コード例 #1
0
void search_file(const char *file_full_path) {
    int fd = -1;
    off_t f_len = 0;
    char *buf = NULL;
    struct stat statbuf;
    int rv = 0;
    FILE *pipe = NULL;

    fd = open(file_full_path, O_RDONLY);
    if (fd < 0) {
        log_err("Error opening file %s: %s Skipping...", file_full_path, strerror(errno));
        goto cleanup;
    }

    rv = fstat(fd, &statbuf);
    if (rv != 0) {
        log_err("Error fstat()ing file %s. Skipping...", file_full_path);
        goto cleanup;
    }

    if (opts.stdout_inode != 0 && opts.stdout_inode == statbuf.st_ino) {
        log_debug("Skipping %s because stdout is redirected to it", file_full_path);
        goto cleanup;
    }

    if ((statbuf.st_mode & S_IFMT) == 0) {
        log_err("%s is not a file. Mode %u. Skipping...", file_full_path, statbuf.st_mode);
        goto cleanup;
    }

    if (statbuf.st_mode & S_IFIFO) {
        log_debug("%s is a named pipe. stream searching", file_full_path);
        pipe = fdopen(fd, "r");
        search_stream(pipe, file_full_path);
        fclose(pipe);
    } else {
        f_len = statbuf.st_size;

        if (f_len == 0) {
            log_debug("File %s is empty, skipping.", file_full_path);
            goto cleanup;
        }

#ifdef _WIN32
        {
            HANDLE hmmap = CreateFileMapping(
                (HANDLE)_get_osfhandle(fd), 0, PAGE_READONLY, 0, f_len, NULL);
            buf = (char*) MapViewOfFile(hmmap, FILE_SHARE_READ, 0, 0, f_len);
            if (hmmap != NULL)
              CloseHandle(hmmap);
        }
        if (buf == NULL) {
            FormatMessageA(
                FORMAT_MESSAGE_ALLOCATE_BUFFER |
                FORMAT_MESSAGE_FROM_SYSTEM |
                FORMAT_MESSAGE_IGNORE_INSERTS,
                NULL, GetLastError(), 0, (void*) &buf, 0, NULL);
            log_err("File %s failed to load: %s.", file_full_path, buf);
            LocalFree((void*)buf);
            goto cleanup;
        }
#else
        buf = mmap(0, f_len, PROT_READ, MAP_SHARED, fd, 0);
        if (buf == MAP_FAILED) {
            log_err("File %s failed to load: %s.", file_full_path, strerror(errno));
            goto cleanup;
        }
#endif

        if (opts.search_zip_files) {
            ag_compression_type zip_type = is_zipped(buf, f_len);
            if (zip_type != AG_NO_COMPRESSION) {
                int _buf_len = (int)f_len;
                char *_buf = decompress(zip_type, buf, f_len, file_full_path, &_buf_len);
                if (_buf == NULL || _buf_len == 0) {
                    log_err("Cannot decompress zipped file %s", file_full_path);
                    goto cleanup;
                }
                search_buf(_buf, _buf_len, file_full_path);
                free(_buf);
                goto cleanup;
            }
        }

        search_buf(buf, (int)f_len, file_full_path);
    }

    cleanup:;
    if (fd != -1) {
#ifdef _WIN32
        UnmapViewOfFile(buf);
#else
        munmap(buf, f_len);
#endif
        close(fd);
    }
}
コード例 #2
0
ファイル: searcher.c プロジェクト: TidyHuang/DLP
void search_file(const char *file_full_path, int search_zip_files) {
	int fd;
	off_t f_len = 0;
	char *buf = NULL;
	struct stat statbuf;
	int rv = 0;
	FILE *pipe = NULL;
	char* tmp_file_path = NULL;

	fd = open(file_full_path, O_RDONLY);
	if (fd < 0) {
		/* XXXX: strerror is not thread-safe */
		log_err("Skipping %s: Error opening file: %s", file_full_path, strerror(errno));
		goto cleanup;
	}

	rv = fstat(fd, &statbuf);
	if (rv != 0) {
		log_err("Skipping %s: Error fstat()ing file.", file_full_path);
		goto cleanup;
	}

	//if (opts.stdout_inode != 0 && opts.stdout_inode == statbuf.st_ino) {
	//	log_debug("Skipping %s: stdout is redirected to it", file_full_path);
	//	goto cleanup;
	//}

	if ((statbuf.st_mode & S_IFMT) == 0) {
		log_err("Skipping %s: Mode %u is not a file.", file_full_path, statbuf.st_mode);
		goto cleanup;
	}

	if (statbuf.st_mode & S_IFIFO) {
		log_debug("%s is a named pipe. stream searching", file_full_path);
		pipe = fdopen(fd, "r");
		//search_stream(pipe, file_full_path);
		fclose(pipe);
		goto cleanup;
	}

	f_len = statbuf.st_size;

	if (f_len == 0) {
		log_debug("Skipping %s: file is empty.", file_full_path);
		goto cleanup;
	}

	if (/*!opts.literal && */f_len > INT_MAX) {
		log_err("Skipping %s: pcre_exec() can't handle files larger than %i bytes.", file_full_path, INT_MAX);
		goto cleanup;
	}

#ifdef _WIN32
	{
		HANDLE hmmap = CreateFileMapping(
			(HANDLE)_get_osfhandle(fd), 0, PAGE_READONLY, 0, f_len, NULL);
		buf = (char *)MapViewOfFile(hmmap, FILE_SHARE_READ, 0, 0, f_len);
		if (hmmap != NULL)
			CloseHandle(hmmap);
	}
	if (buf == NULL) {
		FormatMessageA(
			FORMAT_MESSAGE_ALLOCATE_BUFFER |
			FORMAT_MESSAGE_FROM_SYSTEM |
			FORMAT_MESSAGE_IGNORE_INSERTS,
			NULL, GetLastError(), 0, (LPSTR)&buf, 0, NULL);
		log_err("File %s failed to load: %s.", file_full_path, buf);
		LocalFree((void *)buf);
		goto cleanup;
	}
#else
	buf = mmap(0, f_len, PROT_READ, MAP_SHARED, fd, 0);
	if (buf == MAP_FAILED) {
		log_err("File %s failed to load: %s.", file_full_path, strerror(errno));
		goto cleanup;
	}
#if HAVE_MADVISE
	madvise(buf, f_len, MADV_SEQUENTIAL);
#elif HAVE_POSIX_FADVISE
	posix_fadvise(fd, 0, f_len, POSIX_MADV_SEQUENTIAL);
#endif
#endif

	

	tmp_file_path = (char *)ag_malloc(MAX_PATH);
	if (search_zip_files) {
		ag_compression_type zip_type = is_zipped(buf, f_len);
		if (zip_type != AG_NO_COMPRESSION) {
			int _buf_len = (int)f_len;
			char *_buf = (char*)decompress(zip_type, buf, f_len, file_full_path, &_buf_len);
			if (_buf == NULL || _buf_len == 0) {
				log_err("Cannot decompress zipped file %s", file_full_path);
				goto cleanup;
			}
			search_buf(_buf, _buf_len, file_full_path, tmp_file_path);
			free(_buf);
			goto cleanup;
		}
	}

	search_buf(buf, f_len, file_full_path, tmp_file_path);

cleanup:

	if (buf != NULL) {
#ifdef _WIN32
		UnmapViewOfFile(buf);
#else
		munmap(buf, f_len);
#endif
	}
	if (fd != -1) {
		close(fd);
	}

	if (tmp_file_path != NULL)
	{
		DeleteFileA(tmp_file_path);
		free(tmp_file_path);
	}
}