diff options
| author | Chiara Maggi <83759140+ChiaraMaggi@users.noreply.github.com> | 2023-07-11 22:45:19 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-07-11 22:45:19 +0200 |
| commit | 0b0f255cc2b4ef18b9c1b51cf71e86de5b2c462b (patch) | |
| tree | 38ac6f5ad37af500d0618109cae75bbb3a87f827 /src/lib/protocols/http.c | |
| parent | 950f5cc4e3ddd9bc0f8881950082283aa381c805 (diff) | |
added feature to extract filename from http attachment (#2037)
* added feature to extract filename from http attachment
* fixed some issues
* added check for filename format
* added check for filename format
* remove an unnecessary print
* changed the size from 952 to 960
* modified some test result files
* small changes string size
* comment removed and mallocs checked
Diffstat (limited to 'src/lib/protocols/http.c')
| -rw-r--r-- | src/lib/protocols/http.c | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index f1fe04723..f54c3e077 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -276,7 +276,6 @@ static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_mo flow->guessed_category = flow->category = NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT; ndpi_set_binary_application_transfer(ndpi_struct, flow, str); NDPI_LOG_INFO(ndpi_struct, "Found executable HTTP transfer"); - return(flow->category); } } } @@ -291,6 +290,33 @@ static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_mo if(packet->content_disposition_line.len > attachment_len) { u_int8_t filename_len = packet->content_disposition_line.len - attachment_len; int i; + + if(packet->content_disposition_line.ptr[attachment_len] == '\"'){ + if(packet->content_disposition_line.ptr[packet->content_disposition_line.len-1] != '\"'){ + //case: filename="file_name + flow->http.filename = ndpi_malloc(filename_len); + if(flow->http.filename != NULL){ + flow->http.filename = strncpy(flow->http.filename, (char*)packet->content_disposition_line.ptr+attachment_len+1, filename_len-1); + flow->http.filename[filename_len-1] = '\0'; + } + } + else{ + //case: filename="file_name" + flow->http.filename = ndpi_malloc(filename_len-1); + if(flow->http.filename != NULL){ + flow->http.filename = strncpy(flow->http.filename, (char*)packet->content_disposition_line.ptr+attachment_len+1, filename_len-2); + flow->http.filename[filename_len-2] = '\0'; + } + } + } + else{ + //case: filename=file_name + flow->http.filename = ndpi_malloc(filename_len+1); + if(flow->http.filename != NULL){ + flow->http.filename = strncpy(flow->http.filename, (char*)packet->content_disposition_line.ptr+attachment_len, filename_len); + flow->http.filename[filename_len] = '\0'; + } + } if(filename_len > ATTACHMENT_LEN) { attachment_len += filename_len-ATTACHMENT_LEN-1; @@ -1292,6 +1318,10 @@ static void reset(struct ndpi_detection_module_struct *ndpi_struct, ndpi_free(flow->http.nat_ip); flow->http.nat_ip = NULL; } + if(flow->http.filename) { + ndpi_free(flow->http.filename); + flow->http.filename = NULL; + } /* Reset flow risks. We should reset only those risks triggered by the previous HTTP response... */ |