aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixes for issues found by static code analyzer.

Browse Source
remotes/origin/master-1.0.x
Victor Julien 16 years ago
parent 85b1fd7dfc
commit 6eaff4be12
18 changed files with 316 additions and 340 deletions
Show Stats Download Patch File Download Diff File

2
src/decode-gre.c
Unescape Escape View File

@ -91,7 +91,7 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
header_len += GRE_SRE_HDR_LEN;
if (gsre && (ntohs(gsre->af) == 0) && (gsre->sre_length == 0))
if (gsre != NULL && (ntohs(gsre->af) == 0) && (gsre->sre_length == 0))
break;
header_len += gsre->sre_length;

76
src/detect-distance.c
Unescape Escape View File

@ -34,53 +34,61 @@ int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha
}
SigMatch *pm = m;
if (pm != NULL) {
if (pm->type == DETECT_PCRE) {
DetectPcreData *pe = (DetectPcreData *)pm->ctx;
if (pm == NULL) {
printf("DetectDistanceSetup: No previous match!\n");
goto error;
}
if (pm->type == DETECT_PCRE) {
DetectPcreData *pe = (DetectPcreData *)pm->ctx;
pe->distance = strtol(str, NULL, 10);
pe->flags |= DETECT_PCRE_DISTANCE;
pe->distance = strtol(str, NULL, 10);
pe->flags |= DETECT_PCRE_DISTANCE;
//printf("DetectDistanceSetup: set distance %" PRId32 " for previous pcre\n", pe->distance);
} else if (pm->type == DETECT_CONTENT) {
DetectContentData *cd = (DetectContentData *)pm->ctx;
//printf("DetectDistanceSetup: set distance %" PRId32 " for previous pcre\n", pe->distance);
} else if (pm->type == DETECT_CONTENT) {
DetectContentData *cd = (DetectContentData *)pm->ctx;
cd->distance = strtol(str, NULL, 10);
cd->flags |= DETECT_CONTENT_DISTANCE;
cd->distance = strtol(str, NULL, 10);
cd->flags |= DETECT_CONTENT_DISTANCE;
//printf("DetectDistanceSetup: set distance %" PRId32 " for previous content\n", cd->distance);
} else if (pm->type == DETECT_URICONTENT) {
DetectUricontentData *cd = (DetectUricontentData *)pm->ctx;
//printf("DetectDistanceSetup: set distance %" PRId32 " for previous content\n", cd->distance);
} else if (pm->type == DETECT_URICONTENT) {
DetectUricontentData *cd = (DetectUricontentData *)pm->ctx;
cd->distance = strtol(str, NULL, 10);
cd->flags |= DETECT_URICONTENT_DISTANCE;
cd->distance = strtol(str, NULL, 10);
cd->flags |= DETECT_URICONTENT_DISTANCE;
//printf("DetectDistanceSetup: set distance %" PRId32 " for previous content\n", cd->distance);
} else {
printf("DetectDistanceSetup: Unknown previous keyword!\n");
}
//printf("DetectDistanceSetup: set distance %" PRId32 " for previous content\n", cd->distance);
} else {
printf("DetectDistanceSetup: No previous match!\n");
printf("DetectDistanceSetup: Unknown previous keyword!\n");
goto error;
}
pm = m->prev;
if (pm != NULL) {
if (pm->type == DETECT_PCRE) {
DetectPcreData *pe = (DetectPcreData *)pm->ctx;
pe->flags |= DETECT_PCRE_DISTANCE_NEXT;
} else if (pm->type == DETECT_CONTENT) {
DetectContentData *cd = (DetectContentData *)pm->ctx;
cd->flags |= DETECT_CONTENT_DISTANCE_NEXT;
} else if (pm->type == DETECT_URICONTENT) {
DetectUricontentData *cd = (DetectUricontentData *)pm->ctx;
cd->flags |= DETECT_URICONTENT_DISTANCE_NEXT;
} else {
printf("DetectDistanceSetup: Unknown previous-previous keyword!\n");
}
} else {
if (pm == NULL) {
printf("DetectDistanceSetup: No previous-previous match!\n");
goto error;
}
if (pm->type == DETECT_PCRE) {
DetectPcreData *pe = (DetectPcreData *)pm->ctx;
pe->flags |= DETECT_PCRE_DISTANCE_NEXT;
} else if (pm->type == DETECT_CONTENT) {
DetectContentData *cd = (DetectContentData *)pm->ctx;
cd->flags |= DETECT_CONTENT_DISTANCE_NEXT;
} else if (pm->type == DETECT_URICONTENT) {
DetectUricontentData *cd = (DetectUricontentData *)pm->ctx;
cd->flags |= DETECT_URICONTENT_DISTANCE_NEXT;
} else {
printf("DetectDistanceSetup: Unknown previous-previous keyword!\n");
goto error;
}
if (dubbed) free(str);
return 0;
error:
if (dubbed) free(str);
return -1;
}

77
src/detect-engine-address.c
Unescape Escape View File

@ -35,9 +35,9 @@ void DetectAddressRegister (void) {
/* prototypes */
void DetectAddressDataPrint(DetectAddressData *);
int DetectAddressCut(DetectAddressData *, DetectAddressData *, DetectAddressData **);
int DetectAddressCutNot(DetectAddressData *, DetectAddressData **);
int DetectAddressGroupCut(DetectEngineCtx *, DetectAddressGroup *, DetectAddressGroup *, DetectAddressGroup **);
static int DetectAddressCut(DetectAddressData *, DetectAddressData *, DetectAddressData **);
static int DetectAddressCutNot(DetectAddressData *, DetectAddressData **);
static int DetectAddressGroupCut(DetectEngineCtx *, DetectAddressGroup *, DetectAddressGroup *, DetectAddressGroup **);
/* memory usage counters */
static uint32_t detect_address_group_memory = 0;
@ -195,7 +195,8 @@ int DetectAddressGroupAdd(DetectAddressGroup **head, DetectAddressGroup *ag) {
}
//printf("default append\n");
ag->prev = prev_cur;
prev_cur->next = ag;
if (prev_cur != NULL)
prev_cur->next = ag;
} else {
*head = ag;
}
@ -330,8 +331,11 @@ int DetectAddressGroupInsert(DetectEngineCtx *de_ctx, DetectAddressGroupsHead *g
#endif
DetectAddressGroup *c = NULL;
r = DetectAddressGroupCut(de_ctx, cur,new,&c);
if (r == -1)
goto error;
DetectAddressGroupInsert(de_ctx, gh, new);
if (c) {
if (c != NULL) {
#ifdef DBG
printf("DetectAddressGroupInsert: inserting C "); DetectAddressDataPrint(c->ad); printf("\n");
#endif
@ -344,9 +348,12 @@ int DetectAddressGroupInsert(DetectEngineCtx *de_ctx, DetectAddressGroupsHead *g
#endif
DetectAddressGroup *c = NULL;
r = DetectAddressGroupCut(de_ctx, cur,new,&c);
if (r == -1)
goto error;
//printf("DetectAddressGroupCut returned %" PRId32 "\n", r);
DetectAddressGroupInsert(de_ctx, gh, new);
if (c) {
if (c != NULL) {
#ifdef DBG
printf("DetectAddressGroupInsert: inserting C "); DetectAddressDataPrint(c->ad); printf("\n");
#endif
@ -359,8 +366,11 @@ int DetectAddressGroupInsert(DetectEngineCtx *de_ctx, DetectAddressGroupsHead *g
#endif
DetectAddressGroup *c = NULL;
r = DetectAddressGroupCut(de_ctx, cur,new,&c);
if (r == -1)
goto error;
DetectAddressGroupInsert(de_ctx, gh, new);
if (c) {
if (c != NULL) {
#ifdef DBG
printf("DetectAddressGroupInsert: inserting C "); DetectAddressDataPrint(c->ad); printf("\n");
#endif
@ -373,8 +383,11 @@ int DetectAddressGroupInsert(DetectEngineCtx *de_ctx, DetectAddressGroupsHead *g
#endif
DetectAddressGroup *c = NULL;
r = DetectAddressGroupCut(de_ctx, cur,new,&c);
if (r == -1)
goto error;
DetectAddressGroupInsert(de_ctx, gh, new);
if (c) {
if (c != NULL) {
#ifdef DBG
printf("DetectAddressGroupInsert: inserting C "); DetectAddressDataPrint(c->ad); printf("\n");
#endif
@ -400,6 +413,7 @@ error:
return -1;
}
/** \brief Join two addresses together */
int DetectAddressGroupJoin(DetectEngineCtx *de_ctx, DetectAddressGroup *target, DetectAddressGroup *source) {
if (target == NULL || source == NULL)
return -1;
@ -424,11 +438,10 @@ int DetectAddressGroupJoin(DetectEngineCtx *de_ctx, DetectAddressGroup *target,
return -1;
}
/*
* return codes:
* 1: inserted
* 0: not inserted (no error), memory is cleared
* -1: error
/**
* \retval 1 inserted
* \retval 0 not inserted (no error), memory is cleared
* \retval -1 error
*/
int DetectAddressInsert(DetectAddressGroupsHead *gh, DetectAddressData *new) {
DetectAddressGroup *head = NULL;
@ -506,26 +519,46 @@ int DetectAddressInsert(DetectAddressGroupsHead *gh, DetectAddressData *new) {
} else if (r == ADDRESS_ES) {
DetectAddressData *c = NULL;
r = DetectAddressCut(cur->ad,new,&c);
if (r == -1)
goto error;
DetectAddressInsert(gh, new);
if (c) DetectAddressInsert(gh, c);
if (c != NULL)
DetectAddressInsert(gh, c);
return 1;
} else if (r == ADDRESS_EB) {
DetectAddressData *c = NULL;
r = DetectAddressCut(cur->ad,new,&c);
if (r == -1)
goto error;
DetectAddressInsert(gh, new);
if (c) DetectAddressInsert(gh, c);
if (c != NULL)
DetectAddressInsert(gh, c);
return 1;
} else if (r == ADDRESS_LE) {
DetectAddressData *c = NULL;
r = DetectAddressCut(cur->ad,new,&c);
if (r == -1)
goto error;
DetectAddressInsert(gh, new);
if (c) DetectAddressInsert(gh, c);
if (c != NULL)
DetectAddressInsert(gh, c);
return 1;
} else if (r == ADDRESS_GE) {
DetectAddressData *c = NULL;
r = DetectAddressCut(cur->ad,new,&c);
if (r == -1)
goto error;
DetectAddressInsert(gh, new);
if (c) DetectAddressInsert(gh, c);
if (c != NULL)
DetectAddressInsert(gh, c);
return 1;
}
}
@ -837,6 +870,8 @@ int DetectAddressGroupCut(DetectEngineCtx *de_ctx, DetectAddressGroup *a, Detect
return -1;
}
/** \retval 0 ok
* \retval -1 error */
int DetectAddressCut(DetectAddressData *a, DetectAddressData *b, DetectAddressData **c) {
if (a->family == AF_INET) {
return DetectAddressCutIPv4(a,b,c);
@ -847,6 +882,8 @@ int DetectAddressCut(DetectAddressData *a, DetectAddressData *b, DetectAddressDa
return -1;
}
/** \retval 0 ok
* \retval -1 error */
int DetectAddressCutNot(DetectAddressData *a, DetectAddressData **b) {
if (a->family == AF_INET) {
return DetectAddressCutNotIPv4(a,b);
@ -896,7 +933,6 @@ int AddressParse(DetectAddressData *dd, char *str) {
char *ipdup = strdup(str);
char *ip2 = NULL;
char *mask = NULL;
char *ip6 = NULL;
int r = 0;
/* first handle 'any' */
@ -916,7 +952,7 @@ int AddressParse(DetectAddressData *dd, char *str) {
}
/* see if the address is an ipv4 or ipv6 address */
if ((ip6 = strchr(str,':')) == NULL) {
if ((strchr(str,':')) == NULL) {
/* IPv4 Address */
struct in_addr in;
@ -929,8 +965,7 @@ int AddressParse(DetectAddressData *dd, char *str) {
uint32_t ip4addr = 0;
uint32_t netmask = 0;
char *t = NULL;
if ((t = strchr (mask,'.')) == NULL) {
if ((strchr (mask,'.')) == NULL) {
/* 1.2.3.4/24 format */
int cidr = atoi(mask);

64
src/detect-engine-mpm.c
Unescape Escape View File

@ -274,7 +274,8 @@ uint32_t PatternStrength(uint8_t *pat, uint16_t patlen, uint16_t len) {
return s;
}
int PatternMatchPreprarePopulateMpm(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
/** \brief Setup the content portion of the sig group head */
static int PatternMatchPreprarePopulateMpm(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
uint32_t sig;
HashTable *ht = HashTableInit(4096, ContentHashFunc, ContentHashCompareFunc, ContentHashFree);
@ -447,23 +448,20 @@ error:
return -1;
}
/*
/** \brief Prepare the pattern matcher ctx in a sig group head.
*
* TODO
* - determine if a content match can set the 'single' flag
*
*
* XXX do error checking
* XXX rewrite the COPY stuff
* \todo determine if a content match can set the 'single' flag
* \todo do error checking
* \todo rewrite the COPY stuff
*/
int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
{
Signature *s;
SigMatch *sm;
Signature *s = NULL;
SigMatch *sm = NULL;
uint32_t co_cnt = 0;
uint32_t ur_cnt = 0;
uint32_t cnt = 0;
uint32_t sig;
uint32_t sig = 0;
g_content_sigcnt++;
@ -473,7 +471,8 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
if (!(sh->flags & SIG_GROUP_HEAD_MPM_URI_COPY))
sh->mpm_uricontent_maxlen = 0;
/* see if this head has content and/or uricontent */
/** see if this head has content and/or uricontent
* \todo we can move this to the signature init phase */
for (sig = 0; sig < sh->sig_cnt; sig++) {
uint32_t num = sh->match_array[sig];
@ -517,7 +516,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
MpmInitCtx(sh->mpm_uri_ctx, PM);
}
//uint16_t mpm_content_scan_maxlen = 65535, mpm_uricontent_scan_maxlen = 65535;
uint32_t mpm_content_cnt = 0, mpm_uricontent_cnt = 0;
uint16_t mpm_content_maxdepth = 65535, mpm_content_minoffset = 65535;
uint16_t mpm_content_maxdepth_one = 65535, mpm_content_minoffset_one = 65535;
@ -580,9 +578,9 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
for (sm = s->match; sm != NULL; sm = sm->next) {
if (sm->type == DETECT_CONTENT && !(sh->flags & SIG_GROUP_HEAD_MPM_COPY)) {
DetectContentData *cd = (DetectContentData *)sm->ctx;
//if (content_maxlen < 4) {
//printf("\""); PrintRawUriFp(stdout,cd->content,cd->content_len); printf("\" ");
//}
//if (content_maxlen < 4) {
//printf("\""); PrintRawUriFp(stdout,cd->content,cd->content_len); printf("\" ");
//}
if (cd->content_len == content_maxlen) {
if (content_maxdepth > cd->depth)
content_maxdepth = cd->depth;
@ -593,10 +591,11 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
} else if (sm->type == DETECT_URICONTENT && !(sh->flags & SIG_GROUP_HEAD_MPM_URI_COPY)) {
DetectUricontentData *ud = (DetectUricontentData *)sm->ctx;
if (ud->uricontent_len == uricontent_maxlen) {
/** \todo we don't support offset in uricontent */
}
}
}
//if (content_maxlen < 4 && content_cnt) printf(" (%" PRIu32 ", min %" PRIu32 ", max %" PRIu32 ")\n", content_cnt, content_minlen, content_maxlen);
//if (content_maxlen < 4 && content_cnt) printf(" (%" PRIu32 ", min %" PRIu32 ", max %" PRIu32 ")\n", content_cnt, content_minlen, content_maxlen);
int content_depth_atleastone = 0;
int content_offset_atleastone = 0;
@ -674,14 +673,7 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
if (sh->mpm_content_maxlen >= 5) g_content_sigcnt5++;
if (sh->mpm_content_maxlen >= 10) g_content_sigcnt10++;
/* see if we will use the scanning phase */
// if (sh->mpm_content_maxlen == 1) {
// sh->flags |= SIG_GROUP_HEAD_MPM_NOSCAN;
// printf("(%p) noscan set (%s)\n", sh, sh->flags & SIG_GROUP_HEAD_MPM_NOSCAN ? "TRUE":"FALSE");
// }
// if (sh->mpm_uricontent_maxlen < 4) sh->flags |= SIG_GROUP_HEAD_MPM_URI_NOSCAN;
/* add the signatures */
/* add the patterns for uricontent signatures */
for (sig = 0; sig < sh->sig_cnt; sig++) {
uint32_t num = sh->match_array[sig];
@ -713,21 +705,22 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
uricontent_minlen = ud->uricontent_len;
}
}
char content_scanadded = 0, uricontent_scanadded = 0;
char uricontent_scanadded = 0;
for (sm = s->match; sm != NULL; sm = sm->next) {
if (sm->type == DETECT_URICONTENT && !(sh->flags & SIG_GROUP_HEAD_MPM_URI_COPY)) {
DetectUricontentData *ud = (DetectUricontentData *)sm->ctx;
/* only add the pattern if:
* noscan is not set, we didn't add a pattern already, length
* is the same as maxlen (ie we only add the longest pattern) */
if (!(sh->flags & SIG_GROUP_HEAD_MPM_URI_NOSCAN) && !uricontent_scanadded && uricontent_maxlen == ud->uricontent_len) {
/* only add the pattern if: we didn't add a pattern already,
* length is the same as maxlen (ie we only add the longest pattern) */
if (!uricontent_scanadded && uricontent_maxlen == ud->uricontent_len) {
if (ud->flags & DETECT_URICONTENT_NOCASE) {
sh->mpm_uri_ctx->AddScanPatternNocase(sh->mpm_uri_ctx, ud->uricontent, ud->uricontent_len, 0, 0, ud->id, s->num, 0);
} else {
sh->mpm_uri_ctx->AddScanPattern(sh->mpm_uri_ctx, ud->uricontent, ud->uricontent_len, 0, 0, ud->id, s->num, 0);
}
uricontent_scanadded = 1;
/* otherwise it's a 'search' pattern */
} else {
if (ud->flags & DETECT_URICONTENT_NOCASE) {
sh->mpm_uri_ctx->AddPatternNocase(sh->mpm_uri_ctx, ud->uricontent, ud->uricontent_len, 0, 0, ud->id, s->num);
@ -737,13 +730,11 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
}
}
}
content_scanadded = 0;
uricontent_scanadded = 0;
}
/* content */
if (sh->flags & SIG_GROUP_HAVECONTENT && !(sh->flags & SIG_GROUP_HEAD_MPM_COPY)) {
/* load the patterns */
PatternMatchPreprarePopulateMpm(de_ctx, sh);
if (sh->mpm_ctx->Prepare != NULL) {
@ -751,18 +742,17 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
}
if (mpm_content_maxdepth) {
// printf("mpm_content_maxdepth %" PRIu32 "\n", mpm_content_maxdepth);
// printf("mpm_content_maxdepth %" PRIu32 "\n", mpm_content_maxdepth);
g_content_maxdepth++;
}
if (mpm_content_minoffset) {
// printf("mpm_content_minoffset %" PRIu32 "\n", mpm_content_minoffset);
// printf("mpm_content_minoffset %" PRIu32 "\n", mpm_content_minoffset);
g_content_minoffset++;
}
g_content_total++;
//if (mpm_content_depth_present) printf("(sh %p) at least one depth: %" PRId32 ", depth %" PRIu32 "\n", sh, mpm_content_depth_present, mpm_content_maxdepth_one);
//if (mpm_content_offset_present) printf("(sh %p) at least one offset: %" PRId32 ", offset %" PRIu32 "\n", sh, mpm_content_offset_present, mpm_content_minoffset_one);
//sh->mpm_ctx->PrintCtx(sh->mpm_ctx);
}
@ -772,7 +762,7 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
sh->mpm_uri_ctx->Prepare(sh->mpm_uri_ctx);
}
if (mpm_uricontent_cnt && sh->mpm_uricontent_maxlen > 1) {
// printf("mpm_uricontent_cnt %" PRIu32 ", mpm_uricontent_maxlen %" PRId32 "\n", mpm_uricontent_cnt, mpm_uricontent_maxlen);
// printf("mpm_uricontent_cnt %" PRIu32 ", mpm_uricontent_maxlen %" PRId32 "\n", mpm_uricontent_cnt, mpm_uricontent_maxlen);
g_uricontent_scan++;
} else {
g_uricontent_search++;

42
src/detect-engine-port.c
Unescape Escape View File

@ -32,8 +32,8 @@ void DetectPortRegister (void) {
}
/* prototypes */
int DetectPortCutNot(DetectPort *, DetectPort **);
int DetectPortCut(DetectEngineCtx *, DetectPort *, DetectPort *, DetectPort **);
static int DetectPortCutNot(DetectPort *, DetectPort **);
static int DetectPortCut(DetectEngineCtx *, DetectPort *, DetectPort *, DetectPort **);
DetectPort *PortParse(char *str);
/* memory usage counters */
@ -161,7 +161,8 @@ int DetectPortAdd(DetectPort **head, DetectPort *dp) {
}
}
dp->prev = prev_cur;
prev_cur->next = dp;
if (prev_cur != NULL)
prev_cur->next = dp;
} else {
*head = dp;
}
@ -282,8 +283,11 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
#endif
DetectPort *c = NULL;
r = DetectPortCut(de_ctx,cur,new,&c);
if (r == -1)
goto error;
DetectPortInsert(de_ctx, head, new);
if (c) {
if (c != NULL) {
#ifdef DBG
printf("DetectPortInsert: inserting C (%p) ",c); DetectPortPrint(c); printf("\n");
#endif
@ -296,9 +300,11 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
#endif
DetectPort *c = NULL;
r = DetectPortCut(de_ctx,cur,new,&c);
//printf("DetectPortCut returned %" PRId32 "\n", r);
if (r == -1)
goto error;
DetectPortInsert(de_ctx, head, new);
if (c) {
if (c != NULL) {
#ifdef DBG
printf("DetectPortInsert: inserting C "); DetectPortPrint(c); printf("\n");
#endif
@ -311,8 +317,11 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
#endif
DetectPort *c = NULL;
r = DetectPortCut(de_ctx,cur,new,&c);
if (r == -1)
goto error;
DetectPortInsert(de_ctx, head, new);
if (c) {
if (c != NULL) {
#ifdef DBG
printf("DetectPortInsert: inserting C "); DetectPortPrint(c); printf("\n");
#endif
@ -325,8 +334,11 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
#endif
DetectPort *c = NULL;
r = DetectPortCut(de_ctx,cur,new,&c);
if (r == -1)
goto error;
DetectPortInsert(de_ctx, head, new);
if (c) {
if (c != NULL) {
#ifdef DBG
printf("DetectPortInsert: inserting C "); DetectPortPrint(c); printf("\n");
#endif
@ -350,7 +362,9 @@ error:
return -1;
}
int DetectPortCut(DetectEngineCtx *de_ctx, DetectPort *a, DetectPort *b, DetectPort **c) {
/** \retval 0 ok
* \retval -1 error */
static int DetectPortCut(DetectEngineCtx *de_ctx, DetectPort *a, DetectPort *b, DetectPort **c) {
uint32_t a_port1 = a->port;
uint32_t a_port2 = a->port2;
uint32_t b_port1 = b->port;
@ -635,11 +649,11 @@ error:
if (tmp != NULL)
DetectPortFree(tmp);
return -1;
return -1;
}
int DetectPortCutNot(DetectPort *a, DetectPort **b) {
/** \retval 0 ok
* \retval -1 error */
static int DetectPortCutNot(DetectPort *a, DetectPort **b) {
uint16_t a_port1 = a->port;
uint16_t a_port2 = a->port2;
@ -675,8 +689,6 @@ int DetectPortCutNot(DetectPort *a, DetectPort **b) {
error:
return -1;
return -1;
}
int DetectPortCmp(DetectPort *a, DetectPort *b) {
@ -1277,7 +1289,7 @@ int PortTestParse06 (void) {
copy = DetectPortCopy(NULL,dd);
if (copy == NULL)
goto end;
goto end;
if (DetectPortCmp(dd,copy) != PORT_EQ)
goto end;

3
src/detect-flowbits.c
Unescape Escape View File

@ -156,6 +156,9 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
}
fb_name = (char *)str_ptr;
}
} else {
printf("ERROR: \"%s\" is not a valid setting for flowbits.\n", rawstr);
return -1;
}
if (strcmp(fb_cmd_str,"noalert") == 0) {

3
src/detect-flowvar.c
Unescape Escape View File

@ -108,6 +108,9 @@ int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
}
varcontent = (char *)str_ptr;
}
} else {
printf("ERROR: \"%s\" is not a valid setting for flowvar.\n", rawstr);
return -1;
}
printf("DetectFlowvarSetup: varname %s, varcontent %s\n", varname, varcontent);

2
src/detect-msg.c
Unescape Escape View File

@ -16,7 +16,7 @@ void DetectMsgRegister (void) {
int DetectMsgSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *msgstr)
{
char *str = msgstr;
char *str = NULL;
/* strip "'s */
if (msgstr[0] == '\"' && msgstr[strlen(msgstr)-1] == '\"') {

3
src/detect-pktvar.c
Unescape Escape View File

@ -102,6 +102,9 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
}
varcontent = (char *)str_ptr;
}
} else {
printf("ERROR: \"%s\" is not a valid setting for pktvar.\n", rawstr);
return -1;
}
printf("DetectPktvarSetup: varname %s, varcontent %s\n", varname, varcontent);

82
src/detect-within.c
Unescape Escape View File

@ -1,5 +1,9 @@
/* WITHIN part of the detection engine. */
/** \file
* \author Victor Julien <victor@inliniac.net>
* \todo within logic is not Snort compat atm: it is applied to pcre and uricontent as well */
#include "decode.h"
#include "detect.h"
#include "flow-var.h"
@ -34,53 +38,63 @@ int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
}
SigMatch *pm = m;
if (pm != NULL) {
if (pm->type == DETECT_PCRE) {
DetectPcreData *pe = (DetectPcreData *)pm->ctx;
if (pm == NULL) {
printf("DetectWithinSetup: No previous match!\n");
goto error;
}
pe->within = strtol(str, NULL, 10);
pe->flags |= DETECT_PCRE_WITHIN;
/* Set the within flag on the Sigmatch */
if (pm->type == DETECT_PCRE) {
DetectPcreData *pe = (DetectPcreData *)pm->ctx;
//printf("DetectWithinSetup: set within %" PRId32 " for previous pcre\n", pe->within);
} else if (pm->type == DETECT_CONTENT) {
DetectContentData *cd = (DetectContentData *)pm->ctx;
pe->within = strtol(str, NULL, 10);
pe->flags |= DETECT_PCRE_WITHIN;
cd->within = strtol(str, NULL, 10);
cd->flags |= DETECT_CONTENT_WITHIN;
//printf("DetectWithinSetup: set within %" PRId32 " for previous pcre\n", pe->within);
} else if (pm->type == DETECT_CONTENT) {
DetectContentData *cd = (DetectContentData *)pm->ctx;
//printf("DetectWithinSetup: set within %" PRId32 " for previous content\n", cd->within);
} else if (pm->type == DETECT_URICONTENT) {
DetectUricontentData *ud = (DetectUricontentData *)pm->ctx;
cd->within = strtol(str, NULL, 10);
cd->flags |= DETECT_CONTENT_WITHIN;
ud->within = strtol(str, NULL, 10);
ud->flags |= DETECT_URICONTENT_WITHIN;
//printf("DetectWithinSetup: set within %" PRId32 " for previous content\n", cd->within);
} else if (pm->type == DETECT_URICONTENT) {
DetectUricontentData *ud = (DetectUricontentData *)pm->ctx;
//printf("DetectWithinSetup: set within %" PRId32 " for previous content\n", cd->within);
} else {
printf("DetectWithinSetup: Unknown previous keyword!\n");
}
ud->within = strtol(str, NULL, 10);
ud->flags |= DETECT_URICONTENT_WITHIN;
//printf("DetectWithinSetup: set within %" PRId32 " for previous content\n", cd->within);
} else {
printf("DetectWithinSetup: No previous match!\n");
printf("DetectWithinSetup: Unknown previous keyword!\n");
goto error;
}
pm = m->prev;
if (pm != NULL) {
if (pm->type == DETECT_PCRE) {
DetectPcreData *pe = (DetectPcreData *)pm->ctx;
pe->flags |= DETECT_PCRE_WITHIN_NEXT;
} else if (pm->type == DETECT_CONTENT) {
DetectContentData *cd = (DetectContentData *)pm->ctx;
cd->flags |= DETECT_CONTENT_WITHIN_NEXT;
} else if (pm->type == DETECT_URICONTENT) {
DetectUricontentData *ud = (DetectUricontentData *)pm->ctx;
ud->flags |= DETECT_URICONTENT_WITHIN_NEXT;
} else {
printf("DetectWithinSetup: Unknown previous-previous keyword!\n");
}
} else {
if (pm == NULL) {
printf("DetectWithinSetup: No previous-previous match!\n");
goto error;
}
/* Set the within next flag on the prev sigmatch */
if (pm->type == DETECT_PCRE) {
DetectPcreData *pe = (DetectPcreData *)pm->ctx;
pe->flags |= DETECT_PCRE_WITHIN_NEXT;
} else if (pm->type == DETECT_CONTENT) {
DetectContentData *cd = (DetectContentData *)pm->ctx;
cd->flags |= DETECT_CONTENT_WITHIN_NEXT;
} else if (pm->type == DETECT_URICONTENT) {
DetectUricontentData *ud = (DetectUricontentData *)pm->ctx;
ud->flags |= DETECT_URICONTENT_WITHIN_NEXT;
} else {
printf("DetectWithinSetup: Unknown previous-previous keyword!\n");
goto error;
}
if (dubbed) free(str);
return 0;
error:
if (dubbed) free(str);
return -1;
}

145
src/detect.c
Unescape Escape View File

@ -196,10 +196,12 @@ int SigLoadSignatures (DetectEngineCtx *de_ctx, char *sig_file)
/* http_uri -- for uricontent */
sig = SigInit(de_ctx, "alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP GET URI cap\"; flow:to_server; content:\"GET \"; depth:4; pcre:\"/^GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; noalert; sid:1;)");
if (sig) {
prevsig = sig;
de_ctx->sig_list = sig;
}
if (sig == NULL)
return -1;
prevsig = sig;
de_ctx->sig_list = sig;
sig = SigInit(de_ctx, "alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP POST URI cap\"; flow:to_server; content:\"POST \"; depth:5; pcre:\"/^POST (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; noalert; sid:2;)");
if (sig == NULL)
return -1;
@ -218,109 +220,6 @@ int SigLoadSignatures (DetectEngineCtx *de_ctx, char *sig_file)
if (sig == NULL)
return -1;
prevsig->next = sig;
prevsig = sig;
sig = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"ipv4 pkt too small\"; decode-event:ipv4.pkt_too_small; sid:5;)");
if (sig == NULL)
return -1;
prevsig->next = sig;
prevsig = sig;
/*
sig = SigInit(de_ctx,"alert udp any any -> any any (msg:\"ViCtOr nocase test\"; sid:4; rev:13; content:\"ViCtOr!!\"; offset:100; depth:150; nocase; content:\"ViCtOr!!\"; nocase; offset:99; depth:150;)");
if (sig == NULL)
return;
prevsig->next = sig;
prevsig = sig;
sig = SigInit(de_ctx,"alert ip any any -> 1.2.3.4 any (msg:\"ViCtOr case test\"; sid:2001; content:\"ViCtOr\"; depth:150;)");
if (sig == NULL)
return;
prevsig->next = sig;
prevsig = sig;
sig = SigInit(de_ctx,"alert ip any any -> 1.2.3.4 any (msg:\"IP ONLY\"; sid:2002;)");
if (sig == NULL)
return;
prevsig->next = sig;
prevsig = sig;
sig = SigInit(de_ctx,"alert ip ANY any -> 192.168.0.0/16 any (msg:\"offset, depth, within test\"; flow:to_client; sid:2002; content:HTTP; depth:4; content:Server:; offset:15; within:100; depth:200;)");
if (sig == NULL)
return;
prevsig->next = sig;
prevsig = sig;
sig = SigInit(de_ctx,"alert ip 1.2.3.4 any -> any any (msg:\"Inliniac blog within test\"; flow:to_client; sid:2003; content:inliniac; content:blog; within:9;)");
if (sig == NULL)
return;
prevsig->next = sig;
prevsig = sig;
sig = SigInit(de_ctx,"alert ip 2001::1 any -> 2001::3 any (msg:\"abcdefg distance 1 test\"; flow:to_server; sid:2004; content:abcd; content:efgh; within:4; distance:0; content:ijkl; within:4; distance:0;)");
if (sig == NULL)
return;
prevsig->next = sig;
prevsig = sig;
sig = SigInit(de_ctx,"alert ip 2001::5 any -> 2001::7 any (msg:\"abcdef distance 0 test\"; flow:to_server; sid:2005; content:abcdef; content:ghijklmnop; distance:0;)");
if (sig == NULL)
return;
prevsig->next = sig;
prevsig = sig;
sig = SigInit(de_ctx,"alert ip 10.0.0.0/8 any -> 4.3.2.1 any (msg:\"abcdefg distance 1 test\"; flow:to_server; sid:2006; content:abcdef; content:ghijklmnop; distance:1;)");
if (sig == NULL)
return;
prevsig->next = sig;
prevsig = sig;
sig = SigInit(de_ctx,"alert tcp 172.16.1.0/24 any -> 0.0.0.0/0 any (msg:\"HTTP response code cap\"; flow:to_client; content:HTTP; depth:4; pcre:\"/^HTTP\\/\\d\\.\\d (?<http_response>[0-9]+) [A-z\\s]+\\r\\n/\"; depth:50; sid:3;)");
if (sig == NULL)
return;
prevsig->next = sig;
prevsig = sig;
sig = SigInit(de_ctx,"alert tcp 172.16.2.0/24 any -> 10.10.10.10 any (msg:\"HTTP server code cap\"; flow:to_client; content:Server:; depth:500; pcre:\"/^Server: (?<http_server>.*)\\r\\n/m\"; sid:4;)");
if (sig == NULL)
return;
prevsig->next = sig;
prevsig = sig;
sig = SigInit(de_ctx,"alert tcp 192.168.0.1 any -> 1.0.2.1 any (msg:\"\to_client nocase test\"; flow:to_client; content:Servere:; nocase; sid:400;)");
if (sig == NULL)
return;
prevsig->next = sig;
prevsig = sig;
sig = SigInit(de_ctx,"alert tcp 192.168.0.4 any -> 1.2.0.1 any (msg:\"HTTP UA code cap\"; flow:to_server; content:User-Agent:; depth:300; pcre:\"/^User-Agent: (?<http_ua>.*)\\r\\n/m\"; sid:5;)");
if (sig == NULL)
return;
prevsig->next = sig;
prevsig = sig;
sig = SigInit(de_ctx,"alert tcp 192.168.0.12 any -> 0.0.0.0/0 any (msg:\"HTTP http_host flowvar www.inliniac.net\"; flow:to_server; flowvar:http_host,\"www.inliniac.net\"; sid:7;)");
if (sig) {
prevsig->next = sig;
prevsig = sig;
}
sig = SigInit(de_ctx,"alert tcp 192.168.0.0/16 any -> 0.0.0.0/0 any (msg:\"HTTP http_uri flowvar MattJonkman\"; flow:to_server; flowvar:http_uri,\"MattJonkman\"; sid:8;)");
if (sig) {
prevsig->next = sig;
prevsig = sig;
}
sig = SigInit(de_ctx,"alert tcp 0.0.0.0/0 any -> 0.0.0.0/0 any (msg:\"HTTP uricontent VictorJulien\"; flow:to_server; uricontent:\"VictorJulien\"; nocase; sid:9;)");
if (sig) {
prevsig->next = sig;
prevsig = sig;
}
sig = SigInit(de_ctx,"alert tcp 0.0.0.0/0 any -> 10.0.0.0/8 any (msg:\"HTTP uricontent VictorJulien\"; flow:to_server; uricontent:\"VictorJulien\"; nocase; sid:5;)");
if (sig) {
prevsig->next = sig;
prevsig = sig;
}
*/
if(sig_file != NULL){
int r = DetectLoadSigFile(de_ctx, sig_file);
@ -442,21 +341,21 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
//printf("Not scanning as pkt payload is smaller than the largest content length we need to match");
} else {
uint32_t cnt = 0;
//printf("scan: (%p, maxlen %" PRIu32 ", cnt %" PRIu32 ")\n", det_ctx->sgh, det_ctx->sgh->mpm_content_maxlen, det_ctx->sgh->sig_cnt);
//printf("scan: (%p, maxlen %" PRIu32 ", cnt %" PRIu32 ")\n", det_ctx->sgh, det_ctx->sgh->mpm_content_maxlen, det_ctx->sgh->sig_cnt);
/* scan, but only if the noscan flag isn't set */
if (!(det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_NOSCAN)) {
if (det_ctx->sgh->mpm_content_maxlen == 1) det_ctx->pkts_scanned1++;
else if (det_ctx->sgh->mpm_content_maxlen == 2) det_ctx->pkts_scanned2++;
else if (det_ctx->sgh->mpm_content_maxlen == 3) det_ctx->pkts_scanned3++;
else if (det_ctx->sgh->mpm_content_maxlen == 4) det_ctx->pkts_scanned4++;
else det_ctx->pkts_scanned++;
cnt += PacketPatternScan(th_v, det_ctx, p);
}
//if (cnt != det_ctx->pmq.searchable)
//printf("post scan: cnt %" PRIu32 ", searchable %" PRIu32 "\n", cnt, det_ctx->pmq.searchable);
if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_NOSCAN || det_ctx->pmq.searchable > 0) {
//printf("now search\n");
if (det_ctx->sgh->mpm_content_maxlen == 1) det_ctx->pkts_scanned1++;
else if (det_ctx->sgh->mpm_content_maxlen == 2) det_ctx->pkts_scanned2++;
else if (det_ctx->sgh->mpm_content_maxlen == 3) det_ctx->pkts_scanned3++;
else if (det_ctx->sgh->mpm_content_maxlen == 4) det_ctx->pkts_scanned4++;
else det_ctx->pkts_scanned++;
cnt += PacketPatternScan(th_v, det_ctx, p);
//if (cnt != det_ctx->pmq.searchable)
//printf("post scan: cnt %" PRIu32 ", searchable %" PRIu32 "\n", cnt, det_ctx->pmq.searchable);
if (det_ctx->pmq.searchable > 0) {
//printf("now search\n");
if (det_ctx->sgh->mpm_content_maxlen == 1) det_ctx->pkts_searched1++;
else if (det_ctx->sgh->mpm_content_maxlen == 2) det_ctx->pkts_searched2++;
else if (det_ctx->sgh->mpm_content_maxlen == 3) det_ctx->pkts_searched3++;
@ -465,7 +364,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
cnt += PacketPatternMatch(th_v, det_ctx, p);
// printf("RAW: cnt %" PRIu32 ", det_ctx->pmq.sig_id_array_cnt %" PRIu32 "\n", cnt, det_ctx->pmq.sig_id_array_cnt);
// printf("RAW: cnt %" PRIu32 ", det_ctx->pmq.sig_id_array_cnt %" PRIu32 "\n", cnt, det_ctx->pmq.sig_id_array_cnt);
}
det_ctx->pmq.searchable = 0;
}
@ -1966,8 +1865,6 @@ static int BuildDestinationAddressHeadsWithBothPorts(DetectEngineCtx *de_ctx, De
} else {
/* XXX write dedicated function for this */
dp->sh->mpm_ctx = mpmsh->mpm_ctx;
if (mpmsh->flags & SIG_GROUP_HEAD_MPM_NOSCAN)
dp->sh->flags |= SIG_GROUP_HEAD_MPM_NOSCAN;
dp->sh->mpm_content_maxlen = mpmsh->mpm_content_maxlen;
dp->sh->flags |= SIG_GROUP_HEAD_MPM_COPY;
SigGroupHeadClearContent(dp->sh);

2
src/detect.h
Unescape Escape View File

@ -328,8 +328,6 @@ typedef struct SigTableElmt_ {
#define SIG_GROUP_HEAD_MPM_COPY 0x04
#define SIG_GROUP_HEAD_MPM_URI_COPY 0x08
#define SIG_GROUP_HEAD_FREE 0x10
#define SIG_GROUP_HEAD_MPM_NOSCAN 0x20
#define SIG_GROUP_HEAD_MPM_URI_NOSCAN 0x40
/** \brief head of the list of containers. */
typedef struct SigGroupHead_ {

105
src/respond-reject-libnet11.c
Unescape Escape View File

@ -49,10 +49,8 @@ typedef struct Libnet11Packet_
int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir) {
Libnet11Packet lpacket;
libnet_t *c; /* libnet context */
char ebuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t t;
int result;
/* fill in struct defaults */
@ -107,38 +105,39 @@ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir)
lpacket.ttl = 64;
/* build the package */
if ((t = libnet_build_tcp (lpacket.sp, /* source port */
lpacket.dp, /* dst port */
lpacket.seq, /* seq number */
lpacket.ack, /* ack number */
TH_RST|TH_ACK, /* flags */
lpacket.window, /* window size */
0, /* checksum */
0, /* urgent flag */
LIBNET_TCP_H, /* header length */
NULL, /* payload */
0, /* payload length */
c, /* libnet context */
0)) < 0) /* libnet ptag */
if ((libnet_build_tcp (
lpacket.sp, /* source port */
lpacket.dp, /* dst port */
lpacket.seq, /* seq number */
lpacket.ack, /* ack number */
TH_RST|TH_ACK, /* flags */
lpacket.window, /* window size */
0, /* checksum */
0, /* urgent flag */
LIBNET_TCP_H, /* header length */
NULL, /* payload */
0, /* payload length */
c, /* libnet context */
0)) < 0) /* libnet ptag */
{
printf("RejectSendLibnet11IPv4TCP libnet_build_tcp %s\n", libnet_geterror(c));
goto cleanup;
}
if((t = libnet_build_ipv4(
LIBNET_TCP_H + LIBNET_IPV4_H, /* entire packet length */
0, /* tos */
lpacket.id, /* ID */
0, /* fragmentation flags and offset */
lpacket.ttl, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
lpacket.src4, /* source address */
lpacket.dst4, /* destination address */
NULL, /* pointer to packet data (or NULL) */
0, /* payload length */
c, /* libnet context pointer */
0)) < 0) /* packet id */
if((libnet_build_ipv4(
LIBNET_TCP_H + LIBNET_IPV4_H, /* entire packet length */
0, /* tos */
lpacket.id, /* ID */
0, /* fragmentation flags and offset */
lpacket.ttl, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
lpacket.src4, /* source address */
lpacket.dst4, /* destination address */
NULL, /* pointer to packet data (or NULL) */
0, /* payload length */
c, /* libnet context pointer */
0)) < 0) /* packet id */
{
printf("RejectSendLibnet11IPv4TCP libnet_build_ipv4 %s\n", libnet_geterror(c));
goto cleanup;
@ -158,10 +157,8 @@ cleanup:
int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir) {
//printf("going to send a ICMP host unreachable\n");
Libnet11Packet lpacket;
libnet_t *c; /* libnet context */
char ebuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t t;
int result;
/* fill in struct defaults */
@ -193,34 +190,34 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir)
lpacket.ttl = 64;
/* build the package */
if ((t = libnet_build_icmpv4_unreach (
ICMP_DEST_UNREACH, /* type */
ICMP_HOST_ANO, /* code */
0, /* checksum */
(uint8_t *)p->ip4h, /* payload */
lpacket.len, /* payload length */
c, /* libnet context */
0)) < 0) /* libnet ptag */
if ((libnet_build_icmpv4_unreach (
ICMP_DEST_UNREACH, /* type */
ICMP_HOST_ANO, /* code */
0, /* checksum */
(uint8_t *)p->ip4h, /* payload */
lpacket.len, /* payload length */
c, /* libnet context */
0)) < 0) /* libnet ptag */
{
printf("RejectSendLibnet11L3IPv4ICMP libnet_build_icmpv4_unreach %s\n", libnet_geterror(c));
goto cleanup;
}
if((t = libnet_build_ipv4(
LIBNET_ICMPV4_H + LIBNET_IPV4_H +
lpacket.len, /* entire packet length */
0, /* tos */
lpacket.id, /* ID */
0, /* fragmentation flags and offset */
lpacket.ttl, /* TTL */
IPPROTO_ICMP, /* protocol */
0, /* checksum */
lpacket.src4, /* source address */
lpacket.dst4, /* destination address */
NULL, /* pointer to packet data (or NULL) */
0, /* payload length */
c, /* libnet context pointer */
0)) < 0) /* packet id */
if((libnet_build_ipv4(
LIBNET_ICMPV4_H + LIBNET_IPV4_H +
lpacket.len, /* entire packet length */
0, /* tos */
lpacket.id, /* ID */
0, /* fragmentation flags and offset */
lpacket.ttl, /* TTL */
IPPROTO_ICMP, /* protocol */
0, /* checksum */
lpacket.src4, /* source address */
lpacket.dst4, /* destination address */
NULL, /* pointer to packet data (or NULL) */
0, /* payload length */
c, /* libnet context pointer */
0)) < 0) /* packet id */
{
printf("RejectSendLibnet11L3IPv4ICMP %s\n", libnet_geterror(c));
goto cleanup;

15
src/util-mpm-b2g.c
Unescape Escape View File

@ -150,6 +150,7 @@ static inline B2gPattern *B2gAllocPattern(MpmCtx *mpm_ctx) {
B2gPattern *p = malloc(sizeof(B2gPattern));
if (p == NULL) {
printf("ERROR: B2gAllocPattern: malloc failed\n");
exit(EXIT_FAILURE);
}
memset(p,0,sizeof(B2gPattern));
@ -163,6 +164,7 @@ B2gAllocHashItem(MpmCtx *mpm_ctx) {
B2gHashItem *hi = malloc(sizeof(B2gHashItem));
if (hi == NULL) {
printf("ERROR: B2gAllocHashItem: malloc failed\n");
exit(EXIT_FAILURE);
}
memset(hi,0,sizeof(B2gHashItem));
@ -220,13 +222,18 @@ static inline int B2gInitHashAdd(B2gCtx *ctx, B2gPattern *p) {
return 0;
}
B2gPattern *t = ctx->init_hash[hash], *tt = NULL;
for ( ; t != NULL; t = t->next) {
B2gPattern *tt = NULL;
B2gPattern *t = ctx->init_hash[hash];
/* get the list tail */
do {
tt = t;
}
t = t->next;
} while (t != NULL);
tt->next = p;
//printf("B2gInitHashAdd: hash %" PRIu32 ", head %p\n", hash, ctx->init_hash[hash]);
//printf("B2gInitHashAdd: hash %" PRIu32 ", head %p\n", hash, ctx->init_hash[hash]);
return 0;
}

13
src/util-mpm-b3g.c
Unescape Escape View File

@ -144,6 +144,7 @@ static inline B3gPattern *B3gAllocPattern(MpmCtx *mpm_ctx) {
B3gPattern *p = malloc(sizeof(B3gPattern));
if (p == NULL) {
printf("ERROR: B3gAllocPattern: malloc failed\n");
exit(EXIT_FAILURE);
}
memset(p,0,sizeof(B3gPattern));
@ -157,6 +158,7 @@ B3gAllocHashItem(MpmCtx *mpm_ctx) {
B3gHashItem *hi = malloc(sizeof(B3gHashItem));
if (hi == NULL) {
printf("ERROR: B3gAllocHashItem: malloc failed\n");
exit(EXIT_FAILURE);
}
memset(hi,0,sizeof(B3gHashItem));
@ -214,10 +216,15 @@ static inline int B3gInitHashAdd(B3gCtx *ctx, B3gPattern *p) {
return 0;
}
B3gPattern *t = ctx->init_hash[hash], *tt = NULL;
for ( ; t != NULL; t = t->next) {
B3gPattern *tt = NULL;
B3gPattern *t = ctx->init_hash[hash];
/* get the list tail */
do {
tt = t;
}
t = t->next;
} while (t != NULL);
tt->next = p;
//printf("B3gInitHashAdd: hash %" PRIu32 ", head %p\n", hash, ctx->init_hash[hash]);

13
src/util-mpm-wumanber.c
Unescape Escape View File

@ -209,6 +209,7 @@ static inline WmPattern *WmAllocPattern(MpmCtx *mpm_ctx) {
WmPattern *p = malloc(sizeof(WmPattern));
if (p == NULL) {
printf("ERROR: WmAllocPattern: malloc failed\n");
exit(EXIT_FAILURE);
}
memset(p,0,sizeof(WmPattern));
@ -222,6 +223,7 @@ WmAllocHashItem(MpmCtx *mpm_ctx) {
WmHashItem *hi = malloc(sizeof(WmHashItem));
if (hi == NULL) {
printf("ERROR: WmAllocHashItem: malloc failed\n");
exit(EXIT_FAILURE);
}
memset(hi,0,sizeof(WmHashItem));
@ -279,10 +281,15 @@ static inline int WmInitHashAdd(WmCtx *ctx, WmPattern *p) {
return 0;
}
WmPattern *t = ctx->init_hash[hash], *tt = NULL;
for ( ; t != NULL; t = t->next) {
WmPattern *tt = NULL;
WmPattern *t = ctx->init_hash[hash];
/* get the list tail */
do {
tt = t;
}
t = t->next;
} while (t != NULL);
tt->next = p;
//printf("WmInitHashAdd: hash %" PRIu32 ", head %p\n", hash, ctx->init_hash[hash]);

8
src/util-pool.c
Unescape Escape View File

@ -183,8 +183,6 @@ static int PoolTestInit02 (void) {
p->alloc_list, p->empty_list);
retval = 0;
goto end;
} else {
retval = 1;
}
if (p->Alloc != PoolTestAlloc) {
@ -192,8 +190,6 @@ static int PoolTestInit02 (void) {
p->Alloc, PoolTestAlloc);
retval = 0;
goto end;
} else {
retval = 1;
}
if (p->Free != PoolTestFree) {
@ -201,9 +197,9 @@ static int PoolTestInit02 (void) {
p->Free, PoolTestFree);
retval = 0;
goto end;
} else {
retval = 1;
}
retval = 1;
end:
if (p != NULL)
PoolFree(p);

1
src/util-print.c
Unescape Escape View File

@ -37,7 +37,6 @@ void PrintRawDataFp(FILE *fp, uint8_t *buf, uint32_t buflen) {
for ( ; s < spaces; s++) fprintf(fp, " ");
}
ch = 0;
for (ch = 0; (i+ch) < buflen && ch < 16; ch++) {
fprintf(fp, "%c", isprint((uint8_t)buf[i+ch]) ? (uint8_t)buf[i+ch] : '.');

Write Preview
Loading…
Cancel
Save