aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update DetectContentDataParse to reflect the actual data types content uses.

Browse Source
pull/344/merge
Victor Julien 12 years ago
parent 3ad497e74f
commit 6ba52230ed
8 changed files with 30 additions and 76 deletions
Show Stats Download Patch File Download Diff File

23
src/detect-content.c
Unescape Escape View File

@ -77,7 +77,8 @@ uint32_t DetectContentMaxId(DetectEngineCtx *de_ctx) {
* \retval -1 error * \retval -1 error
* \retval 0 ok * \retval 0 ok
*/ */
int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_t *plen, int *flags) int DetectContentDataParse(const char *keyword, const char *contentstr,
uint8_t **pstr, uint16_t *plen, uint32_t *flags)
{ {
char *str = NULL; char *str = NULL;
uint16_t len; uint16_t len;
@ -120,10 +121,6 @@ int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_
SCLogDebug("\"%s\", len %" PRIu32 "", str, len); SCLogDebug("\"%s\", len %" PRIu32 "", str, len);
len = strlen(str);
if (len == 0)
goto error;
//SCLogDebug("DetectContentParse: \"%s\", len %" PRIu32 "", str, len); //SCLogDebug("DetectContentParse: \"%s\", len %" PRIu32 "", str, len);
char converted = 0; char converted = 0;
@ -209,7 +206,7 @@ int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_
} }
*plen = len; *plen = len;
*pstr = str; *pstr = (uint8_t *)str;
return 0; return 0;
error: error:
@ -224,12 +221,12 @@ error:
DetectContentData *DetectContentParse (char *contentstr) DetectContentData *DetectContentParse (char *contentstr)
{ {
DetectContentData *cd = NULL; DetectContentData *cd = NULL;
char *str = NULL; uint8_t *content = NULL;
uint16_t len; uint16_t len = 0;
int flags; uint32_t flags = 0;
int ret; int ret;
ret = DetectContentDataParse("content", contentstr, &str, &len, &flags); ret = DetectContentDataParse("content", contentstr, &content, &len, &flags);
if (ret == -1) { if (ret == -1) {
return NULL; return NULL;
} }
@ -243,7 +240,7 @@ DetectContentData *DetectContentParse (char *contentstr)
cd = SCMalloc(sizeof(DetectContentData) + len); cd = SCMalloc(sizeof(DetectContentData) + len);
if (unlikely(cd == NULL)) { if (unlikely(cd == NULL)) {
SCFree(str); SCFree(content);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
@ -253,7 +250,7 @@ DetectContentData *DetectContentParse (char *contentstr)
cd->flags |= DETECT_CONTENT_NEGATED; cd->flags |= DETECT_CONTENT_NEGATED;
cd->content = (uint8_t *)cd + sizeof(DetectContentData); cd->content = (uint8_t *)cd + sizeof(DetectContentData);
memcpy(cd->content, str, len); memcpy(cd->content, content, len);
cd->content_len = len; cd->content_len = len;
/* Prepare Boyer Moore context for searching faster */ /* Prepare Boyer Moore context for searching faster */
@ -263,7 +260,7 @@ DetectContentData *DetectContentParse (char *contentstr)
cd->within = 0; cd->within = 0;
cd->distance = 0; cd->distance = 0;
SCFree(str); SCFree(content);
return cd; return cd;
} }

3
src/detect-content.h
Unescape Escape View File

@ -90,7 +90,8 @@ typedef struct DetectContentData_ {
void DetectContentRegister (void); void DetectContentRegister (void);
uint32_t DetectContentMaxId(DetectEngineCtx *); uint32_t DetectContentMaxId(DetectEngineCtx *);
DetectContentData *DetectContentParse (char *contentstr); DetectContentData *DetectContentParse (char *contentstr);
int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_t *plen, int *flags); int DetectContentDataParse(const char *keyword, const char *contentstr,
uint8_t **pstr, uint16_t *plen, uint32_t *flags);
DetectContentData *DetectContentParseEncloseQuotes(char *); DetectContentData *DetectContentParseEncloseQuotes(char *);
int DetectContentSetup(DetectEngineCtx *de_ctx, Signature *s, char *contentstr); int DetectContentSetup(DetectEngineCtx *de_ctx, Signature *s, char *contentstr);

2
src/detect-fileext.c
Unescape Escape View File

@ -146,7 +146,7 @@ static DetectFileextData *DetectFileextParse (char *str)
memset(fileext, 0x00, sizeof(DetectFileextData)); memset(fileext, 0x00, sizeof(DetectFileextData));
if (DetectContentDataParse("fileext", str, (char **)&fileext->ext, &fileext->len, (int *)&fileext->flags) == -1) { if (DetectContentDataParse("fileext", str, &fileext->ext, &fileext->len, &fileext->flags) == -1) {
goto error; goto error;
} }

2
src/detect-filemagic.c
Unescape Escape View File

@ -265,7 +265,7 @@ static DetectFilemagicData *DetectFilemagicParse (char *str)
memset(filemagic, 0x00, sizeof(DetectFilemagicData)); memset(filemagic, 0x00, sizeof(DetectFilemagicData));
if (DetectContentDataParse ("filemagic", str, (char **)&filemagic->name, &filemagic->len, (int *)&filemagic->flags) == -1) { if (DetectContentDataParse ("filemagic", str, &filemagic->name, &filemagic->len, &filemagic->flags) == -1) {
goto error; goto error;
} }

2
src/detect-filename.c
Unescape Escape View File

@ -151,7 +151,7 @@ static DetectFilenameData *DetectFilenameParse (char *str)
memset(filename, 0x00, sizeof(DetectFilenameData)); memset(filename, 0x00, sizeof(DetectFilenameData));
if (DetectContentDataParse ("filename", str, (char **)&filename->name, &filename->len, (int *)&filename->flags) == -1) { if (DetectContentDataParse ("filename", str, &filename->name, &filename->len, &filename->flags) == -1) {
goto error; goto error;
} }

14
src/detect-flowvar.c
Unescape Escape View File

@ -140,9 +140,9 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *raws
int ret = 0, res = 0; int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS]; int ov[MAX_SUBSTRINGS];
const char *str_ptr; const char *str_ptr;
char *contentstr = NULL; uint8_t *content = NULL;
uint16_t contentlen = 0; uint16_t contentlen = 0;
int contentflags = 0; uint32_t contentflags = 0;
ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 3) { if (ret != 3) {
@ -164,7 +164,7 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *raws
} }
varcontent = (char *)str_ptr; varcontent = (char *)str_ptr;
res = DetectContentDataParse("flowvar", varcontent, &contentstr, &contentlen, &contentflags); res = DetectContentDataParse("flowvar", varcontent, &content, &contentlen, &contentflags);
if (res == -1) if (res == -1)
goto error; goto error;
@ -176,7 +176,7 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *raws
if (unlikely(fd->content == NULL)) if (unlikely(fd->content == NULL))
goto error; goto error;
memcpy(fd->content, contentstr, contentlen);; memcpy(fd->content, content, contentlen);
fd->content_len = contentlen; fd->content_len = contentlen;
fd->flags = contentflags; fd->flags = contentflags;
@ -194,7 +194,7 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *raws
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH); SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
SCFree(contentstr); SCFree(content);
return 0; return 0;
error: error:
@ -202,8 +202,8 @@ error:
DetectFlowvarDataFree(fd); DetectFlowvarDataFree(fd);
if (sm != NULL) if (sm != NULL)
SCFree(sm); SCFree(sm);
if (contentstr != NULL) if (content != NULL)
SCFree(contentstr); SCFree(content);
return -1; return -1;
} }

16
src/detect-replace.c
Unescape Escape View File

@ -70,13 +70,13 @@ void DetectReplaceRegister (void) {
int DetectReplaceSetup(DetectEngineCtx *de_ctx, Signature *s, char *replacestr) int DetectReplaceSetup(DetectEngineCtx *de_ctx, Signature *s, char *replacestr)
{ {
char *str = NULL; uint8_t *content = NULL;
uint16_t len = 0; uint16_t len = 0;
int flags; uint32_t flags = 0;
SigMatch *pm = NULL; SigMatch *pm = NULL;
DetectContentData *ud = NULL; DetectContentData *ud = NULL;
int ret = DetectContentDataParse("replace", replacestr, &str, &len, &flags); int ret = DetectContentDataParse("replace", replacestr, &content, &len, &flags);
if (ret == -1) if (ret == -1)
goto error; goto error;
@ -104,7 +104,7 @@ int DetectReplaceSetup(DetectEngineCtx *de_ctx, Signature *s, char *replacestr)
if (pm == NULL) { if (pm == NULL) {
SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "replace needs" SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "replace needs"
"preceding content option for raw sig"); "preceding content option for raw sig");
SCFree(str); SCFree(content);
return -1; return -1;
} }
@ -112,7 +112,7 @@ int DetectReplaceSetup(DetectEngineCtx *de_ctx, Signature *s, char *replacestr)
ud = (DetectContentData *)pm->ctx; ud = (DetectContentData *)pm->ctx;
if (ud == NULL) { if (ud == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid argument"); SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid argument");
SCFree(str); SCFree(content);
return -1; return -1;
} }
if (ud->flags & DETECT_CONTENT_NEGATED) { if (ud->flags & DETECT_CONTENT_NEGATED) {
@ -130,19 +130,19 @@ int DetectReplaceSetup(DetectEngineCtx *de_ctx, Signature *s, char *replacestr)
if (ud->replace == NULL) { if (ud->replace == NULL) {
goto error; goto error;
} }
memcpy(ud->replace, str, len); memcpy(ud->replace, content, len);
ud->replace_len = len; ud->replace_len = len;
ud->flags |= DETECT_CONTENT_REPLACE; ud->flags |= DETECT_CONTENT_REPLACE;
/* want packet matching only won't be able to replace data with /* want packet matching only won't be able to replace data with
* a flow. * a flow.
*/ */
s->flags |= SIG_FLAG_REQUIRE_PACKET; s->flags |= SIG_FLAG_REQUIRE_PACKET;
SCFree(str); SCFree(content);
return 0; return 0;
error: error:
SCFree(str); SCFree(content);
return -1; return -1;
} }

44
src/detect-uricontent.c
Unescape Escape View File

@ -153,50 +153,6 @@ void DetectUricontentPrint(DetectContentData *cd)
SCLogDebug("-----------"); SCLogDebug("-----------");
} }
/**
* \brief Setup the detecturicontent keyword data from the string defined in
* the rule set.
* \param contentstr Pointer to the string which has been defined in the rule
*/
DetectContentData *DoDetectUricontentSetup(char *contentstr)
{
DetectContentData *cd = NULL;
char *str = NULL;
uint16_t len;
int flags;
int ret;
ret = DetectContentDataParse("uricontent", contentstr, &str, &len, &flags);
if (ret == -1) {
return NULL;
}
cd = SCMalloc(sizeof(DetectContentData) + len);
if (unlikely(cd == NULL)) {
SCFree(str);
exit(EXIT_FAILURE);
}
memset(cd, 0, sizeof(DetectContentData) + len);
if (flags == DETECT_CONTENT_NEGATED)
cd->flags |= DETECT_CONTENT_NEGATED;
cd->content = (uint8_t *)cd + sizeof(DetectContentData);
memcpy(cd->content, str, len);
cd->content_len = len;
/* Prepare Boyer Moore context for searching faster */
cd->bm_ctx = BoyerMooreCtxInit(cd->content, cd->content_len);
cd->depth = 0;
cd->offset = 0;
cd->within = 0;
cd->distance = 0;
SCFree(str);
return cd;
}
/** /**
* \brief Creates a SigMatch for the uricontent keyword being sent as argument, * \brief Creates a SigMatch for the uricontent keyword being sent as argument,
* and appends it to the Signature(s). * and appends it to the Signature(s).

Write Preview
Loading…
Cancel
Save