iis: Adds ssdeep support

Felipe \"Zimmerle\" Costa · Felipe Zimmerle · commit 2c423bacadc8 · 2014-10-28T09:34:33.000-07:00
diff --git a/apache2/re_variables.c b/apache2/re_variables.c
@@ -1160,8 +1160,7 @@ static int var_files_tmp_contents_generate(modsec_rec *msr, msre_var *var,
             }
             /* If we had a match add this argument to the collection. */
             if (match) {
-                static int buf_size = 1024;
-                char buf[buf_size];
+                char buf[1024];
                 FILE *file;
                 size_t nread;
                 char *full_content = NULL;
@@ -1173,7 +1172,7 @@ static int var_files_tmp_contents_generate(modsec_rec *msr, msre_var *var,
                     continue;
                 }
 
-                while ((nread = fread(buf, 1, buf_size-1, file)) > 0)
+                while ((nread = fread(buf, 1, 1023, file)) > 0)
                 {   
                     total_lenght += nread;
                     buf[nread] = '\0';
diff --git a/iis/Makefile.win b/iis/Makefile.win
@@ -10,11 +10,11 @@
 LIBS = $(APACHE)\lib\libapr-1.lib \
        $(APACHE)\lib\libaprutil-1.lib \
        $(PCRE)\pcre.lib \
+       $(SSDEEP)\fuzzy.lib \
        $(LIBXML2)\win32\bin.msvc\libxml2.lib \
        "kernel32.lib" "user32.lib" "gdi32.lib" "winspool.lib" "comdlg32.lib" "advapi32.lib" "shell32.lib" "ole32.lib" \
        "oleaut32.lib" "uuid.lib" "odbc32.lib" "odbccp32.lib" "ws2_32.lib" \
        "iphlpapi.lib"
-
 ###########################################################################
 ###########################################################################
 
@@ -23,11 +23,13 @@ LINK = link.exe
 
 MT = mt
 
-DEFS = /nologo /O2 /LD /W3 /wd4244 /wd4018 -DWIN32 -DWINNT -Dinline=APR_INLINE -DAP_DECLARE_STATIC -D_MBCS -D$(VERSION)
+DEFS = /nologo /O2 /LD /W3 /wd4244 /wd4018 -DWITH_YAJL -DWIN32 -DWINNT -Dinline=APR_INLINE -DAP_DECLARE_STATIC -D_MBCS -D$(VERSION)
 
 DLL = ModSecurityIIS.dll
 
 INCLUDES = -I. -I.. \
+	   -I$(YAJL)\.. \
+	   -I$(SSDEEP) \
            -I$(PCRE)\include -I$(PCRE) \
            -I$(LIBXML2)\include \
            -I$(APACHE)\include \
@@ -47,6 +49,16 @@ LIBS = $(LIBS) $(YAJL)\lib\yajl.lib
 DEFS=$(DEFS) -DWITH_YAJL
 INCLUDES = $(INCLUDES) -I$(YAJL)\include -I$(YAJL) \
 !ENDIF
+
+# ssdeep is optional
+!IF "$(SSDEEP)" != ""
+LIBS = $(LIBS) $(SSDEEP)\fuzzy.lib
+DEFS=$(DEFS) -DWITH_SSDEEP
+INCLUDES = $(INCLUDES) -I$(SSDEEP)\include -I$(SSDEEP) \
+!ENDIF
+
+
+
 
 CFLAGS= -MD /Zi $(INCLUDES) $(DEFS)
 
@@ -60,6 +72,7 @@ OBJS1 = mod_security2.obj apache2_config.obj apache2_io.obj apache2_util.obj \
        msc_release.obj msc_crypt.obj msc_tree.obj \
        msc_status_engine.obj \
        msc_json.obj
+       
 OBJS2 = api.obj buckets.obj config.obj filters.obj hooks.obj regex.obj server.obj
 OBJS3 = main.obj moduleconfig.obj mymodule.obj
 OBJS4 = libinjection_html5.obj \
diff --git a/iis/build_dependencies.bat b/iis/build_dependencies.bat
@@ -18,6 +18,8 @@
 @set APACHE_BIN32=httpd-2.4.6-win32-VC11.zip
 @set APACHE_BIN64=httpd-2.4.6-win64-VC11.zip
 @set YAJL=lloyd-yajl-f4b2b1a.zip
+@set SSDEEP=ssdeep-2.10.tar.gz
+@set SSDEEP_BIN=ssdeep-2.10.zip
 
 :: @set VCARGS32="C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\vcvars32.bat"
 :: @set VCARGS64="C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\x86_amd64\vcvarsx86_amd64.bat"
@@ -47,12 +49,11 @@ call cl 2>&1 | findstr /C:"x64"
 @call dependencies/build_apache.bat
 @if NOT (%ERRORLEVEL%) == (0) goto build_failed_apache
 @cd "%CURRENT_DIR%"
-echo "c"
+
 @echo # pcre. - %PCRE%
 @call dependencies/build_pcre.bat
 @if NOT (%ERRORLEVEL%) == (0) goto build_failed_pcre
 @cd "%CURRENT_DIR%"
-echo "b"
 
 @echo # zlib - %ZLIB%
 @call dependencies/build_zlib.bat
@@ -79,6 +80,11 @@ echo "b"
 @if NOT (%ERRORLEVEL%) == (0) goto build_failed_yajl
 @cd "%CURRENT_DIR%"
 
+@echo # ssdeep - %SSDEEP%
+@call dependencies/build_ssdeep.bat
+@if NOT (%ERRORLEVEL%) == (0) goto build_failed_ssdeep
+@cd "%CURRENT_DIR%"
+
 @echo All dependencies were built successfully.
 @cd "%CURRENT_DIR%"
 @exit /B 0
@@ -119,6 +125,10 @@ echo "b"
 @echo Failed to setup %YAJL%...
 @goto failed
 
+:build_failed_ssdeep
+@echo Failed to setup %SSDEEP%...
+@goto failed
+
 :failed
 @cd %CURRENT_DIR%
 @exit /B 1
diff --git a/iis/build_modsecurity.bat b/iis/build_modsecurity.bat
@@ -15,21 +15,21 @@ set CURRENT_DIR=%cd%
 cd ..\apache2
 del *.obj *.dll *.lib
 del libinjection\*.obj libinjection\*.dll libinjection\*.lib
-NMAKE -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre LIBXML2=..\iis\%DEPENDENCIES_DIR%\libxml2 LUA=..\iis\%DEPENDENCIES_DIR%\lua\src VERSION=VERSION_IIS YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\yajl-2.0.1
+NMAKE -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre LIBXML2=..\iis\%DEPENDENCIES_DIR%\libxml2 LUA=..\iis\%DEPENDENCIES_DIR%\lua\src VERSION=VERSION_IIS YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\yajl-2.0.1 SSDEEP=..\iis\%DEPENDENCIES_DIR%\ssdeep
 @if NOT (%ERRORLEVEL%) == (0) goto build_failed
 
 @echo mlogc...
 cd ..\mlogc
 del *.obj *.dll *.lib
 nmake -f Makefile.win clean
-nmake -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre CURL=..\iis\%DEPENDENCIES_DIR%\curl VERSION=VERSION_IIS
+nmake -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre CURL=..\iis\%DEPENDENCIES_DIR%\curl YAJL=..\iis\%DEPENDENCIES_DIR%\yajl SSDEEP=..\iis\%DEPENDENCIES_DIR%\ssdeep VERSION=VERSION_IIS
 @if NOT (%ERRORLEVEL%) == (0) goto build_failed
 
 @echo iis...
 cd ..\iis
 del *.obj *.dll *.lib
 nmake -f Makefile.win clean
-NMAKE -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre LIBXML2=..\iis\%DEPENDENCIES_DIR%\libxml2 LUA=..\iis\%DEPENDENCIES_DIR%\lua\src VERSION=VERSION_IIS YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\yajl-2.0.1
+NMAKE -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre LIBXML2=..\iis\%DEPENDENCIES_DIR%\libxml2 LUA=..\iis\%DEPENDENCIES_DIR%\lua\src VERSION=VERSION_IIS YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\yajl-2.0.1 SSDEEP=..\iis\%DEPENDENCIES_DIR%\ssdeep
 @if NOT (%ERRORLEVEL%) == (0) goto build_failed
 
 cd %CURRENT_DIR%
diff --git a/iis/dependencies/build_ssdeep.bat b/iis/dependencies/build_ssdeep.bat
@@ -0,0 +1,39 @@
+cd "%WORK_DIR%"
+
+@if NOT EXIST "%SOURCE_DIR%\%SSDEEP%" goto build_failed
+
+@7z.exe x "%SOURCE_DIR%\%SSDEEP_BIN%"
+@if NOT (%ERRORLEVEL%) == (0) goto build_failed
+@7z.exe x "%SOURCE_DIR%\%SSDEEP%" -so | 7z.exe x -aoa -si -ttar 
+@if NOT (%ERRORLEVEL%) == (0) goto build_failed
+
+set SSDEEP_DIR=%SSDEEP_BIN:~0,-4%
+
+move "%SSDEEP_DIR%" "ssdeep"
+@if NOT (%ERRORLEVEL%) == (0) goto build_failed
+cd "%WORK_DIR%\ssdeep\"
+@if NOT (%ERRORLEVEL%) == (0) goto build_failed
+
+@set SSDEEP_ARCH="x86"
+@call cl 2>&1 | findstr /C:"x64"
+@if (%ERRORLEVEL%) == (0) set SSDEEP_ARCH="x64"
+
+lib /machine:%SSDEEP_ARCH% /def:fuzzy.def
+@if NOT (%ERRORLEVEL%) == (0) goto build_failed
+
+copy /y "%WORK_DIR%\ssdeep\fuzzy.dll" "%OUTPUT_DIR%"
+@if NOT (%ERRORLEVEL%) == (0) goto build_failed
+copy /y "%WORK_DIR%\ssdeep\fuzzy.def" "%OUTPUT_DIR%"
+@if NOT (%ERRORLEVEL%) == (0) goto build_failed
+copy /y "%WORK_DIR%\ssdeep\fuzzy.lib" "%OUTPUT_DIR%"
+@if NOT (%ERRORLEVEL%) == (0) goto build_failed
+
+
+@exit /B 0
+
+:build_failed
+@echo Problems during the building phase
+@goto failed
+
+:failed
+@exit /B 1

Original file line number	Diff line number	Diff line change
`@@ -1160,8 +1160,7 @@ static int var_files_tmp_contents_generate(modsec_rec msr, msre_var var,`
`1160`	`1160`	`}`
`1161`	`1161`	`/* If we had a match add this argument to the collection. */`
`1162`	`1162`	`if (match) {`
`1163`		`- static int buf_size = 1024;`
`1164`		`- char buf[buf_size];`
	`1163`	`+ char buf[1024];`
`1165`	`1164`	`FILE *file;`
`1166`	`1165`	`size_t nread;`
`1167`	`1166`	`char *full_content = NULL;`
`@@ -1173,7 +1172,7 @@ static int var_files_tmp_contents_generate(modsec_rec msr, msre_var var,`
`1173`	`1172`	`continue;`
`1174`	`1173`	`}`
`1175`	`1174`
`1176`		`- while ((nread = fread(buf, 1, buf_size-1, file)) > 0)`
	`1175`	`+ while ((nread = fread(buf, 1, 1023, file)) > 0)`
`1177`	`1176`	`{`
`1178`	`1177`	`total_lenght += nread;`
`1179`	`1178`	`buf[nread] = '\0';`