Make urilen inspect the normalized uri, cleanup uri (error) handling.

15 years ago · 187949b9ad
parent 6b562f7aa6
commit 187949b9ad
3 changed files with 47 additions and 22 deletions
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@ -56,25 +56,34 @@ static void *HTPStateAlloc(void)
    if (s->connp == NULL) {
        goto error;
    }
-
    SCLogDebug("s->connp %p", s->connp);

-#ifdef DEBUG
-    SCMutexLock(&htp_state_mem_lock);
-    htp_state_memcnt++;
-    htp_state_memuse+=sizeof(HtpState);
-    SCMutexUnlock(&htp_state_mem_lock);
-#endif
    /* Create a list_array of size 8 to store the incoming requests, the size of
       8 has been chosen as half the size of conn->transactions in the
       HTP lib. As we are storing only requests here not responses!! */
    s->recent_in_tx = list_array_create(8);
+    if (s->recent_in_tx == NULL) {
+        SCLogDebug("list_array_create returned NULL");
+        goto error;
+    }
+
    htp_connp_set_user_data(s->connp, (void *)s);
+
+#ifdef DEBUG
+    SCMutexLock(&htp_state_mem_lock);
+    htp_state_memcnt++;
+    htp_state_memuse += sizeof(HtpState);
+    SCMutexUnlock(&htp_state_mem_lock);
+#endif
    SCReturnPtr((void *)s, "void");

 error:
-    if (s != NULL)
+    if (s != NULL) {
+        if (s->connp != NULL)
+            htp_connp_destroy(s->connp);
+
        free(s);
+    }

    SCReturnPtr(NULL, "void");
 }
@ -93,8 +102,9 @@ static void HTPStateFree(void *state)
        if (s->connp != NULL) {
            htp_connp_destroy_all(s->connp);
        }
-        if (s->recent_in_tx != NULL)
+        if (s->recent_in_tx != NULL) {
            list_destroy(s->recent_in_tx);
+        }
    }

    free(s);
@ -102,7 +112,7 @@ static void HTPStateFree(void *state)
 #ifdef DEBUG
    SCMutexLock(&htp_state_mem_lock);
    htp_state_memcnt--;
-    htp_state_memuse-=sizeof(HtpState);
+    htp_state_memuse -= sizeof(HtpState);
    SCMutexUnlock(&htp_state_mem_lock);
 #endif

@ -285,7 +295,12 @@ void HTPFreeConfig(void)
 */
 static int HTPCallbackRequest(htp_connp_t *connp) {
    SCEnter();
+
    HtpState *hstate = (HtpState *)connp->user_data;
+    if (hstate == NULL) {
+        /** \todo error condition, what should we return? */
+        SCReturnInt(0);
+    }

    list_add(hstate->recent_in_tx, connp->in_tx);
    SCReturnInt(0);
@ -299,14 +314,20 @@ static int HTPCallbackRequest(htp_connp_t *connp) {
 */
 static int HTPCallbackResponse(htp_connp_t *connp) {
    SCEnter();
+
    HtpState *hstate = (HtpState *)connp->user_data;
-    htp_tx_t *tx = NULL;
+    if (hstate == NULL) {
+        /** \todo error condition, what should we return? */
+        SCReturnInt(0);
+    }

    while (list_size(hstate->recent_in_tx) > 0) {
-        tx = list_pop(hstate->recent_in_tx);
-        if (tx != NULL)
+        htp_tx_t *tx = list_pop(hstate->recent_in_tx);
+        if (tx != NULL) {
            htp_tx_destroy(tx);
+        }
    }
+
    SCReturnInt(0);
 }

--- a/src/detect-uricontent.c
+++ b/src/detect-uricontent.c
@ -542,9 +542,13 @@ int DetectAppLayerUricontentMatch (ThreadVars *tv, DetectEngineThreadCtx *det_ct
    SCReturnInt(res);
 }

+/** \brief Run the pattern matcher against the uri(s)
+ *
+ *  \warning Make sure the flow/state is locked
+ */
 uint32_t DetectUricontentInspectMpm(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, void *alstate) {
-    uint32_t cnt = 0;
    SCEnter();
+    uint32_t cnt = 0;

    HtpState *htp_state = (HtpState *)alstate;
    if (htp_state == NULL) {
--- a/src/detect-urilen.c
+++ b/src/detect-urilen.c
@ -87,35 +87,35 @@ int DetectUrilenMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
    SCEnter();
    int ret = 0;
    DetectUrilenData *urilend = (DetectUrilenData *) m->ctx;
+
    HtpState *htp_state = (HtpState *)state;
    if (htp_state == NULL) {
        SCLogDebug("no HTP state, no need to match further");
        SCReturnInt(ret);
    }

-    htp_tx_t *tx = NULL;
    SCMutexLock(&f->m);
-    tx = list_get(htp_state->connp->conn->transactions, 0);
+    htp_tx_t *tx = list_get(htp_state->recent_in_tx, 0);

-    if (tx == NULL || tx->request_uri == NULL)
+    if (tx == NULL || tx->request_uri_normalized == NULL)
        goto end;

    switch (urilend->mode) {
        case DETECT_URILEN_EQ:
-            if (urilend->urilen1 == bstr_len(tx->request_uri))
+            if (bstr_len(tx->request_uri_normalized) == urilend->urilen1)
                ret = 1;
            break;
        case DETECT_URILEN_LT:
-            if (bstr_len(tx->request_uri) < urilend->urilen1)
+            if (bstr_len(tx->request_uri_normalized) < urilend->urilen1)
                ret = 1;
            break;
        case DETECT_URILEN_GT:
-            if (bstr_len(tx->request_uri) > urilend->urilen1)
+            if (bstr_len(tx->request_uri_normalized) > urilend->urilen1)
                ret = 1;
            break;
        case DETECT_URILEN_RA:
-            if (bstr_len(tx->request_uri) > urilend->urilen1 &&
-                bstr_len(tx->request_uri) < urilend->urilen2)
+            if (bstr_len(tx->request_uri_normalized) > urilend->urilen1 &&
+                bstr_len(tx->request_uri_normalized) < urilend->urilen2)
                ret = 1;
            break;
    }