[tor-commits] [stegotorus/master] git-svn-id: svn+ssh://spartan.csl.sri.com/svn/private/DEFIANCE at 137 a58ff0ac-194c-e011-a152-003048836090
zwol at torproject.org
zwol at torproject.org
Fri Jul 20 23:17:06 UTC 2012
commit bc7435272a84dec0a3c865acf95fffb57e661c7b
Author: Vinod Yegneswaran <vinod at csl.sri.com>
Date: Fri Nov 11 05:20:14 2011 +0000
git-svn-id: svn+ssh://spartan.csl.sri.com/svn/private/DEFIANCE@137 a58ff0ac-194c-e011-a152-003048836090
---
src/steg/payloads.c | 241 ++++++++++++++++++++++++++++----------------------
src/steg/payloads.h | 2 +-
src/steg/x_http.c | 2 +-
src/steg/x_http2.c | 30 ++++---
4 files changed, 153 insertions(+), 122 deletions(-)
diff --git a/src/steg/payloads.c b/src/steg/payloads.c
index a3e2f65..76bb213 100644
--- a/src/steg/payloads.c
+++ b/src/steg/payloads.c
@@ -387,28 +387,46 @@ int parse_client_headers(char* inbuf, char* outbuf, int len) {
int
-find_uri_type(char* buf) {
+find_uri_type(char* buf_orig, int buflen) {
char* uri;
- int uri_len;
char* ext;
- if (strncmp(buf, "GET", 3) != 0 && strncmp(buf, "POST", 4) != 0)
- return -1;
+ char* buf = malloc(buflen+1);
+ char* uri_end;
+
+
+ memcpy(buf, buf_orig, buflen);
+ buf[buflen] = 0;
- buf = strchr(buf, ' ') + 1;
- uri_len = strchr(buf, ' ') - buf;
- if (uri_len < 0) {
- fprintf(stderr, "buf = %sabc\n", buf);
- exit (-1);
+ if (strncmp(buf, "GET", 3) != 0
+ && strncmp(buf, "POST", 4) != 0) {
+ fprintf(stderr, "HERE %s\n", buf);
+ return -1;
+ }
+
+
+
+ uri = strchr(buf, ' ') + 1;
+ if (uri == NULL) {
+ fprintf(stderr, "Invalid URL\n");
+ return -1;
}
- uri = malloc(uri_len + 1);
+ uri_end = strchr(uri, ' ');
+
+ if (uri_end == NULL) {
+ fprintf(stderr, "unterminated uri\n");
+ return -1;
+ }
+
+ uri_end[0] = 0;
+
+
+
- strncpy(uri, buf, uri_len);
- uri[uri_len] = 0;
ext = strrchr(uri, '/');
@@ -435,6 +453,9 @@ find_uri_type(char* buf) {
if (!strncmp(ext, ".swf", 4) || !strncmp(ext, ".SWF", 4))
return HTTP_CONTENT_SWF;
+
+
+ free(buf);
return -1;
}
@@ -503,9 +524,9 @@ unsigned int find_client_payload(char* buf, int len, int type) {
pentry_header* p = &payload_hdrs[r];
if (p->ptype == type) {
inbuf = payloads[r];
- if (find_uri_type(inbuf) != HTTP_CONTENT_SWF &&
- find_uri_type(inbuf) != HTTP_CONTENT_HTML &&
- find_uri_type(inbuf) != HTTP_CONTENT_JAVASCRIPT) {
+ if (find_uri_type(inbuf, p->length) != HTTP_CONTENT_SWF &&
+ find_uri_type(inbuf, p->length) != HTTP_CONTENT_HTML &&
+ find_uri_type(inbuf, p->length) != HTTP_CONTENT_JAVASCRIPT) {
goto next;
}
if (p->length > len) {
@@ -546,112 +567,111 @@ unsigned int find_client_payload(char* buf, int len, int type) {
-/* int skipJSPattern(char *cp, int len) { */
-/* int i,j; */
+int skipJSPattern(char *cp, int len) {
+ int i,j;
-/* char keywords [21][10]= {"function", "return", "var", "int", "random", "Math", "while", */
-/* "else", "for", "document", "write", "writeln", "true", */
-/* "false", "True", "False", "window", "indexOf", "navigator", "case", "if"}; */
+ char keywords [21][10]= {"function", "return", "var", "int", "random", "Math", "while",
+ "else", "for", "document", "write", "writeln", "true",
+ "false", "True", "False", "window", "indexOf", "navigator", "case", "if"};
-/* return 0; */
-/* if (len < 1) return 0; */
+ if (len < 1) return 0;
-/* // change the limit to 21 to enable if as a keyword */
-/* for (i=0; i < 20; i++) { */
-/* char* word = keywords[i]; */
+ // change the limit to 21 to enable if as a keyword
+ for (i=0; i < 20; i++) {
+ char* word = keywords[i];
-/* if (len <= (int) strlen(word)) */
-/* continue; */
-
-/* if (word[0] != cp[0]) */
-/* continue; */
-
-/* for (j=1; j < (int) strlen(word); j++) { */
-/* if (isxdigit(word[j])) { */
-/* if (!isxdigit(cp[j])) */
-/* goto next_word; */
-/* else */
-/* continue; */
-/* } */
+ if (len <= (int) strlen(word))
+ continue;
+
+ if (word[0] != cp[0])
+ continue;
+
+ for (j=1; j < (int) strlen(word); j++) {
+ if (isxdigit(word[j])) {
+ if (!isxdigit(cp[j]))
+ goto next_word;
+ else
+ continue;
+ }
-/* if (cp[j] != word[j]) */
-/* goto next_word; */
-/* } */
-/* if (!isalnum(cp[j])) */
-/* return strlen(word)+1; */
+ if (cp[j] != word[j])
+ goto next_word;
+ }
+ if (!isalnum(cp[j]))
+ return strlen(word)+1;
-/* next_word: */
-/* continue; */
-/* } */
+ next_word:
+ continue;
+ }
-/* return 0; */
-/* } */
+ return 0;
+}
-int skipJSPattern (char *cp, int len) {
+/* int skipJSPattern (char *cp, int len) { */
- // log_debug("Turning off skipJSPattern for debugging");
- // return 0;
+/* // log_debug("Turning off skipJSPattern for debugging"); */
+/* // return 0; */
- if (len < 1) return 0;
+/* if (len < 1) return 0; */
- if (len > 8) {
- // "function " and "function("
- if (cp[0] == 'f' &&
- !strncmp(cp+1, "un", 2) &&
- isxdigit(cp[3]) &&
- !strncmp(cp+4, "tion", 4) &&
- (cp[8] == ' ' || cp[8] == '('))
- return 9;
- }
+/* if (len > 8) { */
+/* // "function " and "function(" */
+/* if (cp[0] == 'f' && */
+/* !strncmp(cp+1, "un", 2) && */
+/* isxdigit(cp[3]) && */
+/* !strncmp(cp+4, "tion", 4) && */
+/* (cp[8] == ' ' || cp[8] == '(')) */
+/* return 9; */
+/* } */
- if (len > 6) {
- // "return "
- if (cp[0] == 'r' &&
- isxdigit(cp[1]) &&
- !strncmp(cp+2, "turn ", 5))
- return 7;
- // "switch "
- if (cp[0] == 's' &&
- !strncmp(cp+1, "wit", 3) &&
- isxdigit(cp[4]) &&
- !strncmp(cp+5, "h ", 2))
- return 7;
- }
+/* if (len > 6) { */
+/* // "return " */
+/* if (cp[0] == 'r' && */
+/* isxdigit(cp[1]) && */
+/* !strncmp(cp+2, "turn ", 5)) */
+/* return 7; */
+/* // "switch " */
+/* if (cp[0] == 's' && */
+/* !strncmp(cp+1, "wit", 3) && */
+/* isxdigit(cp[4]) && */
+/* !strncmp(cp+5, "h ", 2)) */
+/* return 7; */
+/* } */
- if (len > 5) {
- // "while " and "while("
- if (cp[0] == 'w' &&
- !strncmp(cp+1, "hil", 3) &&
- isxdigit(cp[4]) &&
- (cp[5] == ' ' || cp[5] == '('))
- return 6;
- }
+/* if (len > 5) { */
+/* // "while " and "while(" */
+/* if (cp[0] == 'w' && */
+/* !strncmp(cp+1, "hil", 3) && */
+/* isxdigit(cp[4]) && */
+/* (cp[5] == ' ' || cp[5] == '(')) */
+/* return 6; */
+/* } */
- if (len > 4) {
- // "else " and "else{"
- if (cp[0] == 'e' &&
- !strncmp(cp, "ls", 2) &&
- isxdigit(cp[3]) &&
- (cp[4] == ' ' || cp[4] == '{'))
- return 5;
- }
+/* if (len > 4) { */
+/* // "else " and "else{" */
+/* if (cp[0] == 'e' && */
+/* !strncmp(cp, "ls", 2) && */
+/* isxdigit(cp[3]) && */
+/* (cp[4] == ' ' || cp[4] == '{')) */
+/* return 5; */
+/* } */
- if (len > 3) {
- // "var "
- if (cp[0] == 'v' &&
- isxdigit(cp[1]) &&
- cp[2] == 'r' &&
- cp[3] == ' ')
- return 4;
- }
+/* if (len > 3) { */
+/* // "var " */
+/* if (cp[0] == 'v' && */
+/* isxdigit(cp[1]) && */
+/* cp[2] == 'r' && */
+/* cp[3] == ' ') */
+/* return 4; */
+/* } */
- return 0;
-}
+/* return 0; */
+/* } */
@@ -781,9 +801,10 @@ unsigned int capacityJS3 (char* buf, int len, int mode) {
} else {
bp = bp+j+1;
}
-// #ifdef DEBUG
-// printf("got |%c|\n", *(bp-1));
-// #endif
+
+ if (len < buf + len - bp) {
+ fprintf(stderr, "HERE\n");
+ }
j = offset2Hex(bp, (buf+len)-bp, 1);
} // while
return cnt;
@@ -804,12 +825,20 @@ unsigned int capacityJS3 (char* buf, int len, int mode) {
} else {
bp = bp+j+1;
}
-#ifdef DEBUG
-printf("got |%c|\n", *(bp-1));
-#endif
+
+ if (len < jsEnd - buf || len < jsEnd - bp) {
+ fprintf(stderr, "HERE2\n");
+ }
+
+
j = offset2Hex(bp, jsEnd-bp, 1);
} // while (j != -1)
+ if (buf + len < bp + 9) {
+ fprintf(stderr, "HERE3\n");
+ }
+
+
bp += 9;
} // while (bp < (buf+len))
return cnt;
diff --git a/src/steg/payloads.h b/src/steg/payloads.h
index 7d66bbf..7629b14 100644
--- a/src/steg/payloads.h
+++ b/src/steg/payloads.h
@@ -153,7 +153,7 @@ char * strInBinary (const char *pattern, unsigned int patternLen, const char *bl
unsigned int capacityPDF (char* buf, int len);
unsigned int get_max_PDF_capacity(void);
int find_content_length (char *hdr, int hlen);
-int find_uri_type(char* buf);
+int find_uri_type(char* buf, int size);
int gen_response_header(char* content_type, int gzip, int length, char* buf, int buflen);
diff --git a/src/steg/x_http.c b/src/steg/x_http.c
index eb08401..c26fe1f 100644
--- a/src/steg/x_http.c
+++ b/src/steg/x_http.c
@@ -71,7 +71,7 @@ x_http_detect(conn_t *conn)
{
struct evbuffer *buf = conn_get_inbound(conn);
unsigned char *data;
- return 0;
+ return 0;
/* Look for the text of http_response_1. */
if (evbuffer_get_length(buf) >= sizeof http_response_1 - 1) {
diff --git a/src/steg/x_http2.c b/src/steg/x_http2.c
index 3695c27..a1bc100 100644
--- a/src/steg/x_http2.c
+++ b/src/steg/x_http2.c
@@ -51,8 +51,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#define MIN_COOKIE_SIZE 128
-#define MAX_COOKIE_SIZE 2048
+#define MIN_COOKIE_SIZE 24
+#define MAX_COOKIE_SIZE 1024
int
@@ -187,7 +187,7 @@ x_http2_detect(conn_t *conn)
struct evbuffer *buf = conn_get_inbound(conn);
unsigned char *data;
- // return 0;
+ //return 0;
/*****
Here is a list of HTTP response codes extracted from the server-portals.out trace
@@ -490,7 +490,7 @@ x_http2_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn
conn_cease_transmission(conn);
- downcast_steg(s)->type = find_uri_type(buf);
+ downcast_steg(s)->type = find_uri_type(buf, sizeof(buf));
downcast_steg(s)->have_transmitted = 1;
return 0;
}
@@ -528,6 +528,10 @@ int gen_uri_field(char* uri, unsigned int uri_sz, char* data, int datalen) {
if (r == 0 && datalen > 0)
uri[so_far++] = '/';
+ if (r == 2 && datalen > 0)
+ uri[so_far++] = '_';
+
+
if (so_far > uri_sz - 6) {
fprintf(stderr, "too small\n");
return 0;
@@ -636,7 +640,7 @@ x_http2_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn) {
evbuffer_drain(source, slen);
conn_cease_transmission(conn);
- downcast_steg(s)->type = find_uri_type(outbuf);
+ downcast_steg(s)->type = find_uri_type(outbuf, sizeof(outbuf));
downcast_steg(s)->have_transmitted = 1;
return 0;
@@ -675,7 +679,7 @@ x_http2_transmit(steg_t *s, struct evbuffer *source, conn_t *conn)
the only plausible places to put it are the URL and cookies. This
presently uses the URL. And it can't be binary. */
- if (evbuffer_get_length(source) < 128)
+ if (evbuffer_get_length(source) < 72)
return x_http2_client_uri_transmit(s, source, conn); //@@
return x_http2_client_cookie_transmit(s, source, conn); //@@
}
@@ -736,21 +740,21 @@ x_http2_server_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct ev
log_debug("SERVER received request header of length %d", (int)s2.pos);
data = evbuffer_pullup(source, s2.pos+4);
+
if (data == NULL) {
log_debug("SERVER evbuffer_pullup fails");
return RECV_BAD;
}
- limit = data + s2.pos;
- type = find_uri_type((char *)data);
+ data[s2.pos+3] = 0;
- data[s2.pos+4] = 0;
- // fprintf(stderr, "data = %s\n", data);
+ limit = data + s2.pos;
+
+ type = find_uri_type((char *)data, s2.pos+4);
if (strstr((char*) data, "Cookie") != NULL) {
- data = (unsigned char*) strstr((char*) data, "Cookie:");
- p = data + sizeof "Cookie: "-1;
+ p = (unsigned char*) strstr((char*) data, "Cookie:") + + sizeof "Cookie: "-1;
cookie_mode = 1;
}
else
@@ -784,8 +788,6 @@ x_http2_server_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct ev
outbuf[sofar] = 0;
- // fprintf(stderr, "recvd = %d\n", sofar);
-
if (secondhalf) {
fprintf(stderr, "incorrect cookie or uri recovery \n");
exit(-1);
More information about the tor-commits
mailing list