From 1cacba435b57b704d640acbe6f480d432b52088b Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 22 Dec 2016 10:09:34 +0100 Subject: [PATCH] ssl/tls: clean up keywords --- src/detect-ssl-state.c | 43 ++++++++++++++++++++-------------------- src/detect-ssl-version.c | 26 ++++++++++++------------ src/detect-tls-version.c | 35 +++++++++++++++++--------------- 3 files changed, 53 insertions(+), 51 deletions(-) diff --git a/src/detect-ssl-state.c b/src/detect-ssl-state.c index 64b5e7af3f..9cb9c7bc2b 100644 --- a/src/detect-ssl-state.c +++ b/src/detect-ssl-state.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation +/* Copyright (C) 2007-2016 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -63,8 +63,8 @@ static int DetectSslStateMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, const Signature *, const SigMatchData *); static int DetectSslStateSetup(DetectEngineCtx *, Signature *, char *); -void DetectSslStateRegisterTests(void); -void DetectSslStateFree(void *); +static void DetectSslStateRegisterTests(void); +static void DetectSslStateFree(void *); /** * \brief Registers the keyword handlers for the "ssl_state" keyword. @@ -125,7 +125,7 @@ static int DetectSslStateMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, * \retval ssd Pointer to DetectSslStateData on succese. * \retval NULL On failure. */ -DetectSslStateData *DetectSslStateParse(char *arg) +static DetectSslStateData *DetectSslStateParse(char *arg) { #define MAX_SUBSTRINGS 30 int ret = 0, res = 0; @@ -274,11 +274,17 @@ error: * \retval 0 On success. * \retval -1 On failure. */ -int DetectSslStateSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) +static int DetectSslStateSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) { DetectSslStateData *ssd = NULL; SigMatch *sm = NULL; + if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_TLS) { + SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, + "Rule contains conflicting keywords. Have non-tls alproto " + "set for a rule containing \"ssl_state\" keyword"); + goto error; + } ssd = DetectSslStateParse(arg); if (ssd == NULL) goto error; @@ -290,12 +296,6 @@ int DetectSslStateSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) sm->type = DETECT_AL_SSL_STATE; sm->ctx = (SigMatchCtx*)ssd; - if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_TLS) { - SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, - "Rule contains conflicting keywords. Have non-tls alproto " - "set for a rule containing \"ssl_state\" keyword"); - goto error; - } s->alproto = ALPROTO_TLS; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); @@ -315,7 +315,7 @@ error: * * \param ptr pointer to the data to be freed. */ -void DetectSslStateFree(void *ptr) +static void DetectSslStateFree(void *ptr) { if (ptr != NULL) SCFree(ptr); @@ -327,7 +327,7 @@ void DetectSslStateFree(void *ptr) #ifdef UNITTESTS -int DetectSslStateTest01(void) +static int DetectSslStateTest01(void) { DetectSslStateData *ssd = DetectSslStateParse("client_hello"); FAIL_IF_NULL(ssd); @@ -336,7 +336,7 @@ int DetectSslStateTest01(void) PASS; } -int DetectSslStateTest02(void) +static int DetectSslStateTest02(void) { DetectSslStateData *ssd = DetectSslStateParse("server_hello , client_hello"); FAIL_IF_NULL(ssd); @@ -346,7 +346,7 @@ int DetectSslStateTest02(void) PASS; } -int DetectSslStateTest03(void) +static int DetectSslStateTest03(void) { DetectSslStateData *ssd = DetectSslStateParse("server_hello , client_keyx , " "client_hello"); @@ -358,7 +358,7 @@ int DetectSslStateTest03(void) PASS; } -int DetectSslStateTest04(void) +static int DetectSslStateTest04(void) { DetectSslStateData *ssd = DetectSslStateParse("server_hello , client_keyx , " "client_hello , server_keyx , " @@ -373,7 +373,7 @@ int DetectSslStateTest04(void) PASS; } -int DetectSslStateTest05(void) +static int DetectSslStateTest05(void) { DetectSslStateData *ssd = DetectSslStateParse(", server_hello , client_keyx , " "client_hello , server_keyx , " @@ -383,7 +383,7 @@ int DetectSslStateTest05(void) PASS; } -int DetectSslStateTest06(void) +static int DetectSslStateTest06(void) { DetectSslStateData *ssd = DetectSslStateParse("server_hello , client_keyx , " "client_hello , server_keyx , " @@ -813,7 +813,7 @@ static int DetectSslStateTest07(void) * \brief Test that the "|" character still works as a separate for * compatibility with older Suricata rules. */ -int DetectSslStateTest08(void) +static int DetectSslStateTest08(void) { DetectSslStateData *ssd = DetectSslStateParse("server_hello|client_hello"); FAIL_IF_NULL(ssd); @@ -826,7 +826,7 @@ int DetectSslStateTest08(void) /** * \test Test parsing of negated states. */ -int DetectSslStateTestParseNegate(void) +static int DetectSslStateTestParseNegate(void) { DetectSslStateData *ssd = DetectSslStateParse("!client_hello"); FAIL_IF_NULL(ssd); @@ -845,7 +845,7 @@ int DetectSslStateTestParseNegate(void) #endif /* UNITTESTS */ -void DetectSslStateRegisterTests(void) +static void DetectSslStateRegisterTests(void) { #ifdef UNITTESTS UtRegisterTest("DetectSslStateTest01", DetectSslStateTest01); @@ -859,6 +859,5 @@ void DetectSslStateRegisterTests(void) UtRegisterTest("DetectSslStateTestParseNegate", DetectSslStateTestParseNegate); #endif - return; } diff --git a/src/detect-ssl-version.c b/src/detect-ssl-version.c index 53dc751316..ea8f839c85 100644 --- a/src/detect-ssl-version.c +++ b/src/detect-ssl-version.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation +/* Copyright (C) 2007-2016 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -64,8 +64,8 @@ static int DetectSslVersionMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, const Signature *, const SigMatchData *); static int DetectSslVersionSetup(DetectEngineCtx *, Signature *, char *); -void DetectSslVersionRegisterTests(void); -void DetectSslVersionFree(void *); +static void DetectSslVersionRegisterTests(void); +static void DetectSslVersionFree(void *); /** * \brief Registration function for keyword: ssl_version @@ -163,7 +163,7 @@ static int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, * \retval ssl pointer to DetectSslVersionData on success * \retval NULL on failure */ -DetectSslVersionData *DetectSslVersionParse(char *str) +static DetectSslVersionData *DetectSslVersionParse(char *str) { DetectSslVersionData *ssl = NULL; #define MAX_SUBSTRINGS 30 @@ -280,6 +280,11 @@ static int DetectSslVersionSetup (DetectEngineCtx *de_ctx, Signature *s, char *s DetectSslVersionData *ssl = NULL; SigMatch *sm = NULL; + if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_TLS) { + SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); + goto error; + } + ssl = DetectSslVersionParse(str); if (ssl == NULL) goto error; @@ -293,11 +298,6 @@ static int DetectSslVersionSetup (DetectEngineCtx *de_ctx, Signature *s, char *s sm->type = DETECT_AL_SSL_VERSION; sm->ctx = (void *)ssl; - if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_TLS) { - SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); - goto error; - } - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); s->alproto = ALPROTO_TLS; @@ -330,7 +330,7 @@ void DetectSslVersionFree(void *ptr) * \test DetectSslVersionTestParse01 is a test to make sure that we parse the * "ssl_version" option correctly when given valid ssl_version option */ -int DetectSslVersionTestParse01(void) +static int DetectSslVersionTestParse01(void) { DetectSslVersionData *ssl = NULL; ssl = DetectSslVersionParse("SSlv3"); @@ -345,7 +345,7 @@ int DetectSslVersionTestParse01(void) * "ssl_version" option correctly when given an invalid ssl_version option * it should return ssl = NULL */ -int DetectSslVersionTestParse02(void) +static int DetectSslVersionTestParse02(void) { DetectSslVersionData *ssl = NULL; ssl = DetectSslVersionParse("2.5"); @@ -358,7 +358,7 @@ int DetectSslVersionTestParse02(void) * \test DetectSslVersionTestParse03 is a test to make sure that we parse the * "ssl_version" options correctly when given valid ssl_version options */ -int DetectSslVersionTestParse03(void) +static int DetectSslVersionTestParse03(void) { DetectSslVersionData *ssl = NULL; ssl = DetectSslVersionParse("SSlv3,tls1.0, !tls1.2"); @@ -654,7 +654,7 @@ static int DetectSslVersionTestDetect03(void) /** * \brief this function registers unit tests for DetectSslVersion */ -void DetectSslVersionRegisterTests(void) +static void DetectSslVersionRegisterTests(void) { #ifdef UNITTESTS /* UNITTESTS */ UtRegisterTest("DetectSslVersionTestParse01", DetectSslVersionTestParse01); diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c index d7ee9c8513..ee7d2c1678 100644 --- a/src/detect-tls-version.c +++ b/src/detect-tls-version.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation +/* Copyright (C) 2007-2016 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -63,8 +63,8 @@ static int DetectTlsVersionMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, const Signature *, const SigMatchData *); static int DetectTlsVersionSetup (DetectEngineCtx *, Signature *, char *); -void DetectTlsVersionRegisterTests(void); -void DetectTlsVersionFree(void *); +static void DetectTlsVersionRegisterTests(void); +static void DetectTlsVersionFree(void *); /** * \brief Registration function for keyword: tls.version @@ -131,7 +131,7 @@ static int DetectTlsVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, * \retval id_d pointer to DetectTlsVersionData on success * \retval NULL on failure */ -DetectTlsVersionData *DetectTlsVersionParse (char *str) +static DetectTlsVersionData *DetectTlsVersionParse (char *str) { uint16_t temp; DetectTlsVersionData *tls = NULL; @@ -219,8 +219,14 @@ static int DetectTlsVersionSetup (DetectEngineCtx *de_ctx, Signature *s, char *s DetectTlsVersionData *tls = NULL; SigMatch *sm = NULL; + if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_TLS) { + SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); + goto error; + } + tls = DetectTlsVersionParse(str); - if (tls == NULL) goto error; + if (tls == NULL) + goto error; /* Okay so far so good, lets get this into a SigMatch * and put it in the Signature. */ @@ -231,19 +237,16 @@ static int DetectTlsVersionSetup (DetectEngineCtx *de_ctx, Signature *s, char *s sm->type = DETECT_AL_TLS_VERSION; sm->ctx = (void *)tls; - if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_TLS) { - SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); - goto error; - } - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); s->alproto = ALPROTO_TLS; return 0; error: - if (tls != NULL) DetectTlsVersionFree(tls); - if (sm != NULL) SCFree(sm); + if (tls != NULL) + DetectTlsVersionFree(tls); + if (sm != NULL) + SCFree(sm); return -1; } @@ -253,7 +256,7 @@ error: * * \param id_d pointer to DetectTlsVersionData */ -void DetectTlsVersionFree(void *ptr) +static void DetectTlsVersionFree(void *ptr) { DetectTlsVersionData *id_d = (DetectTlsVersionData *)ptr; SCFree(id_d); @@ -265,7 +268,7 @@ void DetectTlsVersionFree(void *ptr) * \test DetectTlsVersionTestParse01 is a test to make sure that we parse the "id" * option correctly when given valid id option */ -int DetectTlsVersionTestParse01 (void) +static int DetectTlsVersionTestParse01 (void) { DetectTlsVersionData *tls = NULL; tls = DetectTlsVersionParse("1.0"); @@ -280,7 +283,7 @@ int DetectTlsVersionTestParse01 (void) * option correctly when given an invalid id option * it should return id_d = NULL */ -int DetectTlsVersionTestParse02 (void) +static int DetectTlsVersionTestParse02 (void) { DetectTlsVersionData *tls = NULL; tls = DetectTlsVersionParse("2.5"); @@ -582,7 +585,7 @@ static int DetectTlsVersionTestDetect03(void) /** * \brief this function registers unit tests for DetectTlsVersion */ -void DetectTlsVersionRegisterTests(void) +static void DetectTlsVersionRegisterTests(void) { #ifdef UNITTESTS /* UNITTESTS */ UtRegisterTest("DetectTlsVersionTestParse01", DetectTlsVersionTestParse01);