diff --git a/src/detect-engine.c b/src/detect-engine.c index a185d24b6b..79c3478bfb 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -1332,8 +1332,9 @@ void DetectEngineBufferRunSetupCallback(const DetectEngineCtx *de_ctx, const int } } -void DetectBufferTypeRegisterValidateCallback(const char *name, - bool (*ValidateCallback)(const Signature *, const char **sigerror)) +void DetectBufferTypeRegisterValidateCallback( + const char *name, bool (*ValidateCallback)(const Signature *, const char **sigerror, + const DetectBufferType *)) { BUG_ON(g_buffer_type_reg_closed); DetectBufferTypeRegister(name); @@ -1346,8 +1347,9 @@ bool DetectEngineBufferRunValidateCallback( const DetectEngineCtx *de_ctx, const int id, const Signature *s, const char **sigerror) { const DetectBufferType *map = DetectEngineBufferTypeGetById(de_ctx, id); - if (map && map->ValidateCallback) { - return map->ValidateCallback(s, sigerror); + // only run validation if the buffer is not transformed + if (map && map->ValidateCallback && map->transforms.cnt == 0) { + return map->ValidateCallback(s, sigerror, map); } return true; } diff --git a/src/detect-engine.h b/src/detect-engine.h index 4ed06fa9bb..89649f0cc3 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -62,8 +62,9 @@ void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc); const char *DetectBufferTypeGetDescriptionByName(const char *name); void DetectBufferTypeRegisterSetupCallback(const char *name, void (*Callback)(const DetectEngineCtx *, Signature *)); -void DetectBufferTypeRegisterValidateCallback(const char *name, - bool (*ValidateCallback)(const Signature *, const char **sigerror)); +void DetectBufferTypeRegisterValidateCallback( + const char *name, bool (*ValidateCallback)(const Signature *, const char **sigerror, + const DetectBufferType *)); /* detect engine related buffer funcs */ diff --git a/src/detect-http-host.c b/src/detect-http-host.c index eef1358052..1bc0228148 100644 --- a/src/detect-http-host.c +++ b/src/detect-http-host.c @@ -62,7 +62,8 @@ static int DetectHttpHHSetup(DetectEngineCtx *, Signature *, const char *); #ifdef UNITTESTS static void DetectHttpHHRegisterTests(void); #endif -static bool DetectHttpHostValidateCallback(const Signature *s, const char **sigerror); +static bool DetectHttpHostValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt); static int DetectHttpHostSetup(DetectEngineCtx *, Signature *, const char *); static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, @@ -180,10 +181,11 @@ static int DetectHttpHHSetup(DetectEngineCtx *de_ctx, Signature *s, const char * de_ctx, s, arg, DETECT_HTTP_HOST_CM, g_http_host_buffer_id, ALPROTO_HTTP1); } -static bool DetectHttpHostValidateCallback(const Signature *s, const char **sigerror) +static bool DetectHttpHostValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt) { for (uint32_t x = 0; x < s->init_data->buffer_index; x++) { - if (s->init_data->buffers[x].id != (uint32_t)g_http_host_buffer_id) + if (s->init_data->buffers[x].id != (uint32_t)dbt->id) continue; const SigMatch *sm = s->init_data->buffers[x].head; for (; sm != NULL; sm = sm->next) { diff --git a/src/detect-http-method.c b/src/detect-http-method.c index 902d48ed31..74eb7977c8 100644 --- a/src/detect-http-method.c +++ b/src/detect-http-method.c @@ -65,7 +65,8 @@ static int DetectHttpMethodSetupSticky(DetectEngineCtx *de_ctx, Signature *s, co void DetectHttpMethodRegisterTests(void); #endif void DetectHttpMethodFree(void *); -static bool DetectHttpMethodValidateCallback(const Signature *s, const char **sigerror); +static bool DetectHttpMethodValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt); static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv, const int list_id); @@ -162,10 +163,11 @@ static int DetectHttpMethodSetupSticky(DetectEngineCtx *de_ctx, Signature *s, co * \retval 1 valid * \retval 0 invalid */ -static bool DetectHttpMethodValidateCallback(const Signature *s, const char **sigerror) +static bool DetectHttpMethodValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt) { for (uint32_t x = 0; x < s->init_data->buffer_index; x++) { - if (s->init_data->buffers[x].id != (uint32_t)g_http_method_buffer_id) + if (s->init_data->buffers[x].id != (uint32_t)dbt->id) continue; const SigMatch *sm = s->init_data->buffers[x].head; for (; sm != NULL; sm = sm->next) { diff --git a/src/detect-http-protocol.c b/src/detect-http-protocol.c index 2836ff077c..1a04baa36f 100644 --- a/src/detect-http-protocol.c +++ b/src/detect-http-protocol.c @@ -127,11 +127,12 @@ static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx, return buffer; } -static bool DetectHttpProtocolValidateCallback(const Signature *s, const char **sigerror) +static bool DetectHttpProtocolValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt) { #ifdef HAVE_HTP_CONFIG_SET_ALLOW_SPACE_URI for (uint32_t x = 0; x < s->init_data->buffer_index; x++) { - if (s->init_data->buffers[x].id != (uint32_t)g_buffer_id) + if (s->init_data->buffers[x].id != (uint32_t)dbt->id) continue; const SigMatch *sm = s->init_data->buffers[x].head; for (; sm != NULL; sm = sm->next) { diff --git a/src/detect-http-raw-header.c b/src/detect-http-raw-header.c index 2eda09704e..8adc67be4a 100644 --- a/src/detect-http-raw-header.c +++ b/src/detect-http-raw-header.c @@ -58,7 +58,8 @@ static int DetectHttpRawHeaderSetupSticky(DetectEngineCtx *de_ctx, Signature *s, #ifdef UNITTESTS static void DetectHttpRawHeaderRegisterTests(void); #endif -static bool DetectHttpRawHeaderValidateCallback(const Signature *s, const char **sigerror); +static bool DetectHttpRawHeaderValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt); static int g_http_raw_header_buffer_id = 0; static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *_f, @@ -166,7 +167,8 @@ static int DetectHttpRawHeaderSetupSticky(DetectEngineCtx *de_ctx, Signature *s, return 0; } -static bool DetectHttpRawHeaderValidateCallback(const Signature *s, const char **sigerror) +static bool DetectHttpRawHeaderValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt) { if ((s->flags & (SIG_FLAG_TOCLIENT|SIG_FLAG_TOSERVER)) == (SIG_FLAG_TOCLIENT|SIG_FLAG_TOSERVER)) { *sigerror = "http_raw_header signature " diff --git a/src/detect-http-uri.c b/src/detect-http-uri.c index 02a932b5f4..702d97bcab 100644 --- a/src/detect-http-uri.c +++ b/src/detect-http-uri.c @@ -59,9 +59,7 @@ #ifdef UNITTESTS static void DetectHttpUriRegisterTests(void); #endif -static void DetectHttpUriSetupCallback(const DetectEngineCtx *de_ctx, - Signature *s); -static bool DetectHttpUriValidateCallback(const Signature *s, const char **sigerror); +static void DetectHttpUriSetupCallback(const DetectEngineCtx *de_ctx, Signature *s); static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, @@ -71,9 +69,7 @@ static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx, const int list_id); static int DetectHttpUriSetupSticky(DetectEngineCtx *de_ctx, Signature *s, const char *str); static int DetectHttpRawUriSetup(DetectEngineCtx *, Signature *, const char *); -static void DetectHttpRawUriSetupCallback(const DetectEngineCtx *de_ctx, - Signature *s); -static bool DetectHttpRawUriValidateCallback(const Signature *s, const char **); +static void DetectHttpRawUriSetupCallback(const DetectEngineCtx *de_ctx, Signature *s); static InspectionBuffer *GetRawData(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, @@ -126,8 +122,7 @@ void DetectHttpUriRegister (void) DetectBufferTypeRegisterSetupCallback("http_uri", DetectHttpUriSetupCallback); - DetectBufferTypeRegisterValidateCallback("http_uri", - DetectHttpUriValidateCallback); + DetectBufferTypeRegisterValidateCallback("http_uri", DetectUrilenValidateContent); g_http_uri_buffer_id = DetectBufferTypeGetByName("http_uri"); @@ -165,8 +160,7 @@ void DetectHttpUriRegister (void) DetectBufferTypeRegisterSetupCallback("http_raw_uri", DetectHttpRawUriSetupCallback); - DetectBufferTypeRegisterValidateCallback("http_raw_uri", - DetectHttpRawUriValidateCallback); + DetectBufferTypeRegisterValidateCallback("http_raw_uri", DetectUrilenValidateContent); g_http_raw_uri_buffer_id = DetectBufferTypeGetByName("http_raw_uri"); } @@ -188,11 +182,6 @@ int DetectHttpUriSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) de_ctx, s, str, DETECT_HTTP_URI_CM, g_http_uri_buffer_id, ALPROTO_HTTP1); } -static bool DetectHttpUriValidateCallback(const Signature *s, const char **sigerror) -{ - return DetectUrilenValidateContent(s, g_http_uri_buffer_id, sigerror); -} - static void DetectHttpUriSetupCallback(const DetectEngineCtx *de_ctx, Signature *s) { @@ -282,11 +271,6 @@ static int DetectHttpRawUriSetup(DetectEngineCtx *de_ctx, Signature *s, const ch de_ctx, s, arg, DETECT_HTTP_RAW_URI, g_http_raw_uri_buffer_id, ALPROTO_HTTP1); } -static bool DetectHttpRawUriValidateCallback(const Signature *s, const char **sigerror) -{ - return DetectUrilenValidateContent(s, g_http_raw_uri_buffer_id, sigerror); -} - static void DetectHttpRawUriSetupCallback(const DetectEngineCtx *de_ctx, Signature *s) { diff --git a/src/detect-quic-cyu-hash.c b/src/detect-quic-cyu-hash.c index 39890d18c6..ce2412fbae 100644 --- a/src/detect-quic-cyu-hash.c +++ b/src/detect-quic-cyu-hash.c @@ -82,10 +82,11 @@ static InspectionBuffer *QuicHashGetData(DetectEngineThreadCtx *det_ctx, SCReturnPtr(buffer, "InspectionBuffer"); } -static bool DetectQuicHashValidateCallback(const Signature *s, const char **sigerror) +static bool DetectQuicHashValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt) { for (uint32_t x = 0; x < s->init_data->buffer_index; x++) { - if (s->init_data->buffers[x].id != (uint32_t)g_buffer_id) + if (s->init_data->buffers[x].id != (uint32_t)dbt->id) continue; const SigMatch *sm = s->init_data->buffers[x].head; for (; sm != NULL; sm = sm->next) { diff --git a/src/detect-sip-method.c b/src/detect-sip-method.c index 27a3c373c2..2c0eeeee48 100644 --- a/src/detect-sip-method.c +++ b/src/detect-sip-method.c @@ -69,10 +69,11 @@ static int DetectSipMethodSetup(DetectEngineCtx *de_ctx, Signature *s, const cha return 0; } -static bool DetectSipMethodValidateCallback(const Signature *s, const char **sigerror) +static bool DetectSipMethodValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt) { for (uint32_t x = 0; x < s->init_data->buffer_index; x++) { - if (s->init_data->buffers[x].id != (uint32_t)g_buffer_id) + if (s->init_data->buffers[x].id != (uint32_t)dbt->id) continue; const SigMatch *sm = s->init_data->buffers[x].head; for (; sm != NULL; sm = sm->next) { diff --git a/src/detect-sip-uri.c b/src/detect-sip-uri.c index 111e60a5a4..cd78cd12c5 100644 --- a/src/detect-sip-uri.c +++ b/src/detect-sip-uri.c @@ -59,11 +59,6 @@ #define BUFFER_DESC "sip request uri" static int g_buffer_id = 0; -static bool DetectSipUriValidateCallback(const Signature *s, const char **sigerror) -{ - return DetectUrilenValidateContent(s, g_buffer_id, sigerror); -} - static void DetectSipUriSetupCallback(const DetectEngineCtx *de_ctx, Signature *s) { @@ -121,8 +116,7 @@ void DetectSipUriRegister(void) DetectBufferTypeRegisterSetupCallback(BUFFER_NAME, DetectSipUriSetupCallback); - DetectBufferTypeRegisterValidateCallback(BUFFER_NAME, - DetectSipUriValidateCallback); + DetectBufferTypeRegisterValidateCallback(BUFFER_NAME, DetectUrilenValidateContent); g_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-ssh-hassh-server.c b/src/detect-ssh-hassh-server.c index bc6f752cdd..be6d9a8a50 100644 --- a/src/detect-ssh-hassh-server.c +++ b/src/detect-ssh-hassh-server.c @@ -118,10 +118,11 @@ static int DetectSshHasshServerSetup(DetectEngineCtx *de_ctx, Signature *s, cons } -static bool DetectSshHasshServerHashValidateCallback(const Signature *s, const char **sigerror) +static bool DetectSshHasshServerHashValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt) { for (uint32_t x = 0; x < s->init_data->buffer_index; x++) { - if (s->init_data->buffers[x].id != (uint32_t)g_ssh_hassh_buffer_id) + if (s->init_data->buffers[x].id != (uint32_t)dbt->id) continue; const SigMatch *sm = s->init_data->buffers[x].head; for (; sm != NULL; sm = sm->next) { diff --git a/src/detect-ssh-hassh.c b/src/detect-ssh-hassh.c index 452534b834..02719be618 100644 --- a/src/detect-ssh-hassh.c +++ b/src/detect-ssh-hassh.c @@ -117,12 +117,11 @@ static int DetectSshHasshSetup(DetectEngineCtx *de_ctx, Signature *s, const char } - -static bool DetectSshHasshHashValidateCallback(const Signature *s, - const char **sigerror) +static bool DetectSshHasshHashValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt) { for (uint32_t x = 0; x < s->init_data->buffer_index; x++) { - if (s->init_data->buffers[x].id != (uint32_t)g_ssh_hassh_buffer_id) + if (s->init_data->buffers[x].id != (uint32_t)dbt->id) continue; const SigMatch *sm = s->init_data->buffers[x].head; for (; sm != NULL; sm = sm->next) { diff --git a/src/detect-tls-cert-fingerprint.c b/src/detect-tls-cert-fingerprint.c index 2844c882d5..414819094e 100644 --- a/src/detect-tls-cert-fingerprint.c +++ b/src/detect-tls-cert-fingerprint.c @@ -62,8 +62,8 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, void *txv, const int list_id); static void DetectTlsFingerprintSetupCallback(const DetectEngineCtx *de_ctx, Signature *s); -static bool DetectTlsFingerprintValidateCallback(const Signature *s, - const char **sigerror); +static bool DetectTlsFingerprintValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt); static int g_tls_cert_fingerprint_buffer_id = 0; /** @@ -159,11 +159,11 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, return buffer; } -static bool DetectTlsFingerprintValidateCallback(const Signature *s, - const char **sigerror) +static bool DetectTlsFingerprintValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt) { for (uint32_t x = 0; x < s->init_data->buffer_index; x++) { - if (s->init_data->buffers[x].id != (uint32_t)g_tls_cert_fingerprint_buffer_id) + if (s->init_data->buffers[x].id != (uint32_t)dbt->id) continue; const SigMatch *sm = s->init_data->buffers[x].head; for (; sm != NULL; sm = sm->next) { diff --git a/src/detect-tls-cert-serial.c b/src/detect-tls-cert-serial.c index 6a9705672f..0ac1ec39c1 100644 --- a/src/detect-tls-cert-serial.c +++ b/src/detect-tls-cert-serial.c @@ -62,8 +62,8 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, void *txv, const int list_id); static void DetectTlsSerialSetupCallback(const DetectEngineCtx *de_ctx, Signature *s); -static bool DetectTlsSerialValidateCallback(const Signature *s, - const char **sigerror); +static bool DetectTlsSerialValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt); static int g_tls_cert_serial_buffer_id = 0; /** @@ -157,11 +157,11 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, return buffer; } -static bool DetectTlsSerialValidateCallback(const Signature *s, - const char **sigerror) +static bool DetectTlsSerialValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt) { for (uint32_t x = 0; x < s->init_data->buffer_index; x++) { - if (s->init_data->buffers[x].id != (uint32_t)g_tls_cert_serial_buffer_id) + if (s->init_data->buffers[x].id != (uint32_t)dbt->id) continue; const SigMatch *sm = s->init_data->buffers[x].head; for (; sm != NULL; sm = sm->next) { diff --git a/src/detect-tls-ja3-hash.c b/src/detect-tls-ja3-hash.c index 82fb7d76b8..5522a2a809 100644 --- a/src/detect-tls-ja3-hash.c +++ b/src/detect-tls-ja3-hash.c @@ -72,8 +72,8 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, void *txv, const int list_id); static void DetectTlsJa3HashSetupCallback(const DetectEngineCtx *de_ctx, Signature *s); -static bool DetectTlsJa3HashValidateCallback(const Signature *s, - const char **sigerror); +static bool DetectTlsJa3HashValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt); static int g_tls_ja3_hash_buffer_id = 0; #endif @@ -178,11 +178,11 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, return buffer; } -static bool DetectTlsJa3HashValidateCallback(const Signature *s, - const char **sigerror) +static bool DetectTlsJa3HashValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt) { for (uint32_t x = 0; x < s->init_data->buffer_index; x++) { - if (s->init_data->buffers[x].id != (uint32_t)g_tls_ja3_hash_buffer_id) + if (s->init_data->buffers[x].id != (uint32_t)dbt->id) continue; const SigMatch *sm = s->init_data->buffers[x].head; for (; sm != NULL; sm = sm->next) { diff --git a/src/detect-tls-ja3s-hash.c b/src/detect-tls-ja3s-hash.c index 9dba781959..484e02ebfa 100644 --- a/src/detect-tls-ja3s-hash.c +++ b/src/detect-tls-ja3s-hash.c @@ -72,8 +72,8 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, void *txv, const int list_id); static void DetectTlsJa3SHashSetupCallback(const DetectEngineCtx *de_ctx, Signature *s); -static bool DetectTlsJa3SHashValidateCallback(const Signature *s, - const char **sigerror); +static bool DetectTlsJa3SHashValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt); static int g_tls_ja3s_hash_buffer_id = 0; #endif @@ -176,11 +176,11 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, return buffer; } -static bool DetectTlsJa3SHashValidateCallback(const Signature *s, - const char **sigerror) +static bool DetectTlsJa3SHashValidateCallback( + const Signature *s, const char **sigerror, const DetectBufferType *dbt) { for (uint32_t x = 0; x < s->init_data->buffer_index; x++) { - if (s->init_data->buffers[x].id != (uint32_t)g_tls_ja3s_hash_buffer_id) + if (s->init_data->buffers[x].id != (uint32_t)dbt->id) continue; const SigMatch *sm = s->init_data->buffers[x].head; for (; sm != NULL; sm = sm->next) { diff --git a/src/detect-urilen.c b/src/detect-urilen.c index 07e8e55cd2..632eddfcf7 100644 --- a/src/detect-urilen.c +++ b/src/detect-urilen.c @@ -214,10 +214,11 @@ void DetectUrilenApplyToContent(Signature *s, int list) } } -bool DetectUrilenValidateContent(const Signature *s, int list, const char **sigerror) +bool DetectUrilenValidateContent( + const Signature *s, const char **sigerror, const DetectBufferType *dbt) { for (uint32_t x = 0; x < s->init_data->buffer_index; x++) { - if (s->init_data->buffers[x].id != (uint32_t)list) + if (s->init_data->buffers[x].id != (uint32_t)dbt->id) continue; for (const SigMatch *sm = s->init_data->buffers[x].head; sm != NULL; sm = sm->next) { if (sm->type != DETECT_CONTENT) { diff --git a/src/detect-urilen.h b/src/detect-urilen.h index ccd319c755..3d8a0721ee 100644 --- a/src/detect-urilen.h +++ b/src/detect-urilen.h @@ -24,7 +24,7 @@ #ifndef _DETECT_URILEN_H #define _DETECT_URILEN_H -bool DetectUrilenValidateContent(const Signature *s, int list, const char **); +bool DetectUrilenValidateContent(const Signature *s, const char **, const DetectBufferType *dbt); void DetectUrilenApplyToContent(Signature *s, int list); void DetectUrilenRegister(void); diff --git a/src/detect.h b/src/detect.h index 89d221f612..2c9b15edb6 100644 --- a/src/detect.h +++ b/src/detect.h @@ -473,7 +473,8 @@ typedef struct DetectBufferType_ { bool supports_transforms; bool multi_instance; /**< buffer supports multiple buffer instances per tx */ void (*SetupCallback)(const struct DetectEngineCtx_ *, struct Signature_ *); - bool (*ValidateCallback)(const struct Signature_ *, const char **sigerror); + bool (*ValidateCallback)( + const struct Signature_ *, const char **sigerror, const struct DetectBufferType_ *); DetectEngineTransforms transforms; } DetectBufferType;