Update DetectContentDataParse to reflect the actual data types content uses.

12 years ago · 6ba52230ed
parent 3ad497e74f
commit 6ba52230ed
8 changed files with 30 additions and 76 deletions
--- a/src/detect-content.c
+++ b/src/detect-content.c
@ -77,7 +77,8 @@ uint32_t DetectContentMaxId(DetectEngineCtx *de_ctx) {
 *  \retval -1 error
 *  \retval 0 ok
 */
-int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_t *plen, int *flags)
+int DetectContentDataParse(const char *keyword, const char *contentstr,
+        uint8_t **pstr, uint16_t *plen, uint32_t *flags)
 {
    char *str = NULL;
    uint16_t len;
@ -120,10 +121,6 @@ int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_

    SCLogDebug("\"%s\", len %" PRIu32 "", str, len);

-    len = strlen(str);
-    if (len == 0)
-        goto error;
-
    //SCLogDebug("DetectContentParse: \"%s\", len %" PRIu32 "", str, len);
    char converted = 0;

@ -209,7 +206,7 @@ int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_
    }

    *plen = len;
-    *pstr = str;
+    *pstr = (uint8_t *)str;
    return 0;

 error:
@ -224,12 +221,12 @@ error:
 DetectContentData *DetectContentParse (char *contentstr)
 {
    DetectContentData *cd = NULL;
-    char *str = NULL;
-    uint16_t len;
-    int flags;
+    uint8_t *content = NULL;
+    uint16_t len = 0;
+    uint32_t flags = 0;
    int ret;

-    ret = DetectContentDataParse("content", contentstr, &str, &len, &flags);
+    ret = DetectContentDataParse("content", contentstr, &content, &len, &flags);
    if (ret == -1) {
        return NULL;
    }
@ -243,7 +240,7 @@ DetectContentData *DetectContentParse (char *contentstr)

    cd = SCMalloc(sizeof(DetectContentData) + len);
    if (unlikely(cd == NULL)) {
-        SCFree(str);
+        SCFree(content);
        exit(EXIT_FAILURE);
    }

@ -253,7 +250,7 @@ DetectContentData *DetectContentParse (char *contentstr)
        cd->flags |= DETECT_CONTENT_NEGATED;

    cd->content = (uint8_t *)cd + sizeof(DetectContentData);
-    memcpy(cd->content, str, len);
+    memcpy(cd->content, content, len);
    cd->content_len = len;

    /* Prepare Boyer Moore context for searching faster */
@ -263,7 +260,7 @@ DetectContentData *DetectContentParse (char *contentstr)
    cd->within = 0;
    cd->distance = 0;

-    SCFree(str);
+    SCFree(content);
    return cd;

 }
--- a/src/detect-content.h
+++ b/src/detect-content.h
@ -90,7 +90,8 @@ typedef struct DetectContentData_ {
 void DetectContentRegister (void);
 uint32_t DetectContentMaxId(DetectEngineCtx *);
 DetectContentData *DetectContentParse (char *contentstr);
-int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_t *plen, int *flags);
+int DetectContentDataParse(const char *keyword, const char *contentstr,
+    uint8_t **pstr, uint16_t *plen, uint32_t *flags);
 DetectContentData *DetectContentParseEncloseQuotes(char *);

 int DetectContentSetup(DetectEngineCtx *de_ctx, Signature *s, char *contentstr);
--- a/src/detect-fileext.c
+++ b/src/detect-fileext.c
@ -146,7 +146,7 @@ static DetectFileextData *DetectFileextParse (char *str)

    memset(fileext, 0x00, sizeof(DetectFileextData));

-    if (DetectContentDataParse("fileext", str, (char **)&fileext->ext, &fileext->len, (int *)&fileext->flags) == -1) {
+    if (DetectContentDataParse("fileext", str, &fileext->ext, &fileext->len, &fileext->flags) == -1) {
        goto error;
    }

--- a/src/detect-filemagic.c
+++ b/src/detect-filemagic.c
@ -265,7 +265,7 @@ static DetectFilemagicData *DetectFilemagicParse (char *str)

    memset(filemagic, 0x00, sizeof(DetectFilemagicData));

-    if (DetectContentDataParse ("filemagic", str, (char **)&filemagic->name, &filemagic->len, (int *)&filemagic->flags) == -1) {
+    if (DetectContentDataParse ("filemagic", str, &filemagic->name, &filemagic->len, &filemagic->flags) == -1) {
        goto error;
    }

--- a/src/detect-filename.c
+++ b/src/detect-filename.c
@ -151,7 +151,7 @@ static DetectFilenameData *DetectFilenameParse (char *str)

    memset(filename, 0x00, sizeof(DetectFilenameData));

-    if (DetectContentDataParse ("filename", str, (char **)&filename->name, &filename->len, (int *)&filename->flags) == -1) {
+    if (DetectContentDataParse ("filename", str, &filename->name, &filename->len, &filename->flags) == -1) {
        goto error;
    }

--- a/src/detect-flowvar.c
+++ b/src/detect-flowvar.c
@ -140,9 +140,9 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *raws
    int ret = 0, res = 0;
    int ov[MAX_SUBSTRINGS];
    const char *str_ptr;
-    char *contentstr = NULL;
+    uint8_t *content = NULL;
    uint16_t contentlen = 0;
-    int contentflags = 0;
+    uint32_t contentflags = 0;

    ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
    if (ret != 3) {
@ -164,7 +164,7 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *raws
    }
    varcontent = (char *)str_ptr;

-    res = DetectContentDataParse("flowvar", varcontent, &contentstr, &contentlen, &contentflags);
+    res = DetectContentDataParse("flowvar", varcontent, &content, &contentlen, &contentflags);
    if (res == -1)
        goto error;

@ -176,7 +176,7 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *raws
    if (unlikely(fd->content == NULL))
        goto error;

-    memcpy(fd->content, contentstr, contentlen);;
+    memcpy(fd->content, content, contentlen);
    fd->content_len = contentlen;
    fd->flags = contentflags;

@ -194,7 +194,7 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *raws

    SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);

-    SCFree(contentstr);
+    SCFree(content);
    return 0;

 error:
@ -202,8 +202,8 @@ error:
        DetectFlowvarDataFree(fd);
    if (sm != NULL)
        SCFree(sm);
-    if (contentstr != NULL)
-        SCFree(contentstr);
+    if (content != NULL)
+        SCFree(content);
    return -1;
 }

--- a/src/detect-replace.c
+++ b/src/detect-replace.c
@ -70,13 +70,13 @@ void DetectReplaceRegister (void) {

 int DetectReplaceSetup(DetectEngineCtx *de_ctx, Signature *s, char *replacestr)
 {
-    char *str = NULL;
+    uint8_t *content = NULL;
    uint16_t len = 0;
-    int flags;
+    uint32_t flags = 0;
    SigMatch *pm = NULL;
    DetectContentData *ud = NULL;

-    int ret = DetectContentDataParse("replace", replacestr, &str, &len, &flags);
+    int ret = DetectContentDataParse("replace", replacestr, &content, &len, &flags);
    if (ret == -1)
        goto error;

@ -104,7 +104,7 @@ int DetectReplaceSetup(DetectEngineCtx *de_ctx, Signature *s, char *replacestr)
    if (pm == NULL) {
        SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "replace needs"
                "preceding content option for raw sig");
-        SCFree(str);
+        SCFree(content);
        return -1;
    }

@ -112,7 +112,7 @@ int DetectReplaceSetup(DetectEngineCtx *de_ctx, Signature *s, char *replacestr)
    ud = (DetectContentData *)pm->ctx;
    if (ud == NULL) {
        SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid argument");
-        SCFree(str);
+        SCFree(content);
        return -1;
    }
    if (ud->flags & DETECT_CONTENT_NEGATED) {
@ -130,19 +130,19 @@ int DetectReplaceSetup(DetectEngineCtx *de_ctx, Signature *s, char *replacestr)
    if (ud->replace == NULL) {
        goto error;
    }
-    memcpy(ud->replace, str, len);
+    memcpy(ud->replace, content, len);
    ud->replace_len = len;
    ud->flags |= DETECT_CONTENT_REPLACE;
    /* want packet matching only won't be able to replace data with
     * a flow.
     */
    s->flags |= SIG_FLAG_REQUIRE_PACKET;
-    SCFree(str);
+    SCFree(content);

    return 0;

 error:
-    SCFree(str);
+    SCFree(content);
    return -1;
 }

--- a/src/detect-uricontent.c
+++ b/src/detect-uricontent.c
@ -153,50 +153,6 @@ void DetectUricontentPrint(DetectContentData *cd)
    SCLogDebug("-----------");
 }

-/**
- * \brief   Setup the detecturicontent keyword data from the string defined in
- *          the rule set.
- * \param   contentstr  Pointer to the string which has been defined in the rule
- */
-DetectContentData *DoDetectUricontentSetup(char *contentstr)
-{
-    DetectContentData *cd = NULL;
-    char *str = NULL;
-    uint16_t len;
-    int flags;
-    int ret;
-
-    ret = DetectContentDataParse("uricontent", contentstr, &str, &len, &flags);
-    if (ret == -1) {
-        return NULL;
-    }
-
-    cd = SCMalloc(sizeof(DetectContentData) + len);
-    if (unlikely(cd == NULL)) {
-        SCFree(str);
-        exit(EXIT_FAILURE);
-    }
-
-    memset(cd, 0, sizeof(DetectContentData) + len);
-
-    if (flags == DETECT_CONTENT_NEGATED)
-        cd->flags |= DETECT_CONTENT_NEGATED;
-
-    cd->content = (uint8_t *)cd + sizeof(DetectContentData);
-    memcpy(cd->content, str, len);
-    cd->content_len = len;
-
-    /* Prepare Boyer Moore context for searching faster */
-    cd->bm_ctx = BoyerMooreCtxInit(cd->content, cd->content_len);
-    cd->depth = 0;
-    cd->offset = 0;
-    cd->within = 0;
-    cd->distance = 0;
-
-    SCFree(str);
-    return cd;
-}
-
 /**
 * \brief Creates a SigMatch for the uricontent keyword being sent as argument,
 *        and appends it to the Signature(s).