTS) { |
755 | 136 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
756 | 102 | cfg->decoder_cfgs[i].url_encoding_invalid_handling = handling; |
757 | 102 | } |
758 | 34 | } |
759 | 34 | } |
760 | | |
761 | 34 | void htp_config_set_nul_raw_terminates(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, int enabled) { |
762 | 34 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
763 | | |
764 | 34 | cfg->decoder_cfgs[ctx].nul_raw_terminates = convert_to_0_or_1(enabled); |
765 | | |
766 | 34 | if (ctx == HTP_DECODER_DEFAULTS) { |
767 | 136 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
768 | 102 | cfg->decoder_cfgs[i].nul_raw_terminates = convert_to_0_or_1(enabled); |
769 | 102 | } |
770 | 34 | } |
771 | 34 | } |
772 | | |
773 | 34 | void htp_config_set_nul_encoded_terminates(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, int enabled) { |
774 | 34 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
775 | | |
776 | 34 | cfg->decoder_cfgs[ctx].nul_encoded_terminates = convert_to_0_or_1(enabled); |
777 | | |
778 | 34 | if (ctx == HTP_DECODER_DEFAULTS) { |
779 | 136 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
780 | 102 | cfg->decoder_cfgs[i].nul_encoded_terminates = convert_to_0_or_1(enabled); |
781 | 102 | } |
782 | 34 | } |
783 | 34 | } |
784 | | |
785 | 34 | void htp_config_set_u_encoding_decode(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, int enabled) { |
786 | 34 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
787 | | |
788 | 34 | cfg->decoder_cfgs[ctx].u_encoding_decode = convert_to_0_or_1(enabled); |
789 | | |
790 | 34 | if (ctx == HTP_DECODER_DEFAULTS) { |
791 | 136 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
792 | 102 | cfg->decoder_cfgs[i].u_encoding_decode = convert_to_0_or_1(enabled); |
793 | 102 | } |
794 | 34 | } |
795 | 34 | } |
796 | | |
797 | 0 | void htp_config_set_backslash_convert_slashes(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, int enabled) { |
798 | 0 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
799 | | |
800 | 0 | cfg->decoder_cfgs[ctx].backslash_convert_slashes = convert_to_0_or_1(enabled); |
801 | |
|
802 | 0 | if (ctx == HTP_DECODER_DEFAULTS) { |
803 | 0 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
804 | 0 | cfg->decoder_cfgs[i].backslash_convert_slashes = convert_to_0_or_1(enabled); |
805 | 0 | } |
806 | 0 | } |
807 | 0 | } |
808 | | |
809 | 0 | void htp_config_set_path_separators_decode(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, int enabled) { |
810 | 0 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
811 | | |
812 | 0 | cfg->decoder_cfgs[ctx].path_separators_decode = convert_to_0_or_1(enabled); |
813 | |
|
814 | 0 | if (ctx == HTP_DECODER_DEFAULTS) { |
815 | 0 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
816 | 0 | cfg->decoder_cfgs[i].path_separators_decode = convert_to_0_or_1(enabled); |
817 | 0 | } |
818 | 0 | } |
819 | 0 | } |
820 | | |
821 | 0 | void htp_config_set_path_separators_compress(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, int enabled) { |
822 | 0 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
823 | | |
824 | 0 | cfg->decoder_cfgs[ctx].path_separators_compress = convert_to_0_or_1(enabled); |
825 | |
|
826 | 0 | if (ctx == HTP_DECODER_DEFAULTS) { |
827 | 0 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
828 | 0 | cfg->decoder_cfgs[i].path_separators_compress = convert_to_0_or_1(enabled); |
829 | 0 | } |
830 | 0 | } |
831 | 0 | } |
832 | | |
833 | 68 | void htp_config_set_plusspace_decode(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, int enabled) { |
834 | 68 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
835 | | |
836 | 68 | cfg->decoder_cfgs[ctx].plusspace_decode = convert_to_0_or_1(enabled); |
837 | | |
838 | 68 | if (ctx == HTP_DECODER_DEFAULTS) { |
839 | 0 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
840 | 0 | cfg->decoder_cfgs[i].plusspace_decode = convert_to_0_or_1(enabled); |
841 | 0 | } |
842 | 0 | } |
843 | 68 | } |
844 | | |
845 | 0 | void htp_config_set_convert_lowercase(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, int enabled) { |
846 | 0 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
847 | | |
848 | 0 | cfg->decoder_cfgs[ctx].convert_lowercase = convert_to_0_or_1(enabled); |
849 | |
|
850 | 0 | if (ctx == HTP_DECODER_DEFAULTS) { |
851 | 0 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
852 | 0 | cfg->decoder_cfgs[i].convert_lowercase = convert_to_0_or_1(enabled); |
853 | 0 | } |
854 | 0 | } |
855 | 0 | } |
856 | | |
857 | 0 | void htp_config_set_utf8_convert_bestfit(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, int enabled) { |
858 | 0 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
859 | | |
860 | 0 | cfg->decoder_cfgs[ctx].utf8_convert_bestfit = convert_to_0_or_1(enabled); |
861 | |
|
862 | 0 | if (ctx == HTP_DECODER_DEFAULTS) { |
863 | 0 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
864 | 0 | cfg->decoder_cfgs[i].utf8_convert_bestfit = convert_to_0_or_1(enabled); |
865 | 0 | } |
866 | 0 | } |
867 | 0 | } |
868 | | |
869 | 0 | void htp_config_set_u_encoding_unwanted(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, enum htp_unwanted_t unwanted) { |
870 | 0 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
871 | | |
872 | 0 | cfg->decoder_cfgs[ctx].u_encoding_unwanted = unwanted; |
873 | |
|
874 | 0 | if (ctx == HTP_DECODER_DEFAULTS) { |
875 | 0 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
876 | 0 | cfg->decoder_cfgs[i].u_encoding_unwanted = unwanted; |
877 | 0 | } |
878 | 0 | } |
879 | 0 | } |
880 | | |
881 | 0 | void htp_config_set_control_chars_unwanted(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, enum htp_unwanted_t unwanted) { |
882 | 0 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
883 | | |
884 | 0 | cfg->decoder_cfgs[ctx].u_encoding_unwanted = unwanted; |
885 | |
|
886 | 0 | if (ctx == HTP_DECODER_DEFAULTS) { |
887 | 0 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
888 | 0 | cfg->decoder_cfgs[i].u_encoding_unwanted = unwanted; |
889 | 0 | } |
890 | 0 | } |
891 | 0 | } |
892 | | |
893 | 0 | void htp_config_set_url_encoding_invalid_unwanted(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, enum htp_unwanted_t unwanted) { |
894 | 0 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
895 | | |
896 | 0 | cfg->decoder_cfgs[ctx].url_encoding_invalid_unwanted = unwanted; |
897 | |
|
898 | 0 | if (ctx == HTP_DECODER_DEFAULTS) { |
899 | 0 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
900 | 0 | cfg->decoder_cfgs[i].url_encoding_invalid_unwanted = unwanted; |
901 | 0 | } |
902 | 0 | } |
903 | 0 | } |
904 | | |
905 | 0 | void htp_config_set_nul_encoded_unwanted(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, enum htp_unwanted_t unwanted) { |
906 | 0 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
907 | | |
908 | 0 | cfg->decoder_cfgs[ctx].nul_encoded_unwanted = unwanted; |
909 | |
|
910 | 0 | if (ctx == HTP_DECODER_DEFAULTS) { |
911 | 0 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
912 | 0 | cfg->decoder_cfgs[i].nul_encoded_unwanted = unwanted; |
913 | 0 | } |
914 | 0 | } |
915 | 0 | } |
916 | | |
917 | 0 | void htp_config_set_nul_raw_unwanted(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, enum htp_unwanted_t unwanted) { |
918 | 0 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
919 | | |
920 | 0 | cfg->decoder_cfgs[ctx].nul_raw_unwanted = unwanted; |
921 | |
|
922 | 0 | if (ctx == HTP_DECODER_DEFAULTS) { |
923 | 0 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
924 | 0 | cfg->decoder_cfgs[i].nul_raw_unwanted = unwanted; |
925 | 0 | } |
926 | 0 | } |
927 | 0 | } |
928 | | |
929 | 0 | void htp_config_set_path_separators_encoded_unwanted(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, enum htp_unwanted_t unwanted) { |
930 | 0 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
931 | | |
932 | 0 | cfg->decoder_cfgs[ctx].path_separators_encoded_unwanted = unwanted; |
933 | |
|
934 | 0 | if (ctx == HTP_DECODER_DEFAULTS) { |
935 | 0 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
936 | 0 | cfg->decoder_cfgs[i].path_separators_encoded_unwanted = unwanted; |
937 | 0 | } |
938 | 0 | } |
939 | 0 | } |
940 | | |
941 | 0 | void htp_config_set_utf8_invalid_unwanted(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, enum htp_unwanted_t unwanted) { |
942 | 0 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
943 | | |
944 | 0 | cfg->decoder_cfgs[ctx].utf8_invalid_unwanted = unwanted; |
945 | |
|
946 | 0 | if (ctx == HTP_DECODER_DEFAULTS) { |
947 | 0 | for (size_t i = 0; i < HTP_DECODER_CONTEXTS_MAX; i++) { |
948 | 0 | cfg->decoder_cfgs[i].utf8_invalid_unwanted = unwanted; |
949 | 0 | } |
950 | 0 | } |
951 | 0 | } |
952 | | |
953 | 0 | void htp_config_set_requestline_leading_whitespace_unwanted(htp_cfg_t *cfg, enum htp_decoder_ctx_t ctx, enum htp_unwanted_t unwanted) { |
954 | 0 | if (ctx >= HTP_DECODER_CONTEXTS_MAX) return; |
955 | | |
956 | 0 | cfg->requestline_leading_whitespace_unwanted = unwanted; |
957 | 0 | } |
958 | | |
959 | 0 | void htp_config_set_response_decompression_layer_limit(htp_cfg_t *cfg, int limit) { |
960 | 0 | if (cfg == NULL) return; |
961 | 0 | cfg->response_decompression_layer_limit = limit; |
962 | 0 | } |