aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/dce: keyword cleanups

Browse Source
pull/3440/head
Victor Julien 7 years ago
parent 177966970a
commit 329e029525
3 changed files with 21 additions and 45 deletions
Show Stats Download Patch File Download Diff File

35
src/detect-dce-iface.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation /* Copyright (C) 2007-2018 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -278,8 +278,8 @@ DCERPCState *DetectDceGetState(AppProto alproto, void *alstate)
* \param dce_data Pointer to the Signature's dce_iface keyword * \param dce_data Pointer to the Signature's dce_iface keyword
* state(DetectDceIfaceData *). * state(DetectDceIfaceData *).
*/ */
static inline int DetectDceIfaceMatchIfaceVersion(uint16_t version, static inline int DetectDceIfaceMatchIfaceVersion(const uint16_t version,
DetectDceIfaceData *dce_data) const DetectDceIfaceData *dce_data)
{ {
switch (dce_data->op) { switch (dce_data->op) {
case DETECT_DCE_IFACE_OP_LT: case DETECT_DCE_IFACE_OP_LT:
@ -316,11 +316,10 @@ static int DetectDceIfaceMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
SCEnter(); SCEnter();
int ret = 0; int ret = 0;
DetectDceIfaceData *dce_data = (DetectDceIfaceData *)m; const DetectDceIfaceData *dce_data = (DetectDceIfaceData *)m;
DCERPCUuidEntry *item = NULL; DCERPCUuidEntry *item = NULL;
int i = 0; const DCERPCState *dcerpc_state = DetectDceGetState(f->alproto, f->alstate);
DCERPCState *dcerpc_state = DetectDceGetState(f->alproto, f->alstate);
if (dcerpc_state == NULL) { if (dcerpc_state == NULL) {
SCLogDebug("No DCERPCState for the flow"); SCLogDebug("No DCERPCState for the flow");
SCReturnInt(0); SCReturnInt(0);
@ -348,7 +347,7 @@ static int DetectDceIfaceMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
continue; continue;
/* check the interface uuid */ /* check the interface uuid */
for (i = 0; i < 16; i++) { for (int i = 0; i < 16; i++) {
if (dce_data->uuid[i] != item->uuid[i]) { if (dce_data->uuid[i] != item->uuid[i]) {
ret = 0; ret = 0;
break; break;
@ -414,34 +413,24 @@ static int DetectDceIfaceMatchRust(ThreadVars *t,
static int DetectDceIfaceSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg) static int DetectDceIfaceSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
{ {
DetectDceIfaceData *did = NULL; DetectDceIfaceData *did = DetectDceIfaceArgParse(arg);
SigMatch *sm = NULL;
// if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) != 0)
// return -1;
did = DetectDceIfaceArgParse(arg);
if (did == NULL) { if (did == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Error parsing dec_iface option in " SCLogError(SC_ERR_INVALID_SIGNATURE, "Error parsing dec_iface option in "
"signature"); "signature");
return -1; return -1;
} }
sm = SigMatchAlloc(); SigMatch *sm = SigMatchAlloc();
if (sm == NULL) if (sm == NULL) {
goto error; DetectDceIfaceFree(did);
return -1;
}
sm->type = DETECT_DCE_IFACE; sm->type = DETECT_DCE_IFACE;
sm->ctx = (void *)did; sm->ctx = (void *)did;
SigMatchAppendSMToList(s, sm, g_dce_generic_list_id); SigMatchAppendSMToList(s, sm, g_dce_generic_list_id);
return 0; return 0;
error:
DetectDceIfaceFree(did);
if (sm != NULL)
SCFree(sm);
return -1;
} }
static void DetectDceIfaceFree(void *ptr) static void DetectDceIfaceFree(void *ptr)

24
src/detect-dce-opnum.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation /* Copyright (C) 2007-2018 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -340,40 +340,30 @@ static int DetectDceOpnumMatchRust(ThreadVars *t,
static int DetectDceOpnumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg) static int DetectDceOpnumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
{ {
DetectDceOpnumData *dod = NULL;
SigMatch *sm = NULL;
if (arg == NULL) { if (arg == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Error parsing dce_opnum option in " SCLogError(SC_ERR_INVALID_SIGNATURE, "Error parsing dce_opnum option in "
"signature, option needs a value"); "signature, option needs a value");
return -1; return -1;
} }
//if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) != 0) DetectDceOpnumData *dod = DetectDceOpnumArgParse(arg);
// return -1;
dod = DetectDceOpnumArgParse(arg);
if (dod == NULL) { if (dod == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Error parsing dce_opnum option in " SCLogError(SC_ERR_INVALID_SIGNATURE, "Error parsing dce_opnum option in "
"signature"); "signature");
return -1; return -1;
} }
sm = SigMatchAlloc(); SigMatch *sm = SigMatchAlloc();
if (sm == NULL) if (sm == NULL) {
goto error; DetectDceOpnumFree(dod);
return -1;
}
sm->type = DETECT_DCE_OPNUM; sm->type = DETECT_DCE_OPNUM;
sm->ctx = (void *)dod; sm->ctx = (void *)dod;
SigMatchAppendSMToList(s, sm, g_dce_generic_list_id); SigMatchAppendSMToList(s, sm, g_dce_generic_list_id);
return 0; return 0;
error:
DetectDceOpnumFree(dod);
if (sm != NULL)
SCFree(sm);
return -1;
} }
static void DetectDceOpnumFree(void *ptr) static void DetectDceOpnumFree(void *ptr)

7
src/detect-dce-stub-data.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2016 Open Information Security Foundation /* Copyright (C) 2007-2018 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -19,7 +19,7 @@
* \file * \file
* *
* \author Anoop Saldanha <anoopsaldanha@gmail.com> * \author Anoop Saldanha <anoopsaldanha@gmail.com>
* \author Anoop Saldanha <victor@inliniac.net> * \author Victor Julien <victor@inliniac.net>
* *
* Implements dce_stub_data keyword * Implements dce_stub_data keyword
*/ */
@ -280,9 +280,6 @@ void DetectDceStubDataRegister(void)
static int DetectDceStubDataSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg) static int DetectDceStubDataSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
{ {
// if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) != 0)
// return -1;
s->init_data->list = g_dce_stub_data_buffer_id; s->init_data->list = g_dce_stub_data_buffer_id;
return 0; return 0;
} }

Write Preview
Loading…
Cancel
Save