From 187949b9ad1184eb73f052db3cfdf196ee6e9d2c Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Tue, 9 Feb 2010 16:24:35 +0100
Subject: [PATCH] Make urilen inspect the normalized uri, cleanup uri (error)
 handling.

---
 src/app-layer-htp.c     | 47 +++++++++++++++++++++++++++++------------
 src/detect-uricontent.c |  6 +++++-
 src/detect-urilen.c     | 16 +++++++-------
 3 files changed, 47 insertions(+), 22 deletions(-)

diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c
index 86ad11fc7a..0663bbbccf 100644
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@@ -56,25 +56,34 @@ static void *HTPStateAlloc(void)
     if (s->connp == NULL) {
         goto error;
     }
-
     SCLogDebug("s->connp %p", s->connp);
 
-#ifdef DEBUG
-    SCMutexLock(&htp_state_mem_lock);
-    htp_state_memcnt++;
-    htp_state_memuse+=sizeof(HtpState);
-    SCMutexUnlock(&htp_state_mem_lock);
-#endif
     /* Create a list_array of size 8 to store the incoming requests, the size of
        8 has been chosen as half the size of conn->transactions in the
        HTP lib. As we are storing only requests here not responses!! */
     s->recent_in_tx = list_array_create(8);
+    if (s->recent_in_tx == NULL) {
+        SCLogDebug("list_array_create returned NULL");
+        goto error;
+    }
+
     htp_connp_set_user_data(s->connp, (void *)s);
+
+#ifdef DEBUG
+    SCMutexLock(&htp_state_mem_lock);
+    htp_state_memcnt++;
+    htp_state_memuse += sizeof(HtpState);
+    SCMutexUnlock(&htp_state_mem_lock);
+#endif
     SCReturnPtr((void *)s, "void");
 
 error:
-    if (s != NULL)
+    if (s != NULL) {
+        if (s->connp != NULL)
+            htp_connp_destroy(s->connp);
+
         free(s);
+    }
 
     SCReturnPtr(NULL, "void");
 }
@@ -93,8 +102,9 @@ static void HTPStateFree(void *state)
         if (s->connp != NULL) {
             htp_connp_destroy_all(s->connp);
         }
-        if (s->recent_in_tx != NULL)
+        if (s->recent_in_tx != NULL) {
             list_destroy(s->recent_in_tx);
+        }
     }
 
     free(s);
@@ -102,7 +112,7 @@ static void HTPStateFree(void *state)
 #ifdef DEBUG
     SCMutexLock(&htp_state_mem_lock);
     htp_state_memcnt--;
-    htp_state_memuse-=sizeof(HtpState);
+    htp_state_memuse -= sizeof(HtpState);
     SCMutexUnlock(&htp_state_mem_lock);
 #endif
 
@@ -285,7 +295,12 @@ void HTPFreeConfig(void)
  */
 static int HTPCallbackRequest(htp_connp_t *connp) {
     SCEnter();
+
     HtpState *hstate = (HtpState *)connp->user_data;
+    if (hstate == NULL) {
+        /** \todo error condition, what should we return? */
+        SCReturnInt(0);
+    }
 
     list_add(hstate->recent_in_tx, connp->in_tx);
     SCReturnInt(0);
@@ -299,14 +314,20 @@ static int HTPCallbackRequest(htp_connp_t *connp) {
  */
 static int HTPCallbackResponse(htp_connp_t *connp) {
     SCEnter();
+
     HtpState *hstate = (HtpState *)connp->user_data;
-    htp_tx_t *tx = NULL;
+    if (hstate == NULL) {
+        /** \todo error condition, what should we return? */
+        SCReturnInt(0);
+    }
 
     while (list_size(hstate->recent_in_tx) > 0) {
-        tx = list_pop(hstate->recent_in_tx);
-        if (tx != NULL)
+        htp_tx_t *tx = list_pop(hstate->recent_in_tx);
+        if (tx != NULL) {
             htp_tx_destroy(tx);
+        }
     }
+
     SCReturnInt(0);
 }
 
diff --git a/src/detect-uricontent.c b/src/detect-uricontent.c
index da0b07be7e..3914e7ffdb 100644
--- a/src/detect-uricontent.c
+++ b/src/detect-uricontent.c
@@ -542,9 +542,13 @@ int DetectAppLayerUricontentMatch (ThreadVars *tv, DetectEngineThreadCtx *det_ct
     SCReturnInt(res);
 }
 
+/** \brief Run the pattern matcher against the uri(s)
+ *
+ *  \warning Make sure the flow/state is locked
+ */
 uint32_t DetectUricontentInspectMpm(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, void *alstate) {
-    uint32_t cnt = 0;
     SCEnter();
+    uint32_t cnt = 0;
 
     HtpState *htp_state = (HtpState *)alstate;
     if (htp_state == NULL) {
diff --git a/src/detect-urilen.c b/src/detect-urilen.c
index 2c91e99288..b6c8606b3e 100644
--- a/src/detect-urilen.c
+++ b/src/detect-urilen.c
@@ -87,35 +87,35 @@ int DetectUrilenMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
     SCEnter();
     int ret = 0;
     DetectUrilenData *urilend = (DetectUrilenData *) m->ctx;
+
     HtpState *htp_state = (HtpState *)state;
     if (htp_state == NULL) {
         SCLogDebug("no HTP state, no need to match further");
         SCReturnInt(ret);
     }
 
-    htp_tx_t *tx = NULL;
     SCMutexLock(&f->m);
-    tx = list_get(htp_state->connp->conn->transactions, 0);
+    htp_tx_t *tx = list_get(htp_state->recent_in_tx, 0);
 
-    if (tx == NULL || tx->request_uri == NULL)
+    if (tx == NULL || tx->request_uri_normalized == NULL)
         goto end;
 
     switch (urilend->mode) {
         case DETECT_URILEN_EQ:
-            if (urilend->urilen1 == bstr_len(tx->request_uri))
+            if (bstr_len(tx->request_uri_normalized) == urilend->urilen1)
                 ret = 1;
             break;
         case DETECT_URILEN_LT:
-            if (bstr_len(tx->request_uri) < urilend->urilen1)
+            if (bstr_len(tx->request_uri_normalized) < urilend->urilen1)
                 ret = 1;
             break;
         case DETECT_URILEN_GT:
-            if (bstr_len(tx->request_uri) > urilend->urilen1)
+            if (bstr_len(tx->request_uri_normalized) > urilend->urilen1)
                 ret = 1;
             break;
         case DETECT_URILEN_RA:
-            if (bstr_len(tx->request_uri) > urilend->urilen1 &&
-                bstr_len(tx->request_uri) < urilend->urilen2)
+            if (bstr_len(tx->request_uri_normalized) > urilend->urilen1 &&
+                bstr_len(tx->request_uri_normalized) < urilend->urilen2)
                 ret = 1;
             break;
     }