[
https://bro-tracker.atlassian.net/browse/BIT-465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jon Siwek updated BIT-465:
--------------------------
Fix Version/s: (was: 2.4)
2.5
> Fix up the MIME analyzer
> ------------------------
>
> Key: BIT-465
> URL: https://bro-tracker.atlassian.net/browse/BIT-465
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Reporter: Seth Hall
> Labels: analyzer
> Fix For: 2.5
>
>
> The mime analyzer has a lot of inconsistency issues and is broken in a few
> places.
> * mime_all_headers loops and could potentially be a bad idea. More prone to
> DoS as well. Delete it?
> * mime_all_data is probably also a bad idea. Especially for large files.
> Delete it?
> * mime_entity_data seems very similar to mime_all_data and is not chunked as
> the similarity to the http_entity_data would imply. The current
> mime_entity_data should be removed and the current mime_all_data should be
> renamed to mime_entity_data.
> * mime_next_entity is never generated by the core or policy scripts and
> should either be fixed or deleted.
> * mime_one_header should probably be renamed to mime_header for consistency.
> * I have no clue what mime_event is for. Is it necessary?
> * mime_content_hash gives a non printable hash value and it could be removed
> since hash generation is done in the script now and eventually will be done
> in the file analyzer.
> * The wrong ifdef is used in the source: #ifdef DEBUG_BRO used instead of
> #ifdef DEBUG
> * mime_end_entity is generated generated multiple times in some cases when it
> shouldn't be. It's something to keep an eye out for, I never dug into it
> enough to find out what caused it.
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
_______________________________________________
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
