[ https://bro-tracker.atlassian.net/browse/BIT-465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jon Siwek updated BIT-465: -------------------------- Fix Version/s: (was: 2.4) 2.5 > Fix up the MIME analyzer > ------------------------ > > Key: BIT-465 > URL: https://bro-tracker.atlassian.net/browse/BIT-465 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: git/master > Reporter: Seth Hall > Labels: analyzer > Fix For: 2.5 > > > The mime analyzer has a lot of inconsistency issues and is broken in a few > places. > * mime_all_headers loops and could potentially be a bad idea. More prone to > DoS as well. Delete it? > * mime_all_data is probably also a bad idea. Especially for large files. > Delete it? > * mime_entity_data seems very similar to mime_all_data and is not chunked as > the similarity to the http_entity_data would imply. The current > mime_entity_data should be removed and the current mime_all_data should be > renamed to mime_entity_data. > * mime_next_entity is never generated by the core or policy scripts and > should either be fixed or deleted. > * mime_one_header should probably be renamed to mime_header for consistency. > * I have no clue what mime_event is for. Is it necessary? > * mime_content_hash gives a non printable hash value and it could be removed > since hash generation is done in the script now and eventually will be done > in the file analyzer. > * The wrong ifdef is used in the source: #ifdef DEBUG_BRO used instead of > #ifdef DEBUG > * mime_end_entity is generated generated multiple times in some cases when it > shouldn't be. It's something to keep an eye out for, I never dug into it > enough to find out what caused it. -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev