src/preprocessors/HttpInspect/client/hi_client

00001 /**
00002 **  @file       hi_client_norm.c
00003 **  
00004 **  @author     Daniel Roelker <droelker@sourcefire.com>
00005 **  
00006 **  @brief      HTTP client normalization routines
00007 **  
00008 **  We deal with the normalization of HTTP client requests headers and 
00009 **  URI.
00010 **  
00011 **  In this file, we handle all the different HTTP request URI evasions.  The
00012 **  list is:
00013 **      - ASCII decoding
00014 **      - UTF-8 decoding
00015 **      - IIS Unicode decoding
00016 **      - Directory traversals (self-referential and traversal)
00017 **      - Multiple Slashes
00018 **      - Double decoding
00019 **      - %U decoding
00020 **      - Bare Byte Unicode decoding
00021 **      - Base36 decoding
00022 **  
00023 **  NOTES:
00024 **      - Initial development.  DJR
00025 */
00026 #include <stdlib.h>
00027 #include <stdio.h>
00028 #include <sys/types.h>
00029 #include <ctype.h>
00030 
00031 #include "hi_norm.h"
00032 #include "hi_return_codes.h"
00033 
00034 #define MAX_URI 4096
00035 
00036 static int UriNorm(HI_SESSION *Session)
00037 {
00038     static u_char UriBuf[MAX_URI];
00039     HI_CLIENT_REQ    *ClientReq;
00040     int iRet;
00041     int iUriBufSize = MAX_URI;
00042     /*int iCtr;*/
00043 
00044     ClientReq = &Session->client.request;
00045 
00046     if((iRet = hi_norm_uri(Session, UriBuf, &iUriBufSize, ClientReq->uri,
00047                            ClientReq->uri_size)))
00048     {
00049         /*
00050         **  This means there was a problem while normalizing, so we don't
00051         **  set anything.
00052         */
00053         ClientReq->uri_norm = NULL;
00054         ClientReq->uri_norm_size = 0;
00055 
00056         /*
00057         **  We still return successful, and just inspect the unnormalized
00058         **  URI.
00059         */
00060         return HI_SUCCESS;
00061     }
00062 
00063     /*
00064     **  This is where we set up the normalized buffer and length.
00065     */
00066     ClientReq->uri_norm      = UriBuf;
00067     ClientReq->uri_norm_size = iUriBufSize;
00068 
00069     /*
00070     printf("** uri_norm = |");
00071     for(iCtr = 0; iCtr < ClientReq->uri_norm_size; iCtr++)
00072     {
00073         if(!isprint((int)ClientReq->uri_norm[iCtr]))
00074         {
00075             printf(".[%.2x]", ClientReq->uri_norm[iCtr]);
00076             continue;
00077         }
00078         printf("%c", ClientReq->uri_norm[iCtr]);
00079     }
00080     printf("| size = %u\n", ClientReq->uri_norm_size);
00081     */
00082 
00083     return HI_SUCCESS;
00084 }
00085 
00086 int hi_client_norm(HI_SESSION *Session)
00087 {
00088     int iRet;
00089 
00090     if(!Session)
00091     {
00092         return HI_INVALID_ARG;
00093     }
00094 
00095     if(!Session->server_conf)
00096     {
00097         return HI_INVALID_ARG;
00098     }
00099 
00100     /*
00101     **  We only normalize the URI right now.
00102     **
00103     **  Make sure that we have a uri to normalize.
00104     */
00105     if(Session->client.request.uri_norm)
00106     {
00107         if((iRet = UriNorm(Session)))
00108         {
00109             return iRet;
00110         }
00111     }
00112 
00113     return HI_SUCCESS;
00114 }