aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix seg fault due to premature cleanup/double cleanup for byte(jump|test), isdataat, on seeing no previous relative keywords

Browse Source
remotes/origin/master-1.0.x
Anoop Saldanha 16 years ago committed by Victor Julien
parent c1486d7f2e
commit 3536ba7348
4 changed files with 96 additions and 18 deletions
Show Stats Download Patch File Download Diff File

12
src/detect-bytejump.c
Unescape Escape View File

@ -588,11 +588,11 @@ int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, char *optstr)
if (s->alproto == ALPROTO_DCERPC) { if (s->alproto == ALPROTO_DCERPC) {
SCLogDebug("No preceding content or pcre keyword. Possible " SCLogDebug("No preceding content or pcre keyword. Possible "
"since this is an alproto sig."); "since this is an alproto sig.");
SCReturnInt(0); return 0;
} else { } else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "No preceding content " SCLogError(SC_ERR_INVALID_SIGNATURE, "No preceding content "
"or uricontent or pcre option"); "or uricontent or pcre option");
goto error; return -1;
} }
} }
@ -607,7 +607,7 @@ int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, char *optstr)
if (cd == NULL) { if (cd == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-" SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
"previous keyword!"); "previous keyword!");
goto error; return -1;
} }
cd->flags |= DETECT_CONTENT_RELATIVE_NEXT; cd->flags |= DETECT_CONTENT_RELATIVE_NEXT;
@ -619,7 +619,7 @@ int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, char *optstr)
if (ud == NULL) { if (ud == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-" SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
"previous keyword!"); "previous keyword!");
goto error; return -1;
} }
ud->flags |= DETECT_URICONTENT_RELATIVE_NEXT; ud->flags |= DETECT_URICONTENT_RELATIVE_NEXT;
@ -630,7 +630,7 @@ int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, char *optstr)
if (pe == NULL) { if (pe == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-" SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
"previous keyword!"); "previous keyword!");
goto error; return -1;
} }
pe->flags |= DETECT_PCRE_RELATIVE_NEXT; pe->flags |= DETECT_PCRE_RELATIVE_NEXT;
@ -646,7 +646,7 @@ int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, char *optstr)
/* this will never hit */ /* this will never hit */
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-" SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
"previous keyword!"); "previous keyword!");
break; return -1;
} /* switch */ } /* switch */
return 0; return 0;

12
src/detect-bytetest.c
Unescape Escape View File

@ -604,11 +604,11 @@ int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, char *optstr)
if (s->alproto == ALPROTO_DCERPC) { if (s->alproto == ALPROTO_DCERPC) {
SCLogDebug("No preceding content or pcre keyword. Possible " SCLogDebug("No preceding content or pcre keyword. Possible "
"since this is an alproto sig."); "since this is an alproto sig.");
SCReturnInt(0); return 0;
} else { } else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "No preceding content " SCLogError(SC_ERR_INVALID_SIGNATURE, "No preceding content "
"or uricontent or pcre option"); "or uricontent or pcre option");
goto error; return -1;
} }
} }
@ -623,7 +623,7 @@ int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, char *optstr)
if (cd == NULL) { if (cd == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-" SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
"previous keyword!"); "previous keyword!");
goto error; return -1;
} }
cd->flags |= DETECT_CONTENT_RELATIVE_NEXT; cd->flags |= DETECT_CONTENT_RELATIVE_NEXT;
@ -635,7 +635,7 @@ int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, char *optstr)
if (ud == NULL) { if (ud == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-" SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
"previous keyword!"); "previous keyword!");
goto error; return -1;
} }
ud->flags |= DETECT_URICONTENT_RELATIVE_NEXT; ud->flags |= DETECT_URICONTENT_RELATIVE_NEXT;
@ -646,7 +646,7 @@ int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, char *optstr)
if (pe == NULL) { if (pe == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-" SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
"previous keyword!"); "previous keyword!");
goto error; return -1;
} }
pe->flags |= DETECT_PCRE_RELATIVE_NEXT; pe->flags |= DETECT_PCRE_RELATIVE_NEXT;
@ -662,7 +662,7 @@ int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, char *optstr)
/* this will never hit */ /* this will never hit */
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-" SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
"previous keyword!"); "previous keyword!");
break; return -1;
} /* switch */ } /* switch */
return 0; return 0;

78
src/detect-engine-payload.c
Unescape Escape View File

@ -617,6 +617,81 @@ end:
return result; return result;
} }
/**
* \test Test invalid sig.
*/
static int PayloadTestSig10(void)
{
uint8_t *buf = (uint8_t *)"this is a super duper nova in super nova now";
uint16_t buflen = strlen((char *)buf);
Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
int result = 0;
char sig[] = "alert udp any any -> any any (msg:\"crash\"; "
"byte_test:4,>,2,0,relative; sid:11;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 1) {
result = 0;
goto end;
}
result = 1;
end:
if (p != NULL)
UTHFreePacket(p);
return result;
}
/**
* \test Test invalid sig.
*/
static int PayloadTestSig11(void)
{
uint8_t *buf = (uint8_t *)"this is a super duper nova in super nova now";
uint16_t buflen = strlen((char *)buf);
Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
int result = 0;
char sig[] = "alert udp any any -> any any (msg:\"crash\"; "
"byte_jump:1,0,relative; sid:11;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 1) {
result = 0;
goto end;
}
result = 1;
end:
if (p != NULL)
UTHFreePacket(p);
return result;
}
/**
* \test Test invalid sig.
*/
static int PayloadTestSig12(void)
{
uint8_t *buf = (uint8_t *)"this is a super duper nova in super nova now";
uint16_t buflen = strlen((char *)buf);
Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
int result = 0;
char sig[] = "alert udp any any -> any any (msg:\"crash\"; "
"isdataat:10,relative; sid:11;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 1) {
result = 0;
goto end;
}
result = 1;
end:
if (p != NULL)
UTHFreePacket(p);
return result;
}
#endif /* UNITTESTS */ #endif /* UNITTESTS */
void PayloadRegisterTests(void) { void PayloadRegisterTests(void) {
@ -630,5 +705,8 @@ void PayloadRegisterTests(void) {
UtRegisterTest("PayloadTestSig07", PayloadTestSig07, 1); UtRegisterTest("PayloadTestSig07", PayloadTestSig07, 1);
UtRegisterTest("PayloadTestSig08", PayloadTestSig08, 1); UtRegisterTest("PayloadTestSig08", PayloadTestSig08, 1);
UtRegisterTest("PayloadTestSig09", PayloadTestSig09, 1); UtRegisterTest("PayloadTestSig09", PayloadTestSig09, 1);
UtRegisterTest("PayloadTestSig10", PayloadTestSig10, 1);
UtRegisterTest("PayloadTestSig11", PayloadTestSig11, 1);
UtRegisterTest("PayloadTestSig12", PayloadTestSig12, 1);
#endif /* UNITTESTS */ #endif /* UNITTESTS */
} }

12
src/detect-isdataat.c
Unescape Escape View File

@ -286,11 +286,11 @@ int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, char *isdataatst
if (s->alproto == ALPROTO_DCERPC) { if (s->alproto == ALPROTO_DCERPC) {
SCLogDebug("No preceding content or pcre keyword. Possible " SCLogDebug("No preceding content or pcre keyword. Possible "
"since this is an alproto sig."); "since this is an alproto sig.");
SCReturnInt(0); return 0;
} else { } else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "No preceding content " SCLogError(SC_ERR_INVALID_SIGNATURE, "No preceding content "
"or uricontent or pcre option"); "or uricontent or pcre option");
goto error; return -1;
} }
} }
@ -305,7 +305,7 @@ int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, char *isdataatst
if (cd == NULL) { if (cd == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-" SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
"previous keyword!"); "previous keyword!");
goto error; return -1;
} }
cd->flags |= DETECT_CONTENT_RELATIVE_NEXT; cd->flags |= DETECT_CONTENT_RELATIVE_NEXT;
@ -317,7 +317,7 @@ int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, char *isdataatst
if (ud == NULL) { if (ud == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-" SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
"previous keyword!"); "previous keyword!");
goto error; return -1;
} }
ud->flags |= DETECT_URICONTENT_RELATIVE_NEXT; ud->flags |= DETECT_URICONTENT_RELATIVE_NEXT;
@ -328,7 +328,7 @@ int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, char *isdataatst
if (pe == NULL) { if (pe == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-" SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
"previous keyword!"); "previous keyword!");
goto error; return -1;
} }
pe->flags |= DETECT_PCRE_RELATIVE_NEXT; pe->flags |= DETECT_PCRE_RELATIVE_NEXT;
@ -344,7 +344,7 @@ int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, char *isdataatst
/* this will never hit */ /* this will never hit */
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-" SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
"previous keyword!"); "previous keyword!");
break; return -1;
} /* switch */ } /* switch */
return 0; return 0;

Write Preview
Loading…
Cancel
Save