HTP
0.3
|
00001 /*************************************************************************** 00002 * Copyright (c) 2009-2010, Open Information Security Foundation 00003 * Copyright (c) 2009-2012, Qualys, Inc. 00004 * All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions are 00008 * met: 00009 * 00010 * * Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 * * Redistributions in binary form must reproduce the above copyright 00013 * notice, this list of conditions and the following disclaimer in the 00014 * documentation and/or other materials provided with the distribution. 00015 * * Neither the name of the Qualys, Inc. nor the names of its 00016 * contributors may be used to endorse or promote products derived from 00017 * this software without specific prior written permission. 00018 * 00019 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 00020 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00021 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 00022 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 00023 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00024 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 00025 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00026 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 00027 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 00028 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 00029 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00030 ***************************************************************************/ 00031 00037 #ifndef _HTP_MULTIPART_H 00038 #define _HTP_MULTIPART_H 00039 00040 typedef struct htp_mpartp_t htp_mpartp_t; 00041 typedef struct htp_mpart_part_t htp_mpart_part_t; 00042 00043 #include "bstr.h" 00044 #include "dslib.h" 00045 #include "htp.h" 00046 00047 #define MULTIPART_PART_UNKNOWN 0 00048 #define MULTIPART_PART_TEXT 1 00049 #define MULTIPART_PART_FILE 2 00050 #define MULTIPART_PART_PREAMBLE 3 00051 #define MULTIPART_PART_EPILOGUE 4 00052 00053 #define MULTIPART_MODE_LINE 0 00054 #define MULTIPART_MODE_DATA 1 00055 00056 #define MULTIPART_STATE_DATA 1 00057 #define MULTIPART_STATE_BOUNDARY 2 00058 #define MULTIPART_STATE_BOUNDARY_IS_LAST1 3 00059 #define MULTIPART_STATE_BOUNDARY_IS_LAST2 4 00060 #define MULTIPART_STATE_BOUNDARY_EAT_LF 5 00061 00062 #define MULTIPART_DEFAULT_FILE_EXTRACT_LIMIT 16 00063 00064 #define HTP_MULTIPART_MIME_TYPE "multipart/form-data" 00065 00066 #ifndef CR 00067 #define CR '\r' 00068 #endif 00069 00070 #ifndef LF 00071 #define LF '\n' 00072 #endif 00073 00074 #ifdef __cplusplus 00075 extern "C" { 00076 #endif 00077 00078 struct htp_mpart_part_t { 00080 htp_mpartp_t *mpartp; 00081 00083 int type; 00084 00086 size_t len; 00087 00089 bstr *name; 00090 00092 bstr *value; 00093 00095 table_t *headers; 00096 00097 htp_file_t *file; 00098 }; 00099 00100 struct htp_mpartp_t { 00101 htp_connp_t *connp; 00102 00104 char *boundary; 00105 00107 size_t boundary_len; 00108 00110 int boundary_count; 00111 00113 int seen_last_boundary; 00114 00116 list_t *parts; 00117 00118 int extract_files; 00119 int extract_limit; 00120 char *extract_dir; 00121 int file_count; 00122 00123 // Parsing callbacks 00124 int (*handle_data)(htp_mpartp_t *mpartp, unsigned char *data, size_t len, int line_end); 00125 int (*handle_boundary)(htp_mpartp_t *mpartp); 00126 00127 // Internal parsing fields 00128 // TODO Consider prefixing them with an underscore. 00129 int state; 00130 size_t bpos; 00131 unsigned char *current_data; 00132 htp_mpart_part_t *current_part; 00133 int current_mode; 00134 size_t current_len; 00135 bstr_builder_t *boundary_pieces; 00136 bstr_builder_t *part_pieces; 00137 int pieces_form_line; 00138 unsigned char first_boundary_byte; 00139 size_t boundarypos; 00140 int cr_aside; 00141 }; 00142 00143 htp_mpartp_t *htp_mpartp_create(htp_connp_t *connp, char *boundary); 00144 void htp_mpartp_destroy(htp_mpartp_t **mpartp); 00145 00146 int htp_mpartp_parse(htp_mpartp_t *mpartp, unsigned char *data, size_t len); 00147 int htp_mpartp_finalize(htp_mpartp_t *mpartp); 00148 00149 htp_mpart_part_t *htp_mpart_part_create(htp_mpartp_t *mpartp); 00150 int htp_mpart_part_receive_data(htp_mpart_part_t *part, unsigned char *data, size_t len, int line); 00151 int htp_mpart_part_finalize_data(htp_mpart_part_t *part); 00152 void htp_mpart_part_destroy(htp_mpart_part_t *part); 00153 00154 int htp_mpartp_extract_boundary(bstr *content_type, char **boundary); 00155 00156 int htp_mpartp_run_request_file_data_hook(htp_mpart_part_t *part, unsigned char *data, size_t len); 00157 00158 #ifdef __cplusplus 00159 } 00160 #endif 00161 00162 #endif /* _HTP_MULTIPART_H */ 00163 00164