aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

output: remove error codes from output

Browse Source
pull/8304/head
Victor Julien 3 years ago
parent 39f5c7f56a
commit b31ffde6f4
326 changed files with 3896 additions and 4495 deletions
Show Stats Download Patch File Download Diff File

1
rust/src/core.rs
Unescape Escape View File

@ -129,7 +129,6 @@ pub type SCLogMessageFunc =
filename: *const std::os::raw::c_char, filename: *const std::os::raw::c_char,
line: std::os::raw::c_uint, line: std::os::raw::c_uint,
function: *const std::os::raw::c_char, function: *const std::os::raw::c_char,
code: std::os::raw::c_int,
message: *const std::os::raw::c_char) -> std::os::raw::c_int; message: *const std::os::raw::c_char) -> std::os::raw::c_int;
pub type DetectEngineStateFreeFunc = pub type DetectEngineStateFreeFunc =

21
rust/src/log.rs
Unescape Escape View File

@ -68,14 +68,13 @@ fn basename(filename: &str) -> &str {
} }
pub fn sclog(level: Level, file: &str, line: u32, function: &str, pub fn sclog(level: Level, file: &str, line: u32, function: &str,
code: i32, message: &str) message: &str)
{ {
let filename = basename(file); let filename = basename(file);
sc_log_message(level, sc_log_message(level,
filename, filename,
line, line,
function, function,
code,
message); message);
} }
@ -99,9 +98,9 @@ macro_rules!function {
#[macro_export] #[macro_export]
macro_rules!do_log { macro_rules!do_log {
($level:expr, $code:expr, $($arg:tt)*) => { ($level:expr, $($arg:tt)*) => {
if $crate::log::get_log_level() >= $level as i32 { if $crate::log::get_log_level() >= $level as i32 {
$crate::log::sclog($level, file!(), line!(), $crate::function!(), $code, $crate::log::sclog($level, file!(), line!(), $crate::function!(),
&(format!($($arg)*))); &(format!($($arg)*)));
} }
} }
@ -110,35 +109,35 @@ macro_rules!do_log {
#[macro_export] #[macro_export]
macro_rules!SCLogError { macro_rules!SCLogError {
($($arg:tt)*) => { ($($arg:tt)*) => {
$crate::do_log!($crate::log::Level::Error, 0, $($arg)*); $crate::do_log!($crate::log::Level::Error, $($arg)*);
}; };
} }
#[macro_export] #[macro_export]
macro_rules!SCLogNotice { macro_rules!SCLogNotice {
($($arg:tt)*) => { ($($arg:tt)*) => {
$crate::do_log!($crate::log::Level::Notice, 0, $($arg)*); $crate::do_log!($crate::log::Level::Notice, $($arg)*);
} }
} }
#[macro_export] #[macro_export]
macro_rules!SCLogInfo { macro_rules!SCLogInfo {
($($arg:tt)*) => { ($($arg:tt)*) => {
$crate::do_log!($crate::log::Level::Info, 0, $($arg)*); $crate::do_log!($crate::log::Level::Info, $($arg)*);
} }
} }
#[macro_export] #[macro_export]
macro_rules!SCLogPerf { macro_rules!SCLogPerf {
($($arg:tt)*) => { ($($arg:tt)*) => {
$crate::do_log!($crate::log::Level::Perf, 0, $($arg)*); $crate::do_log!($crate::log::Level::Perf, $($arg)*);
} }
} }
#[macro_export] #[macro_export]
macro_rules!SCLogConfig { macro_rules!SCLogConfig {
($($arg:tt)*) => { ($($arg:tt)*) => {
$crate::do_log!($crate::log::Level::Config, 0, $($arg)*); $crate::do_log!($crate::log::Level::Config, $($arg)*);
} }
} }
@ -147,7 +146,7 @@ macro_rules!SCLogConfig {
#[macro_export] #[macro_export]
macro_rules!SCLogDebug { macro_rules!SCLogDebug {
($($arg:tt)*) => { ($($arg:tt)*) => {
do_log!($crate::log::Level::Debug, 0, $($arg)*); do_log!($crate::log::Level::Debug, $($arg)*);
} }
} }
@ -168,7 +167,6 @@ pub fn sc_log_message(level: Level,
filename: &str, filename: &str,
line: std::os::raw::c_uint, line: std::os::raw::c_uint,
function: &str, function: &str,
code: std::os::raw::c_int,
message: &str) -> std::os::raw::c_int message: &str) -> std::os::raw::c_int
{ {
unsafe { unsafe {
@ -178,7 +176,6 @@ pub fn sc_log_message(level: Level,
to_safe_cstring(filename).as_ptr(), to_safe_cstring(filename).as_ptr(),
line, line,
to_safe_cstring(function).as_ptr(), to_safe_cstring(function).as_ptr(),
code,
to_safe_cstring(message).as_ptr()); to_safe_cstring(message).as_ptr());
} }
} }

6
src/alert-syslog.c
Unescape Escape View File

@ -101,9 +101,9 @@ static OutputInitResult AlertSyslogInitCtx(ConfNode *conf)
int facility = SCMapEnumNameToValue(facility_s, SCSyslogGetFacilityMap()); int facility = SCMapEnumNameToValue(facility_s, SCSyslogGetFacilityMap());
if (facility == -1) { if (facility == -1) {
SCLogWarning(SC_ERR_INVALID_ARGUMENT, "Invalid syslog facility: \"%s\"," SCLogWarning("Invalid syslog facility: \"%s\","
" now using \"%s\" as syslog facility", facility_s, " now using \"%s\" as syslog facility",
DEFAULT_ALERT_SYSLOG_FACILITY_STR); facility_s, DEFAULT_ALERT_SYSLOG_FACILITY_STR);
facility = DEFAULT_ALERT_SYSLOG_FACILITY; facility = DEFAULT_ALERT_SYSLOG_FACILITY;
} }

43
src/app-layer-detect-proto.c
Unescape Escape View File

@ -683,7 +683,7 @@ static uint32_t AppLayerProtoDetectProbingParserGetMask(AppProto alproto)
SCEnter(); SCEnter();
if (!(alproto > ALPROTO_UNKNOWN && alproto < ALPROTO_FAILED)) { if (!(alproto > ALPROTO_UNKNOWN && alproto < ALPROTO_FAILED)) {
FatalError(SC_ERR_ALPARSER, "Unknown protocol detected - %u", alproto); FatalError("Unknown protocol detected - %u", alproto);
} }
SCReturnUInt(1UL << (uint32_t)alproto); SCReturnUInt(1UL << (uint32_t)alproto);
@ -793,13 +793,14 @@ AppLayerProtoDetectProbingParserElementCreate(AppProto alproto,
pe->next = NULL; pe->next = NULL;
if (max_depth != 0 && min_depth >= max_depth) { if (max_depth != 0 && min_depth >= max_depth) {
SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to " SCLogError("Invalid arguments sent to "
"register the probing parser. min_depth >= max_depth"); "register the probing parser. min_depth >= max_depth");
goto error; goto error;
} }
if (alproto <= ALPROTO_UNKNOWN || alproto >= ALPROTO_MAX) { if (alproto <= ALPROTO_UNKNOWN || alproto >= ALPROTO_MAX) {
SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to register " SCLogError("Invalid arguments sent to register "
"the probing parser. Invalid alproto - %d", alproto); "the probing parser. Invalid alproto - %d",
alproto);
goto error; goto error;
} }
@ -1199,13 +1200,12 @@ static void AppLayerProtoDetectInsertNewProbingParser(AppLayerProtoDetectProbing
curr_pe = curr_port->sp; curr_pe = curr_port->sp;
while (curr_pe != NULL) { while (curr_pe != NULL) {
if (curr_pe->alproto == alproto) { if (curr_pe->alproto == alproto) {
SCLogError(SC_ERR_ALPARSER, "Duplicate pp registered - " SCLogError("Duplicate pp registered - "
"ipproto - %"PRIu8" Port - %"PRIu16" " "ipproto - %" PRIu8 " Port - %" PRIu16 " "
"App Protocol - NULL, App Protocol(ID) - " "App Protocol - NULL, App Protocol(ID) - "
"%"PRIu16" min_depth - %"PRIu16" " "%" PRIu16 " min_depth - %" PRIu16 " "
"max_dept - %"PRIu16".", "max_dept - %" PRIu16 ".",
ipproto, port, alproto, ipproto, port, alproto, min_depth, max_depth);
min_depth, max_depth);
goto error; goto error;
} }
curr_pe = curr_pe->next; curr_pe = curr_pe->next;
@ -1747,9 +1747,9 @@ int AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name,
r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.", r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
alproto_name, ".detection-ports"); alproto_name, ".detection-ports");
if (r < 0) { if (r < 0) {
FatalError(SC_ERR_FATAL, "snprintf failure."); FatalError("snprintf failure.");
} else if (r > (int)sizeof(param)) { } else if (r > (int)sizeof(param)) {
FatalError(SC_ERR_FATAL, "buffer not big enough to write param."); FatalError("buffer not big enough to write param.");
} }
node = ConfGetNode(param); node = ConfGetNode(param);
if (node == NULL) { if (node == NULL) {
@ -1757,9 +1757,9 @@ int AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name,
r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.", r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
alproto_name, ".", ipproto_name, ".detection-ports"); alproto_name, ".", ipproto_name, ".detection-ports");
if (r < 0) { if (r < 0) {
FatalError(SC_ERR_FATAL, "snprintf failure."); FatalError("snprintf failure.");
} else if (r > (int)sizeof(param)) { } else if (r > (int)sizeof(param)) {
FatalError(SC_ERR_FATAL, "buffer not big enough to write param."); FatalError("buffer not big enough to write param.");
} }
node = ConfGetNode(param); node = ConfGetNode(param);
if (node == NULL) if (node == NULL)
@ -1857,7 +1857,7 @@ int AppLayerProtoDetectSetup(void)
alpd_ctx.spm_global_thread_ctx = SpmInitGlobalThreadCtx(spm_matcher); alpd_ctx.spm_global_thread_ctx = SpmInitGlobalThreadCtx(spm_matcher);
if (alpd_ctx.spm_global_thread_ctx == NULL) { if (alpd_ctx.spm_global_thread_ctx == NULL) {
FatalError(SC_ERR_FATAL, "Unable to alloc SpmGlobalThreadCtx."); FatalError("Unable to alloc SpmGlobalThreadCtx.");
} }
for (i = 0; i < FLOW_PROTO_DEFAULT; i++) { for (i = 0; i < FLOW_PROTO_DEFAULT; i++) {
@ -2029,9 +2029,9 @@ int AppLayerProtoDetectConfProtoDetectionEnabledDefault(
r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.", r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
alproto, ".enabled"); alproto, ".enabled");
if (r < 0) { if (r < 0) {
FatalError(SC_ERR_FATAL, "snprintf failure."); FatalError("snprintf failure.");
} else if (r > (int)sizeof(param)) { } else if (r > (int)sizeof(param)) {
FatalError(SC_ERR_FATAL, "buffer not big enough to write param."); FatalError("buffer not big enough to write param.");
} }
node = ConfGetNode(param); node = ConfGetNode(param);
@ -2040,9 +2040,9 @@ int AppLayerProtoDetectConfProtoDetectionEnabledDefault(
r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.", r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
alproto, ".", ipproto, ".enabled"); alproto, ".", ipproto, ".enabled");
if (r < 0) { if (r < 0) {
FatalError(SC_ERR_FATAL, "snprintf failure."); FatalError("snprintf failure.");
} else if (r > (int)sizeof(param)) { } else if (r > (int)sizeof(param)) {
FatalError(SC_ERR_FATAL, "buffer not big enough to write param."); FatalError("buffer not big enough to write param.");
} }
node = ConfGetNode(param); node = ConfGetNode(param);
@ -2067,7 +2067,7 @@ int AppLayerProtoDetectConfProtoDetectionEnabledDefault(
} }
/* Invalid or null value. */ /* Invalid or null value. */
SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param); SCLogError("Invalid value found for %s.", param);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
disabled: disabled:
@ -2253,8 +2253,7 @@ void AppLayerRegisterExpectationProto(uint8_t proto, AppProto alproto)
{ {
if (expectation_proto[alproto]) { if (expectation_proto[alproto]) {
if (proto != expectation_proto[alproto]) { if (proto != expectation_proto[alproto]) {
SCLogError(SC_ERR_NOT_SUPPORTED, SCLogError("Expectation on 2 IP protocols are not supported");
"Expectation on 2 IP protocols are not supported");
} }
} }
expectation_proto[alproto] = proto; expectation_proto[alproto] = proto;

12
src/app-layer-dnp3.c
Unescape Escape View File

@ -471,7 +471,7 @@ static void DNP3SetEvent(DNP3State *dnp3, uint8_t event)
dnp3->events++; dnp3->events++;
} }
else { else {
SCLogWarning(SC_ERR_ALPARSER, "Failed to set event, state or tx pointer was NULL."); SCLogWarning("Failed to set event, state or tx pointer was NULL.");
} }
} }
@ -1460,8 +1460,9 @@ static int DNP3StateGetEventInfo(const char *event_name, int *event_id,
{ {
*event_id = SCMapEnumNameToValue(event_name, dnp3_decoder_event_table); *event_id = SCMapEnumNameToValue(event_name, dnp3_decoder_event_table);
if (*event_id == -1) { if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "Event \"%s\" not present in " SCLogError("Event \"%s\" not present in "
"the DNP3 enum event map table.", event_name); "the DNP3 enum event map table.",
event_name);
return -1; return -1;
} }
@ -1478,8 +1479,9 @@ static int DNP3StateGetEventInfoById(int event_id, const char **event_name,
{ {
*event_name = SCMapEnumValueToName(event_id, dnp3_decoder_event_table); *event_name = SCMapEnumValueToName(event_id, dnp3_decoder_event_table);
if (*event_name == NULL) { if (*event_name == NULL) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "Event \"%d\" not present in " SCLogError("Event \"%d\" not present in "
"the DNP3 enum event map table.", event_id); "the DNP3 enum event map table.",
event_id);
return -1; return -1;
} }

10
src/app-layer-enip.c
Unescape Escape View File

@ -108,8 +108,9 @@ static int ENIPStateGetEventInfo(const char *event_name, int *event_id, AppLayer
*event_id = SCMapEnumNameToValue(event_name, enip_decoder_event_table); *event_id = SCMapEnumNameToValue(event_name, enip_decoder_event_table);
if (*event_id == -1) { if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in " SCLogError("event \"%s\" not present in "
"enip's enum map table.", event_name); "enip's enum map table.",
event_name);
/* yes this is fatal */ /* yes this is fatal */
return -1; return -1;
} }
@ -124,8 +125,9 @@ static int ENIPStateGetEventInfoById(int event_id, const char **event_name,
{ {
*event_name = SCMapEnumValueToName(event_id, enip_decoder_event_table); *event_name = SCMapEnumValueToName(event_id, enip_decoder_event_table);
if (*event_name == NULL) { if (*event_name == NULL) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in " SCLogError("event \"%d\" not present in "
"enip's enum map table.", event_id); "enip's enum map table.",
event_id);
/* yes this is fatal */ /* yes this is fatal */
return -1; return -1;
} }

10
src/app-layer-events.c
Unescape Escape View File

@ -53,8 +53,9 @@ int AppLayerGetEventInfoById(int event_id, const char **event_name,
{ {
*event_name = SCMapEnumValueToName(event_id, app_layer_event_pkt_table); *event_name = SCMapEnumValueToName(event_id, app_layer_event_pkt_table);
if (*event_name == NULL) { if (*event_name == NULL) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in " SCLogError("event \"%d\" not present in "
"app-layer-event's enum map table.", event_id); "app-layer-event's enum map table.",
event_id);
/* yes this is fatal */ /* yes this is fatal */
return -1; return -1;
} }
@ -68,8 +69,9 @@ int AppLayerGetPktEventInfo(const char *event_name, int *event_id)
{ {
*event_id = SCMapEnumNameToValue(event_name, app_layer_event_pkt_table); *event_id = SCMapEnumNameToValue(event_name, app_layer_event_pkt_table);
if (*event_id == -1) { if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in " SCLogError("event \"%s\" not present in "
"app-layer-event's packet event table.", event_name); "app-layer-event's packet event table.",
event_name);
/* this should be treated as fatal */ /* this should be treated as fatal */
return -1; return -1;
} }

12
src/app-layer-ftp.c
Unescape Escape View File

@ -118,9 +118,9 @@ static void FTPParseMemcap(void)
if ((ConfGet("app-layer.protocols.ftp.memcap", &conf_val)) == 1) if ((ConfGet("app-layer.protocols.ftp.memcap", &conf_val)) == 1)
{ {
if (ParseSizeStringU64(conf_val, &ftp_config_memcap) < 0) { if (ParseSizeStringU64(conf_val, &ftp_config_memcap) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing ftp.memcap " SCLogError("Error parsing ftp.memcap "
"from conf file - %s. Killing engine", "from conf file - %s. Killing engine",
conf_val); conf_val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
SCLogInfo("FTP memcap: %"PRIu64, ftp_config_memcap); SCLogInfo("FTP memcap: %"PRIu64, ftp_config_memcap);
@ -134,9 +134,8 @@ static void FTPParseMemcap(void)
if ((ConfGet("app-layer.protocols.ftp.max-tx", &conf_val)) == 1) { if ((ConfGet("app-layer.protocols.ftp.max-tx", &conf_val)) == 1) {
if (ParseSizeStringU32(conf_val, &ftp_config_maxtx) < 0) { if (ParseSizeStringU32(conf_val, &ftp_config_maxtx) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, SCLogError("Error parsing ftp.max-tx "
"Error parsing ftp.max-tx " "from conf file - %s.",
"from conf file - %s.",
conf_val); conf_val);
} }
SCLogInfo("FTP max tx: %" PRIu32, ftp_config_maxtx); SCLogInfo("FTP max tx: %" PRIu32, ftp_config_maxtx);
@ -144,8 +143,7 @@ static void FTPParseMemcap(void)
if ((ConfGet("app-layer.protocols.ftp.max-line-length", &conf_val)) == 1) { if ((ConfGet("app-layer.protocols.ftp.max-line-length", &conf_val)) == 1) {
if (ParseSizeStringU32(conf_val, &ftp_max_line_len) < 0) { if (ParseSizeStringU32(conf_val, &ftp_max_line_len) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing ftp.max-line-length from conf file - %s.", SCLogError("Error parsing ftp.max-line-length from conf file - %s.", conf_val);
conf_val);
} }
SCLogConfig("FTP max line length: %" PRIu32, ftp_max_line_len); SCLogConfig("FTP max line length: %" PRIu32, ftp_max_line_len);
} }

4
src/app-layer-htp-mem.c
Unescape Escape View File

@ -51,9 +51,9 @@ void HTPParseMemcap()
if ((ConfGet("app-layer.protocols.http.memcap", &conf_val)) == 1) if ((ConfGet("app-layer.protocols.http.memcap", &conf_val)) == 1)
{ {
if (ParseSizeStringU64(conf_val, &memcap) < 0) { if (ParseSizeStringU64(conf_val, &memcap) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing http.memcap " SCLogError("Error parsing http.memcap "
"from conf file - %s. Killing engine", "from conf file - %s. Killing engine",
conf_val); conf_val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} else { } else {
SC_ATOMIC_SET(htp_config_memcap, memcap); SC_ATOMIC_SET(htp_config_memcap, memcap);

10
src/app-layer-htp-range.c
Unescape Escape View File

@ -155,9 +155,8 @@ void HttpRangeContainersInit(void)
uint32_t timeout = HTTP_RANGE_DEFAULT_TIMEOUT; uint32_t timeout = HTTP_RANGE_DEFAULT_TIMEOUT;
if (ConfGet("app-layer.protocols.http.byterange.memcap", &str) == 1) { if (ConfGet("app-layer.protocols.http.byterange.memcap", &str) == 1) {
if (ParseSizeStringU64(str, &memcap) < 0) { if (ParseSizeStringU64(str, &memcap) < 0) {
SCLogWarning(SC_EINVAL, SCLogWarning("memcap value cannot be deduced: %s,"
"memcap value cannot be deduced: %s," " resetting to default",
" resetting to default",
str); str);
memcap = 0; memcap = 0;
} }
@ -165,9 +164,8 @@ void HttpRangeContainersInit(void)
if (ConfGet("app-layer.protocols.http.byterange.timeout", &str) == 1) { if (ConfGet("app-layer.protocols.http.byterange.timeout", &str) == 1) {
size_t slen = strlen(str); size_t slen = strlen(str);
if (slen > UINT16_MAX || StringParseUint32(&timeout, 10, (uint16_t)slen, str) <= 0) { if (slen > UINT16_MAX || StringParseUint32(&timeout, 10, (uint16_t)slen, str) <= 0) {
SCLogWarning(SC_EINVAL, SCLogWarning("timeout value cannot be deduced: %s,"
"timeout value cannot be deduced: %s," " resetting to default",
" resetting to default",
str); str);
timeout = 0; timeout = 0;
} }

14
src/app-layer-htp-xff.c
Unescape Escape View File

@ -218,11 +218,11 @@ void HttpXFFGetCfg(ConfNode *conf, HttpXFFCfg *result)
result->flags |= XFF_OVERWRITE; result->flags |= XFF_OVERWRITE;
} else { } else {
if (xff_mode == NULL) { if (xff_mode == NULL) {
SCLogWarning(SC_WARN_XFF_INVALID_MODE, "The XFF mode hasn't been defined, falling back to extra-data mode"); SCLogWarning("The XFF mode hasn't been defined, falling back to extra-data mode");
} }
else if (strcasecmp(xff_mode, "extra-data") != 0) { else if (strcasecmp(xff_mode, "extra-data") != 0) {
SCLogWarning(SC_WARN_XFF_INVALID_MODE, "The XFF mode %s is invalid, falling back to extra-data mode", SCLogWarning(
xff_mode); "The XFF mode %s is invalid, falling back to extra-data mode", xff_mode);
} }
result->flags |= XFF_EXTRADATA; result->flags |= XFF_EXTRADATA;
} }
@ -233,10 +233,11 @@ void HttpXFFGetCfg(ConfNode *conf, HttpXFFCfg *result)
result->flags |= XFF_FORWARD; result->flags |= XFF_FORWARD;
} else { } else {
if (xff_deployment == NULL) { if (xff_deployment == NULL) {
SCLogWarning(SC_WARN_XFF_INVALID_DEPLOYMENT, "The XFF deployment hasn't been defined, falling back to reverse proxy deployment"); SCLogWarning("The XFF deployment hasn't been defined, falling back to reverse "
"proxy deployment");
} }
else if (strcasecmp(xff_deployment, "reverse") != 0) { else if (strcasecmp(xff_deployment, "reverse") != 0) {
SCLogWarning(SC_WARN_XFF_INVALID_DEPLOYMENT, "The XFF mode %s is invalid, falling back to reverse proxy deployment", SCLogWarning("The XFF mode %s is invalid, falling back to reverse proxy deployment",
xff_deployment); xff_deployment);
} }
result->flags |= XFF_REVERSE; result->flags |= XFF_REVERSE;
@ -247,8 +248,7 @@ void HttpXFFGetCfg(ConfNode *conf, HttpXFFCfg *result)
if (xff_header != NULL) { if (xff_header != NULL) {
result->header = (char *) xff_header; result->header = (char *) xff_header;
} else { } else {
SCLogWarning(SC_WARN_XFF_INVALID_HEADER, "The XFF header hasn't been defined, using the default %s", SCLogWarning("The XFF header hasn't been defined, using the default %s", XFF_DEFAULT);
XFF_DEFAULT);
result->header = XFF_DEFAULT; result->header = XFF_DEFAULT;
} }
} }

157
src/app-layer-htp.c
Unescape Escape View File

@ -282,15 +282,17 @@ static int HTPLookupPersonality(const char *str)
IF_HTP_PERSONALITY_NUM(IIS_7_5); IF_HTP_PERSONALITY_NUM(IIS_7_5);
IF_HTP_PERSONALITY_NUM(APACHE_2); IF_HTP_PERSONALITY_NUM(APACHE_2);
if (strcasecmp("TOMCAT_6_0", str) == 0) { if (strcasecmp("TOMCAT_6_0", str) == 0) {
SCLogError(SC_WARN_OPTION_OBSOLETE, "Personality %s no " SCLogError("Personality %s no "
"longer supported by libhtp.", str); "longer supported by libhtp.",
str);
return -1; return -1;
} else if ((strcasecmp("APACHE", str) == 0) || } else if ((strcasecmp("APACHE", str) == 0) ||
(strcasecmp("APACHE_2_2", str) == 0)) (strcasecmp("APACHE_2_2", str) == 0))
{ {
SCLogWarning(SC_WARN_OPTION_OBSOLETE, "Personality %s no " SCLogWarning("Personality %s no "
"longer supported by libhtp, failing back to " "longer supported by libhtp, failing back to "
"Apache2 personality.", str); "Apache2 personality.",
str);
return HTP_SERVER_APACHE_2; return HTP_SERVER_APACHE_2;
} }
@ -803,7 +805,7 @@ static int Setup(Flow *f, HtpState *hstate)
(void)SCRadixFindKeyIPV6BestMatch((uint8_t *)GET_IPV6_DST_ADDR(f), cfgtree, &user_data); (void)SCRadixFindKeyIPV6BestMatch((uint8_t *)GET_IPV6_DST_ADDR(f), cfgtree, &user_data);
} }
else { else {
SCLogError(SC_ERR_INVALID_ARGUMENT, "unknown address family, bug!"); SCLogError("unknown address family, bug!");
goto error; goto error;
} }
@ -2587,18 +2589,16 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
SCLogDebug("LIBHTP adding ipv6 server %s at %s: %p", SCLogDebug("LIBHTP adding ipv6 server %s at %s: %p",
s->name, pval->val, cfg_prec->cfg); s->name, pval->val, cfg_prec->cfg);
if (SCRadixAddKeyIPV6String(pval->val, tree, cfg_prec) == NULL) { if (SCRadixAddKeyIPV6String(pval->val, tree, cfg_prec) == NULL) {
SCLogWarning(SC_EINVAL, SCLogWarning("LIBHTP failed to "
"LIBHTP failed to " "add ipv6 server %s, ignoring",
"add ipv6 server %s, ignoring",
pval->val); pval->val);
} }
} else { } else {
SCLogDebug("LIBHTP adding ipv4 server %s at %s: %p", SCLogDebug("LIBHTP adding ipv4 server %s at %s: %p",
s->name, pval->val, cfg_prec->cfg); s->name, pval->val, cfg_prec->cfg);
if (SCRadixAddKeyIPV4String(pval->val, tree, cfg_prec) == NULL) { if (SCRadixAddKeyIPV4String(pval->val, tree, cfg_prec) == NULL) {
SCLogWarning(SC_EINVAL, SCLogWarning("LIBHTP failed "
"LIBHTP failed " "to add ipv4 server %s, ignoring",
"to add ipv4 server %s, ignoring",
pval->val); pval->val);
} }
} /* else - if (strchr(pval->val, ':') != NULL) */ } /* else - if (strchr(pval->val, ':') != NULL) */
@ -2614,9 +2614,8 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
SCLogDebug("LIBHTP default: %s=%s (%d)", p->name, p->val, SCLogDebug("LIBHTP default: %s=%s (%d)", p->name, p->val,
personality); personality);
if (htp_config_set_server_personality(cfg_prec->cfg, personality) == HTP_ERROR){ if (htp_config_set_server_personality(cfg_prec->cfg, personality) == HTP_ERROR){
SCLogWarning(SC_EINVAL, SCLogWarning("LIBHTP Failed adding "
"LIBHTP Failed adding " "personality \"%s\", ignoring",
"personality \"%s\", ignoring",
p->val); p->val);
} else { } else {
SCLogDebug("LIBHTP personality set to %s", SCLogDebug("LIBHTP personality set to %s",
@ -2628,37 +2627,42 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
* Signatures do not expect this, so override it. */ * Signatures do not expect this, so override it. */
htp_config_set_convert_lowercase(cfg_prec->cfg, HTP_DECODER_URL_PATH, 0); htp_config_set_convert_lowercase(cfg_prec->cfg, HTP_DECODER_URL_PATH, 0);
} else { } else {
SCLogWarning(SC_ERR_UNKNOWN_VALUE, "LIBHTP Unknown personality " SCLogWarning("LIBHTP Unknown personality "
"\"%s\", ignoring", p->val); "\"%s\", ignoring",
p->val);
continue; continue;
} }
} else if (strcasecmp("request-body-limit", p->name) == 0 || } else if (strcasecmp("request-body-limit", p->name) == 0 ||
strcasecmp("request_body_limit", p->name) == 0) { strcasecmp("request_body_limit", p->name) == 0) {
if (ParseSizeStringU32(p->val, &cfg_prec->request.body_limit) < 0) { if (ParseSizeStringU32(p->val, &cfg_prec->request.body_limit) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing request-body-limit " SCLogError("Error parsing request-body-limit "
"from conf file - %s. Killing engine", p->val); "from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} else if (strcasecmp("response-body-limit", p->name) == 0) { } else if (strcasecmp("response-body-limit", p->name) == 0) {
if (ParseSizeStringU32(p->val, &cfg_prec->response.body_limit) < 0) { if (ParseSizeStringU32(p->val, &cfg_prec->response.body_limit) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-limit " SCLogError("Error parsing response-body-limit "
"from conf file - %s. Killing engine", p->val); "from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} else if (strcasecmp("request-body-minimal-inspect-size", p->name) == 0) { } else if (strcasecmp("request-body-minimal-inspect-size", p->name) == 0) {
if (ParseSizeStringU32(p->val, &cfg_prec->request.inspect_min_size) < 0) { if (ParseSizeStringU32(p->val, &cfg_prec->request.inspect_min_size) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing request-body-minimal-inspect-size " SCLogError("Error parsing request-body-minimal-inspect-size "
"from conf file - %s. Killing engine", p->val); "from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} else if (strcasecmp("request-body-inspect-window", p->name) == 0) { } else if (strcasecmp("request-body-inspect-window", p->name) == 0) {
if (ParseSizeStringU32(p->val, &cfg_prec->request.inspect_window) < 0) { if (ParseSizeStringU32(p->val, &cfg_prec->request.inspect_window) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing request-body-inspect-window " SCLogError("Error parsing request-body-inspect-window "
"from conf file - %s. Killing engine", p->val); "from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
@ -2676,30 +2680,34 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
} else if (strcasecmp("response-body-minimal-inspect-size", p->name) == 0) { } else if (strcasecmp("response-body-minimal-inspect-size", p->name) == 0) {
if (ParseSizeStringU32(p->val, &cfg_prec->response.inspect_min_size) < 0) { if (ParseSizeStringU32(p->val, &cfg_prec->response.inspect_min_size) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-minimal-inspect-size " SCLogError("Error parsing response-body-minimal-inspect-size "
"from conf file - %s. Killing engine", p->val); "from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} else if (strcasecmp("response-body-inspect-window", p->name) == 0) { } else if (strcasecmp("response-body-inspect-window", p->name) == 0) {
if (ParseSizeStringU32(p->val, &cfg_prec->response.inspect_window) < 0) { if (ParseSizeStringU32(p->val, &cfg_prec->response.inspect_window) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-inspect-window " SCLogError("Error parsing response-body-inspect-window "
"from conf file - %s. Killing engine", p->val); "from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} else if (strcasecmp("response-body-decompress-layer-limit", p->name) == 0) { } else if (strcasecmp("response-body-decompress-layer-limit", p->name) == 0) {
uint32_t value = 2; uint32_t value = 2;
if (ParseSizeStringU32(p->val, &value) < 0) { if (ParseSizeStringU32(p->val, &value) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-inspect-window " SCLogError("Error parsing response-body-inspect-window "
"from conf file - %s. Killing engine", p->val); "from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
#ifdef HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT #ifdef HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT
htp_config_set_response_decompression_layer_limit(cfg_prec->cfg, value); htp_config_set_response_decompression_layer_limit(cfg_prec->cfg, value);
#else #else
SCLogWarning(SC_WARN_OUTDATED_LIBHTP, "can't set response-body-decompress-layer-limit " SCLogWarning("can't set response-body-decompress-layer-limit "
"to %u, libhtp version too old", value); "to %u, libhtp version too old",
value);
#endif #endif
} else if (strcasecmp("path-convert-backslash-separators", p->name) == 0) { } else if (strcasecmp("path-convert-backslash-separators", p->name) == 0) {
htp_config_set_backslash_convert_slashes(cfg_prec->cfg, htp_config_set_backslash_convert_slashes(cfg_prec->cfg,
@ -2711,7 +2719,7 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
HTP_DECODER_URL_PATH, HTP_DECODER_URL_PATH,
p->val[0]); p->val[0]);
} else { } else {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry " SCLogError("Invalid entry "
"for libhtp param path-bestfit-replacement-char"); "for libhtp param path-bestfit-replacement-char");
} }
} else if (strcasecmp("path-convert-lowercase", p->name) == 0) { } else if (strcasecmp("path-convert-lowercase", p->name) == 0) {
@ -2747,7 +2755,7 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
} else if (strcasecmp(p->val, "decode_invalid") == 0) { } else if (strcasecmp(p->val, "decode_invalid") == 0) {
handling = HTP_URL_DECODE_PROCESS_INVALID; handling = HTP_URL_DECODE_PROCESS_INVALID;
} else { } else {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry " SCLogError("Invalid entry "
"for libhtp param path-url-encoding-invalid-handling"); "for libhtp param path-url-encoding-invalid-handling");
return; return;
} }
@ -2769,12 +2777,13 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
} else if (strcasecmp("meta-field-limit", p->name) == 0) { } else if (strcasecmp("meta-field-limit", p->name) == 0) {
uint32_t limit = 0; uint32_t limit = 0;
if (ParseSizeStringU32(p->val, &limit) < 0) { if (ParseSizeStringU32(p->val, &limit) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error meta-field-limit " SCLogError("Error meta-field-limit "
"from conf file - %s. Killing engine", p->val); "from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if (limit == 0) { if (limit == 0) {
FatalError(SC_ERR_FATAL, "Error meta-field-limit " FatalError("Error meta-field-limit "
"from conf file cannot be 0. Killing engine"); "from conf file cannot be 0. Killing engine");
} }
/* set default soft-limit with our new hard limit */ /* set default soft-limit with our new hard limit */
@ -2785,11 +2794,12 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
} else if (strcasecmp("lzma-memlimit", p->name) == 0) { } else if (strcasecmp("lzma-memlimit", p->name) == 0) {
uint32_t limit = 0; uint32_t limit = 0;
if (ParseSizeStringU32(p->val, &limit) < 0) { if (ParseSizeStringU32(p->val, &limit) < 0) {
FatalError(SC_ERR_SIZE_PARSE, "failed to parse 'lzma-memlimit' " FatalError("failed to parse 'lzma-memlimit' "
"from conf file - %s.", p->val); "from conf file - %s.",
p->val);
} }
if (limit == 0) { if (limit == 0) {
FatalError(SC_ERR_SIZE_PARSE, "'lzma-memlimit' " FatalError("'lzma-memlimit' "
"from conf file cannot be 0."); "from conf file cannot be 0.");
} }
/* set default soft-limit with our new hard limit */ /* set default soft-limit with our new hard limit */
@ -2803,9 +2813,8 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
} else if (!ConfValIsFalse(p->val)) { } else if (!ConfValIsFalse(p->val)) {
int8_t limit; int8_t limit;
if (StringParseInt8(&limit, 10, 0, (const char *)p->val) < 0) { if (StringParseInt8(&limit, 10, 0, (const char *)p->val) < 0) {
FatalError(SC_ERR_SIZE_PARSE, FatalError("failed to parse 'lzma-enabled' "
"failed to parse 'lzma-enabled' " "from conf file - %s.",
"from conf file - %s.",
p->val); p->val);
} }
SCLogConfig("Setting HTTP LZMA decompression layers to %" PRIu32 "", (int)limit); SCLogConfig("Setting HTTP LZMA decompression layers to %" PRIu32 "", (int)limit);
@ -2816,11 +2825,12 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
} else if (strcasecmp("compression-bomb-limit", p->name) == 0) { } else if (strcasecmp("compression-bomb-limit", p->name) == 0) {
uint32_t limit = 0; uint32_t limit = 0;
if (ParseSizeStringU32(p->val, &limit) < 0) { if (ParseSizeStringU32(p->val, &limit) < 0) {
FatalError(SC_ERR_SIZE_PARSE, "failed to parse 'compression-bomb-limit' " FatalError("failed to parse 'compression-bomb-limit' "
"from conf file - %s.", p->val); "from conf file - %s.",
p->val);
} }
if (limit == 0) { if (limit == 0) {
FatalError(SC_ERR_SIZE_PARSE, "'compression-bomb-limit' " FatalError("'compression-bomb-limit' "
"from conf file cannot be 0."); "from conf file cannot be 0.");
} }
/* set default soft-limit with our new hard limit */ /* set default soft-limit with our new hard limit */
@ -2832,9 +2842,8 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
uint32_t limit = 0; uint32_t limit = 0;
// between 1 usec and 1 second // between 1 usec and 1 second
if (StringParseU32RangeCheck(&limit, 10, 0, p->val, 1, 1000000) < 0) { if (StringParseU32RangeCheck(&limit, 10, 0, p->val, 1, 1000000) < 0) {
FatalError(SC_ERR_SIZE_PARSE, FatalError("failed to parse 'decompression-time-limit' "
"failed to parse 'decompression-time-limit' " "from conf file - %s.",
"from conf file - %s.",
p->val); p->val);
} }
SCLogConfig("Setting HTTP decompression time limit to %" PRIu32 " usec", limit); SCLogConfig("Setting HTTP decompression time limit to %" PRIu32 " usec", limit);
@ -2848,11 +2857,10 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
uint32_t range; uint32_t range;
if (StringParseU32RangeCheck(&range, 10, 0, if (StringParseU32RangeCheck(&range, 10, 0,
(const char *)p->val, 0, 100) < 0) { (const char *)p->val, 0, 100) < 0) {
SCLogError(SC_EINVAL, SCLogError("Invalid value for randomize"
"Invalid value for randomize" "-inspection-range setting from conf file - \"%s\"."
"-inspection-range setting from conf file - \"%s\"." " It should be a valid integer less than or equal to 100."
" It should be a valid integer less than or equal to 100." " Killing engine",
" Killing engine",
p->val); p->val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
@ -2894,33 +2902,34 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
} else if (strcasecmp("both", pval->val) == 0) { } else if (strcasecmp("both", pval->val) == 0) {
cfg_prec->swf_compression_type = HTTP_SWF_COMPRESSION_BOTH; cfg_prec->swf_compression_type = HTTP_SWF_COMPRESSION_BOTH;
} else { } else {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, SCLogError("Invalid entry for "
"Invalid entry for "
"swf-decompression.type: %s - " "swf-decompression.type: %s - "
"Killing engine", pval->val); "Killing engine",
pval->val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} else if (strcasecmp("compress-depth", pval->name) == 0) { } else if (strcasecmp("compress-depth", pval->name) == 0) {
if (ParseSizeStringU32(pval->val, &cfg_prec->swf_compress_depth) < 0) { if (ParseSizeStringU32(pval->val, &cfg_prec->swf_compress_depth) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, SCLogError("Error parsing swf-decompression.compression-depth "
"Error parsing swf-decompression.compression-depth " "from conf file - %s. Killing engine",
"from conf file - %s. Killing engine", p->val); p->val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} else if (strcasecmp("decompress-depth", pval->name) == 0) { } else if (strcasecmp("decompress-depth", pval->name) == 0) {
if (ParseSizeStringU32(pval->val, &cfg_prec->swf_decompress_depth) < 0) { if (ParseSizeStringU32(pval->val, &cfg_prec->swf_decompress_depth) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, SCLogError("Error parsing swf-decompression.decompression-depth "
"Error parsing swf-decompression.decompression-depth " "from conf file - %s. Killing engine",
"from conf file - %s. Killing engine", p->val); p->val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} else { } else {
SCLogWarning(SC_ERR_UNKNOWN_VALUE, "Ignoring unknown param %s", pval->name); SCLogWarning("Ignoring unknown param %s", pval->name);
} }
} }
} else { } else {
SCLogWarning(SC_ERR_UNKNOWN_VALUE, "LIBHTP Ignoring unknown " SCLogWarning("LIBHTP Ignoring unknown "
"default config: %s", p->name); "default config: %s",
p->name);
} }
} /* TAILQ_FOREACH(p, &default_config->head, next) */ } /* TAILQ_FOREACH(p, &default_config->head, next) */
@ -2940,7 +2949,7 @@ void HTPConfigure(void)
/* Default Config */ /* Default Config */
cfglist.cfg = htp_config_create(); cfglist.cfg = htp_config_create();
if (NULL == cfglist.cfg) { if (NULL == cfglist.cfg) {
FatalError(SC_ERR_FATAL, "Failed to create HTP default config"); FatalError("Failed to create HTP default config");
} }
SCLogDebug("LIBHTP default config: %p", cfglist.cfg); SCLogDebug("LIBHTP default config: %p", cfglist.cfg);
HTPConfigSetDefaultsPhase1(&cfglist); HTPConfigSetDefaultsPhase1(&cfglist);
@ -2988,7 +2997,7 @@ void HTPConfigure(void)
cfglist.next->next = nextrec; cfglist.next->next = nextrec;
cfglist.next->cfg = htp_config_create(); cfglist.next->cfg = htp_config_create();
if (NULL == cfglist.next->cfg) { if (NULL == cfglist.next->cfg) {
FatalError(SC_ERR_FATAL, "Failed to create HTP server config"); FatalError("Failed to create HTP server config");
} }
HTPConfigSetDefaultsPhase1(htprec); HTPConfigSetDefaultsPhase1(htprec);
@ -3079,8 +3088,9 @@ static int HTPStateGetEventInfo(const char *event_name,
{ {
*event_id = SCMapEnumNameToValue(event_name, http_decoder_event_table); *event_id = SCMapEnumNameToValue(event_name, http_decoder_event_table);
if (*event_id == -1) { if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in " SCLogError("event \"%s\" not present in "
"http's enum map table.", event_name); "http's enum map table.",
event_name);
/* this should be treated as fatal */ /* this should be treated as fatal */
return -1; return -1;
} }
@ -3095,8 +3105,9 @@ static int HTPStateGetEventInfoById(int event_id, const char **event_name,
{ {
*event_name = SCMapEnumValueToName(event_id, http_decoder_event_table); *event_name = SCMapEnumValueToName(event_id, http_decoder_event_table);
if (*event_name == NULL) { if (*event_name == NULL) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in " SCLogError("event \"%d\" not present in "
"http's enum map table.", event_id); "http's enum map table.",
event_id);
/* this should be treated as fatal */ /* this should be treated as fatal */
return -1; return -1;
} }

2
src/app-layer-mqtt.c
Unescape Escape View File

@ -44,7 +44,7 @@ void RegisterMQTTParsers(void)
if (p != NULL) { if (p != NULL) {
uint32_t value; uint32_t value;
if (ParseSizeStringU32(p->val, &value) < 0) { if (ParseSizeStringU32(p->val, &value) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "invalid value for max-msg-length: %s", p->val); SCLogError("invalid value for max-msg-length: %s", p->val);
} else { } else {
max_msg_len = value; max_msg_len = value;
} }

10
src/app-layer-parser.c
Unescape Escape View File

@ -347,9 +347,9 @@ int AppLayerParserConfParserEnabled(const char *ipproto,
r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.", r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
alproto_name, ".enabled"); alproto_name, ".enabled");
if (r < 0) { if (r < 0) {
FatalError(SC_ERR_FATAL, "snprintf failure."); FatalError("snprintf failure.");
} else if (r > (int)sizeof(param)) { } else if (r > (int)sizeof(param)) {
FatalError(SC_ERR_FATAL, "buffer not big enough to write param."); FatalError("buffer not big enough to write param.");
} }
node = ConfGetNode(param); node = ConfGetNode(param);
@ -358,9 +358,9 @@ int AppLayerParserConfParserEnabled(const char *ipproto,
r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.", r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
alproto_name, ".", ipproto, ".enabled"); alproto_name, ".", ipproto, ".enabled");
if (r < 0) { if (r < 0) {
FatalError(SC_ERR_FATAL, "snprintf failure."); FatalError("snprintf failure.");
} else if (r > (int)sizeof(param)) { } else if (r > (int)sizeof(param)) {
FatalError(SC_ERR_FATAL, "buffer not big enough to write param."); FatalError("buffer not big enough to write param.");
} }
node = ConfGetNode(param); node = ConfGetNode(param);
@ -377,7 +377,7 @@ int AppLayerParserConfParserEnabled(const char *ipproto,
} else if (strcasecmp(node->val, "detection-only") == 0) { } else if (strcasecmp(node->val, "detection-only") == 0) {
goto disabled; goto disabled;
} else { } else {
SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param); SCLogError("Invalid value found for %s.", param);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }

12
src/app-layer-register.c
Unescape Escape View File

@ -41,15 +41,15 @@ AppProto AppLayerRegisterProtocolDetection(const struct AppLayerParser *p, int e
const char *ip_proto_str = NULL; const char *ip_proto_str = NULL;
if (p == NULL) if (p == NULL)
FatalError(SC_ERR_FATAL, "Call to %s with NULL pointer.", __FUNCTION__); FatalError("Call to %s with NULL pointer.", __FUNCTION__);
alproto = StringToAppProto(p->name); alproto = StringToAppProto(p->name);
if (alproto == ALPROTO_UNKNOWN || alproto == ALPROTO_FAILED) if (alproto == ALPROTO_UNKNOWN || alproto == ALPROTO_FAILED)
FatalError(SC_ERR_FATAL, "Unknown or invalid AppProto '%s'.", p->name); FatalError("Unknown or invalid AppProto '%s'.", p->name);
ip_proto_str = IpProtoToString(p->ip_proto); ip_proto_str = IpProtoToString(p->ip_proto);
if (ip_proto_str == NULL) if (ip_proto_str == NULL)
FatalError(SC_ERR_FATAL, "Unknown or unsupported ip_proto field in parser '%s'", p->name); FatalError("Unknown or unsupported ip_proto field in parser '%s'", p->name);
SCLogDebug("%s %s protocol detection enabled.", ip_proto_str, p->name); SCLogDebug("%s %s protocol detection enabled.", ip_proto_str, p->name);
@ -97,14 +97,14 @@ int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto)
const char *ip_proto_str = NULL; const char *ip_proto_str = NULL;
if (p == NULL) if (p == NULL)
FatalError(SC_ERR_FATAL, "Call to %s with NULL pointer.", __FUNCTION__); FatalError("Call to %s with NULL pointer.", __FUNCTION__);
if (alproto == ALPROTO_UNKNOWN || alproto >= ALPROTO_FAILED) if (alproto == ALPROTO_UNKNOWN || alproto >= ALPROTO_FAILED)
FatalError(SC_ERR_FATAL, "Unknown or invalid AppProto '%s'.", p->name); FatalError("Unknown or invalid AppProto '%s'.", p->name);
ip_proto_str = IpProtoToString(p->ip_proto); ip_proto_str = IpProtoToString(p->ip_proto);
if (ip_proto_str == NULL) if (ip_proto_str == NULL)
FatalError(SC_ERR_FATAL, "Unknown or unsupported ip_proto field in parser '%s'", p->name); FatalError("Unknown or unsupported ip_proto field in parser '%s'", p->name);
SCLogDebug("Registering %s protocol parser.", p->name); SCLogDebug("Registering %s protocol parser.", p->name);

40
src/app-layer-smtp.c
Unescape Escape View File

@ -302,16 +302,16 @@ static void SMTPConfigure(void) {
/* new_val_len: scheme value from config e.g. 'http' + '://' + null terminator */ /* new_val_len: scheme value from config e.g. 'http' + '://' + null terminator */
size_t new_val_len = strlen(scheme->val) + 3 + 1; size_t new_val_len = strlen(scheme->val) + 3 + 1;
if (new_val_len > UINT16_MAX) { if (new_val_len > UINT16_MAX) {
FatalError(SC_ERR_FATAL, "Too long value for extract-urls-schemes"); FatalError("Too long value for extract-urls-schemes");
} }
char *new_val = SCMalloc(new_val_len); char *new_val = SCMalloc(new_val_len);
if (unlikely(new_val == NULL)) { if (unlikely(new_val == NULL)) {
FatalError(SC_ERR_FATAL, "SCMalloc failure."); FatalError("SCMalloc failure.");
} }
int r = snprintf(new_val, new_val_len, "%s://", scheme->val); int r = snprintf(new_val, new_val_len, "%s://", scheme->val);
if (r < 0 || r >= (int)new_val_len) { if (r < 0 || r >= (int)new_val_len) {
FatalError(SC_ERR_FATAL, "snprintf failure."); FatalError("snprintf failure.");
} }
/* replace existing scheme value stored on the linked list with new value including /* replace existing scheme value stored on the linked list with new value including
@ -326,20 +326,20 @@ static void SMTPConfigure(void) {
* extract-urls-schemes wasn't found in the config */ * extract-urls-schemes wasn't found in the config */
ConfNode *seq_node = ConfNodeNew(); ConfNode *seq_node = ConfNodeNew();
if (unlikely(seq_node == NULL)) { if (unlikely(seq_node == NULL)) {
FatalError(SC_ERR_FATAL, "ConfNodeNew failure."); FatalError("ConfNodeNew failure.");
} }
ConfNode *scheme = ConfNodeNew(); ConfNode *scheme = ConfNodeNew();
if (unlikely(scheme == NULL)) { if (unlikely(scheme == NULL)) {
FatalError(SC_ERR_FATAL, "ConfNodeNew failure."); FatalError("ConfNodeNew failure.");
} }
seq_node->name = SCStrdup("extract-urls-schemes"); seq_node->name = SCStrdup("extract-urls-schemes");
if (unlikely(seq_node->name == NULL)) { if (unlikely(seq_node->name == NULL)) {
FatalError(SC_ERR_FATAL, "SCStrdup failure."); FatalError("SCStrdup failure.");
} }
scheme->val = SCStrdup("http://"); scheme->val = SCStrdup("http://");
if (unlikely(scheme->val == NULL)) { if (unlikely(scheme->val == NULL)) {
FatalError(SC_ERR_FATAL, "SCStrdup failure."); FatalError("SCStrdup failure.");
} }
seq_node->is_seq = 1; seq_node->is_seq = 1;
@ -374,8 +374,7 @@ static void SMTPConfigure(void) {
TAILQ_FOREACH(p, &t->head, next) { TAILQ_FOREACH(p, &t->head, next) {
if (strcasecmp("content-limit", p->name) == 0) { if (strcasecmp("content-limit", p->name) == 0) {
if (ParseSizeStringU32(p->val, &content_limit) < 0) { if (ParseSizeStringU32(p->val, &content_limit) < 0) {
SCLogWarning(SC_ERR_SIZE_PARSE, SCLogWarning("parsing content-limit %s failed", p->val);
"parsing content-limit %s failed", p->val);
content_limit = FILEDATA_CONTENT_LIMIT; content_limit = FILEDATA_CONTENT_LIMIT;
} }
smtp_config.content_limit = content_limit; smtp_config.content_limit = content_limit;
@ -383,8 +382,7 @@ static void SMTPConfigure(void) {
if (strcasecmp("content-inspect-min-size", p->name) == 0) { if (strcasecmp("content-inspect-min-size", p->name) == 0) {
if (ParseSizeStringU32(p->val, &content_inspect_min_size) < 0) { if (ParseSizeStringU32(p->val, &content_inspect_min_size) < 0) {
SCLogWarning(SC_ERR_SIZE_PARSE, SCLogWarning("parsing content-inspect-min-size %s failed", p->val);
"parsing content-inspect-min-size %s failed", p->val);
content_inspect_min_size = FILEDATA_CONTENT_INSPECT_MIN_SIZE; content_inspect_min_size = FILEDATA_CONTENT_INSPECT_MIN_SIZE;
} }
smtp_config.content_inspect_min_size = content_inspect_min_size; smtp_config.content_inspect_min_size = content_inspect_min_size;
@ -392,8 +390,7 @@ static void SMTPConfigure(void) {
if (strcasecmp("content-inspect-window", p->name) == 0) { if (strcasecmp("content-inspect-window", p->name) == 0) {
if (ParseSizeStringU32(p->val, &content_inspect_window) < 0) { if (ParseSizeStringU32(p->val, &content_inspect_window) < 0) {
SCLogWarning(SC_ERR_SIZE_PARSE, SCLogWarning("parsing content-inspect-window %s failed", p->val);
"parsing content-inspect-window %s failed", p->val);
content_inspect_window = FILEDATA_CONTENT_INSPECT_WINDOW; content_inspect_window = FILEDATA_CONTENT_INSPECT_WINDOW;
} }
smtp_config.content_inspect_window = content_inspect_window; smtp_config.content_inspect_window = content_inspect_window;
@ -408,10 +405,9 @@ static void SMTPConfigure(void) {
smtp_config.raw_extraction = SMTP_RAW_EXTRACTION_DEFAULT_VALUE; smtp_config.raw_extraction = SMTP_RAW_EXTRACTION_DEFAULT_VALUE;
} }
if (smtp_config.raw_extraction && smtp_config.decode_mime) { if (smtp_config.raw_extraction && smtp_config.decode_mime) {
SCLogError(SC_ERR_CONF_YAML_ERROR, SCLogError("\"decode-mime\" and \"raw-extraction\" "
"\"decode-mime\" and \"raw-extraction\" " "options can't be enabled at the same time, "
"options can't be enabled at the same time, " "disabling raw extraction");
"disabling raw extraction");
smtp_config.raw_extraction = 0; smtp_config.raw_extraction = 0;
} }
@ -1587,8 +1583,9 @@ static int SMTPStateGetEventInfo(const char *event_name,
{ {
*event_id = SCMapEnumNameToValue(event_name, smtp_decoder_event_table); *event_id = SCMapEnumNameToValue(event_name, smtp_decoder_event_table);
if (*event_id == -1) { if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in " SCLogError("event \"%s\" not present in "
"smtp's enum map table.", event_name); "smtp's enum map table.",
event_name);
/* yes this is fatal */ /* yes this is fatal */
return -1; return -1;
} }
@ -1603,8 +1600,9 @@ static int SMTPStateGetEventInfoById(int event_id, const char **event_name,
{ {
*event_name = SCMapEnumValueToName(event_id, smtp_decoder_event_table); *event_name = SCMapEnumValueToName(event_id, smtp_decoder_event_table);
if (*event_name == NULL) { if (*event_name == NULL) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in " SCLogError("event \"%d\" not present in "
"smtp's enum map table.", event_id); "smtp's enum map table.",
event_id);
/* yes this is fatal */ /* yes this is fatal */
return -1; return -1;
} }

13
src/app-layer-ssl.c
Unescape Escape View File

@ -2781,8 +2781,9 @@ static int SSLStateGetEventInfo(const char *event_name,
{ {
*event_id = SCMapEnumNameToValue(event_name, tls_decoder_event_table); *event_id = SCMapEnumNameToValue(event_name, tls_decoder_event_table);
if (*event_id == -1) { if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in " SCLogError("event \"%s\" not present in "
"ssl's enum map table.", event_name); "ssl's enum map table.",
event_name);
/* yes this is fatal */ /* yes this is fatal */
return -1; return -1;
} }
@ -2797,8 +2798,9 @@ static int SSLStateGetEventInfoById(int event_id, const char **event_name,
{ {
*event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table); *event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table);
if (*event_name == NULL) { if (*event_name == NULL) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in " SCLogError("event \"%d\" not present in "
"ssl's enum map table.", event_id); "ssl's enum map table.",
event_id);
/* yes this is fatal */ /* yes this is fatal */
return -1; return -1;
} }
@ -3068,8 +3070,7 @@ void RegisterSSLParsers(void)
if (g_disable_hashing) { if (g_disable_hashing) {
if (SC_ATOMIC_GET(ssl_config.enable_ja3)) { if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
SCLogWarning( SCLogWarning("MD5 calculation has been disabled, disabling JA3");
SC_WARN_NO_JA3_SUPPORT, "MD5 calculation has been disabled, disabling JA3");
SC_ATOMIC_SET(ssl_config.enable_ja3, 0); SC_ATOMIC_SET(ssl_config.enable_ja3, 0);
} }
} else { } else {

63
src/conf-yaml-loader.c
Unescape Escape View File

@ -92,15 +92,13 @@ ConfYamlSetConfDirname(const char *filename)
if (ep == NULL) { if (ep == NULL) {
conf_dirname = SCStrdup("."); conf_dirname = SCStrdup(".");
if (conf_dirname == NULL) { if (conf_dirname == NULL) {
FatalError(SC_ERR_FATAL, FatalError("ERROR: Failed to allocate memory while loading configuration.");
"ERROR: Failed to allocate memory while loading configuration.");
} }
} }
else { else {
conf_dirname = SCStrdup(filename); conf_dirname = SCStrdup(filename);
if (conf_dirname == NULL) { if (conf_dirname == NULL) {
FatalError(SC_ERR_FATAL, FatalError("ERROR: Failed to allocate memory while loading configuration.");
"ERROR: Failed to allocate memory while loading configuration.");
} }
conf_dirname[ep - filename] = '\0'; conf_dirname[ep - filename] = '\0';
} }
@ -124,7 +122,7 @@ ConfYamlHandleInclude(ConfNode *parent, const char *filename)
int ret = -1; int ret = -1;
if (yaml_parser_initialize(&parser) != 1) { if (yaml_parser_initialize(&parser) != 1) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "Failed to initialize YAML parser"); SCLogError("Failed to initialize YAML parser");
return -1; return -1;
} }
@ -138,17 +136,15 @@ ConfYamlHandleInclude(ConfNode *parent, const char *filename)
file = fopen(include_filename, "r"); file = fopen(include_filename, "r");
if (file == NULL) { if (file == NULL) {
SCLogError(SC_ERR_FOPEN, SCLogError("Failed to open configuration include file %s: %s", include_filename,
"Failed to open configuration include file %s: %s", strerror(errno));
include_filename, strerror(errno));
goto done; goto done;
} }
yaml_parser_set_input_file(&parser, file); yaml_parser_set_input_file(&parser, file);
if (ConfYamlParse(&parser, parent, 0, 0) != 0) { if (ConfYamlParse(&parser, parent, 0, 0) != 0) {
SCLogError(SC_ERR_CONF_YAML_ERROR, SCLogError("Failed to include configuration file %s", filename);
"Failed to include configuration file %s", filename);
goto done; goto done;
} }
@ -184,16 +180,15 @@ ConfYamlParse(yaml_parser_t *parser, ConfNode *parent, int inseq, int rlevel)
int was_empty = -1; int was_empty = -1;
if (rlevel++ > RECURSION_LIMIT) { if (rlevel++ > RECURSION_LIMIT) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "Recursion limit reached while parsing " SCLogError("Recursion limit reached while parsing "
"configuration file, aborting."); "configuration file, aborting.");
return -1; return -1;
} }
while (!done) { while (!done) {
if (!yaml_parser_parse(parser, &event)) { if (!yaml_parser_parse(parser, &event)) {
SCLogError(SC_ERR_CONF_YAML_ERROR, SCLogError("Failed to parse configuration file at line %" PRIuMAX ": %s\n",
"Failed to parse configuration file at line %" PRIuMAX ": %s\n", (uintmax_t)parser->problem_mark.line, parser->problem);
(uintmax_t)parser->problem_mark.line, parser->problem);
retval = -1; retval = -1;
break; break;
} }
@ -206,15 +201,15 @@ ConfYamlParse(yaml_parser_t *parser, ConfNode *parent, int inseq, int rlevel)
yaml_version_directive_t *ver = yaml_version_directive_t *ver =
event.data.document_start.version_directive; event.data.document_start.version_directive;
if (ver == NULL) { if (ver == NULL) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "ERROR: Invalid configuration file."); SCLogError("ERROR: Invalid configuration file.");
SCLogError(SC_ERR_CONF_YAML_ERROR, SCLogError("The configuration file must begin with the following two lines: %%YAML "
"The configuration file must begin with the following two lines: %%YAML 1.1 and ---"); "1.1 and ---");
goto fail; goto fail;
} }
int major = ver->major; int major = ver->major;
int minor = ver->minor; int minor = ver->minor;
if (!(major == YAML_VERSION_MAJOR && minor == YAML_VERSION_MINOR)) { if (!(major == YAML_VERSION_MAJOR && minor == YAML_VERSION_MINOR)) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "ERROR: Invalid YAML version. Must be 1.1"); SCLogError("ERROR: Invalid YAML version. Must be 1.1");
goto fail; goto fail;
} }
} }
@ -325,13 +320,13 @@ ConfYamlParse(yaml_parser_t *parser, ConfNode *parent, int inseq, int rlevel)
(strcmp(parent->name, "port-groups") == 0)))) { (strcmp(parent->name, "port-groups") == 0)))) {
Mangle(node->name); Mangle(node->name);
if (mangle_errors < MANGLE_ERRORS_MAX) { if (mangle_errors < MANGLE_ERRORS_MAX) {
SCLogWarning(SC_WARN_DEPRECATED, SCLogWarning("%s is deprecated. Please use %s on line %" PRIuMAX
"%s is deprecated. Please use %s on line %"PRIuMAX".", ".",
value, node->name, (uintmax_t)parser->mark.line+1); value, node->name, (uintmax_t)parser->mark.line + 1);
mangle_errors++; mangle_errors++;
if (mangle_errors >= MANGLE_ERRORS_MAX) if (mangle_errors >= MANGLE_ERRORS_MAX)
SCLogWarning(SC_WARN_DEPRECATED, "not showing more " SCLogWarning("not showing more "
"parameter name warnings."); "parameter name warnings.");
} }
} }
} }
@ -445,15 +440,16 @@ ConfYamlLoadFile(const char *filename)
ConfNode *root = ConfGetRootNode(); ConfNode *root = ConfGetRootNode();
if (yaml_parser_initialize(&parser) != 1) { if (yaml_parser_initialize(&parser) != 1) {
SCLogError(SC_ERR_FATAL, "failed to initialize yaml parser."); SCLogError("failed to initialize yaml parser.");
return -1; return -1;
} }
struct stat stat_buf; struct stat stat_buf;
if (stat(filename, &stat_buf) == 0) { if (stat(filename, &stat_buf) == 0) {
if (stat_buf.st_mode & S_IFDIR) { if (stat_buf.st_mode & S_IFDIR) {
SCLogError(SC_ERR_FATAL, "yaml argument is not a file but a directory: %s. " SCLogError("yaml argument is not a file but a directory: %s. "
"Please specify the yaml file in your -c option.", filename); "Please specify the yaml file in your -c option.",
filename);
yaml_parser_delete(&parser); yaml_parser_delete(&parser);
return -1; return -1;
} }
@ -462,8 +458,7 @@ ConfYamlLoadFile(const char *filename)
// coverity[toctou : FALSE] // coverity[toctou : FALSE]
infile = fopen(filename, "r"); infile = fopen(filename, "r");
if (infile == NULL) { if (infile == NULL) {
SCLogError(SC_ERR_FATAL, "failed to open file: %s: %s", filename, SCLogError("failed to open file: %s: %s", filename, strerror(errno));
strerror(errno));
yaml_parser_delete(&parser); yaml_parser_delete(&parser);
return -1; return -1;
} }
@ -523,7 +518,7 @@ ConfYamlLoadFileWithPrefix(const char *filename, const char *prefix)
ConfNode *root = ConfGetNode(prefix); ConfNode *root = ConfGetNode(prefix);
if (yaml_parser_initialize(&parser) != 1) { if (yaml_parser_initialize(&parser) != 1) {
SCLogError(SC_ERR_FATAL, "failed to initialize yaml parser."); SCLogError("failed to initialize yaml parser.");
return -1; return -1;
} }
@ -531,8 +526,9 @@ ConfYamlLoadFileWithPrefix(const char *filename, const char *prefix)
/* coverity[toctou] */ /* coverity[toctou] */
if (stat(filename, &stat_buf) == 0) { if (stat(filename, &stat_buf) == 0) {
if (stat_buf.st_mode & S_IFDIR) { if (stat_buf.st_mode & S_IFDIR) {
SCLogError(SC_ERR_FATAL, "yaml argument is not a file but a directory: %s. " SCLogError("yaml argument is not a file but a directory: %s. "
"Please specify the yaml file in your -c option.", filename); "Please specify the yaml file in your -c option.",
filename);
return -1; return -1;
} }
} }
@ -540,8 +536,7 @@ ConfYamlLoadFileWithPrefix(const char *filename, const char *prefix)
/* coverity[toctou] */ /* coverity[toctou] */
infile = fopen(filename, "r"); infile = fopen(filename, "r");
if (infile == NULL) { if (infile == NULL) {
SCLogError(SC_ERR_FATAL, "failed to open file: %s: %s", filename, SCLogError("failed to open file: %s: %s", filename, strerror(errno));
strerror(errno));
yaml_parser_delete(&parser); yaml_parser_delete(&parser);
return -1; return -1;
} }

47
src/conf.c
Unescape Escape View File

@ -71,8 +71,7 @@ static ConfNode *ConfGetNodeOrCreate(const char *name, int final)
char *next; char *next;
if (strlcpy(node_name, name, sizeof(node_name)) >= sizeof(node_name)) { if (strlcpy(node_name, name, sizeof(node_name)) >= sizeof(node_name)) {
SCLogError(SC_ERR_CONF_NAME_TOO_LONG, SCLogError("Configuration name too long: %s", name);
"Configuration name too long: %s", name);
return NULL; return NULL;
} }
@ -84,14 +83,14 @@ static ConfNode *ConfGetNodeOrCreate(const char *name, int final)
if ((node = ConfNodeLookupChild(parent, key)) == NULL) { if ((node = ConfNodeLookupChild(parent, key)) == NULL) {
node = ConfNodeNew(); node = ConfNodeNew();
if (unlikely(node == NULL)) { if (unlikely(node == NULL)) {
SCLogWarning(SC_ENOMEM, "Failed to allocate memory for configuration."); SCLogWarning("Failed to allocate memory for configuration.");
goto end; goto end;
} }
node->name = SCStrdup(key); node->name = SCStrdup(key);
if (unlikely(node->name == NULL)) { if (unlikely(node->name == NULL)) {
ConfNodeFree(node); ConfNodeFree(node);
node = NULL; node = NULL;
SCLogWarning(SC_ENOMEM, "Failed to allocate memory for configuration."); SCLogWarning("Failed to allocate memory for configuration.");
goto end; goto end;
} }
node->parent = parent; node->parent = parent;
@ -117,9 +116,8 @@ void ConfInit(void)
} }
root = ConfNodeNew(); root = ConfNodeNew();
if (root == NULL) { if (root == NULL) {
FatalError(SC_ERR_FATAL, FatalError("ERROR: Failed to allocate memory for root configuration node, "
"ERROR: Failed to allocate memory for root configuration node, " "aborting.");
"aborting.");
} }
SCLogDebug("configuration module initialized"); SCLogDebug("configuration module initialized");
} }
@ -179,8 +177,7 @@ ConfNode *ConfGetNode(const char *name)
char *next; char *next;
if (strlcpy(node_name, name, sizeof(node_name)) >= sizeof(node_name)) { if (strlcpy(node_name, name, sizeof(node_name)) >= sizeof(node_name)) {
SCLogError(SC_ERR_CONF_NAME_TOO_LONG, SCLogError("Configuration name too long: %s", name);
"Configuration name too long: %s", name);
return NULL; return NULL;
} }
@ -398,21 +395,24 @@ int ConfGetInt(const char *name, intmax_t *val)
return 0; return 0;
if (strval == NULL) { if (strval == NULL) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "malformed integer value " SCLogError("malformed integer value "
"for %s: NULL", name); "for %s: NULL",
name);
return 0; return 0;
} }
errno = 0; errno = 0;
tmpint = strtoimax(strval, &endptr, 0); tmpint = strtoimax(strval, &endptr, 0);
if (strval[0] == '\0' || *endptr != '\0') { if (strval[0] == '\0' || *endptr != '\0') {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "malformed integer value " SCLogError("malformed integer value "
"for %s: '%s'", name, strval); "for %s: '%s'",
name, strval);
return 0; return 0;
} }
if (errno == ERANGE && (tmpint == INTMAX_MAX || tmpint == INTMAX_MIN)) { if (errno == ERANGE && (tmpint == INTMAX_MAX || tmpint == INTMAX_MIN)) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "integer value for %s out " SCLogError("integer value for %s out "
"of range: '%s'", name, strval); "of range: '%s'",
name, strval);
return 0; return 0;
} }
@ -431,13 +431,15 @@ int ConfGetChildValueInt(const ConfNode *base, const char *name, intmax_t *val)
errno = 0; errno = 0;
tmpint = strtoimax(strval, &endptr, 0); tmpint = strtoimax(strval, &endptr, 0);
if (strval[0] == '\0' || *endptr != '\0') { if (strval[0] == '\0' || *endptr != '\0') {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "malformed integer value " SCLogError("malformed integer value "
"for %s with base %s: '%s'", name, base->name, strval); "for %s with base %s: '%s'",
name, base->name, strval);
return 0; return 0;
} }
if (errno == ERANGE && (tmpint == INTMAX_MAX || tmpint == INTMAX_MIN)) { if (errno == ERANGE && (tmpint == INTMAX_MAX || tmpint == INTMAX_MIN)) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "integer value for %s with " SCLogError("integer value for %s with "
" base %s out of range: '%s'", name, base->name, strval); " base %s out of range: '%s'",
name, base->name, strval);
return 0; return 0;
} }
@ -944,7 +946,7 @@ ConfNode *ConfSetIfaceNode(const char *ifaces_node_name, const char *iface)
/* Find initial node which holds all interfaces */ /* Find initial node which holds all interfaces */
ifaces_list_node = ConfGetNode(ifaces_node_name); ifaces_list_node = ConfGetNode(ifaces_node_name);
if (ifaces_list_node == NULL) { if (ifaces_list_node == NULL) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "unable to find %s config", ifaces_node_name); SCLogError("unable to find %s config", ifaces_node_name);
return NULL; return NULL;
} }
@ -971,9 +973,8 @@ int ConfSetRootAndDefaultNodes(
*if_default = ConfSetIfaceNode(ifaces_node_name, default_iface); *if_default = ConfSetIfaceNode(ifaces_node_name, default_iface);
if (*if_root == NULL && *if_default == NULL) { if (*if_root == NULL && *if_default == NULL) {
SCLogError(SC_ERR_CONF_YAML_ERROR, SCLogError("unable to find configuration for the interface \"%s\" or the default "
"unable to find configuration for the interface \"%s\" or the default " "configuration (\"%s\")",
"configuration (\"%s\")",
iface, default_iface); iface, default_iface);
return (-ENODEV); return (-ENODEV);
} }

39
src/counters.c
Unescape Escape View File

@ -263,17 +263,17 @@ static void StatsInitCtxPreOutput(void)
/* warn if we are using legacy config to enable stats */ /* warn if we are using legacy config to enable stats */
ConfNode *gstats = ConfGetNode("stats"); ConfNode *gstats = ConfGetNode("stats");
if (gstats == NULL) { if (gstats == NULL) {
SCLogWarning(SC_ERR_STATS_LOG_GENERIC, "global stats config is missing. " SCLogWarning("global stats config is missing. "
"Stats enabled through legacy stats.log. " "Stats enabled through legacy stats.log. "
"See %s/configuration/suricata-yaml.html#stats", GetDocURL()); "See %s/configuration/suricata-yaml.html#stats",
GetDocURL());
} }
const char *interval = ConfNodeLookupChildValue(stats, "interval"); const char *interval = ConfNodeLookupChildValue(stats, "interval");
if (interval != NULL) if (interval != NULL)
if (StringParseUint32(&stats_tts, 10, 0, interval) < 0) { if (StringParseUint32(&stats_tts, 10, 0, interval) < 0) {
SCLogWarning(SC_EINVAL, SCLogWarning("Invalid value for "
"Invalid value for " "interval: \"%s\". Resetting to %d.",
"interval: \"%s\". Resetting to %d.",
interval, STATS_MGMTT_TTS); interval, STATS_MGMTT_TTS);
stats_tts = STATS_MGMTT_TTS; stats_tts = STATS_MGMTT_TTS;
} }
@ -305,7 +305,7 @@ static void StatsInitCtxPostOutput(void)
/* init the lock used by StatsThreadStore */ /* init the lock used by StatsThreadStore */
if (SCMutexInit(&stats_ctx->sts_lock, NULL) != 0) { if (SCMutexInit(&stats_ctx->sts_lock, NULL) != 0) {
FatalError(SC_ERR_FATAL, "error initializing sts mutex"); FatalError("error initializing sts mutex");
} }
if (stats_enabled && !OutputStatsLoggersRegistered()) { if (stats_enabled && !OutputStatsLoggersRegistered()) {
@ -314,7 +314,7 @@ static void StatsInitCtxPostOutput(void)
/* if the unix command socket is enabled we do the background /* if the unix command socket is enabled we do the background
* stats sync just in case someone runs 'dump-counters' */ * stats sync just in case someone runs 'dump-counters' */
if (!ConfUnixSocketIsEnable()) { if (!ConfUnixSocketIsEnable()) {
SCLogWarning(SC_WARN_NO_STATS_LOGGERS, "stats are enabled but no loggers are active"); SCLogWarning("stats are enabled but no loggers are active");
stats_enabled = false; stats_enabled = false;
SCReturn; SCReturn;
} }
@ -395,7 +395,7 @@ static void *StatsMgmtThread(void *arg)
SCDropCaps(tv_local); SCDropCaps(tv_local);
if (stats_ctx == NULL) { if (stats_ctx == NULL) {
SCLogError(SC_ERR_STATS_NOT_INIT, "Stats API not init" SCLogError("Stats API not init"
"StatsInitCounterApi() has to be called first"); "StatsInitCounterApi() has to be called first");
TmThreadsSetFlag(tv_local, THV_CLOSED | THV_RUNNING_DONE); TmThreadsSetFlag(tv_local, THV_CLOSED | THV_RUNNING_DONE);
return NULL; return NULL;
@ -405,7 +405,7 @@ static void *StatsMgmtThread(void *arg)
BUG_ON(tm->ThreadInit == NULL); BUG_ON(tm->ThreadInit == NULL);
int r = tm->ThreadInit(tv_local, NULL, &stats_thread_data); int r = tm->ThreadInit(tv_local, NULL, &stats_thread_data);
if (r != 0 || stats_thread_data == NULL) { if (r != 0 || stats_thread_data == NULL) {
SCLogError(SC_ERR_THREAD_INIT, "Stats API " SCLogError("Stats API "
"ThreadInit failed"); "ThreadInit failed");
TmThreadsSetFlag(tv_local, THV_CLOSED | THV_RUNNING_DONE); TmThreadsSetFlag(tv_local, THV_CLOSED | THV_RUNNING_DONE);
return NULL; return NULL;
@ -445,7 +445,7 @@ static void *StatsMgmtThread(void *arg)
r = tm->ThreadDeinit(tv_local, stats_thread_data); r = tm->ThreadDeinit(tv_local, stats_thread_data);
if (r != TM_ECODE_OK) { if (r != TM_ECODE_OK) {
SCLogError(SC_ERR_THREAD_DEINIT, "Stats Counter API " SCLogError("Stats Counter API "
"ThreadDeinit failed"); "ThreadDeinit failed");
} }
@ -475,7 +475,7 @@ static void *StatsWakeupThread(void *arg)
SCDropCaps(tv_local); SCDropCaps(tv_local);
if (stats_ctx == NULL) { if (stats_ctx == NULL) {
SCLogError(SC_ERR_STATS_NOT_INIT, "Stats API not init" SCLogError("Stats API not init"
"StatsInitCounterApi() has to be called first"); "StatsInitCounterApi() has to be called first");
TmThreadsSetFlag(tv_local, THV_CLOSED | THV_RUNNING_DONE); TmThreadsSetFlag(tv_local, THV_CLOSED | THV_RUNNING_DONE);
return NULL; return NULL;
@ -662,7 +662,7 @@ static int StatsOutput(ThreadVars *tv)
stats_table.stats = SCCalloc(stats_table.nstats, sizeof(StatsRecord)); stats_table.stats = SCCalloc(stats_table.nstats, sizeof(StatsRecord));
if (stats_table.stats == NULL) { if (stats_table.stats == NULL) {
stats_table.nstats = 0; stats_table.nstats = 0;
SCLogError(SC_ENOMEM, "could not alloc memory for stats"); SCLogError("could not alloc memory for stats");
return -1; return -1;
} }
@ -671,7 +671,7 @@ static int StatsOutput(ThreadVars *tv)
stats_table.tstats = SCCalloc(stats_table.ntstats, array_size); stats_table.tstats = SCCalloc(stats_table.ntstats, array_size);
if (stats_table.tstats == NULL) { if (stats_table.tstats == NULL) {
stats_table.ntstats = 0; stats_table.ntstats = 0;
SCLogError(SC_ENOMEM, "could not alloc memory for stats"); SCLogError("could not alloc memory for stats");
return -1; return -1;
} }
@ -879,8 +879,7 @@ void StatsInit(void)
{ {
BUG_ON(stats_ctx != NULL); BUG_ON(stats_ctx != NULL);
if ( (stats_ctx = SCMalloc(sizeof(StatsGlobalContext))) == NULL) { if ( (stats_ctx = SCMalloc(sizeof(StatsGlobalContext))) == NULL) {
FatalError(SC_ERR_FATAL, FatalError("Fatal error encountered in StatsInitCtx. Exiting...");
"Fatal error encountered in StatsInitCtx. Exiting...");
} }
memset(stats_ctx, 0, sizeof(StatsGlobalContext)); memset(stats_ctx, 0, sizeof(StatsGlobalContext));
@ -919,12 +918,12 @@ void StatsSpawnThreads(void)
tv_wakeup = TmThreadCreateMgmtThread(thread_name_counter_wakeup, tv_wakeup = TmThreadCreateMgmtThread(thread_name_counter_wakeup,
StatsWakeupThread, 1); StatsWakeupThread, 1);
if (tv_wakeup == NULL) { if (tv_wakeup == NULL) {
FatalError(SC_ERR_FATAL, "TmThreadCreateMgmtThread " FatalError("TmThreadCreateMgmtThread "
"failed"); "failed");
} }
if (TmThreadSpawn(tv_wakeup) != 0) { if (TmThreadSpawn(tv_wakeup) != 0) {
FatalError(SC_ERR_FATAL, "TmThreadSpawn failed for " FatalError("TmThreadSpawn failed for "
"StatsWakeupThread"); "StatsWakeupThread");
} }
@ -932,11 +931,11 @@ void StatsSpawnThreads(void)
tv_mgmt = TmThreadCreateMgmtThread(thread_name_counter_stats, tv_mgmt = TmThreadCreateMgmtThread(thread_name_counter_stats,
StatsMgmtThread, 1); StatsMgmtThread, 1);
if (tv_mgmt == NULL) { if (tv_mgmt == NULL) {
FatalError(SC_ERR_FATAL, "TmThreadCreateMgmtThread failed"); FatalError("TmThreadCreateMgmtThread failed");
} }
if (TmThreadSpawn(tv_mgmt) != 0) { if (TmThreadSpawn(tv_mgmt) != 0) {
FatalError(SC_ERR_FATAL, "TmThreadSpawn failed for " FatalError("TmThreadSpawn failed for "
"StatsWakeupThread"); "StatsWakeupThread");
} }

137
src/datasets.c
Unescape Escape View File

@ -112,7 +112,7 @@ static int HexToRaw(const uint8_t *in, size_t ins, uint8_t *out, size_t outs)
if (value >= 0 && value <= 255) if (value >= 0 && value <= 255)
hash[x] = (uint8_t)value; hash[x] = (uint8_t)value;
else { else {
SCLogError(SC_ERR_INVALID_HASH, "hash byte out of range %ld", value); SCLogError("hash byte out of range %ld", value);
return -1; return -1;
} }
} }
@ -156,8 +156,7 @@ static int ParseRepLine(const char *in, size_t ins, DataRepType *rep_out)
uint16_t v = 0; uint16_t v = 0;
int r = StringParseU16RangeCheck(&v, 10, strlen(ptrs[0]), ptrs[0], 0, USHRT_MAX); int r = StringParseU16RangeCheck(&v, 10, strlen(ptrs[0]), ptrs[0], 0, USHRT_MAX);
if (r != (int)strlen(ptrs[0])) { if (r != (int)strlen(ptrs[0])) {
SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, SCLogError("'%s' is not a valid reputation value (0-65535)", ptrs[0]);
"'%s' is not a valid reputation value (0-65535)", ptrs[0]);
return -1; return -1;
} }
SCLogDebug("v %"PRIu16" raw %s", v, ptrs[0]); SCLogDebug("v %"PRIu16" raw %s", v, ptrs[0]);
@ -179,7 +178,7 @@ static int DatasetLoadIPv4(Dataset *set)
FILE *fp = fopen(set->load, fopen_mode); FILE *fp = fopen(set->load, fopen_mode);
if (fp == NULL) { if (fp == NULL) {
SCLogError(SC_ERR_DATASET, "fopen '%s' failed: %s", set->load, strerror(errno)); SCLogError("fopen '%s' failed: %s", set->load, strerror(errno));
return -1; return -1;
} }
@ -193,14 +192,12 @@ static int DatasetLoadIPv4(Dataset *set)
struct in_addr in; struct in_addr in;
if (inet_pton(AF_INET, line, &in) != 1) { if (inet_pton(AF_INET, line, &in) != 1) {
FatalErrorOnInit(SC_ERR_DATASET, "dataset data parse failed %s/%s: %s", set->name, FatalErrorOnInit("dataset data parse failed %s/%s: %s", set->name, set->load, line);
set->load, line);
continue; continue;
} }
if (DatasetAdd(set, (const uint8_t *)&in.s_addr, 4) < 0) { if (DatasetAdd(set, (const uint8_t *)&in.s_addr, 4) < 0) {
FatalErrorOnInit( FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
continue; continue;
} }
cnt++; cnt++;
@ -214,8 +211,7 @@ static int DatasetLoadIPv4(Dataset *set)
struct in_addr in; struct in_addr in;
if (inet_pton(AF_INET, line, &in) != 1) { if (inet_pton(AF_INET, line, &in) != 1) {
FatalErrorOnInit(SC_ERR_DATASET, "dataset data parse failed %s/%s: %s", set->name, FatalErrorOnInit("dataset data parse failed %s/%s: %s", set->name, set->load, line);
set->load, line);
continue; continue;
} }
@ -223,14 +219,13 @@ static int DatasetLoadIPv4(Dataset *set)
DataRepType rep = { .value = 0 }; DataRepType rep = { .value = 0 };
if (ParseRepLine(r, strlen(r), &rep) < 0) { if (ParseRepLine(r, strlen(r), &rep) < 0) {
FatalErrorOnInit(SC_ERR_DATASET, "bad rep for dataset %s/%s", set->name, set->load); FatalErrorOnInit("bad rep for dataset %s/%s", set->name, set->load);
continue; continue;
} }
SCLogDebug("rep v:%u", rep.value); SCLogDebug("rep v:%u", rep.value);
if (DatasetAddwRep(set, (const uint8_t *)&in.s_addr, 4, &rep) < 0) { if (DatasetAddwRep(set, (const uint8_t *)&in.s_addr, 4, &rep) < 0) {
FatalErrorOnInit( FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
continue; continue;
} }
@ -251,8 +246,7 @@ static int ParseIpv6String(Dataset *set, char *line, struct in6_addr *in6)
if (got_colon) { if (got_colon) {
uint32_t ip6addr[4]; uint32_t ip6addr[4];
if (inet_pton(AF_INET6, line, in6) != 1) { if (inet_pton(AF_INET6, line, in6) != 1) {
FatalErrorOnInit(SC_ERR_DATASET, "dataset data parse failed %s/%s: %s", set->name, FatalErrorOnInit("dataset data parse failed %s/%s: %s", set->name, set->load, line);
set->load, line);
return -1; return -1;
} }
memcpy(&ip6addr, in6->s6_addr, sizeof(ip6addr)); memcpy(&ip6addr, in6->s6_addr, sizeof(ip6addr));
@ -267,8 +261,7 @@ static int ParseIpv6String(Dataset *set, char *line, struct in6_addr *in6)
/* IPv4 case */ /* IPv4 case */
struct in_addr in; struct in_addr in;
if (inet_pton(AF_INET, line, &in) != 1) { if (inet_pton(AF_INET, line, &in) != 1) {
FatalErrorOnInit(SC_ERR_DATASET, "dataset data parse failed %s/%s: %s", set->name, FatalErrorOnInit("dataset data parse failed %s/%s: %s", set->name, set->load, line);
set->load, line);
return -1; return -1;
} }
memset(in6, 0, sizeof(struct in6_addr)); memset(in6, 0, sizeof(struct in6_addr));
@ -290,7 +283,7 @@ static int DatasetLoadIPv6(Dataset *set)
FILE *fp = fopen(set->load, fopen_mode); FILE *fp = fopen(set->load, fopen_mode);
if (fp == NULL) { if (fp == NULL) {
SCLogError(SC_ERR_DATASET, "fopen '%s' failed: %s", set->load, strerror(errno)); SCLogError("fopen '%s' failed: %s", set->load, strerror(errno));
return -1; return -1;
} }
@ -305,13 +298,12 @@ static int DatasetLoadIPv6(Dataset *set)
struct in6_addr in6; struct in6_addr in6;
int ret = ParseIpv6String(set, line, &in6); int ret = ParseIpv6String(set, line, &in6);
if (ret < 0) { if (ret < 0) {
FatalErrorOnInit(SC_ERR_DATASET, "unable to parse IP address"); FatalErrorOnInit("unable to parse IP address");
continue; continue;
} }
if (DatasetAdd(set, (const uint8_t *)&in6.s6_addr, 16) < 0) { if (DatasetAdd(set, (const uint8_t *)&in6.s6_addr, 16) < 0) {
FatalErrorOnInit( FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
continue; continue;
} }
cnt++; cnt++;
@ -326,7 +318,7 @@ static int DatasetLoadIPv6(Dataset *set)
struct in6_addr in6; struct in6_addr in6;
int ret = ParseIpv6String(set, line, &in6); int ret = ParseIpv6String(set, line, &in6);
if (ret < 0) { if (ret < 0) {
FatalErrorOnInit(SC_ERR_DATASET, "unable to parse IP address"); FatalErrorOnInit("unable to parse IP address");
continue; continue;
} }
@ -334,14 +326,13 @@ static int DatasetLoadIPv6(Dataset *set)
DataRepType rep = { .value = 0 }; DataRepType rep = { .value = 0 };
if (ParseRepLine(r, strlen(r), &rep) < 0) { if (ParseRepLine(r, strlen(r), &rep) < 0) {
FatalErrorOnInit(SC_ERR_DATASET, "bad rep for dataset %s/%s", set->name, set->load); FatalErrorOnInit("bad rep for dataset %s/%s", set->name, set->load);
continue; continue;
} }
SCLogDebug("rep v:%u", rep.value); SCLogDebug("rep v:%u", rep.value);
if (DatasetAddwRep(set, (const uint8_t *)&in6.s6_addr, 16, &rep) < 0) { if (DatasetAddwRep(set, (const uint8_t *)&in6.s6_addr, 16, &rep) < 0) {
FatalErrorOnInit( FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
continue; continue;
} }
@ -368,8 +359,7 @@ static int DatasetLoadMd5(Dataset *set)
FILE *fp = fopen(set->load, fopen_mode); FILE *fp = fopen(set->load, fopen_mode);
if (fp == NULL) { if (fp == NULL) {
SCLogError(SC_ERR_DATASET, "fopen '%s' failed: %s", SCLogError("fopen '%s' failed: %s", set->load, strerror(errno));
set->load, strerror(errno));
return -1; return -1;
} }
@ -383,14 +373,12 @@ static int DatasetLoadMd5(Dataset *set)
uint8_t hash[16]; uint8_t hash[16];
if (HexToRaw((const uint8_t *)line, 32, hash, sizeof(hash)) < 0) { if (HexToRaw((const uint8_t *)line, 32, hash, sizeof(hash)) < 0) {
FatalErrorOnInit( FatalErrorOnInit("bad hash for dataset %s/%s", set->name, set->load);
SC_ERR_DATASET, "bad hash for dataset %s/%s", set->name, set->load);
continue; continue;
} }
if (DatasetAdd(set, (const uint8_t *)hash, 16) < 0) { if (DatasetAdd(set, (const uint8_t *)hash, 16) < 0) {
FatalErrorOnInit( FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
continue; continue;
} }
cnt++; cnt++;
@ -402,29 +390,26 @@ static int DatasetLoadMd5(Dataset *set)
uint8_t hash[16]; uint8_t hash[16];
if (HexToRaw((const uint8_t *)line, 32, hash, sizeof(hash)) < 0) { if (HexToRaw((const uint8_t *)line, 32, hash, sizeof(hash)) < 0) {
FatalErrorOnInit( FatalErrorOnInit("bad hash for dataset %s/%s", set->name, set->load);
SC_ERR_DATASET, "bad hash for dataset %s/%s", set->name, set->load);
continue; continue;
} }
DataRepType rep = { .value = 0}; DataRepType rep = { .value = 0};
if (ParseRepLine(line + 33, strlen(line) - 33, &rep) < 0) { if (ParseRepLine(line + 33, strlen(line) - 33, &rep) < 0) {
FatalErrorOnInit(SC_ERR_DATASET, "bad rep for dataset %s/%s", set->name, set->load); FatalErrorOnInit("bad rep for dataset %s/%s", set->name, set->load);
continue; continue;
} }
SCLogDebug("rep v:%u", rep.value); SCLogDebug("rep v:%u", rep.value);
if (DatasetAddwRep(set, hash, 16, &rep) < 0) { if (DatasetAddwRep(set, hash, 16, &rep) < 0) {
FatalErrorOnInit( FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
continue; continue;
} }
cnt++; cnt++;
} }
else { else {
FatalErrorOnInit( FatalErrorOnInit("MD5 bad line len %u: '%s'", (uint32_t)strlen(line), line);
SC_ERR_DATASET, "MD5 bad line len %u: '%s'", (uint32_t)strlen(line), line);
continue; continue;
} }
} }
@ -448,8 +433,7 @@ static int DatasetLoadSha256(Dataset *set)
FILE *fp = fopen(set->load, fopen_mode); FILE *fp = fopen(set->load, fopen_mode);
if (fp == NULL) { if (fp == NULL) {
SCLogError(SC_ERR_DATASET, "fopen '%s' failed: %s", SCLogError("fopen '%s' failed: %s", set->load, strerror(errno));
set->load, strerror(errno));
return -1; return -1;
} }
@ -463,14 +447,12 @@ static int DatasetLoadSha256(Dataset *set)
uint8_t hash[32]; uint8_t hash[32];
if (HexToRaw((const uint8_t *)line, 64, hash, sizeof(hash)) < 0) { if (HexToRaw((const uint8_t *)line, 64, hash, sizeof(hash)) < 0) {
FatalErrorOnInit( FatalErrorOnInit("bad hash for dataset %s/%s", set->name, set->load);
SC_ERR_DATASET, "bad hash for dataset %s/%s", set->name, set->load);
continue; continue;
} }
if (DatasetAdd(set, (const uint8_t *)hash, (uint32_t)32) < 0) { if (DatasetAdd(set, (const uint8_t *)hash, (uint32_t)32) < 0) {
FatalErrorOnInit( FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
continue; continue;
} }
cnt++; cnt++;
@ -482,22 +464,20 @@ static int DatasetLoadSha256(Dataset *set)
uint8_t hash[32]; uint8_t hash[32];
if (HexToRaw((const uint8_t *)line, 64, hash, sizeof(hash)) < 0) { if (HexToRaw((const uint8_t *)line, 64, hash, sizeof(hash)) < 0) {
FatalErrorOnInit( FatalErrorOnInit("bad hash for dataset %s/%s", set->name, set->load);
SC_ERR_DATASET, "bad hash for dataset %s/%s", set->name, set->load);
continue; continue;
} }
DataRepType rep = { .value = 0 }; DataRepType rep = { .value = 0 };
if (ParseRepLine(line + 65, strlen(line) - 65, &rep) < 0) { if (ParseRepLine(line + 65, strlen(line) - 65, &rep) < 0) {
FatalErrorOnInit(SC_ERR_DATASET, "bad rep for dataset %s/%s", set->name, set->load); FatalErrorOnInit("bad rep for dataset %s/%s", set->name, set->load);
continue; continue;
} }
SCLogDebug("rep %u", rep.value); SCLogDebug("rep %u", rep.value);
if (DatasetAddwRep(set, hash, 32, &rep) < 0) { if (DatasetAddwRep(set, hash, 32, &rep) < 0) {
FatalErrorOnInit( FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
continue; continue;
} }
cnt++; cnt++;
@ -523,8 +503,7 @@ static int DatasetLoadString(Dataset *set)
FILE *fp = fopen(set->load, fopen_mode); FILE *fp = fopen(set->load, fopen_mode);
if (fp == NULL) { if (fp == NULL) {
SCLogError(SC_ERR_DATASET, "fopen '%s' failed: %s", SCLogError("fopen '%s' failed: %s", set->load, strerror(errno));
set->load, strerror(errno));
return -1; return -1;
} }
@ -545,13 +524,12 @@ static int DatasetLoadString(Dataset *set)
Base64Ecode code = DecodeBase64(decoded, strlen(line), (const uint8_t *)line, Base64Ecode code = DecodeBase64(decoded, strlen(line), (const uint8_t *)line,
strlen(line), &consumed, &num_decoded, BASE64_MODE_STRICT); strlen(line), &consumed, &num_decoded, BASE64_MODE_STRICT);
if (code == BASE64_ECODE_ERR) { if (code == BASE64_ECODE_ERR) {
FatalErrorOnInit(SC_ERR_DATASET, "bad base64 encoding %s/%s", set->name, set->load); FatalErrorOnInit("bad base64 encoding %s/%s", set->name, set->load);
continue; continue;
} }
if (DatasetAdd(set, (const uint8_t *)decoded, num_decoded) < 0) { if (DatasetAdd(set, (const uint8_t *)decoded, num_decoded) < 0) {
FatalErrorOnInit( FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
continue; continue;
} }
cnt++; cnt++;
@ -567,7 +545,7 @@ static int DatasetLoadString(Dataset *set)
Base64Ecode code = DecodeBase64(decoded, strlen(line), (const uint8_t *)line, Base64Ecode code = DecodeBase64(decoded, strlen(line), (const uint8_t *)line,
strlen(line), &consumed, &num_decoded, BASE64_MODE_STRICT); strlen(line), &consumed, &num_decoded, BASE64_MODE_STRICT);
if (code == BASE64_ECODE_ERR) { if (code == BASE64_ECODE_ERR) {
FatalErrorOnInit(SC_ERR_DATASET, "bad base64 encoding %s/%s", set->name, set->load); FatalErrorOnInit("bad base64 encoding %s/%s", set->name, set->load);
continue; continue;
} }
@ -576,14 +554,13 @@ static int DatasetLoadString(Dataset *set)
DataRepType rep = { .value = 0 }; DataRepType rep = { .value = 0 };
if (ParseRepLine(r, strlen(r), &rep) < 0) { if (ParseRepLine(r, strlen(r), &rep) < 0) {
FatalErrorOnInit(SC_ERR_DATASET, "die: bad rep"); FatalErrorOnInit("die: bad rep");
continue; continue;
} }
SCLogDebug("rep %u", rep.value); SCLogDebug("rep %u", rep.value);
if (DatasetAddwRep(set, (const uint8_t *)decoded, num_decoded, &rep) < 0) { if (DatasetAddwRep(set, (const uint8_t *)decoded, num_decoded, &rep) < 0) {
FatalErrorOnInit( FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
continue; continue;
} }
cnt++; cnt++;
@ -665,9 +642,9 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
Dataset *set = DatasetSearchByName(name); Dataset *set = DatasetSearchByName(name);
if (set) { if (set) {
if (type != DATASET_TYPE_NOTSET && set->type != type) { if (type != DATASET_TYPE_NOTSET && set->type != type) {
SCLogError(SC_ERR_DATASET, "dataset %s already " SCLogError("dataset %s already "
"exists and is of type %u", "exists and is of type %u",
set->name, set->type); set->name, set->type);
SCMutexUnlock(&sets_lock); SCMutexUnlock(&sets_lock);
return NULL; return NULL;
} }
@ -679,15 +656,13 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
} else { } else {
if ((save == NULL && strlen(set->save) > 0) || if ((save == NULL && strlen(set->save) > 0) ||
(save != NULL && strcmp(set->save, save) != 0)) { (save != NULL && strcmp(set->save, save) != 0)) {
SCLogError(SC_ERR_DATASET, "dataset %s save mismatch: %s != %s", SCLogError("dataset %s save mismatch: %s != %s", set->name, set->save, save);
set->name, set->save, save);
SCMutexUnlock(&sets_lock); SCMutexUnlock(&sets_lock);
return NULL; return NULL;
} }
if ((load == NULL && strlen(set->load) > 0) || if ((load == NULL && strlen(set->load) > 0) ||
(load != NULL && strcmp(set->load, load) != 0)) { (load != NULL && strcmp(set->load, load) != 0)) {
SCLogError(SC_ERR_DATASET, "dataset %s load mismatch: %s != %s", SCLogError("dataset %s load mismatch: %s != %s", set->name, set->load, load);
set->name, set->load, load);
SCMutexUnlock(&sets_lock); SCMutexUnlock(&sets_lock);
return NULL; return NULL;
} }
@ -697,7 +672,7 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
return set; return set;
} else { } else {
if (type == DATASET_TYPE_NOTSET) { if (type == DATASET_TYPE_NOTSET) {
SCLogError(SC_ERR_DATASET, "dataset %s not defined", name); SCLogError("dataset %s not defined", name);
goto out_err; goto out_err;
} }
} }
@ -855,18 +830,16 @@ static void GetDefaultMemcap(uint64_t *memcap, uint32_t *hashsize)
const char *str = NULL; const char *str = NULL;
if (ConfGet("datasets.defaults.memcap", &str) == 1) { if (ConfGet("datasets.defaults.memcap", &str) == 1) {
if (ParseSizeStringU64(str, memcap) < 0) { if (ParseSizeStringU64(str, memcap) < 0) {
SCLogWarning(SC_EINVAL, SCLogWarning("memcap value cannot be deduced: %s,"
"memcap value cannot be deduced: %s," " resetting to default",
" resetting to default",
str); str);
*memcap = 0; *memcap = 0;
} }
} }
if (ConfGet("datasets.defaults.hashsize", &str) == 1) { if (ConfGet("datasets.defaults.hashsize", &str) == 1) {
if (ParseSizeStringU32(str, hashsize) < 0) { if (ParseSizeStringU32(str, hashsize) < 0) {
SCLogWarning(SC_EINVAL, SCLogWarning("hashsize value cannot be deduced: %s,"
"hashsize value cannot be deduced: %s," " resetting to default",
" resetting to default",
str); str);
*hashsize = 0; *hashsize = 0;
} }
@ -897,8 +870,8 @@ int DatasetsInit(void)
const char *set_name = iter->name; const char *set_name = iter->name;
if (strlen(set_name) > DATASET_NAME_MAX_LEN) { if (strlen(set_name) > DATASET_NAME_MAX_LEN) {
FatalErrorOnInit(SC_ERR_CONF_NAME_TOO_LONG, "set name '%s' too long, max %d chars", FatalErrorOnInit(
set_name, DATASET_NAME_MAX_LEN); "set name '%s' too long, max %d chars", set_name, DATASET_NAME_MAX_LEN);
continue; continue;
} }
@ -925,9 +898,8 @@ int DatasetsInit(void)
ConfNode *set_memcap = ConfNodeLookupChild(iter, "memcap"); ConfNode *set_memcap = ConfNodeLookupChild(iter, "memcap");
if (set_memcap) { if (set_memcap) {
if (ParseSizeStringU64(set_memcap->val, &memcap) < 0) { if (ParseSizeStringU64(set_memcap->val, &memcap) < 0) {
SCLogWarning(SC_EINVAL, SCLogWarning("memcap value cannot be"
"memcap value cannot be" " deduced: %s, resetting to default",
" deduced: %s, resetting to default",
set_memcap->val); set_memcap->val);
memcap = 0; memcap = 0;
} }
@ -935,9 +907,8 @@ int DatasetsInit(void)
ConfNode *set_hashsize = ConfNodeLookupChild(iter, "hashsize"); ConfNode *set_hashsize = ConfNodeLookupChild(iter, "hashsize");
if (set_hashsize) { if (set_hashsize) {
if (ParseSizeStringU32(set_hashsize->val, &hashsize) < 0) { if (ParseSizeStringU32(set_hashsize->val, &hashsize) < 0) {
SCLogWarning(SC_EINVAL, SCLogWarning("hashsize value cannot be"
"hashsize value cannot be" " deduced: %s, resetting to default",
" deduced: %s, resetting to default",
set_hashsize->val); set_hashsize->val);
hashsize = 0; hashsize = 0;
} }
@ -952,7 +923,7 @@ int DatasetsInit(void)
memcap > 0 ? memcap : default_memcap, memcap > 0 ? memcap : default_memcap,
hashsize > 0 ? hashsize : default_hashsize); hashsize > 0 ? hashsize : default_hashsize);
if (dset == NULL) { if (dset == NULL) {
FatalErrorOnInit(SC_ERR_DATASET, "failed to setup dataset for %s", set_name); FatalErrorOnInit("failed to setup dataset for %s", set_name);
continue; continue;
} }
SCLogDebug("dataset %s: id %d type %s", set_name, n, set_type->val); SCLogDebug("dataset %s: id %d type %s", set_name, n, set_type->val);
@ -964,7 +935,7 @@ int DatasetsInit(void)
memcap > 0 ? memcap : default_memcap, memcap > 0 ? memcap : default_memcap,
hashsize > 0 ? hashsize : default_hashsize); hashsize > 0 ? hashsize : default_hashsize);
if (dset == NULL) { if (dset == NULL) {
FatalErrorOnInit(SC_ERR_DATASET, "failed to setup dataset for %s", set_name); FatalErrorOnInit("failed to setup dataset for %s", set_name);
continue; continue;
} }
SCLogDebug("dataset %s: id %d type %s", set_name, n, set_type->val); SCLogDebug("dataset %s: id %d type %s", set_name, n, set_type->val);
@ -976,7 +947,7 @@ int DatasetsInit(void)
memcap > 0 ? memcap : default_memcap, memcap > 0 ? memcap : default_memcap,
hashsize > 0 ? hashsize : default_hashsize); hashsize > 0 ? hashsize : default_hashsize);
if (dset == NULL) { if (dset == NULL) {
FatalErrorOnInit(SC_ERR_DATASET, "failed to setup dataset for %s", set_name); FatalErrorOnInit("failed to setup dataset for %s", set_name);
continue; continue;
} }
SCLogDebug("dataset %s: id %d type %s", set_name, n, set_type->val); SCLogDebug("dataset %s: id %d type %s", set_name, n, set_type->val);

3
src/decode-erspan.c
Unescape Escape View File

@ -53,8 +53,7 @@ void DecodeERSPANConfig(void)
{ {
int enabled = 0; int enabled = 0;
if (ConfGetBool("decoder.erspan.typeI.enabled", &enabled) == 1) { if (ConfGetBool("decoder.erspan.typeI.enabled", &enabled) == 1) {
SCLogWarning(SC_WARN_ERSPAN_CONFIG, SCLogWarning("ERSPAN Type I is no longer configurable and it is always"
"ERSPAN Type I is no longer configurable and it is always"
" enabled; ignoring configuration setting."); " enabled; ignoring configuration setting.");
} }
} }

3
src/decode-geneve.c
Unescape Escape View File

@ -116,8 +116,7 @@ static void DecodeGeneveConfigPorts(const char *pstr)
g_geneve_ports_idx = 0; g_geneve_ports_idx = 0;
for (DetectPort *p = head; p != NULL; p = p->next) { for (DetectPort *p = head; p != NULL; p = p->next) {
if (g_geneve_ports_idx >= GENEVE_MAX_PORTS) { if (g_geneve_ports_idx >= GENEVE_MAX_PORTS) {
SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY, "more than %d Geneve ports defined", SCLogWarning("more than %d Geneve ports defined", GENEVE_MAX_PORTS);
GENEVE_MAX_PORTS);
break; break;
} }
g_geneve_ports[g_geneve_ports_idx++] = (int)p->port; g_geneve_ports[g_geneve_ports_idx++] = (int)p->port;

3
src/decode-teredo.c
Unescape Escape View File

@ -92,8 +92,7 @@ static void DecodeTeredoConfigPorts(const char *pstr)
g_teredo_ports_cnt = 0; g_teredo_ports_cnt = 0;
for (DetectPort *p = head; p != NULL; p = p->next) { for (DetectPort *p = head; p != NULL; p = p->next) {
if (g_teredo_ports_cnt >= TEREDO_MAX_PORTS) { if (g_teredo_ports_cnt >= TEREDO_MAX_PORTS) {
SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY, "only %d Teredo ports can be defined", SCLogWarning("only %d Teredo ports can be defined", TEREDO_MAX_PORTS);
TEREDO_MAX_PORTS);
break; break;
} }
g_teredo_ports[g_teredo_ports_cnt++] = (int)p->port; g_teredo_ports[g_teredo_ports_cnt++] = (int)p->port;

3
src/decode-vxlan.c
Unescape Escape View File

@ -86,8 +86,7 @@ static void DecodeVXLANConfigPorts(const char *pstr)
g_vxlan_ports_idx = 0; g_vxlan_ports_idx = 0;
for (DetectPort *p = head; p != NULL; p = p->next) { for (DetectPort *p = head; p != NULL; p = p->next) {
if (g_vxlan_ports_idx >= VXLAN_MAX_PORTS) { if (g_vxlan_ports_idx >= VXLAN_MAX_PORTS) {
SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY, "more than %d VXLAN ports defined", SCLogWarning("more than %d VXLAN ports defined", VXLAN_MAX_PORTS);
VXLAN_MAX_PORTS);
break; break;
} }
g_vxlan_ports[g_vxlan_ports_idx++] = (int)p->port; g_vxlan_ports[g_vxlan_ports_idx++] = (int)p->port;

19
src/decode.c
Unescape Escape View File

@ -616,8 +616,8 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
StringHashCompareFunc, StringHashCompareFunc,
StringHashFreeFunc); StringHashFreeFunc);
if (g_counter_table == NULL) { if (g_counter_table == NULL) {
FatalError(SC_ERR_INITIALIZATION, "decoder counter hash " FatalError("decoder counter hash "
"table init failed"); "table init failed");
} }
} }
@ -631,12 +631,12 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
if (!found) { if (!found) {
char *add = SCStrdup(name); char *add = SCStrdup(name);
if (add == NULL) if (add == NULL)
FatalError(SC_ERR_INITIALIZATION, "decoder counter hash " FatalError("decoder counter hash "
"table name init failed"); "table name init failed");
int r = HashTableAdd(g_counter_table, add, 0); int r = HashTableAdd(g_counter_table, add, 0);
if (r != 0) if (r != 0)
FatalError(SC_ERR_INITIALIZATION, "decoder counter hash " FatalError("decoder counter hash "
"table name add failed"); "table name add failed");
found = add; found = add;
} }
dtv->counter_engine_events[i] = StatsRegisterCounter( dtv->counter_engine_events[i] = StatsRegisterCounter(
@ -697,7 +697,7 @@ DecodeThreadVars *DecodeThreadVarsAlloc(ThreadVars *tv)
dtv->app_tctx = AppLayerGetCtxThread(tv); dtv->app_tctx = AppLayerGetCtxThread(tv);
if (OutputFlowLogThreadInit(tv, NULL, &dtv->output_flow_thread_data) != TM_ECODE_OK) { if (OutputFlowLogThreadInit(tv, NULL, &dtv->output_flow_thread_data) != TM_ECODE_OK) {
SCLogError(SC_ERR_THREAD_INIT, "initializing flow log API for thread failed"); SCLogError("initializing flow log API for thread failed");
DecodeThreadVarsFree(tv, dtv); DecodeThreadVarsFree(tv, dtv);
return NULL; return NULL;
} }
@ -850,7 +850,7 @@ void DecodeGlobalConfig(void)
intmax_t value = 0; intmax_t value = 0;
if (ConfGetInt("decoder.max-layers", &value) == 1) { if (ConfGetInt("decoder.max-layers", &value) == 1) {
if (value < 0 || value > UINT8_MAX) { if (value < 0 || value > UINT8_MAX) {
SCLogWarning(SC_EINVAL, "Invalid value for decoder.max-layers"); SCLogWarning("Invalid value for decoder.max-layers");
} else { } else {
decoder_max_layers = (uint8_t)value; decoder_max_layers = (uint8_t)value;
} }
@ -863,8 +863,7 @@ void PacketAlertGetMaxConfig(void)
intmax_t max = 0; intmax_t max = 0;
if (ConfGetInt("packet-alert-max", &max) == 1) { if (ConfGetInt("packet-alert-max", &max) == 1) {
if (max <= 0 || max > UINT8_MAX) { if (max <= 0 || max > UINT8_MAX) {
SCLogWarning( SCLogWarning("Invalid value for packet-alert-max, default value set instead");
SC_EINVAL, "Invalid value for packet-alert-max, default value set instead");
} else { } else {
packet_alert_max = (uint16_t)max; packet_alert_max = (uint16_t)max;
} }

5
src/decode.h
Unescape Escape View File

@ -1147,8 +1147,9 @@ static inline void DecodeLinkLayer(ThreadVars *tv, DecodeThreadVars *dtv,
DecodeCHDLC(tv, dtv, p, data, len); DecodeCHDLC(tv, dtv, p, data, len);
break; break;
default: default:
SCLogError(SC_ERR_DATALINK_UNIMPLEMENTED, "datalink type " SCLogError("datalink type "
"%"PRId32" not yet supported", datalink); "%" PRId32 " not yet supported",
datalink);
break; break;
} }
} }

13
src/defrag-config.c
Unescape Escape View File

@ -44,7 +44,7 @@ static void DefragPolicyAddHostInfo(char *host_ip_range, uint64_t timeout)
uint64_t *user_data = NULL; uint64_t *user_data = NULL;
if ( (user_data = SCMalloc(sizeof(uint64_t))) == NULL) { if ( (user_data = SCMalloc(sizeof(uint64_t))) == NULL) {
FatalError(SC_ERR_FATAL, "Error allocating memory. Exiting"); FatalError("Error allocating memory. Exiting");
} }
*user_data = timeout; *user_data = timeout;
@ -52,12 +52,12 @@ static void DefragPolicyAddHostInfo(char *host_ip_range, uint64_t timeout)
if (strchr(host_ip_range, ':') != NULL) { if (strchr(host_ip_range, ':') != NULL) {
SCLogDebug("adding ipv6 host %s", host_ip_range); SCLogDebug("adding ipv6 host %s", host_ip_range);
if (SCRadixAddKeyIPV6String(host_ip_range, defrag_tree, (void *)user_data) == NULL) { if (SCRadixAddKeyIPV6String(host_ip_range, defrag_tree, (void *)user_data) == NULL) {
SCLogWarning(SC_EINVAL, "failed to add ipv6 host %s", host_ip_range); SCLogWarning("failed to add ipv6 host %s", host_ip_range);
} }
} else { } else {
SCLogDebug("adding ipv4 host %s", host_ip_range); SCLogDebug("adding ipv4 host %s", host_ip_range);
if (SCRadixAddKeyIPV4String(host_ip_range, defrag_tree, (void *)user_data) == NULL) { if (SCRadixAddKeyIPV4String(host_ip_range, defrag_tree, (void *)user_data) == NULL) {
SCLogWarning(SC_EINVAL, "failed to add ipv4 host %s", host_ip_range); SCLogWarning("failed to add ipv4 host %s", host_ip_range);
} }
} }
} }
@ -106,8 +106,8 @@ static void DefragParseParameters(ConfNode *n)
if (strcasecmp("timeout", si->name) == 0) { if (strcasecmp("timeout", si->name) == 0) {
SCLogDebug("timeout value %s", si->val); SCLogDebug("timeout value %s", si->val);
if (ParseSizeStringU64(si->val, &timeout) < 0) { if (ParseSizeStringU64(si->val, &timeout) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing timeout " SCLogError("Error parsing timeout "
"from conf file"); "from conf file");
} }
} }
if (strcasecmp("address", si->name) == 0) { if (strcasecmp("address", si->name) == 0) {
@ -131,8 +131,7 @@ void DefragPolicyLoadFromConfig(void)
defrag_tree = SCRadixCreateRadixTree(DefragPolicyFreeUserData, NULL); defrag_tree = SCRadixCreateRadixTree(DefragPolicyFreeUserData, NULL);
if (defrag_tree == NULL) { if (defrag_tree == NULL) {
FatalError(SC_ERR_FATAL, FatalError("Can't alloc memory for the defrag config tree.");
"Can't alloc memory for the defrag config tree.");
} }
ConfNode *server_config = ConfGetNode("defrag.host-config"); ConfNode *server_config = ConfGetNode("defrag.host-config");

30
src/defrag-hash.c
Unescape Escape View File

@ -192,9 +192,9 @@ void DefragInitConfig(bool quiet)
if ((ConfGet("defrag.memcap", &conf_val)) == 1) if ((ConfGet("defrag.memcap", &conf_val)) == 1)
{ {
if (ParseSizeStringU64(conf_val, &defrag_memcap) < 0) { if (ParseSizeStringU64(conf_val, &defrag_memcap) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing defrag.memcap " SCLogError("Error parsing defrag.memcap "
"from conf file - %s. Killing engine", "from conf file - %s. Killing engine",
conf_val); conf_val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} else { } else {
SC_ATOMIC_SET(defrag_config.memcap, defrag_memcap); SC_ATOMIC_SET(defrag_config.memcap, defrag_memcap);
@ -227,18 +227,18 @@ void DefragInitConfig(bool quiet)
/* alloc hash memory */ /* alloc hash memory */
uint64_t hash_size = defrag_config.hash_size * sizeof(DefragTrackerHashRow); uint64_t hash_size = defrag_config.hash_size * sizeof(DefragTrackerHashRow);
if (!(DEFRAG_CHECK_MEMCAP(hash_size))) { if (!(DEFRAG_CHECK_MEMCAP(hash_size))) {
SCLogError(SC_ERR_DEFRAG_INIT, "allocating defrag hash failed: " SCLogError("allocating defrag hash failed: "
"max defrag memcap is smaller than projected hash size. " "max defrag memcap is smaller than projected hash size. "
"Memcap: %"PRIu64", Hash table size %"PRIu64". Calculate " "Memcap: %" PRIu64 ", Hash table size %" PRIu64 ". Calculate "
"total hash size by multiplying \"defrag.hash-size\" with %"PRIuMAX", " "total hash size by multiplying \"defrag.hash-size\" with %" PRIuMAX ", "
"which is the hash bucket size.", SC_ATOMIC_GET(defrag_config.memcap), hash_size, "which is the hash bucket size.",
SC_ATOMIC_GET(defrag_config.memcap), hash_size,
(uintmax_t)sizeof(DefragTrackerHashRow)); (uintmax_t)sizeof(DefragTrackerHashRow));
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
defragtracker_hash = SCCalloc(defrag_config.hash_size, sizeof(DefragTrackerHashRow)); defragtracker_hash = SCCalloc(defrag_config.hash_size, sizeof(DefragTrackerHashRow));
if (unlikely(defragtracker_hash == NULL)) { if (unlikely(defragtracker_hash == NULL)) {
FatalError(SC_ERR_FATAL, FatalError("Fatal error encountered in DefragTrackerInitConfig. Exiting...");
"Fatal error encountered in DefragTrackerInitConfig. Exiting...");
} }
memset(defragtracker_hash, 0, defrag_config.hash_size * sizeof(DefragTrackerHashRow)); memset(defragtracker_hash, 0, defrag_config.hash_size * sizeof(DefragTrackerHashRow));
@ -261,16 +261,18 @@ void DefragInitConfig(bool quiet)
/* pre allocate defrag trackers */ /* pre allocate defrag trackers */
for (i = 0; i < defrag_config.prealloc; i++) { for (i = 0; i < defrag_config.prealloc; i++) {
if (!(DEFRAG_CHECK_MEMCAP(sizeof(DefragTracker)))) { if (!(DEFRAG_CHECK_MEMCAP(sizeof(DefragTracker)))) {
SCLogError(SC_ERR_DEFRAG_INIT, "preallocating defrag trackers failed: " SCLogError("preallocating defrag trackers failed: "
"max defrag memcap reached. Memcap %"PRIu64", " "max defrag memcap reached. Memcap %" PRIu64 ", "
"Memuse %"PRIu64".", SC_ATOMIC_GET(defrag_config.memcap), "Memuse %" PRIu64 ".",
((uint64_t)SC_ATOMIC_GET(defrag_memuse) + (uint64_t)sizeof(DefragTracker))); SC_ATOMIC_GET(defrag_config.memcap),
((uint64_t)SC_ATOMIC_GET(defrag_memuse) +
(uint64_t)sizeof(DefragTracker)));
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
DefragTracker *h = DefragTrackerAlloc(); DefragTracker *h = DefragTrackerAlloc();
if (h == NULL) { if (h == NULL) {
SCLogError(SC_ERR_DEFRAG_INIT, "preallocating defrag failed: %s", strerror(errno)); SCLogError("preallocating defrag failed: %s", strerror(errno));
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
DefragTrackerEnqueue(&defragtracker_spare_q,h); DefragTrackerEnqueue(&defragtracker_spare_q,h);

2
src/defrag-queue.c
Unescape Escape View File

@ -42,7 +42,7 @@ DefragTrackerQueue *DefragTrackerQueueNew()
{ {
DefragTrackerQueue *q = (DefragTrackerQueue *)SCMalloc(sizeof(DefragTrackerQueue)); DefragTrackerQueue *q = (DefragTrackerQueue *)SCMalloc(sizeof(DefragTrackerQueue));
if (q == NULL) { if (q == NULL) {
SCLogError(SC_ERR_FATAL, "Fatal error encountered in DefragTrackerQueueNew. Exiting..."); SCLogError("Fatal error encountered in DefragTrackerQueueNew. Exiting...");
exit(EXIT_SUCCESS); exit(EXIT_SUCCESS);
} }
q = DefragTrackerQueueInit(q); q = DefragTrackerQueueInit(q);

15
src/defrag.c
Unescape Escape View File

@ -197,12 +197,10 @@ DefragContextNew(void)
sizeof(Frag), sizeof(Frag),
NULL, DefragFragInit, dc, NULL, NULL); NULL, DefragFragInit, dc, NULL, NULL);
if (dc->frag_pool == NULL) { if (dc->frag_pool == NULL) {
FatalError(SC_ERR_FATAL, FatalError("Defrag: Failed to initialize fragment pool.");
"Defrag: Failed to initialize fragment pool.");
} }
if (SCMutexInit(&dc->frag_pool_lock, NULL) != 0) { if (SCMutexInit(&dc->frag_pool_lock, NULL) != 0) {
FatalError(SC_ERR_FATAL, FatalError("Defrag: Failed to initialize frag pool mutex.");
"Defrag: Failed to initialize frag pool mutex.");
} }
/* Set the default timeout. */ /* Set the default timeout. */
@ -212,12 +210,10 @@ DefragContextNew(void)
} }
else { else {
if (timeout < TIMEOUT_MIN) { if (timeout < TIMEOUT_MIN) {
FatalError(SC_ERR_FATAL, FatalError("defrag: Timeout less than minimum allowed value.");
"defrag: Timeout less than minimum allowed value.");
} }
else if (timeout > TIMEOUT_MAX) { else if (timeout > TIMEOUT_MAX) {
FatalError(SC_ERR_FATAL, FatalError("defrag: Tiemout greater than maximum allowed value.");
"defrag: Tiemout greater than maximum allowed value.");
} }
dc->timeout = timeout; dc->timeout = timeout;
} }
@ -1068,8 +1064,7 @@ DefragInit(void)
/* Allocate the DefragContext. */ /* Allocate the DefragContext. */
defrag_context = DefragContextNew(); defrag_context = DefragContextNew();
if (defrag_context == NULL) { if (defrag_context == NULL) {
FatalError(SC_ERR_FATAL, FatalError("Failed to allocate memory for the Defrag module.");
"Failed to allocate memory for the Defrag module.");
} }
DefragSetDefaultTimeout(defrag_context->timeout); DefragSetDefaultTimeout(defrag_context->timeout);

38
src/detect-app-layer-event.c
Unescape Escape View File

@ -159,9 +159,10 @@ static DetectAppLayerEventData *DetectAppLayerEventParsePkt(const char *arg,
int event_id = 0; int event_id = 0;
int r = AppLayerGetPktEventInfo(arg, &event_id); int r = AppLayerGetPktEventInfo(arg, &event_id);
if (r < 0 || r > UINT8_MAX) { if (r < 0 || r > UINT8_MAX) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword " SCLogError("app-layer-event keyword "
"supplied with packet based event - \"%s\" that isn't " "supplied with packet based event - \"%s\" that isn't "
"supported yet.", arg); "supported yet.",
arg);
return NULL; return NULL;
} }
@ -199,19 +200,17 @@ static int DetectAppLayerEventParseAppP2(DetectAppLayerEventData *data,
if (OutdatedEvent(data->arg)) { if (OutdatedEvent(data->arg)) {
if (SigMatchStrictEnabled(DETECT_AL_APP_LAYER_EVENT)) { if (SigMatchStrictEnabled(DETECT_AL_APP_LAYER_EVENT)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("app-layer-event keyword no longer supports event \"%s\"", data->arg);
"app-layer-event keyword no longer supports event \"%s\"", data->arg);
return -1; return -1;
} else { } else {
SCLogWarning(SC_ERR_INVALID_SIGNATURE, SCLogWarning("app-layer-event keyword no longer supports event \"%s\"", data->arg);
"app-layer-event keyword no longer supports event \"%s\"", data->arg);
return -3; return -3;
} }
} }
const char *p_idx = strchr(data->arg, '.'); const char *p_idx = strchr(data->arg, '.');
if (strlen(data->arg) > MAX_ALPROTO_NAME) { if (strlen(data->arg) > MAX_ALPROTO_NAME) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword is too long or malformed"); SCLogError("app-layer-event keyword is too long or malformed");
return -1; return -1;
} }
strlcpy(alproto_name, data->arg, p_idx - data->arg + 1); strlcpy(alproto_name, data->arg, p_idx - data->arg + 1);
@ -221,7 +220,7 @@ static int DetectAppLayerEventParseAppP2(DetectAppLayerEventData *data,
} else if (ipproto_bitarray[IPPROTO_UDP / 8] & 1 << (IPPROTO_UDP % 8)) { } else if (ipproto_bitarray[IPPROTO_UDP / 8] & 1 << (IPPROTO_UDP % 8)) {
ipproto = IPPROTO_UDP; ipproto = IPPROTO_UDP;
} else { } else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "protocol %s is disabled", alproto_name); SCLogError("protocol %s is disabled", alproto_name);
return -1; return -1;
} }
@ -233,19 +232,19 @@ static int DetectAppLayerEventParseAppP2(DetectAppLayerEventData *data,
} }
if (r < 0) { if (r < 0) {
if (SigMatchStrictEnabled(DETECT_AL_APP_LAYER_EVENT)) { if (SigMatchStrictEnabled(DETECT_AL_APP_LAYER_EVENT)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword's " SCLogError("app-layer-event keyword's "
"protocol \"%s\" doesn't have event \"%s\" registered", "protocol \"%s\" doesn't have event \"%s\" registered",
alproto_name, p_idx + 1); alproto_name, p_idx + 1);
return -1; return -1;
} else { } else {
SCLogWarning(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword's " SCLogWarning("app-layer-event keyword's "
"protocol \"%s\" doesn't have event \"%s\" registered", "protocol \"%s\" doesn't have event \"%s\" registered",
alproto_name, p_idx + 1); alproto_name, p_idx + 1);
return -3; return -3;
} }
} }
if (event_id > UINT8_MAX) { if (event_id > UINT8_MAX) {
SCLogWarning(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword's id has invalid value"); SCLogWarning("app-layer-event keyword's id has invalid value");
return -4; return -4;
} }
data->event_id = (uint8_t)event_id; data->event_id = (uint8_t)event_id;
@ -271,7 +270,7 @@ static DetectAppLayerEventData *DetectAppLayerEventParseAppP1(const char *arg)
const char *p_idx = strchr(arg, '.'); const char *p_idx = strchr(arg, '.');
if (strlen(arg) > MAX_ALPROTO_NAME) { if (strlen(arg) > MAX_ALPROTO_NAME) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword is too long or malformed"); SCLogError("app-layer-event keyword is too long or malformed");
return NULL; return NULL;
} }
/* + 1 for trailing \0 */ /* + 1 for trailing \0 */
@ -282,9 +281,9 @@ static DetectAppLayerEventData *DetectAppLayerEventParseAppP1(const char *arg)
if (!strcmp(alproto_name, "file")) { if (!strcmp(alproto_name, "file")) {
needs_detctx = true; needs_detctx = true;
} else { } else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword " SCLogError("app-layer-event keyword "
"supplied with unknown protocol \"%s\"", "supplied with unknown protocol \"%s\"",
alproto_name); alproto_name);
return NULL; return NULL;
} }
} }
@ -309,7 +308,7 @@ static DetectAppLayerEventData *DetectAppLayerEventParse(const char *arg,
*event_type = 0; *event_type = 0;
if (arg == NULL) { if (arg == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword supplied " SCLogError("app-layer-event keyword supplied "
"with no arguments. This keyword needs an argument."); "with no arguments. This keyword needs an argument.");
return NULL; return NULL;
} }
@ -455,8 +454,9 @@ static int DetectAppLayerEventTestGetEventInfo(const char *event_name,
{ {
*event_id = SCMapEnumNameToValue(event_name, app_layer_event_test_map); *event_id = SCMapEnumNameToValue(event_name, app_layer_event_test_map);
if (*event_id == -1) { if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in " SCLogError("event \"%s\" not present in "
"app-layer-event's test enum map table.", event_name); "app-layer-event's test enum map table.",
event_name);
/* this should be treated as fatal */ /* this should be treated as fatal */
return -1; return -1;
} }

13
src/detect-app-layer-protocol.c
Unescape Escape View File

@ -105,8 +105,9 @@ static DetectAppLayerProtocolData *DetectAppLayerProtocolParse(const char *arg,
} else { } else {
alproto = AppLayerGetProtoByName((char *)arg); alproto = AppLayerGetProtoByName((char *)arg);
if (alproto == ALPROTO_UNKNOWN) { if (alproto == ALPROTO_UNKNOWN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-protocol " SCLogError("app-layer-protocol "
"keyword supplied with unknown protocol \"%s\"", arg); "keyword supplied with unknown protocol \"%s\"",
arg);
return NULL; return NULL;
} }
} }
@ -144,7 +145,7 @@ static int DetectAppLayerProtocolSetup(DetectEngineCtx *de_ctx,
SigMatch *sm = NULL; SigMatch *sm = NULL;
if (s->alproto != ALPROTO_UNKNOWN) { if (s->alproto != ALPROTO_UNKNOWN) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Either we already " SCLogError("Either we already "
"have the rule match on an app layer protocol set through " "have the rule match on an app layer protocol set through "
"other keywords that match on this protocol, or have " "other keywords that match on this protocol, or have "
"already seen a non-negated app-layer-protocol."); "already seen a non-negated app-layer-protocol.");
@ -161,9 +162,9 @@ static int DetectAppLayerProtocolSetup(DetectEngineCtx *de_ctx,
const DetectAppLayerProtocolData *them = (const DetectAppLayerProtocolData *)tsm->ctx; const DetectAppLayerProtocolData *them = (const DetectAppLayerProtocolData *)tsm->ctx;
if (HasConflicts(data, them)) { if (HasConflicts(data, them)) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "can't mix " SCLogError("can't mix "
"positive app-layer-protocol match with negated " "positive app-layer-protocol match with negated "
"match or match for 'failed'."); "match or match for 'failed'.");
goto error; goto error;
} }
} }

2
src/detect-asn1.c
Unescape Escape View File

@ -104,7 +104,7 @@ static DetectAsn1Data *DetectAsn1Parse(const char *asn1str)
DetectAsn1Data *ad = rs_detect_asn1_parse(asn1str); DetectAsn1Data *ad = rs_detect_asn1_parse(asn1str);
if (ad == NULL) { if (ad == NULL) {
SCLogError(SC_EINVAL, "Malformed asn1 argument: %s", asn1str); SCLogError("Malformed asn1 argument: %s", asn1str);
} }
return ad; return ad;

3
src/detect-base64-data.c
Unescape Escape View File

@ -53,8 +53,7 @@ static int DetectBase64DataSetup(DetectEngineCtx *de_ctx, Signature *s,
/* Check for a preceding base64_decode. */ /* Check for a preceding base64_decode. */
pm = DetectGetLastSMFromLists(s, DETECT_BASE64_DECODE, -1); pm = DetectGetLastSMFromLists(s, DETECT_BASE64_DECODE, -1);
if (pm == NULL) { if (pm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("\"base64_data\" keyword seen without preceding base64_decode.");
"\"base64_data\" keyword seen without preceding base64_decode.");
return -1; return -1;
} }

9
src/detect-base64-decode.c
Unescape Escape View File

@ -134,8 +134,7 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
if (pcre2_substring_get_bynumber( if (pcre2_substring_get_bynumber(
decode_pcre.match, 2, (PCRE2_UCHAR8 **)&bytes_str, &pcre2_len) == 0) { decode_pcre.match, 2, (PCRE2_UCHAR8 **)&bytes_str, &pcre2_len) == 0) {
if (StringParseUint32(bytes, 10, 0, bytes_str) <= 0) { if (StringParseUint32(bytes, 10, 0, bytes_str) <= 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, SCLogError("Bad value for bytes: \"%s\"", bytes_str);
"Bad value for bytes: \"%s\"", bytes_str);
goto error; goto error;
} }
} }
@ -145,8 +144,7 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
if (pcre2_substring_get_bynumber( if (pcre2_substring_get_bynumber(
decode_pcre.match, 4, (PCRE2_UCHAR8 **)&offset_str, &pcre2_len) == 0) { decode_pcre.match, 4, (PCRE2_UCHAR8 **)&offset_str, &pcre2_len) == 0) {
if (StringParseUint32(offset, 10, 0, offset_str) <= 0) { if (StringParseUint32(offset, 10, 0, offset_str) <= 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, SCLogError("Bad value for offset: \"%s\"", offset_str);
"Bad value for offset: \"%s\"", offset_str);
goto error; goto error;
} }
} }
@ -159,8 +157,7 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
*relative = 1; *relative = 1;
} }
else { else {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, SCLogError("Invalid argument: \"%s\"", relative_str);
"Invalid argument: \"%s\"", relative_str);
goto error; goto error;
} }
} }

11
src/detect-bsize.c
Unescape Escape View File

@ -79,14 +79,13 @@ bool DetectBsizeValidateContentCallback(Signature *s, int list)
return true; return true;
value_error: value_error:
if (bsz->mode == DETECT_UINT_RA) { if (bsz->mode == DETECT_UINT_RA) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("signature can't match as required content length %" PRIu64
"signature can't match as required content length %" PRIu64 " exceeds bsize range: %" PRIu64 "-%" PRIu64,
" exceeds bsize range: %" PRIu64 "-%" PRIu64,
needed, bsz->arg1, bsz->arg2); needed, bsz->arg1, bsz->arg2);
} else { } else {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("signature can't match as required content length %" PRIu64
"signature can't match as required content length %" PRIu64 " exceeds bsize value: " " exceeds bsize value: "
"%" PRIu64, "%" PRIu64,
needed, bsz->arg1); needed, bsz->arg1);
} }
return false; return false;

3
src/detect-bypass.c
Unescape Escape View File

@ -72,8 +72,7 @@ static int DetectBypassSetup(DetectEngineCtx *de_ctx, Signature *s, const char *
SigMatch *sm = NULL; SigMatch *sm = NULL;
if (s->flags & SIG_FLAG_FILESTORE) { if (s->flags & SIG_FLAG_FILESTORE) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, SCLogError("bypass can't work with filestore keyword");
"bypass can't work with filestore keyword");
return -1; return -1;
} }
s->flags |= SIG_FLAG_BYPASS; s->flags |= SIG_FLAG_BYPASS;

110
src/detect-byte-extract.c
Unescape Escape View File

@ -220,10 +220,10 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
ret = DetectParsePcreExec(&parse_regex, arg, 0, 0); ret = DetectParsePcreExec(&parse_regex, arg, 0, 0);
if (ret < 3 || ret > 19) { if (ret < 3 || ret > 19) {
SCLogError(SC_ERR_PCRE_PARSE, "parse error, ret %" PRId32 SCLogError("parse error, ret %" PRId32 ", string \"%s\"", ret, arg);
", string \"%s\"", ret, arg); SCLogError("Invalid arg to byte_extract : %s "
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid arg to byte_extract : %s " "for byte_extract",
"for byte_extract", arg); arg);
goto error; goto error;
} }
@ -238,14 +238,15 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
res = pcre2_substring_copy_bynumber( res = pcre2_substring_copy_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 *)nbytes_str, &pcre2len); parse_regex.match, 1, (PCRE2_UCHAR8 *)nbytes_str, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 1 for byte_extract"); "for arg 1 for byte_extract");
goto error; goto error;
} }
if (StringParseUint8(&bed->nbytes, 10, 0, if (StringParseUint8(&bed->nbytes, 10, 0,
(const char *)nbytes_str) < 0) { (const char *)nbytes_str) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid value for number of bytes" SCLogError("Invalid value for number of bytes"
" to be extracted: \"%s\".", nbytes_str); " to be extracted: \"%s\".",
nbytes_str);
goto error; goto error;
} }
@ -255,13 +256,13 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
res = pcre2_substring_copy_bynumber( res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)offset_str, &pcre2len); parse_regex.match, 2, (PCRE2_UCHAR8 *)offset_str, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 2 for byte_extract"); "for arg 2 for byte_extract");
goto error; goto error;
} }
int32_t offset; int32_t offset;
if (StringParseI32RangeCheck(&offset, 10, 0, (const char *)offset_str, -65535, 65535) < 0) { if (StringParseI32RangeCheck(&offset, 10, 0, (const char *)offset_str, -65535, 65535) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid value for offset: \"%s\".", offset_str); SCLogError("Invalid value for offset: \"%s\".", offset_str);
goto error; goto error;
} }
bed->offset = offset; bed->offset = offset;
@ -272,8 +273,8 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
res = pcre2_substring_copy_bynumber( res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)varname_str, &pcre2len); parse_regex.match, 3, (PCRE2_UCHAR8 *)varname_str, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 3 for byte_extract"); "for arg 3 for byte_extract");
goto error; goto error;
} }
bed->name = SCStrdup(varname_str); bed->name = SCStrdup(varname_str);
@ -286,23 +287,22 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
pcre2len = sizeof(opt_str); pcre2len = sizeof(opt_str);
res = SC_Pcre2SubstringCopy(parse_regex.match, i, (PCRE2_UCHAR8 *)opt_str, &pcre2len); res = SC_Pcre2SubstringCopy(parse_regex.match, i, (PCRE2_UCHAR8 *)opt_str, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, SCLogError("pcre2_substring_copy_bynumber failed "
"pcre2_substring_copy_bynumber failed " "for arg %d for byte_extract with %d",
"for arg %d for byte_extract with %d",
i, res); i, res);
goto error; goto error;
} }
if (strcmp("relative", opt_str) == 0) { if (strcmp("relative", opt_str) == 0) {
if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) { if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "relative specified more " SCLogError("relative specified more "
"than once for byte_extract"); "than once for byte_extract");
goto error; goto error;
} }
bed->flags |= DETECT_BYTE_EXTRACT_FLAG_RELATIVE; bed->flags |= DETECT_BYTE_EXTRACT_FLAG_RELATIVE;
} else if (strcmp("multiplier", opt_str) == 0) { } else if (strcmp("multiplier", opt_str) == 0) {
if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER) { if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "multiplier specified more " SCLogError("multiplier specified more "
"than once for byte_extract"); "than once for byte_extract");
goto error; goto error;
} }
@ -314,9 +314,8 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
res = pcre2_substring_copy_bynumber( res = pcre2_substring_copy_bynumber(
parse_regex.match, i, (PCRE2_UCHAR8 *)multiplier_str, &pcre2len); parse_regex.match, i, (PCRE2_UCHAR8 *)multiplier_str, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, SCLogError("pcre2_substring_copy_bynumber failed "
"pcre2_substring_copy_bynumber failed " "for arg %d for byte_extract",
"for arg %d for byte_extract",
i); i);
goto error; goto error;
} }
@ -324,14 +323,15 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
if (StringParseU16RangeCheck(&multiplier, 10, 0, (const char *)multiplier_str, if (StringParseU16RangeCheck(&multiplier, 10, 0, (const char *)multiplier_str,
DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT, DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT,
DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT) < 0) { DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid value for" SCLogError("Invalid value for"
"multiplier: \"%s\".", multiplier_str); "multiplier: \"%s\".",
multiplier_str);
goto error; goto error;
} }
bed->multiplier_value = multiplier; bed->multiplier_value = multiplier;
} else if (strcmp("big", opt_str) == 0) { } else if (strcmp("big", opt_str) == 0) {
if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) { if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "endian option specified " SCLogError("endian option specified "
"more than once for byte_extract"); "more than once for byte_extract");
goto error; goto error;
} }
@ -339,7 +339,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_BIG; bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_BIG;
} else if (strcmp("little", opt_str) == 0) { } else if (strcmp("little", opt_str) == 0) {
if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) { if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "endian option specified " SCLogError("endian option specified "
"more than once for byte_extract"); "more than once for byte_extract");
goto error; goto error;
} }
@ -347,7 +347,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_LITTLE; bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_LITTLE;
} else if (strcmp("dce", opt_str) == 0) { } else if (strcmp("dce", opt_str) == 0) {
if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) { if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "endian option specified " SCLogError("endian option specified "
"more than once for byte_extract"); "more than once for byte_extract");
goto error; goto error;
} }
@ -355,12 +355,12 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_DCE; bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_DCE;
} else if (strcmp("string", opt_str) == 0) { } else if (strcmp("string", opt_str) == 0) {
if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING) { if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "string specified more " SCLogError("string specified more "
"than once for byte_extract"); "than once for byte_extract");
goto error; goto error;
} }
if (bed->base != DETECT_BYTE_EXTRACT_BASE_NONE) { if (bed->base != DETECT_BYTE_EXTRACT_BASE_NONE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "The right way to specify " SCLogError("The right way to specify "
"base is (string, base) and not (base, string) " "base is (string, base) and not (base, string) "
"for byte_extract"); "for byte_extract");
goto error; goto error;
@ -368,46 +368,46 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
bed->flags |= DETECT_BYTE_EXTRACT_FLAG_STRING; bed->flags |= DETECT_BYTE_EXTRACT_FLAG_STRING;
} else if (strcmp("hex", opt_str) == 0) { } else if (strcmp("hex", opt_str) == 0) {
if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING)) { if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Base(hex) specified " SCLogError("Base(hex) specified "
"without specifying string. The right way is " "without specifying string. The right way is "
"(string, base) and not (base, string)"); "(string, base) and not (base, string)");
goto error; goto error;
} }
if (bed->base != DETECT_BYTE_EXTRACT_BASE_NONE) { if (bed->base != DETECT_BYTE_EXTRACT_BASE_NONE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "More than one base " SCLogError("More than one base "
"specified for byte_extract"); "specified for byte_extract");
goto error; goto error;
} }
bed->base = DETECT_BYTE_EXTRACT_BASE_HEX; bed->base = DETECT_BYTE_EXTRACT_BASE_HEX;
} else if (strcmp("oct", opt_str) == 0) { } else if (strcmp("oct", opt_str) == 0) {
if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING)) { if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Base(oct) specified " SCLogError("Base(oct) specified "
"without specifying string. The right way is " "without specifying string. The right way is "
"(string, base) and not (base, string)"); "(string, base) and not (base, string)");
goto error; goto error;
} }
if (bed->base != DETECT_BYTE_EXTRACT_BASE_NONE) { if (bed->base != DETECT_BYTE_EXTRACT_BASE_NONE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "More than one base " SCLogError("More than one base "
"specified for byte_extract"); "specified for byte_extract");
goto error; goto error;
} }
bed->base = DETECT_BYTE_EXTRACT_BASE_OCT; bed->base = DETECT_BYTE_EXTRACT_BASE_OCT;
} else if (strcmp("dec", opt_str) == 0) { } else if (strcmp("dec", opt_str) == 0) {
if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING)) { if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Base(dec) specified " SCLogError("Base(dec) specified "
"without specifying string. The right way is " "without specifying string. The right way is "
"(string, base) and not (base, string)"); "(string, base) and not (base, string)");
goto error; goto error;
} }
if (bed->base != DETECT_BYTE_EXTRACT_BASE_NONE) { if (bed->base != DETECT_BYTE_EXTRACT_BASE_NONE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "More than one base " SCLogError("More than one base "
"specified for byte_extract"); "specified for byte_extract");
goto error; goto error;
} }
bed->base = DETECT_BYTE_EXTRACT_BASE_DEC; bed->base = DETECT_BYTE_EXTRACT_BASE_DEC;
} else if (strcmp("align", opt_str) == 0) { } else if (strcmp("align", opt_str) == 0) {
if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ALIGN) { if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ALIGN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Align specified more " SCLogError("Align specified more "
"than once for byte_extract"); "than once for byte_extract");
goto error; goto error;
} }
@ -419,28 +419,30 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
res = pcre2_substring_copy_bynumber( res = pcre2_substring_copy_bynumber(
parse_regex.match, i, (PCRE2_UCHAR8 *)align_str, &pcre2len); parse_regex.match, i, (PCRE2_UCHAR8 *)align_str, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, SCLogError("pcre2_substring_copy_bynumber failed "
"pcre2_substring_copy_bynumber failed " "for arg %d in byte_extract",
"for arg %d in byte_extract",
i); i);
goto error; goto error;
} }
if (StringParseUint8(&bed->align_value, 10, 0, if (StringParseUint8(&bed->align_value, 10, 0,
(const char *)align_str) < 0) { (const char *)align_str) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid align_value: " SCLogError("Invalid align_value: "
"\"%s\".", align_str); "\"%s\".",
align_str);
goto error; goto error;
} }
if (!(bed->align_value == 2 || bed->align_value == 4)) { if (!(bed->align_value == 2 || bed->align_value == 4)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid align_value for " SCLogError("Invalid align_value for "
"byte_extract - \"%d\"", bed->align_value); "byte_extract - \"%d\"",
bed->align_value);
goto error; goto error;
} }
} else if (strcmp("", opt_str) == 0) { } else if (strcmp("", opt_str) == 0) {
; ;
} else { } else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid option - \"%s\" " SCLogError("Invalid option - \"%s\" "
"specified in byte_extract", opt_str); "specified in byte_extract",
opt_str);
goto error; goto error;
} }
} /* for (i = 4; i < ret; i++) */ } /* for (i = 4; i < ret; i++) */
@ -457,7 +459,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
bed->base = DETECT_BYTE_EXTRACT_BASE_DEC; bed->base = DETECT_BYTE_EXTRACT_BASE_DEC;
} }
if (bed->endian != DETECT_BYTE_EXTRACT_ENDIAN_NONE) { if (bed->endian != DETECT_BYTE_EXTRACT_ENDIAN_NONE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "byte_extract can't have " SCLogError("byte_extract can't have "
"endian \"big\" or \"little\" specified along with " "endian \"big\" or \"little\" specified along with "
"\"string\""); "\"string\"");
goto error; goto error;
@ -466,27 +468,27 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
/* if are dealing with octal nos, the max no that can fit in a 8 /* if are dealing with octal nos, the max no that can fit in a 8
* byte value is 01777777777777777777777 */ * byte value is 01777777777777777777777 */
if (bed->nbytes > STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT) { if (bed->nbytes > STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "byte_extract can't process " SCLogError("byte_extract can't process "
"more than %d bytes in \"string\" extraction", "more than %d bytes in \"string\" extraction",
STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT); STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT);
goto error; goto error;
} }
} else if (bed->base == DETECT_BYTE_EXTRACT_BASE_DEC) { } else if (bed->base == DETECT_BYTE_EXTRACT_BASE_DEC) {
/* if are dealing with decimal nos, the max no that can fit in a 8 /* if are dealing with decimal nos, the max no that can fit in a 8
* byte value is 18446744073709551615 */ * byte value is 18446744073709551615 */
if (bed->nbytes > STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC) { if (bed->nbytes > STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "byte_extract can't process " SCLogError("byte_extract can't process "
"more than %d bytes in \"string\" extraction", "more than %d bytes in \"string\" extraction",
STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC); STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC);
goto error; goto error;
} }
} else if (bed->base == DETECT_BYTE_EXTRACT_BASE_HEX) { } else if (bed->base == DETECT_BYTE_EXTRACT_BASE_HEX) {
/* if are dealing with hex nos, the max no that can fit in a 8 /* if are dealing with hex nos, the max no that can fit in a 8
* byte value is 0xFFFFFFFFFFFFFFFF */ * byte value is 0xFFFFFFFFFFFFFFFF */
if (bed->nbytes > STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX) { if (bed->nbytes > STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "byte_extract can't process " SCLogError("byte_extract can't process "
"more than %d bytes in \"string\" extraction", "more than %d bytes in \"string\" extraction",
STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX); STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX);
goto error; goto error;
} }
} else { } else {
@ -494,9 +496,9 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
} }
} else { } else {
if (bed->nbytes > NO_STRING_MAX_BYTES_TO_EXTRACT) { if (bed->nbytes > NO_STRING_MAX_BYTES_TO_EXTRACT) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "byte_extract can't process " SCLogError("byte_extract can't process "
"more than %d bytes in \"non-string\" extraction", "more than %d bytes in \"non-string\" extraction",
NO_STRING_MAX_BYTES_TO_EXTRACT); NO_STRING_MAX_BYTES_TO_EXTRACT);
goto error; goto error;
} }
/* if string has not been specified and no endian option has been /* if string has not been specified and no endian option has been
@ -590,7 +592,7 @@ static int DetectByteExtractSetup(DetectEngineCtx *de_ctx, Signature *s, const c
(data->base == DETECT_BYTE_EXTRACT_BASE_DEC) || (data->base == DETECT_BYTE_EXTRACT_BASE_DEC) ||
(data->base == DETECT_BYTE_EXTRACT_BASE_HEX) || (data->base == DETECT_BYTE_EXTRACT_BASE_HEX) ||
(data->base == DETECT_BYTE_EXTRACT_BASE_OCT) ) { (data->base == DETECT_BYTE_EXTRACT_BASE_OCT) ) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Invalid option. " SCLogError("Invalid option. "
"A byte_jump keyword with dce holds other invalid modifiers."); "A byte_jump keyword with dce holds other invalid modifiers.");
goto error; goto error;
} }

48
src/detect-bytejump.c
Unescape Escape View File

@ -332,8 +332,7 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
/* Execute the regex and populate args with captures. */ /* Execute the regex and populate args with captures. */
ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0); ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0);
if (ret < 2 || ret > 10) { if (ret < 2 || ret > 10) {
SCLogError(SC_ERR_PCRE_PARSE,"parse error, ret %" PRId32 SCLogError("parse error, ret %" PRId32 ", string \"%s\"", ret, optstr);
", string \"%s\"", ret, optstr);
goto error; goto error;
} }
@ -345,8 +344,8 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
pcre2len = sizeof(str); pcre2len = sizeof(str);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)str, &pcre2len); res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)str, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 1"); "for arg 1");
goto error; goto error;
} }
@ -376,8 +375,7 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
res = pcre2_substring_copy_bynumber( res = pcre2_substring_copy_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 *)args[i + 1], &pcre2len); parse_regex.match, i + 1, (PCRE2_UCHAR8 *)args[i + 1], &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed for arg %d", SCLogError("pcre2_substring_copy_bynumber failed for arg %d", i + 1);
i + 1);
goto error; goto error;
} }
numargs++; numargs++;
@ -399,14 +397,14 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
/* Number of bytes */ /* Number of bytes */
if (StringParseUint32(&nbytes, 10, (uint16_t)strlen(args[0]), args[0]) <= 0) { if (StringParseUint32(&nbytes, 10, (uint16_t)strlen(args[0]), args[0]) <= 0) {
SCLogError(SC_EINVAL, "Malformed number of bytes: %s", optstr); SCLogError("Malformed number of bytes: %s", optstr);
goto error; goto error;
} }
/* Offset */ /* Offset */
if (args[1][0] != '-' && isalpha((unsigned char)args[1][0])) { if (args[1][0] != '-' && isalpha((unsigned char)args[1][0])) {
if (offset == NULL) { if (offset == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "byte_jump supplied with " SCLogError("byte_jump supplied with "
"var name for offset. \"value\" argument supplied to " "var name for offset. \"value\" argument supplied to "
"this function has to be non-NULL"); "this function has to be non-NULL");
goto error; goto error;
@ -416,7 +414,7 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
goto error; goto error;
} else { } else {
if (StringParseInt32(&data->offset, 0, (uint16_t)strlen(args[1]), args[1]) <= 0) { if (StringParseInt32(&data->offset, 0, (uint16_t)strlen(args[1]), args[1]) <= 0) {
SCLogError(SC_EINVAL, "Malformed offset: %s", optstr); SCLogError("Malformed offset: %s", optstr);
goto error; goto error;
} }
} }
@ -450,26 +448,26 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
} else if (strncasecmp("multiplier ", args[i], 11) == 0) { } else if (strncasecmp("multiplier ", args[i], 11) == 0) {
if (StringParseUint32( if (StringParseUint32(
&data->multiplier, 10, (uint16_t)strlen(args[i]) - 11, args[i] + 11) <= 0) { &data->multiplier, 10, (uint16_t)strlen(args[i]) - 11, args[i] + 11) <= 0) {
SCLogError(SC_EINVAL, "Malformed multiplier: %s", optstr); SCLogError("Malformed multiplier: %s", optstr);
goto error; goto error;
} }
} else if (strncasecmp("post_offset ", args[i], 12) == 0) { } else if (strncasecmp("post_offset ", args[i], 12) == 0) {
if (StringParseInt32(&data->post_offset, 10, (uint16_t)strlen(args[i]) - 12, if (StringParseInt32(&data->post_offset, 10, (uint16_t)strlen(args[i]) - 12,
args[i] + 12) <= 0) { args[i] + 12) <= 0) {
SCLogError(SC_EINVAL, "Malformed post_offset: %s", optstr); SCLogError("Malformed post_offset: %s", optstr);
goto error; goto error;
} }
} else if (strcasecmp("dce", args[i]) == 0) { } else if (strcasecmp("dce", args[i]) == 0) {
data->flags |= DETECT_BYTEJUMP_DCE; data->flags |= DETECT_BYTEJUMP_DCE;
} else { } else {
SCLogError(SC_EINVAL, "Unknown option: \"%s\"", args[i]); SCLogError("Unknown option: \"%s\"", args[i]);
goto error; goto error;
} }
} }
if ((data->flags & DETECT_BYTEJUMP_END) && (data->flags & DETECT_BYTEJUMP_BEGIN)) { if ((data->flags & DETECT_BYTEJUMP_END) && (data->flags & DETECT_BYTEJUMP_BEGIN)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "'from_end' and 'from_beginning' " SCLogError("'from_end' and 'from_beginning' "
"cannot be used in the same byte_jump statement"); "cannot be used in the same byte_jump statement");
goto error; goto error;
} }
@ -482,24 +480,21 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
* "01777777777777777777777" = 0xffffffffffffffff * "01777777777777777777777" = 0xffffffffffffffff
*/ */
if (nbytes > 23) { if (nbytes > 23) {
SCLogError(SC_EINVAL, SCLogError("Cannot test more than 23 bytes "
"Cannot test more than 23 bytes " "with \"string\": %s",
"with \"string\": %s",
optstr); optstr);
goto error; goto error;
} }
} else { } else {
if (nbytes > 8) { if (nbytes > 8) {
SCLogError(SC_EINVAL, SCLogError("Cannot test more than 8 bytes "
"Cannot test more than 8 bytes " "without \"string\": %s\n",
"without \"string\": %s\n",
optstr); optstr);
goto error; goto error;
} }
if (data->base != DETECT_BYTEJUMP_BASE_UNSET) { if (data->base != DETECT_BYTEJUMP_BASE_UNSET) {
SCLogError(SC_EINVAL, SCLogError("Cannot use a base "
"Cannot use a base " "without \"string\": %s",
"without \"string\": %s",
optstr); optstr);
goto error; goto error;
} }
@ -588,7 +583,7 @@ static int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, const char
(data->base == DETECT_BYTEJUMP_BASE_DEC) || (data->base == DETECT_BYTEJUMP_BASE_DEC) ||
(data->base == DETECT_BYTEJUMP_BASE_HEX) || (data->base == DETECT_BYTEJUMP_BASE_HEX) ||
(data->base == DETECT_BYTEJUMP_BASE_OCT) ) { (data->base == DETECT_BYTEJUMP_BASE_OCT) ) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Invalid option. " SCLogError("Invalid option. "
"A byte_jump keyword with dce holds other invalid modifiers."); "A byte_jump keyword with dce holds other invalid modifiers.");
goto error; goto error;
} }
@ -597,8 +592,9 @@ static int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, const char
if (offset != NULL) { if (offset != NULL) {
DetectByteIndexType index; DetectByteIndexType index;
if (!DetectByteRetrieveSMVar(offset, s, &index)) { if (!DetectByteRetrieveSMVar(offset, s, &index)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var " SCLogError("Unknown byte_extract var "
"seen in byte_jump - %s", offset); "seen in byte_jump - %s",
offset);
goto error; goto error;
} }
data->offset = index; data->offset = index;

13
src/detect-bytemath.c
Unescape Escape View File

@ -201,13 +201,13 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
{ {
DetectByteMathData *bmd; DetectByteMathData *bmd;
if ((bmd = ScByteMathParse(arg)) == NULL) { if ((bmd = ScByteMathParse(arg)) == NULL) {
SCLogError(SC_ERR_PCRE_PARSE, "invalid bytemath values"); SCLogError("invalid bytemath values");
return NULL; return NULL;
} }
if (bmd->rvalue_str) { if (bmd->rvalue_str) {
if (rvalue == NULL) { if (rvalue == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "byte_math supplied with " SCLogError("byte_math supplied with "
"var name for rvalue. \"rvalue\" argument supplied to " "var name for rvalue. \"rvalue\" argument supplied to "
"this function must be non-NULL"); "this function must be non-NULL");
goto error; goto error;
@ -269,7 +269,7 @@ static int DetectByteMathSetup(DetectEngineCtx *de_ctx, Signature *s, const char
if (data->flags & DETECT_BYTEMATH_FLAG_RELATIVE) { if (data->flags & DETECT_BYTEMATH_FLAG_RELATIVE) {
prev_pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, DETECT_PCRE, -1); prev_pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, DETECT_PCRE, -1);
if (!prev_pm) { if (!prev_pm) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "relative specified without " SCLogError("relative specified without "
"previous pattern match"); "previous pattern match");
goto error; goto error;
} }
@ -321,7 +321,7 @@ static int DetectByteMathSetup(DetectEngineCtx *de_ctx, Signature *s, const char
if ((data->flags & DETECT_BYTEMATH_FLAG_STRING) || (data->base == BaseDec) || if ((data->flags & DETECT_BYTEMATH_FLAG_STRING) || (data->base == BaseDec) ||
(data->base == BaseHex) || (data->base == BaseOct)) { (data->base == BaseHex) || (data->base == BaseOct)) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Invalid option. " SCLogError("Invalid option. "
"A bytemath keyword with dce holds other invalid modifiers."); "A bytemath keyword with dce holds other invalid modifiers.");
goto error; goto error;
} }
@ -330,8 +330,9 @@ static int DetectByteMathSetup(DetectEngineCtx *de_ctx, Signature *s, const char
if (rvalue != NULL) { if (rvalue != NULL) {
DetectByteIndexType index; DetectByteIndexType index;
if (!DetectByteRetrieveSMVar(rvalue, s, &index)) { if (!DetectByteRetrieveSMVar(rvalue, s, &index)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_ keyword var " SCLogError("unknown byte_ keyword var "
"seen in byte_math - %s\n", rvalue); "seen in byte_math - %s\n",
rvalue);
goto error; goto error;
} }
data->rvalue = index; data->rvalue = index;

44
src/detect-bytetest.c
Unescape Escape View File

@ -279,8 +279,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
/* Execute the regex and populate args with captures. */ /* Execute the regex and populate args with captures. */
ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0); ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0);
if (ret < 4 || ret > 9) { if (ret < 4 || ret > 9) {
SCLogError(SC_ERR_PCRE_PARSE, "parse error, ret %" PRId32 SCLogError("parse error, ret %" PRId32 ", string %s", ret, optstr);
", string %s", ret, optstr);
goto error; goto error;
} }
@ -289,9 +288,8 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
res = pcre2_substring_get_bynumber( res = pcre2_substring_get_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, SCLogError("pcre2_substring_get_bynumber failed "
"pcre2_substring_get_bynumber failed " "for arg %d",
"for arg %d",
i + 1); i + 1);
goto error; goto error;
} }
@ -327,7 +325,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
/* Number of bytes */ /* Number of bytes */
if (StringParseUint32(&nbytes, 10, 0, args[0]) <= 0) { if (StringParseUint32(&nbytes, 10, 0, args[0]) <= 0) {
SCLogError(SC_EINVAL, "Malformed number of bytes: %s", str_ptr); SCLogError("Malformed number of bytes: %s", str_ptr);
goto error; goto error;
} }
@ -361,7 +359,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
} else if (strcmp("<=", op_ptr) == 0) { } else if (strcmp("<=", op_ptr) == 0) {
data->op |= DETECT_BYTETEST_OP_LE; data->op |= DETECT_BYTETEST_OP_LE;
} else { } else {
SCLogError(SC_ERR_INVALID_OPERATOR, "Invalid operator"); SCLogError("Invalid operator");
goto error; goto error;
} }
} }
@ -378,7 +376,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
if (test_value[0] != '-' && isalpha((unsigned char)test_value[0])) { if (test_value[0] != '-' && isalpha((unsigned char)test_value[0])) {
if (value == NULL) { if (value == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "byte_test supplied with " SCLogError("byte_test supplied with "
"var name for value. \"value\" argument supplied to " "var name for value. \"value\" argument supplied to "
"this function has to be non-NULL"); "this function has to be non-NULL");
goto error; goto error;
@ -388,7 +386,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
goto error; goto error;
} else { } else {
if (ByteExtractStringUint64(&data->value, 0, 0, test_value) <= 0) { if (ByteExtractStringUint64(&data->value, 0, 0, test_value) <= 0) {
SCLogError(SC_EINVAL, "Malformed value: %s", test_value); SCLogError("Malformed value: %s", test_value);
goto error; goto error;
} }
} }
@ -407,7 +405,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
data_offset[end_ptr-str_ptr] = '\0'; data_offset[end_ptr-str_ptr] = '\0';
if (data_offset[0] != '-' && isalpha((unsigned char)data_offset[0])) { if (data_offset[0] != '-' && isalpha((unsigned char)data_offset[0])) {
if (data_offset == NULL) { if (data_offset == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "byte_test supplied with " SCLogError("byte_test supplied with "
"var name for offset. \"offset\" argument supplied to " "var name for offset. \"offset\" argument supplied to "
"this function has to be non-NULL"); "this function has to be non-NULL");
goto error; goto error;
@ -417,7 +415,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
goto error; goto error;
} else { } else {
if (StringParseInt32(&data->offset, 0, 0, data_offset) <= 0) { if (StringParseInt32(&data->offset, 0, 0, data_offset) <= 0) {
SCLogError(SC_EINVAL, "Malformed offset: %s", data_offset); SCLogError("Malformed offset: %s", data_offset);
goto error; goto error;
} }
} }
@ -451,8 +449,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
data->flags |= DETECT_BYTETEST_BITMASK; data->flags |= DETECT_BYTETEST_BITMASK;
bitmask_index = i; bitmask_index = i;
} else { } else {
SCLogError(SC_ERR_UNKNOWN_VALUE, "Unknown value: \"%s\"", SCLogError("Unknown value: \"%s\"", args[i]);
args[i]);
goto error; goto error;
} }
} }
@ -467,16 +464,16 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
* "01777777777777777777777" = 0xffffffffffffffff * "01777777777777777777777" = 0xffffffffffffffff
*/ */
if (nbytes > 23) { if (nbytes > 23) {
SCLogError(SC_EINVAL, "Cannot test more than 23 bytes with \"string\": %s", optstr); SCLogError("Cannot test more than 23 bytes with \"string\": %s", optstr);
goto error; goto error;
} }
} else { } else {
if (nbytes > 8) { if (nbytes > 8) {
SCLogError(SC_EINVAL, "Cannot test more than 8 bytes without \"string\": %s", optstr); SCLogError("Cannot test more than 8 bytes without \"string\": %s", optstr);
goto error; goto error;
} }
if (data->base != DETECT_BYTETEST_BASE_UNSET) { if (data->base != DETECT_BYTETEST_BASE_UNSET) {
SCLogError(SC_EINVAL, "Cannot use a base without \"string\": %s", optstr); SCLogError("Cannot use a base without \"string\": %s", optstr);
goto error; goto error;
} }
} }
@ -486,8 +483,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
if (bitmask_index != -1 && data->flags & DETECT_BYTETEST_BITMASK) { if (bitmask_index != -1 && data->flags & DETECT_BYTETEST_BITMASK) {
if (ByteExtractStringUint32(&data->bitmask, 0, 0, args[bitmask_index]+strlen("bitmask")) <= 0) { if (ByteExtractStringUint32(&data->bitmask, 0, 0, args[bitmask_index]+strlen("bitmask")) <= 0) {
SCLogError(SC_EINVAL, "Malformed bitmask value: %s", SCLogError("Malformed bitmask value: %s", args[bitmask_index] + strlen("bitmask"));
args[bitmask_index] + strlen("bitmask"));
goto error; goto error;
} }
/* determine how many trailing 0's are in the bitmask. This will be used /* determine how many trailing 0's are in the bitmask. This will be used
@ -591,7 +587,7 @@ static int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, const char
(data->base == DETECT_BYTETEST_BASE_DEC) || (data->base == DETECT_BYTETEST_BASE_DEC) ||
(data->base == DETECT_BYTETEST_BASE_HEX) || (data->base == DETECT_BYTETEST_BASE_HEX) ||
(data->base == DETECT_BYTETEST_BASE_OCT) ) { (data->base == DETECT_BYTETEST_BASE_OCT) ) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Invalid option. " SCLogError("Invalid option. "
"A byte_test keyword with dce holds other invalid modifiers."); "A byte_test keyword with dce holds other invalid modifiers.");
goto error; goto error;
} }
@ -600,8 +596,9 @@ static int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, const char
if (value != NULL) { if (value != NULL) {
DetectByteIndexType index; DetectByteIndexType index;
if (!DetectByteRetrieveSMVar(value, s, &index)) { if (!DetectByteRetrieveSMVar(value, s, &index)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var " SCLogError("Unknown byte_extract var "
"seen in byte_test - %s\n", value); "seen in byte_test - %s\n",
value);
goto error; goto error;
} }
data->value = index; data->value = index;
@ -613,8 +610,9 @@ static int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, const char
if (offset != NULL) { if (offset != NULL) {
DetectByteIndexType index; DetectByteIndexType index;
if (!DetectByteRetrieveSMVar(offset, s, &index)) { if (!DetectByteRetrieveSMVar(offset, s, &index)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var " SCLogError("Unknown byte_extract var "
"seen in byte_test - %s\n", offset); "seen in byte_test - %s\n",
offset);
goto error; goto error;
} }
data->offset = index; data->offset = index;

21
src/detect-cipservice.c
Unescape Escape View File

@ -114,7 +114,7 @@ static DetectCipServiceData *DetectCipServiceParse(const char *rulestrc)
{ {
if (i > 2) //for now only need 3 parameters if (i > 2) //for now only need 3 parameters
{ {
SCLogError(SC_ERR_INVALID_SIGNATURE, "too many parameters"); SCLogError("too many parameters");
goto error; goto error;
} }
@ -122,7 +122,7 @@ static DetectCipServiceData *DetectCipServiceParse(const char *rulestrc)
{ {
if (!isdigit((int) *token)) if (!isdigit((int) *token))
{ {
SCLogError(SC_ERR_INVALID_SIGNATURE, "parameter error %s", token); SCLogError("parameter error %s", token);
goto error; goto error;
} }
} else //if on attribute } else //if on attribute
@ -136,7 +136,7 @@ static DetectCipServiceData *DetectCipServiceParse(const char *rulestrc)
if (!isdigit((int) *token)) if (!isdigit((int) *token))
{ {
SCLogError(SC_ERR_INVALID_SIGNATURE, "attribute error %s", token); SCLogError("attribute error %s", token);
goto error; goto error;
} }
@ -145,15 +145,15 @@ static DetectCipServiceData *DetectCipServiceParse(const char *rulestrc)
unsigned long num = atol(token); unsigned long num = atol(token);
if ((num > MAX_CIP_SERVICE) && (i == 0))//if service greater than 7 bit if ((num > MAX_CIP_SERVICE) && (i == 0))//if service greater than 7 bit
{ {
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid CIP service %lu", num); SCLogError("invalid CIP service %lu", num);
goto error; goto error;
} else if ((num > MAX_CIP_CLASS) && (i == 1))//if service greater than 16 bit } else if ((num > MAX_CIP_CLASS) && (i == 1))//if service greater than 16 bit
{ {
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid CIP class %lu", num); SCLogError("invalid CIP class %lu", num);
goto error; goto error;
} else if ((num > MAX_CIP_ATTRIBUTE) && (i == 2))//if service greater than 16 bit } else if ((num > MAX_CIP_ATTRIBUTE) && (i == 2))//if service greater than 16 bit
{ {
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid CIP attribute %lu", num); SCLogError("invalid CIP attribute %lu", num);
goto error; goto error;
} }
@ -164,7 +164,7 @@ static DetectCipServiceData *DetectCipServiceParse(const char *rulestrc)
} }
if (i == 0) { if (i == 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "no tokens found"); SCLogError("no tokens found");
goto error; goto error;
} }
@ -342,14 +342,15 @@ static DetectEnipCommandData *DetectEnipCommandParse(const char *rulestr)
goto error; goto error;
if (!(isdigit((int) *rulestr))) { if (!(isdigit((int) *rulestr))) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid ENIP command %s", rulestr); SCLogError("invalid ENIP command %s", rulestr);
goto error; goto error;
} }
uint16_t cmd; uint16_t cmd;
if (StringParseUint16(&cmd, 10, 0, rulestr) < 0) { if (StringParseUint16(&cmd, 10, 0, rulestr) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid ENIP command" SCLogError("invalid ENIP command"
": \"%s\"", rulestr); ": \"%s\"",
rulestr);
goto error; goto error;
} }

44
src/detect-classtype.c
Unescape Escape View File

@ -76,20 +76,19 @@ static int DetectClasstypeParseRawString(const char *rawstr, char *out, size_t o
int ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); int ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 0) { if (ret < 0) {
SCLogError(SC_ERR_PCRE_MATCH, "Invalid Classtype in Signature"); SCLogError("Invalid Classtype in Signature");
return -1; return -1;
} }
pcre2len = esize; pcre2len = esize;
ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)e, &pcre2len); ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)e, &pcre2len);
if (ret < 0) { if (ret < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
return -1; return -1;
} }
if (strlen(e) >= CLASSTYPE_NAME_MAX_LEN) { if (strlen(e) >= CLASSTYPE_NAME_MAX_LEN) {
SCLogError( SCLogError("classtype '%s' is too big: max %d", rawstr, CLASSTYPE_NAME_MAX_LEN - 1);
SC_EINVAL, "classtype '%s' is too big: max %d", rawstr, CLASSTYPE_NAME_MAX_LEN - 1);
return -1; return -1;
} }
(void)strlcpy(out, e, outsize); (void)strlcpy(out, e, outsize);
@ -114,18 +113,19 @@ static int DetectClasstypeSetup(DetectEngineCtx *de_ctx, Signature *s, const cha
if ((s->class_id > 0) || (s->class_msg != NULL)) { if ((s->class_id > 0) || (s->class_msg != NULL)) {
if (SigMatchStrictEnabled(DETECT_CLASSTYPE)) { if (SigMatchStrictEnabled(DETECT_CLASSTYPE)) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "duplicated 'classtype' " SCLogError("duplicated 'classtype' "
"keyword detected."); "keyword detected.");
return -1; return -1;
} else { } else {
SCLogWarning(SC_ERR_CONFLICTING_RULE_KEYWORDS, "duplicated 'classtype' " SCLogWarning("duplicated 'classtype' "
"keyword detected. Using instance with highest priority"); "keyword detected. Using instance with highest priority");
} }
} }
if (DetectClasstypeParseRawString(rawstr, parsed_ct_name, sizeof(parsed_ct_name)) < 0) { if (DetectClasstypeParseRawString(rawstr, parsed_ct_name, sizeof(parsed_ct_name)) < 0) {
SCLogError(SC_ERR_PCRE_PARSE, "invalid value for classtype keyword: " SCLogError("invalid value for classtype keyword: "
"\"%s\"", rawstr); "\"%s\"",
rawstr);
return -1; return -1;
} }
@ -133,26 +133,24 @@ static int DetectClasstypeSetup(DetectEngineCtx *de_ctx, Signature *s, const cha
SCClassConfClasstype *ct = SCClassConfGetClasstype(parsed_ct_name, de_ctx); SCClassConfClasstype *ct = SCClassConfGetClasstype(parsed_ct_name, de_ctx);
if (ct == NULL) { if (ct == NULL) {
if (SigMatchStrictEnabled(DETECT_CLASSTYPE)) { if (SigMatchStrictEnabled(DETECT_CLASSTYPE)) {
SCLogError(SC_ERR_UNKNOWN_VALUE, "unknown classtype '%s'", SCLogError("unknown classtype '%s'", parsed_ct_name);
parsed_ct_name);
return -1; return -1;
} }
if (s->id > 0) { if (s->id > 0) {
SCLogWarning(SC_ERR_UNKNOWN_VALUE, "signature sid:%u uses " SCLogWarning("signature sid:%u uses "
"unknown classtype: \"%s\", using default priority %d. " "unknown classtype: \"%s\", using default priority %d. "
"This message won't be shown again for this classtype", "This message won't be shown again for this classtype",
s->id, parsed_ct_name, DETECT_DEFAULT_PRIO); s->id, parsed_ct_name, DETECT_DEFAULT_PRIO);
} else if (de_ctx->rule_file != NULL) { } else if (de_ctx->rule_file != NULL) {
SCLogWarning(SC_ERR_UNKNOWN_VALUE, "signature at %s:%u uses " SCLogWarning("signature at %s:%u uses "
"unknown classtype: \"%s\", using default priority %d. " "unknown classtype: \"%s\", using default priority %d. "
"This message won't be shown again for this classtype", "This message won't be shown again for this classtype",
de_ctx->rule_file, de_ctx->rule_line, de_ctx->rule_file, de_ctx->rule_line, parsed_ct_name, DETECT_DEFAULT_PRIO);
parsed_ct_name, DETECT_DEFAULT_PRIO);
} else { } else {
SCLogWarning(SC_ERR_UNKNOWN_VALUE, "unknown classtype: \"%s\", " SCLogWarning("unknown classtype: \"%s\", "
"using default priority %d. " "using default priority %d. "
"This message won't be shown again for this classtype", "This message won't be shown again for this classtype",
parsed_ct_name, DETECT_DEFAULT_PRIO); parsed_ct_name, DETECT_DEFAULT_PRIO);
} }

30
src/detect-config.c
Unescape Escape View File

@ -174,7 +174,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
#if 0 #if 0
/* filestore and bypass keywords can't work together */ /* filestore and bypass keywords can't work together */
if (s->flags & SIG_FLAG_BYPASS) { if (s->flags & SIG_FLAG_BYPASS) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, SCLogError(
"filestore can't work with bypass keyword"); "filestore can't work with bypass keyword");
return -1; return -1;
} }
@ -185,7 +185,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
sm->type = DETECT_CONFIG; sm->type = DETECT_CONFIG;
if (str == NULL || strlen(str) == 0) { if (str == NULL || strlen(str) == 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "config keywords need arguments"); SCLogError("config keywords need arguments");
goto error; goto error;
} }
char subsys[32]; char subsys[32];
@ -198,18 +198,18 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
ret = DetectParsePcreExec(&parse_regex, str, 0, 0); ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (ret != 7) { if (ret != 7) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "config is rather picky at this time"); SCLogError("config is rather picky at this time");
goto error; goto error;
} }
pcre2len = sizeof(subsys); pcre2len = sizeof(subsys);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)subsys, &pcre2len); res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)subsys, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
if (strcmp(subsys, "logging") != 0) { if (strcmp(subsys, "logging") != 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "only 'logging' supported at this time"); SCLogError("only 'logging' supported at this time");
goto error; goto error;
} }
SCLogDebug("subsys %s", subsys); SCLogDebug("subsys %s", subsys);
@ -217,12 +217,12 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
pcre2len = sizeof(state); pcre2len = sizeof(state);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)state, &pcre2len); res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)state, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
if (strcmp(state, "disable") != 0) { if (strcmp(state, "disable") != 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "only 'disable' supported at this time"); SCLogError("only 'disable' supported at this time");
goto error; goto error;
} }
SCLogDebug("state %s", state); SCLogDebug("state %s", state);
@ -230,12 +230,12 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
pcre2len = sizeof(type); pcre2len = sizeof(type);
res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)type, &pcre2len); res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)type, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
if (strcmp(type, "type") != 0) { if (strcmp(type, "type") != 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "only 'type' supported at this time"); SCLogError("only 'type' supported at this time");
goto error; goto error;
} }
SCLogDebug("type %s", type); SCLogDebug("type %s", type);
@ -243,12 +243,12 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
pcre2len = sizeof(typeval); pcre2len = sizeof(typeval);
res = pcre2_substring_copy_bynumber(parse_regex.match, 4, (PCRE2_UCHAR8 *)typeval, &pcre2len); res = pcre2_substring_copy_bynumber(parse_regex.match, 4, (PCRE2_UCHAR8 *)typeval, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
if (!(strcmp(typeval, "tx") == 0 ||strcmp(typeval, "flow") == 0)) { if (!(strcmp(typeval, "tx") == 0 ||strcmp(typeval, "flow") == 0)) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "only 'tx' and 'flow' supported at this time"); SCLogError("only 'tx' and 'flow' supported at this time");
goto error; goto error;
} }
SCLogDebug("typeval %s", typeval); SCLogDebug("typeval %s", typeval);
@ -256,12 +256,12 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
pcre2len = sizeof(scope); pcre2len = sizeof(scope);
res = pcre2_substring_copy_bynumber(parse_regex.match, 5, (PCRE2_UCHAR8 *)scope, &pcre2len); res = pcre2_substring_copy_bynumber(parse_regex.match, 5, (PCRE2_UCHAR8 *)scope, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
if (strcmp(scope, "scope") != 0) { if (strcmp(scope, "scope") != 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "only 'scope' supported at this time"); SCLogError("only 'scope' supported at this time");
goto error; goto error;
} }
SCLogDebug("scope %s", scope); SCLogDebug("scope %s", scope);
@ -269,12 +269,12 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
pcre2len = sizeof(scopeval); pcre2len = sizeof(scopeval);
res = pcre2_substring_copy_bynumber(parse_regex.match, 6, (PCRE2_UCHAR8 *)scopeval, &pcre2len); res = pcre2_substring_copy_bynumber(parse_regex.match, 6, (PCRE2_UCHAR8 *)scopeval, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
if (!(strcmp(scopeval, "tx") == 0 ||strcmp(scopeval, "flow") == 0)) { if (!(strcmp(scopeval, "tx") == 0 ||strcmp(scopeval, "flow") == 0)) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "only 'tx' and 'flow' supported at this time"); SCLogError("only 'tx' and 'flow' supported at this time");
goto error; goto error;
} }
SCLogDebug("scopeval %s", scopeval); SCLogDebug("scopeval %s", scopeval);

24
src/detect-content.c
Unescape Escape View File

@ -113,8 +113,7 @@ int DetectContentDataParse(const char *keyword, const char *contentstr,
bin_count++; bin_count++;
if (bin) { if (bin) {
if (binpos > 0) { if (binpos > 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("Incomplete hex code in content - %s. Invalidating signature.",
"Incomplete hex code in content - %s. Invalidating signature.",
contentstr); contentstr);
goto error; goto error;
} }
@ -150,8 +149,9 @@ int DetectContentDataParse(const char *keyword, const char *contentstr,
// SCLogDebug("space as part of binary string"); // SCLogDebug("space as part of binary string");
} }
else if (str[i] != ',') { else if (str[i] != ',') {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code in " SCLogError("Invalid hex code in "
"content - %s, hex %c. Invalidating signature.", str, str[i]); "content - %s, hex %c. Invalidating signature.",
str, str[i]);
goto error; goto error;
} }
} else if (escape) { } else if (escape) {
@ -163,13 +163,13 @@ int DetectContentDataParse(const char *keyword, const char *contentstr,
str[x] = str[i]; str[x] = str[i];
x++; x++;
} else { } else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "'%c' has to be escaped", str[i-1]); SCLogError("'%c' has to be escaped", str[i - 1]);
goto error; goto error;
} }
escape = 0; escape = 0;
converted = 1; converted = 1;
} else if (str[i] == '"') { } else if (str[i] == '"') {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid unescaped double quote within content section."); SCLogError("Invalid unescaped double quote within content section.");
goto error; goto error;
} else { } else {
str[x] = str[i]; str[x] = str[i];
@ -179,8 +179,9 @@ int DetectContentDataParse(const char *keyword, const char *contentstr,
} }
if (bin_count % 2 != 0) { if (bin_count % 2 != 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code assembly in " SCLogError("Invalid hex code assembly in "
"%s - %s. Invalidating signature.", keyword, contentstr); "%s - %s. Invalidating signature.",
keyword, contentstr);
goto error; goto error;
} }
@ -350,9 +351,7 @@ int DetectContentSetup(DetectEngineCtx *de_ctx, Signature *s, const char *conten
const char *tstr; const char *tstr;
if (!DetectEngineBufferTypeValidateTransform( if (!DetectEngineBufferTypeValidateTransform(
de_ctx, sm_list, cd->content, cd->content_len, &tstr)) { de_ctx, sm_list, cd->content, cd->content_len, &tstr)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("content string \"%s\" incompatible with %s transform", contentstr, tstr);
"content string \"%s\" incompatible with %s transform",
contentstr, tstr);
goto error; goto error;
} }
} }
@ -480,8 +479,7 @@ bool DetectContentPMATCHValidateCallback(const Signature *s)
if (min_dsize_required >= 0) { if (min_dsize_required >= 0) {
SCLogDebug("min_dsize %d; max_right_edge %d", min_dsize_required, max_right_edge); SCLogDebug("min_dsize %d; max_right_edge %d", min_dsize_required, max_right_edge);
if ((uint32_t)min_dsize_required > max_right_edge) { if ((uint32_t)min_dsize_required > max_right_edge) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("signature can't match as required content length %d exceeds dsize value %d",
"signature can't match as required content length %d exceeds dsize value %d",
min_dsize_required, max_right_edge); min_dsize_required, max_right_edge);
return false; return false;
} }

31
src/detect-datarep.c
Unescape Escape View File

@ -176,18 +176,16 @@ static int DetectDatarepParse(const char *str, char *cmd, int cmd_len, char *nam
} }
if (strcmp(key, "memcap") == 0) { if (strcmp(key, "memcap") == 0) {
if (ParseSizeStringU64(val, memcap) < 0) { if (ParseSizeStringU64(val, memcap) < 0) {
SCLogWarning(SC_EINVAL, SCLogWarning("invalid value for memcap: %s,"
"invalid value for memcap: %s," " resetting to default",
" resetting to default",
val); val);
*memcap = 0; *memcap = 0;
} }
} }
if (strcmp(key, "hashsize") == 0) { if (strcmp(key, "hashsize") == 0) {
if (ParseSizeStringU32(val, hashsize) < 0) { if (ParseSizeStringU32(val, hashsize) < 0) {
SCLogWarning(SC_EINVAL, SCLogWarning("invalid value for hashsize: %s,"
"invalid value for hashsize: %s," " resetting to default",
" resetting to default",
val); val);
*hashsize = 0; *hashsize = 0;
} }
@ -201,14 +199,12 @@ static int DetectDatarepParse(const char *str, char *cmd, int cmd_len, char *nam
} }
if (strlen(load) > 0 && *type == DATASET_TYPE_NOTSET) { if (strlen(load) > 0 && *type == DATASET_TYPE_NOTSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("if load is used type must be set as well");
"if load is used type must be set as well");
return 0; return 0;
} }
if (!name_set || !cmd_set || !value_set) { if (!name_set || !cmd_set || !value_set) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("missing values");
"missing values");
return 0; return 0;
} }
@ -220,8 +216,7 @@ static int DetectDatarepParse(const char *str, char *cmd, int cmd_len, char *nam
/* Validate name, spaces are not allowed. */ /* Validate name, spaces are not allowed. */
for (size_t i = 0; i < strlen(name); i++) { for (size_t i = 0; i < strlen(name); i++) {
if (isblank(name[i])) { if (isblank(name[i])) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("spaces not allowed in dataset names");
"spaces not allowed in dataset names");
return 0; return 0;
} }
} }
@ -306,15 +301,13 @@ static int DetectDatarepSetup (DetectEngineCtx *de_ctx, Signature *s, const char
uint32_t hashsize = 0; uint32_t hashsize = 0;
if (DetectBufferGetActiveList(de_ctx, s) == -1) { if (DetectBufferGetActiveList(de_ctx, s) == -1) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("datarep is only supported for sticky buffers");
"datarep is only supported for sticky buffers");
SCReturnInt(-1); SCReturnInt(-1);
} }
int list = s->init_data->list; int list = s->init_data->list;
if (list == DETECT_SM_LIST_NOTSET) { if (list == DETECT_SM_LIST_NOTSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("datarep is only supported for sticky buffers");
"datarep is only supported for sticky buffers");
SCReturnInt(-1); SCReturnInt(-1);
} }
@ -336,15 +329,13 @@ static int DetectDatarepSetup (DetectEngineCtx *de_ctx, Signature *s, const char
} else if (strcmp(cmd_str,"==") == 0) { } else if (strcmp(cmd_str,"==") == 0) {
op = DATAREP_OP_EQ; op = DATAREP_OP_EQ;
} else { } else {
SCLogError(SC_ERR_UNKNOWN_VALUE, SCLogError("datarep operation \"%s\" is not supported.", cmd_str);
"datarep operation \"%s\" is not supported.", cmd_str);
return -1; return -1;
} }
Dataset *set = DatasetGet(name, type, /* no save */ NULL, load, memcap, hashsize); Dataset *set = DatasetGet(name, type, /* no save */ NULL, load, memcap, hashsize);
if (set == NULL) { if (set == NULL) {
SCLogError(SC_ERR_UNKNOWN_VALUE, SCLogError("failed to set up datarep set '%s'.", name);
"failed to set up datarep set '%s'.", name);
return -1; return -1;
} }

41
src/detect-dataset.c
Unescape Escape View File

@ -163,14 +163,13 @@ static int DetectDatasetParse(const char *str, char *cmd, int cmd_len, char *nam
} else if (strcmp(val, "ip") == 0) { } else if (strcmp(val, "ip") == 0) {
*type = DATASET_TYPE_IPV6; *type = DATASET_TYPE_IPV6;
} else { } else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "bad type %s", val); SCLogError("bad type %s", val);
return -1; return -1;
} }
} else if (strcmp(key, "save") == 0) { } else if (strcmp(key, "save") == 0) {
if (save_set) { if (save_set) {
SCLogWarning(SC_ERR_INVALID_SIGNATURE, SCLogWarning("'save' can only appear once");
"'save' can only appear once");
return -1; return -1;
} }
SCLogDebug("save %s", val); SCLogDebug("save %s", val);
@ -178,8 +177,7 @@ static int DetectDatasetParse(const char *str, char *cmd, int cmd_len, char *nam
save_set = true; save_set = true;
} else if (strcmp(key, "load") == 0) { } else if (strcmp(key, "load") == 0) {
if (load_set) { if (load_set) {
SCLogWarning(SC_ERR_INVALID_SIGNATURE, SCLogWarning("'load' can only appear once");
"'load' can only appear once");
return -1; return -1;
} }
SCLogDebug("load %s", val); SCLogDebug("load %s", val);
@ -187,8 +185,7 @@ static int DetectDatasetParse(const char *str, char *cmd, int cmd_len, char *nam
load_set = true; load_set = true;
} else if (strcmp(key, "state") == 0) { } else if (strcmp(key, "state") == 0) {
if (state_set) { if (state_set) {
SCLogWarning(SC_ERR_INVALID_SIGNATURE, SCLogWarning("'state' can only appear once");
"'state' can only appear once");
return -1; return -1;
} }
SCLogDebug("state %s", val); SCLogDebug("state %s", val);
@ -198,18 +195,16 @@ static int DetectDatasetParse(const char *str, char *cmd, int cmd_len, char *nam
} }
if (strcmp(key, "memcap") == 0) { if (strcmp(key, "memcap") == 0) {
if (ParseSizeStringU64(val, memcap) < 0) { if (ParseSizeStringU64(val, memcap) < 0) {
SCLogWarning(SC_EINVAL, SCLogWarning("invalid value for memcap: %s,"
"invalid value for memcap: %s," " resetting to default",
" resetting to default",
val); val);
*memcap = 0; *memcap = 0;
} }
} }
if (strcmp(key, "hashsize") == 0) { if (strcmp(key, "hashsize") == 0) {
if (ParseSizeStringU32(val, hashsize) < 0) { if (ParseSizeStringU32(val, hashsize) < 0) {
SCLogWarning(SC_EINVAL, SCLogWarning("invalid value for hashsize: %s,"
"invalid value for hashsize: %s," " resetting to default",
" resetting to default",
val); val);
*hashsize = 0; *hashsize = 0;
} }
@ -223,8 +218,7 @@ static int DetectDatasetParse(const char *str, char *cmd, int cmd_len, char *nam
} }
if ((load_set || save_set) && state_set) { if ((load_set || save_set) && state_set) {
SCLogWarning(SC_ERR_INVALID_SIGNATURE, SCLogWarning("'state' can not be mixed with 'load' and 'save'");
"'state' can not be mixed with 'load' and 'save'");
return -1; return -1;
} }
@ -236,8 +230,7 @@ static int DetectDatasetParse(const char *str, char *cmd, int cmd_len, char *nam
/* Validate name, spaces are not allowed. */ /* Validate name, spaces are not allowed. */
for (size_t i = 0; i < strlen(name); i++) { for (size_t i = 0; i < strlen(name); i++) {
if (isblank(name[i])) { if (isblank(name[i])) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("spaces not allowed in dataset names");
"spaces not allowed in dataset names");
return 0; return 0;
} }
} }
@ -341,15 +334,13 @@ int DetectDatasetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
char save[PATH_MAX] = ""; char save[PATH_MAX] = "";
if (DetectBufferGetActiveList(de_ctx, s) == -1) { if (DetectBufferGetActiveList(de_ctx, s) == -1) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("datasets are only supported for sticky buffers");
"datasets are only supported for sticky buffers");
SCReturnInt(-1); SCReturnInt(-1);
} }
int list = s->init_data->list; int list = s->init_data->list;
if (list == DETECT_SM_LIST_NOTSET) { if (list == DETECT_SM_LIST_NOTSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("datasets are only supported for sticky buffers");
"datasets are only supported for sticky buffers");
SCReturnInt(-1); SCReturnInt(-1);
} }
@ -367,8 +358,7 @@ int DetectDatasetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
} else if (strcmp(cmd_str,"unset") == 0) { } else if (strcmp(cmd_str,"unset") == 0) {
cmd = DETECT_DATASET_CMD_UNSET; cmd = DETECT_DATASET_CMD_UNSET;
} else { } else {
SCLogError(SC_ERR_UNKNOWN_VALUE, SCLogError("dataset action \"%s\" is not supported.", cmd_str);
"dataset action \"%s\" is not supported.", cmd_str);
return -1; return -1;
} }
@ -394,12 +384,11 @@ int DetectDatasetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
SCLogDebug("name '%s' load '%s' save '%s'", name, load, save); SCLogDebug("name '%s' load '%s' save '%s'", name, load, save);
Dataset *set = DatasetGet(name, type, save, load, memcap, hashsize); Dataset *set = DatasetGet(name, type, save, load, memcap, hashsize);
if (set == NULL) { if (set == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("failed to set up dataset '%s'.", name);
"failed to set up dataset '%s'.", name);
return -1; return -1;
} }
if (set->hash && SC_ATOMIC_GET(set->hash->memcap_reached)) { if (set->hash && SC_ATOMIC_GET(set->hash->memcap_reached)) {
SCLogError(SC_ERR_THASH_INIT, "dataset too large for set memcap"); SCLogError("dataset too large for set memcap");
return -1; return -1;
} }

2
src/detect-dce-iface.c
Unescape Escape View File

@ -149,7 +149,7 @@ static int DetectDceIfaceSetup(DetectEngineCtx *de_ctx, Signature *s, const char
void *did = rs_dcerpc_iface_parse(arg); void *did = rs_dcerpc_iface_parse(arg);
if (did == NULL) { if (did == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Error parsing dce_iface option in " SCLogError("Error parsing dce_iface option in "
"signature"); "signature");
return -1; return -1;
} }

4
src/detect-dce-opnum.c
Unescape Escape View File

@ -127,7 +127,7 @@ static int DetectDceOpnumMatchRust(DetectEngineThreadCtx *det_ctx,
static int DetectDceOpnumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg) static int DetectDceOpnumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
{ {
if (arg == NULL) { if (arg == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Error parsing dce_opnum option in " SCLogError("Error parsing dce_opnum option in "
"signature, option needs a value"); "signature, option needs a value");
return -1; return -1;
} }
@ -137,7 +137,7 @@ static int DetectDceOpnumSetup(DetectEngineCtx *de_ctx, Signature *s, const char
void *dod = rs_dcerpc_opnum_parse(arg); void *dod = rs_dcerpc_opnum_parse(arg);
if (dod == NULL) { if (dod == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Error parsing dce_opnum option in " SCLogError("Error parsing dce_opnum option in "
"signature"); "signature");
return -1; return -1;
} }

39
src/detect-depth.c
Unescape Escape View File

@ -70,7 +70,7 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
/* retrive the sm to apply the depth against */ /* retrive the sm to apply the depth against */
pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1); pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
if (pm == NULL) { if (pm == NULL) {
SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "depth needs " SCLogError("depth needs "
"preceding content, uricontent option, http_client_body, " "preceding content, uricontent option, http_client_body, "
"http_server_body, http_header option, http_raw_header option, " "http_server_body, http_header option, http_raw_header option, "
"http_method option, http_cookie, http_raw_uri, " "http_method option, http_cookie, http_raw_uri, "
@ -84,31 +84,32 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
DetectContentData *cd = (DetectContentData *)pm->ctx; DetectContentData *cd = (DetectContentData *)pm->ctx;
if (cd->flags & DETECT_CONTENT_DEPTH) { if (cd->flags & DETECT_CONTENT_DEPTH) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple depths for the same content."); SCLogError("can't use multiple depths for the same content.");
goto end; goto end;
} }
if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative " SCLogError("can't use a relative "
"keyword like within/distance with a absolute " "keyword like within/distance with a absolute "
"relative keyword like depth/offset for the same " "relative keyword like depth/offset for the same "
"content." ); "content.");
goto end; goto end;
} }
if (cd->flags & DETECT_CONTENT_NEGATED && cd->flags & DETECT_CONTENT_FAST_PATTERN) { if (cd->flags & DETECT_CONTENT_NEGATED && cd->flags & DETECT_CONTENT_FAST_PATTERN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative " SCLogError("can't have a relative "
"negated keyword set along with 'fast_pattern'."); "negated keyword set along with 'fast_pattern'.");
goto end; goto end;
} }
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) { if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative " SCLogError("can't have a relative "
"keyword set along with 'fast_pattern:only;'."); "keyword set along with 'fast_pattern:only;'.");
goto end; goto end;
} }
if (str[0] != '-' && isalpha((unsigned char)str[0])) { if (str[0] != '-' && isalpha((unsigned char)str[0])) {
DetectByteIndexType index; DetectByteIndexType index;
if (!DetectByteRetrieveSMVar(str, s, &index)) { if (!DetectByteRetrieveSMVar(str, s, &index)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_ keyword var " SCLogError("unknown byte_ keyword var "
"seen in depth - %s.", str); "seen in depth - %s.",
str);
goto end; goto end;
} }
cd->depth = index; cd->depth = index;
@ -116,14 +117,14 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
} else { } else {
if (StringParseUint16(&cd->depth, 0, 0, str) < 0) if (StringParseUint16(&cd->depth, 0, 0, str) < 0)
{ {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("invalid value for depth: %s.", str);
"invalid value for depth: %s.", str);
goto end; goto end;
} }
if (cd->depth < cd->content_len) { if (cd->depth < cd->content_len) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "depth:%u smaller than " SCLogError("depth:%u smaller than "
"content of len %u.", cd->depth, cd->content_len); "content of len %u.",
cd->depth, cd->content_len);
return -1; return -1;
} }
/* Now update the real limit, as depth is relative to the offset */ /* Now update the real limit, as depth is relative to the offset */
@ -144,7 +145,7 @@ static int DetectStartsWithSetup (DetectEngineCtx *de_ctx, Signature *s, const c
/* retrieve the sm to apply the depth against */ /* retrieve the sm to apply the depth against */
pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1); pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
if (pm == NULL) { if (pm == NULL) {
SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "startswith needs a " SCLogError("startswith needs a "
"preceding content option."); "preceding content option.");
goto end; goto end;
} }
@ -153,29 +154,29 @@ static int DetectStartsWithSetup (DetectEngineCtx *de_ctx, Signature *s, const c
DetectContentData *cd = (DetectContentData *)pm->ctx; DetectContentData *cd = (DetectContentData *)pm->ctx;
if (cd->flags & DETECT_CONTENT_DEPTH) { if (cd->flags & DETECT_CONTENT_DEPTH) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple " SCLogError("can't use multiple "
"depth/startswith settings for the same content."); "depth/startswith settings for the same content.");
goto end; goto end;
} }
if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative " SCLogError("can't use a relative "
"keyword like within/distance with a absolute " "keyword like within/distance with a absolute "
"relative keyword like depth/offset for the same " "relative keyword like depth/offset for the same "
"content."); "content.");
goto end; goto end;
} }
if (cd->flags & DETECT_CONTENT_NEGATED && cd->flags & DETECT_CONTENT_FAST_PATTERN) { if (cd->flags & DETECT_CONTENT_NEGATED && cd->flags & DETECT_CONTENT_FAST_PATTERN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative " SCLogError("can't have a relative "
"negated keyword set along with a 'fast_pattern'."); "negated keyword set along with a 'fast_pattern'.");
goto end; goto end;
} }
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) { if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative " SCLogError("can't have a relative "
"keyword set along with 'fast_pattern:only;'."); "keyword set along with 'fast_pattern:only;'.");
goto end; goto end;
} }
if (cd->flags & DETECT_CONTENT_OFFSET) { if (cd->flags & DETECT_CONTENT_OFFSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't mix offset " SCLogError("can't mix offset "
"with startswith."); "with startswith.");
goto end; goto end;
} }

15
src/detect-detection-filter.c
Unescape Escape View File

@ -134,8 +134,7 @@ static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr)
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 5) { if (ret < 5) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
rawstr);
goto error; goto error;
} }
@ -151,7 +150,7 @@ static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr)
res = pcre2_substring_get_bynumber( res = pcre2_substring_get_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); SCLogError("pcre2_substring_get_bynumber failed");
goto error; goto error;
} }
@ -180,7 +179,7 @@ static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr)
} }
if (df->count == 0 || df->seconds == 0) { if (df->count == 0 || df->seconds == 0) {
SCLogError(SC_EINVAL, "found an invalid value"); SCLogError("found an invalid value");
goto error; goto error;
} }
@ -222,15 +221,13 @@ static int DetectDetectionFilterSetup(DetectEngineCtx *de_ctx, Signature *s, con
/* checks if there's a previous instance of threshold */ /* checks if there's a previous instance of threshold */
tmpm = DetectGetLastSMFromLists(s, DETECT_THRESHOLD, -1); tmpm = DetectGetLastSMFromLists(s, DETECT_THRESHOLD, -1);
if (tmpm != NULL) { if (tmpm != NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("\"detection_filter\" and \"threshold\" are not allowed in the same rule");
"\"detection_filter\" and \"threshold\" are not allowed in the same rule");
SCReturnInt(-1); SCReturnInt(-1);
} }
/* checks there's no previous instance of detection_filter */ /* checks there's no previous instance of detection_filter */
tmpm = DetectGetLastSMFromLists(s, DETECT_DETECTION_FILTER, -1); tmpm = DetectGetLastSMFromLists(s, DETECT_DETECTION_FILTER, -1);
if (tmpm != NULL) { if (tmpm != NULL) {
SCLogError( SCLogError("At most one \"detection_filter\" is allowed per rule");
SC_ERR_INVALID_SIGNATURE, "At most one \"detection_filter\" is allowed per rule");
SCReturnInt(-1); SCReturnInt(-1);
} }
@ -585,4 +582,4 @@ static void DetectDetectionFilterRegisterTests(void)
UtRegisterTest("DetectDetectionFilterTestSig2", DetectDetectionFilterTestSig2); UtRegisterTest("DetectDetectionFilterTestSig2", DetectDetectionFilterTestSig2);
UtRegisterTest("DetectDetectionFilterTestSig3", DetectDetectionFilterTestSig3); UtRegisterTest("DetectDetectionFilterTestSig3", DetectDetectionFilterTestSig3);
} }
#endif /* UNITTESTS */ #endif /* UNITTESTS */

2
src/detect-dhcp-leasetime.c
Unescape Escape View File

@ -86,7 +86,7 @@ static int DetectDHCPLeaseTimeSetup(DetectEngineCtx *de_ctx, Signature *s, const
DetectU64Data *dd = DetectU64Parse(rawstr); DetectU64Data *dd = DetectU64Parse(rawstr);
if (dd == NULL) { if (dd == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Parsing \'%s\' failed for %s", rawstr, SCLogError("Parsing \'%s\' failed for %s", rawstr,
sigmatch_table[DETECT_AL_DHCP_LEASETIME].name); sigmatch_table[DETECT_AL_DHCP_LEASETIME].name);
return -1; return -1;
} }

2
src/detect-dhcp-rebinding-time.c
Unescape Escape View File

@ -86,7 +86,7 @@ static int DetectDHCPRebindingTimeSetup(DetectEngineCtx *de_ctx, Signature *s, c
DetectU64Data *dd = DetectU64Parse(rawstr); DetectU64Data *dd = DetectU64Parse(rawstr);
if (dd == NULL) { if (dd == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Parsing \'%s\' failed for %s", rawstr, SCLogError("Parsing \'%s\' failed for %s", rawstr,
sigmatch_table[DETECT_AL_DHCP_REBINDING_TIME].name); sigmatch_table[DETECT_AL_DHCP_REBINDING_TIME].name);
return -1; return -1;
} }

2
src/detect-dhcp-renewal-time.c
Unescape Escape View File

@ -86,7 +86,7 @@ static int DetectDHCPRenewalTimeSetup(DetectEngineCtx *de_ctx, Signature *s, con
DetectU64Data *dd = DetectU64Parse(rawstr); DetectU64Data *dd = DetectU64Parse(rawstr);
if (dd == NULL) { if (dd == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Parsing \'%s\' failed for %s", rawstr, SCLogError("Parsing \'%s\' failed for %s", rawstr,
sigmatch_table[DETECT_AL_DHCP_RENEWAL_TIME].name); sigmatch_table[DETECT_AL_DHCP_RENEWAL_TIME].name);
return -1; return -1;
} }

22
src/detect-distance.c
Unescape Escape View File

@ -76,7 +76,7 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
/* retrieve the sm to apply the distance against */ /* retrieve the sm to apply the distance against */
pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1); pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
if (pm == NULL) { if (pm == NULL) {
SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "distance needs " SCLogError("distance needs "
"preceding content, uricontent option, http_client_body, " "preceding content, uricontent option, http_client_body, "
"http_server_body, http_header option, http_raw_header option, " "http_server_body, http_header option, http_raw_header option, "
"http_method option, http_cookie, http_raw_uri, " "http_method option, http_cookie, http_raw_uri, "
@ -88,39 +88,39 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
/* verify other conditions */ /* verify other conditions */
DetectContentData *cd = (DetectContentData *)pm->ctx; DetectContentData *cd = (DetectContentData *)pm->ctx;
if (cd->flags & DETECT_CONTENT_DISTANCE) { if (cd->flags & DETECT_CONTENT_DISTANCE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple distances for the same content."); SCLogError("can't use multiple distances for the same content.");
goto end; goto end;
} }
if ((cd->flags & DETECT_CONTENT_DEPTH) || (cd->flags & DETECT_CONTENT_OFFSET)) { if ((cd->flags & DETECT_CONTENT_DEPTH) || (cd->flags & DETECT_CONTENT_OFFSET)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative " SCLogError("can't use a relative "
"keyword like within/distance with a absolute " "keyword like within/distance with a absolute "
"relative keyword like depth/offset for the same " "relative keyword like depth/offset for the same "
"content." ); "content.");
goto end; goto end;
} }
if (cd->flags & DETECT_CONTENT_NEGATED && cd->flags & DETECT_CONTENT_FAST_PATTERN) { if (cd->flags & DETECT_CONTENT_NEGATED && cd->flags & DETECT_CONTENT_FAST_PATTERN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative " SCLogError("can't have a relative "
"negated keyword set along with a fast_pattern"); "negated keyword set along with a fast_pattern");
goto end; goto end;
} }
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) { if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative " SCLogError("can't have a relative "
"keyword set along with a fast_pattern:only;"); "keyword set along with a fast_pattern:only;");
goto end; goto end;
} }
if (str[0] != '-' && isalpha((unsigned char)str[0])) { if (str[0] != '-' && isalpha((unsigned char)str[0])) {
DetectByteIndexType index; DetectByteIndexType index;
if (!DetectByteRetrieveSMVar(str, s, &index)) { if (!DetectByteRetrieveSMVar(str, s, &index)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_ keyword var " SCLogError("unknown byte_ keyword var "
"seen in distance - %s\n", str); "seen in distance - %s\n",
str);
goto end; goto end;
} }
cd->distance = index; cd->distance = index;
cd->flags |= DETECT_CONTENT_DISTANCE_VAR; cd->flags |= DETECT_CONTENT_DISTANCE_VAR;
} else { } else {
if (StringParseInt32(&cd->distance, 0, 0, str) < 0) { if (StringParseInt32(&cd->distance, 0, 0, str) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("invalid value for distance: %s", str);
"invalid value for distance: %s", str);
goto end; goto end;
} }
} }
@ -135,7 +135,7 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
if (prev_pm->type == DETECT_CONTENT) { if (prev_pm->type == DETECT_CONTENT) {
DetectContentData *prev_cd = (DetectContentData *)prev_pm->ctx; DetectContentData *prev_cd = (DetectContentData *)prev_pm->ctx;
if (prev_cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) { if (prev_cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "previous keyword " SCLogError("previous keyword "
"has a fast_pattern:only; set. Can't " "has a fast_pattern:only; set. Can't "
"have relative keywords around a fast_pattern " "have relative keywords around a fast_pattern "
"only content"); "only content");

9
src/detect-dnp3.c
Unescape Escape View File

@ -212,8 +212,7 @@ static int DetectDNP3FuncSetup(DetectEngineCtx *de_ctx, Signature *s, const char
return -1; return -1;
if (!DetectDNP3FuncParseFunctionCode(str, &function_code)) { if (!DetectDNP3FuncParseFunctionCode(str, &function_code)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("Invalid argument \"%s\" supplied to dnp3_func keyword.", str);
"Invalid argument \"%s\" supplied to dnp3_func keyword.", str);
return -1; return -1;
} }
@ -264,8 +263,7 @@ static int DetectDNP3IndParseByName(const char *str, uint16_t *flags)
} }
if (!found) { if (!found) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("Bad argument \"%s\" supplied to dnp3.ind keyword.", p);
"Bad argument \"%s\" supplied to dnp3.ind keyword.", p);
return 0; return 0;
} }
} }
@ -300,8 +298,7 @@ static int DetectDNP3IndSetup(DetectEngineCtx *de_ctx, Signature *s, const char
return -1; return -1;
if (!DetectDNP3IndParse(str, &flags)) { if (!DetectDNP3IndParse(str, &flags)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("Invalid argument \"%s\" supplied to dnp3.ind keyword.", str);
"Invalid argument \"%s\" supplied to dnp3.ind keyword.", str);
return -1; return -1;
} }

3
src/detect-dns-opcode.c
Unescape Escape View File

@ -37,8 +37,7 @@ static int DetectDnsOpcodeSetup(DetectEngineCtx *de_ctx, Signature *s,
void *detect = rs_detect_dns_opcode_parse(str); void *detect = rs_detect_dns_opcode_parse(str);
if (detect == NULL) { if (detect == NULL) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, SCLogError("failed to parse dns.opcode: %s", str);
"failed to parse dns.opcode: %s", str);
return -1; return -1;
} }

6
src/detect-dsize.c
Unescape Escape View File

@ -122,7 +122,7 @@ static int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
SigMatch *sm = NULL; SigMatch *sm = NULL;
if (DetectGetLastSMFromLists(s, DETECT_DSIZE, -1)) { if (DetectGetLastSMFromLists(s, DETECT_DSIZE, -1)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use 2 or more dsizes in " SCLogError("Can't use 2 or more dsizes in "
"the same sig. Invalidating signature."); "the same sig. Invalidating signature.");
goto error; goto error;
} }
@ -131,7 +131,7 @@ static int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
dd = DetectU16Parse(rawstr); dd = DetectU16Parse(rawstr);
if (dd == NULL) { if (dd == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT,"Parsing \'%s\' failed", rawstr); SCLogError("Parsing \'%s\' failed", rawstr);
goto error; goto error;
} }
@ -139,7 +139,7 @@ static int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
* and put it in the Signature. */ * and put it in the Signature. */
sm = SigMatchAlloc(); sm = SigMatchAlloc();
if (sm == NULL){ if (sm == NULL){
SCLogError(SC_ENOMEM, "Failed to allocate memory for SigMatch"); SCLogError("Failed to allocate memory for SigMatch");
rs_detect_u16_free(dd); rs_detect_u16_free(dd);
goto error; goto error;
} }

92
src/detect-engine-address.c
Unescape Escape View File

@ -460,7 +460,7 @@ static int DetectAddressParseString(DetectAddress *dd, const char *str)
/* validate netmask */ /* validate netmask */
int cidr = CIDRFromMask(netmask); int cidr = CIDRFromMask(netmask);
if (cidr < 0) { if (cidr < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError(
"netmask \"%s\" is not usable. Only netmasks that are compatible with " "netmask \"%s\" is not usable. Only netmasks that are compatible with "
"CIDR notation are supported. See ticket #5168.", "CIDR notation are supported. See ticket #5168.",
mask); mask);
@ -650,8 +650,7 @@ static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
/* parse the address */ /* parse the address */
DetectAddress *ad = DetectAddressParseSingle(s); DetectAddress *ad = DetectAddressParseSingle(s);
if (ad == NULL) { if (ad == NULL) {
SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, SCLogError("failed to parse address \"%s\"", s);
"failed to parse address \"%s\"", s);
return -1; return -1;
} }
@ -725,8 +724,8 @@ static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddre
char *temp_rule_var_address = NULL; char *temp_rule_var_address = NULL;
if (++recur > 64) { if (++recur > 64) {
SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "address block recursion " SCLogError("address block recursion "
"limit reached (max 64)"); "limit reached (max 64)");
goto error; goto error;
} }
@ -735,10 +734,9 @@ static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddre
size_t size = strlen(s); size_t size = strlen(s);
for (u = 0, x = 0; u < size && x < address_length; u++) { for (u = 0, x = 0; u < size && x < address_length; u++) {
if (x == (address_length - 1)) { if (x == (address_length - 1)) {
SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, SCLogError("Hit the address buffer"
"Hit the address buffer" " limit for the supplied address. Invalidating sig. "
" limit for the supplied address. Invalidating sig. " "Please file a bug report on this.");
"Please file a bug report on this.");
goto error; goto error;
} }
address[x] = s[u]; address[x] = s[u];
@ -853,10 +851,11 @@ static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddre
goto error; goto error;
if (strlen(rule_var_address) == 0) { if (strlen(rule_var_address) == 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved " SCLogError("variable %s resolved "
"to nothing. This is likely a misconfiguration. " "to nothing. This is likely a misconfiguration. "
"Note that a negated address needs to be quoted, " "Note that a negated address needs to be quoted, "
"\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s); "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
s);
goto error; goto error;
} }
@ -908,8 +907,8 @@ static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddre
x = 0; x = 0;
if (AddVariableToResolveList(var_list, address) == -1) { if (AddVariableToResolveList(var_list, address) == -1) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a address " SCLogError("Found a loop in a address "
"groups declaration. This is likely a misconfiguration."); "groups declaration. This is likely a misconfiguration.");
goto error; goto error;
} }
@ -920,10 +919,11 @@ static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddre
goto error; goto error;
if (strlen(rule_var_address) == 0) { if (strlen(rule_var_address) == 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved " SCLogError("variable %s resolved "
"to nothing. This is likely a misconfiguration. " "to nothing. This is likely a misconfiguration. "
"Note that a negated address needs to be quoted, " "Note that a negated address needs to be quoted, "
"\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s); "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
s);
goto error; goto error;
} }
@ -968,14 +968,16 @@ static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddre
} }
} }
if (depth > 0) { if (depth > 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was " SCLogError("not every address block was "
"properly closed in \"%s\", %d missing closing brackets (]). " "properly closed in \"%s\", %d missing closing brackets (]). "
"Note: problem might be in a variable.", s, depth); "Note: problem might be in a variable.",
s, depth);
goto error; goto error;
} else if (depth < 0) { } else if (depth < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was " SCLogError("not every address block was "
"properly opened in \"%s\", %d missing opening brackets ([). " "properly opened in \"%s\", %d missing opening brackets ([). "
"Note: problem might be in a variable.", s, depth*-1); "Note: problem might be in a variable.",
s, depth * -1);
goto error; goto error;
} }
@ -1003,8 +1005,8 @@ static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead
if (address_length > (MAX_ADDRESS_LENGTH - 1)) { if (address_length > (MAX_ADDRESS_LENGTH - 1)) {
char *address = SCCalloc(1, address_length); char *address = SCCalloc(1, address_length);
if (address == NULL) { if (address == NULL) {
SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "Unable to allocate" SCLogError("Unable to allocate"
" memory for address parsing."); " memory for address parsing.");
return -1; return -1;
} }
rc = DetectAddressParseInternal( rc = DetectAddressParseInternal(
@ -1060,7 +1062,7 @@ int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
/* check if the negated list covers the entire ip space. If so /* check if the negated list covers the entire ip space. If so
* the user screwed up the rules/vars. */ * the user screwed up the rules/vars. */
if (DetectAddressIsCompleteIPSpace(ghn) == 1) { if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Complete IP space negated. " SCLogError("Complete IP space negated. "
"Rule address range is NIL. Probably have a !any or " "Rule address range is NIL. Probably have a !any or "
"an address range that supplies a NULL address range"); "an address range that supplies a NULL address range");
goto error; goto error;
@ -1203,8 +1205,9 @@ int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
cnt++; cnt++;
if (ipv4_applied != cnt) { if (ipv4_applied != cnt) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv4 negations " SCLogError("not all IPv4 negations "
"could be applied: %d != %d", cnt, ipv4_applied); "could be applied: %d != %d",
cnt, ipv4_applied);
goto error; goto error;
} }
@ -1213,16 +1216,17 @@ int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
cnt++; cnt++;
if (ipv6_applied != cnt) { if (ipv6_applied != cnt) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv6 negations " SCLogError("not all IPv6 negations "
"could be applied: %d != %d", cnt, ipv6_applied); "could be applied: %d != %d",
cnt, ipv6_applied);
goto error; goto error;
} }
} }
/* if the result is that we have no addresses we return error */ /* if the result is that we have no addresses we return error */
if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) { if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "no addresses left after " SCLogError("no addresses left after "
"merging addresses and negated addresses"); "merging addresses and negated addresses");
goto error; goto error;
} }
@ -1260,10 +1264,10 @@ int DetectAddressTestConfVars(void)
} }
if (seq_node->val == NULL) { if (seq_node->val == NULL) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, SCLogError("Address var \"%s\" probably has a sequence(something "
"Address var \"%s\" probably has a sequence(something "
"in brackets) value set without any quotes. Please " "in brackets) value set without any quotes. Please "
"quote it using \"..\".", seq_node->name); "quote it using \"..\".",
seq_node->name);
goto error; goto error;
} }
@ -1273,19 +1277,17 @@ int DetectAddressTestConfVars(void)
CleanVariableResolveList(&var_list); CleanVariableResolveList(&var_list);
if (r < 0) { if (r < 0) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, SCLogError("failed to parse address var \"%s\" with value \"%s\". "
"failed to parse address var \"%s\" with value \"%s\". " "Please check its syntax",
"Please check its syntax",
seq_node->name, seq_node->val); seq_node->name, seq_node->val);
goto error; goto error;
} }
if (DetectAddressIsCompleteIPSpace(ghn)) { if (DetectAddressIsCompleteIPSpace(ghn)) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, SCLogError("address var - \"%s\" has the complete IP space negated "
"address var - \"%s\" has the complete IP space negated " "with its value \"%s\". Rule address range is NIL. "
"with its value \"%s\". Rule address range is NIL. " "Probably have a !any or an address range that supplies "
"Probably have a !any or an address range that supplies " "a NULL address range",
"a NULL address range",
seq_node->name, seq_node->val); seq_node->name, seq_node->val);
goto error; goto error;
} }

2
src/detect-engine-alert.c
Unescape Escape View File

@ -224,7 +224,7 @@ void AlertQueueInit(DetectEngineThreadCtx *det_ctx)
det_ctx->alert_queue_size = 0; det_ctx->alert_queue_size = 0;
det_ctx->alert_queue = SCCalloc(packet_alert_max, sizeof(PacketAlert)); det_ctx->alert_queue = SCCalloc(packet_alert_max, sizeof(PacketAlert));
if (det_ctx->alert_queue == NULL) { if (det_ctx->alert_queue == NULL) {
FatalError(SC_ENOMEM, "failed to allocate %" PRIu64 " bytes for the alert queue", FatalError("failed to allocate %" PRIu64 " bytes for the alert queue",
(uint64_t)(packet_alert_max * sizeof(PacketAlert))); (uint64_t)(packet_alert_max * sizeof(PacketAlert)));
} }
det_ctx->alert_queue_capacity = packet_alert_max; det_ctx->alert_queue_capacity = packet_alert_max;

21
src/detect-engine-analyzer.c
Unescape Escape View File

@ -243,7 +243,7 @@ void EngineAnalysisFP(const DetectEngineCtx *de_ctx, const Signature *s, char *l
uint16_t patlen = fp_cd->content_len; uint16_t patlen = fp_cd->content_len;
uint8_t *pat = SCMalloc(fp_cd->content_len + 1); uint8_t *pat = SCMalloc(fp_cd->content_len + 1);
if (unlikely(pat == NULL)) { if (unlikely(pat == NULL)) {
FatalError(SC_ERR_FATAL, "Error allocating memory"); FatalError("Error allocating memory");
} }
memcpy(pat, fp_cd->content, fp_cd->content_len); memcpy(pat, fp_cd->content, fp_cd->content_len);
pat[fp_cd->content_len] = '\0'; pat[fp_cd->content_len] = '\0';
@ -303,8 +303,7 @@ int SetupFPAnalyzer(void)
fp_engine_analysis_FD = fopen(log_path, "w"); fp_engine_analysis_FD = fopen(log_path, "w");
if (fp_engine_analysis_FD == NULL) { if (fp_engine_analysis_FD == NULL) {
SCLogError(SC_ERR_FOPEN, "failed to open %s: %s", log_path, SCLogError("failed to open %s: %s", log_path, strerror(errno));
strerror(errno));
return 0; return 0;
} }
@ -352,7 +351,7 @@ int SetupRuleAnalyzer(void)
snprintf(log_path, sizeof(log_path), "%s/%s", log_dir, "rules_analysis.txt"); snprintf(log_path, sizeof(log_path), "%s/%s", log_dir, "rules_analysis.txt");
rule_engine_analysis_FD = fopen(log_path, "w"); rule_engine_analysis_FD = fopen(log_path, "w");
if (rule_engine_analysis_FD == NULL) { if (rule_engine_analysis_FD == NULL) {
SCLogError(SC_ERR_FOPEN, "failed to open %s: %s", log_path, strerror(errno)); SCLogError("failed to open %s: %s", log_path, strerror(errno));
return 0; return 0;
} }
@ -444,8 +443,8 @@ int PerCentEncodingSetup ()
if (percent_re == NULL) { if (percent_re == NULL) {
PCRE2_UCHAR errbuffer[256]; PCRE2_UCHAR errbuffer[256];
pcre2_get_error_message(en, errbuffer, sizeof(errbuffer)); pcre2_get_error_message(en, errbuffer, sizeof(errbuffer));
SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %d: %s", SCLogError("Compile of \"%s\" failed at offset %d: %s", DETECT_PERCENT_ENCODING_REGEX,
DETECT_PERCENT_ENCODING_REGEX, (int)eo, errbuffer); (int)eo, errbuffer);
return 0; return 0;
} }
@ -469,7 +468,7 @@ static int PerCentEncodingMatch(uint8_t *content, uint16_t content_len)
return 0; return 0;
} }
else if (ret < -1) { else if (ret < -1) {
SCLogError(SC_ERR_PCRE_MATCH, "Error parsing content - %s; error code is %d", content, ret); SCLogError("Error parsing content - %s; error code is %d", content, ret);
return -1; return -1;
} }
return ret; return ret;
@ -492,7 +491,7 @@ static void EngineAnalysisRulesPrintFP(const DetectEngineCtx *de_ctx, const Sign
uint16_t patlen = fp_cd->content_len; uint16_t patlen = fp_cd->content_len;
uint8_t *pat = SCMalloc(fp_cd->content_len + 1); uint8_t *pat = SCMalloc(fp_cd->content_len + 1);
if (unlikely(pat == NULL)) { if (unlikely(pat == NULL)) {
FatalError(SC_ERR_FATAL, "Error allocating memory"); FatalError("Error allocating memory");
} }
memcpy(pat, fp_cd->content, fp_cd->content_len); memcpy(pat, fp_cd->content, fp_cd->content_len);
pat[fp_cd->content_len] = '\0'; pat[fp_cd->content_len] = '\0';
@ -1081,9 +1080,9 @@ static void EngineAnalysisItemsInit(void)
analyzer_item->item_id = (uint16_t)item_id; analyzer_item->item_id = (uint16_t)item_id;
if (analyzer_item->item_id == -1) { if (analyzer_item->item_id == -1) {
/* Mismatch between the analyzer_items array and what's supported */ /* Mismatch between the analyzer_items array and what's supported */
FatalError(SC_ERR_INITIALIZATION, FatalError("unable to initialize engine-analysis table: detect buffer \"%s\" not "
"unable to initialize engine-analysis table: detect buffer \"%s\" not recognized.", "recognized.",
analyzer_item->item_name); analyzer_item->item_name);
} }
analyzer_item->item_seen = false; analyzer_item->item_seen = false;

16
src/detect-engine-build.c
Unescape Escape View File

@ -1222,8 +1222,8 @@ static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, uint8_t ipproto, u
((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) && ((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) &&
(!(s->dp->port == 0 && s->dp->port2 == 65535))) (!(s->dp->port == 0 && s->dp->port2 == 65535)))
{ {
SCLogWarning(SC_WARN_POOR_RULE, "rule %u: SYN-only to port(s) %u:%u " SCLogWarning("rule %u: SYN-only to port(s) %u:%u "
"w/o direction specified, disabling for toclient direction", "w/o direction specified, disabling for toclient direction",
s->id, s->dp->port, s->dp->port2); s->id, s->dp->port, s->dp->port2);
goto next; goto next;
} }
@ -1970,18 +1970,18 @@ int SigGroupBuild(DetectEngineCtx *de_ctx)
SigInitStandardMpmFactoryContexts(de_ctx); SigInitStandardMpmFactoryContexts(de_ctx);
if (SigAddressPrepareStage1(de_ctx) != 0) { if (SigAddressPrepareStage1(de_ctx) != 0) {
FatalError(SC_ERR_FATAL, "initializing the detection engine failed"); FatalError("initializing the detection engine failed");
} }
if (SigAddressPrepareStage2(de_ctx) != 0) { if (SigAddressPrepareStage2(de_ctx) != 0) {
FatalError(SC_ERR_FATAL, "initializing the detection engine failed"); FatalError("initializing the detection engine failed");
} }
if (SigAddressPrepareStage3(de_ctx) != 0) { if (SigAddressPrepareStage3(de_ctx) != 0) {
FatalError(SC_ERR_FATAL, "initializing the detection engine failed"); FatalError("initializing the detection engine failed");
} }
if (SigAddressPrepareStage4(de_ctx) != 0) { if (SigAddressPrepareStage4(de_ctx) != 0) {
FatalError(SC_ERR_FATAL, "initializing the detection engine failed"); FatalError("initializing the detection engine failed");
} }
int r = DetectMpmPrepareBuiltinMpms(de_ctx); int r = DetectMpmPrepareBuiltinMpms(de_ctx);
@ -1989,11 +1989,11 @@ int SigGroupBuild(DetectEngineCtx *de_ctx)
r |= DetectMpmPreparePktMpms(de_ctx); r |= DetectMpmPreparePktMpms(de_ctx);
r |= DetectMpmPrepareFrameMpms(de_ctx); r |= DetectMpmPrepareFrameMpms(de_ctx);
if (r != 0) { if (r != 0) {
FatalError(SC_ERR_FATAL, "initializing the detection engine failed"); FatalError("initializing the detection engine failed");
} }
if (SigMatchPrepare(de_ctx) != 0) { if (SigMatchPrepare(de_ctx) != 0) {
FatalError(SC_ERR_FATAL, "initializing the detection engine failed"); FatalError("initializing the detection engine failed");
} }
#ifdef PROFILING #ifdef PROFILING

2
src/detect-engine-content-inspection.c
Unescape Escape View File

@ -328,7 +328,7 @@ uint8_t DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThrea
* cast to non-const as replace writes to it. */ * cast to non-const as replace writes to it. */
det_ctx->replist = DetectReplaceAddToList(det_ctx->replist, (uint8_t *)found, cd); det_ctx->replist = DetectReplaceAddToList(det_ctx->replist, (uint8_t *)found, cd);
} else { } else {
SCLogWarning(SC_EINVAL, "Can't modify payload without packet"); SCLogWarning("Can't modify payload without packet");
} }
} }

8
src/detect-engine-event.c
Unescape Escape View File

@ -127,8 +127,7 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr)
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 1) { if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
", string %s", ret, rawstr);
goto error; goto error;
} }
@ -137,7 +136,7 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr)
res = pcre2_substring_copy_bynumber(parse_regex.match, 0, (PCRE2_UCHAR8 *)copy_str, &pcre2len); res = pcre2_substring_copy_bynumber(parse_regex.match, 0, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
@ -149,8 +148,7 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr)
} }
if (found == 0) { if (found == 0) {
SCLogError(SC_ERR_UNKNOWN_DECODE_EVENT, "unknown decode event \"%s\"", SCLogError("unknown decode event \"%s\"", copy_str);
copy_str);
goto error; goto error;
} }

34
src/detect-engine-iponly.c
Unescape Escape View File

@ -339,8 +339,7 @@ static int IPOnlyCIDRItemSetup(IPOnlyCIDRItem **gh, char *s)
/* parse the address */ /* parse the address */
if (IPOnlyCIDRItemParseSingle(gh, s) == -1) { if (IPOnlyCIDRItemParseSingle(gh, s) == -1) {
SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, SCLogError("address parsing error \"%s\"", s);
"address parsing error \"%s\"", s);
goto error; goto error;
} }
@ -549,8 +548,7 @@ static SigNumArray *SigNumArrayNew(DetectEngineCtx *de_ctx,
SigNumArray *new = SCMalloc(sizeof(SigNumArray)); SigNumArray *new = SCMalloc(sizeof(SigNumArray));
if (unlikely(new == NULL)) { if (unlikely(new == NULL)) {
FatalError(SC_ERR_FATAL, FatalError("Fatal error encountered in SigNumArrayNew. Exiting...");
"Fatal error encountered in SigNumArrayNew. Exiting...");
} }
memset(new, 0, sizeof(SigNumArray)); memset(new, 0, sizeof(SigNumArray));
@ -580,8 +578,7 @@ static SigNumArray *SigNumArrayCopy(SigNumArray *orig)
SigNumArray *new = SCMalloc(sizeof(SigNumArray)); SigNumArray *new = SCMalloc(sizeof(SigNumArray));
if (unlikely(new == NULL)) { if (unlikely(new == NULL)) {
FatalError(SC_ERR_FATAL, FatalError("Fatal error encountered in SigNumArrayCopy. Exiting...");
"Fatal error encountered in SigNumArrayCopy. Exiting...");
} }
memset(new, 0, sizeof(SigNumArray)); memset(new, 0, sizeof(SigNumArray));
@ -783,7 +780,7 @@ static IPOnlyCIDRItem *IPOnlyCIDRListParse2(
return head; return head;
error: error:
SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC,"Error parsing addresses"); SCLogError("Error parsing addresses");
return head; return head;
} }
@ -863,7 +860,7 @@ int IPOnlySigParseAddress(const DetectEngineCtx *de_ctx,
return 0; return 0;
error: error:
SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "failed to parse addresses"); SCLogError("failed to parse addresses");
return -1; return -1;
} }
@ -1188,8 +1185,8 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
sna, src->netmask); sna, src->netmask);
if (node == NULL) if (node == NULL)
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the " SCLogError("Error inserting in the "
"src ipv4 radix tree"); "src ipv4 radix tree");
} else { } else {
SCLogDebug("Best match found"); SCLogDebug("Best match found");
@ -1218,8 +1215,9 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
if (node == NULL) { if (node == NULL) {
char tmpstr[64]; char tmpstr[64];
PrintInet(src->family, &src->ip[0], tmpstr, sizeof(tmpstr)); PrintInet(src->family, &src->ip[0], tmpstr, sizeof(tmpstr));
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the" SCLogError("Error inserting in the"
" src ipv4 radix tree ip %s netmask %"PRIu8, tmpstr, src->netmask); " src ipv4 radix tree ip %s netmask %" PRIu8,
tmpstr, src->netmask);
//SCRadixPrintTree((de_ctx->io_ctx).tree_ipv4src); //SCRadixPrintTree((de_ctx->io_ctx).tree_ipv4src);
exit(-1); exit(-1);
} }
@ -1281,7 +1279,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
(de_ctx->io_ctx).tree_ipv6src, (de_ctx->io_ctx).tree_ipv6src,
sna, src->netmask); sna, src->netmask);
if (node == NULL) if (node == NULL)
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the src " SCLogError("Error inserting in the src "
"ipv6 radix tree"); "ipv6 radix tree");
} else { } else {
/* Found, copy the sig num table, add this signum and insert */ /* Found, copy the sig num table, add this signum and insert */
@ -1305,7 +1303,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
(de_ctx->io_ctx).tree_ipv6src, (de_ctx->io_ctx).tree_ipv6src,
sna, src->netmask); sna, src->netmask);
if (node == NULL) if (node == NULL)
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the src " SCLogError("Error inserting in the src "
"ipv6 radix tree"); "ipv6 radix tree");
} }
} else { } else {
@ -1383,7 +1381,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
sna, dst->netmask); sna, dst->netmask);
if (node == NULL) if (node == NULL)
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the dst " SCLogError("Error inserting in the dst "
"ipv4 radix tree"); "ipv4 radix tree");
} else { } else {
SCLogDebug("Best match found"); SCLogDebug("Best match found");
@ -1410,7 +1408,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
sna, dst->netmask); sna, dst->netmask);
if (node == NULL) if (node == NULL)
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the dst " SCLogError("Error inserting in the dst "
"ipv4 radix tree"); "ipv4 radix tree");
} }
} else { } else {
@ -1471,7 +1469,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
sna, dst->netmask); sna, dst->netmask);
if (node == NULL) if (node == NULL)
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the dst " SCLogError("Error inserting in the dst "
"ipv6 radix tree"); "ipv6 radix tree");
} else { } else {
/* Found, copy the sig num table, add this signum and insert */ /* Found, copy the sig num table, add this signum and insert */
@ -1496,7 +1494,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
sna, dst->netmask); sna, dst->netmask);
if (node == NULL) if (node == NULL)
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the dst " SCLogError("Error inserting in the dst "
"ipv6 radix tree"); "ipv6 radix tree");
} }
} else { } else {

37
src/detect-engine-loader.c
Unescape Escape View File

@ -65,7 +65,7 @@ char *DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_f
char varname[128]; char varname[128];
if (sig_file == NULL) { if (sig_file == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENTS,"invalid sig_file argument - NULL"); SCLogError("invalid sig_file argument - NULL");
return NULL; return NULL;
} }
@ -135,8 +135,9 @@ static int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file,
FILE *fp = fopen(sig_file, "r"); FILE *fp = fopen(sig_file, "r");
if (fp == NULL) { if (fp == NULL) {
SCLogError(SC_ERR_OPENING_RULE_FILE, "opening rule file %s:" SCLogError("opening rule file %s:"
" %s.", sig_file, strerror(errno)); " %s.",
sig_file, strerror(errno));
return -1; return -1;
} }
@ -188,13 +189,13 @@ static int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file,
good++; good++;
} else { } else {
if (!de_ctx->sigerror_silent) { if (!de_ctx->sigerror_silent) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "error parsing signature \"%s\" from " SCLogError("error parsing signature \"%s\" from "
"file %s at line %"PRId32"", line, sig_file, lineno - multiline); "file %s at line %" PRId32 "",
line, sig_file, lineno - multiline);
if (!SigStringAppend(&de_ctx->sig_stat, sig_file, line, de_ctx->sigerror, (lineno - multiline))) { if (!SigStringAppend(&de_ctx->sig_stat, sig_file, line, de_ctx->sigerror, (lineno - multiline))) {
SCLogError(SC_ENOMEM, SCLogError("Error adding sig \"%s\" from "
"Error adding sig \"%s\" from " "file %s at line %" PRId32 "",
"file %s at line %" PRId32 "",
line, sig_file, lineno - multiline); line, sig_file, lineno - multiline);
} }
if (de_ctx->sigerror) { if (de_ctx->sigerror) {
@ -229,7 +230,7 @@ static int ProcessSigFiles(DetectEngineCtx *de_ctx, char *pattern,
int r = 0; int r = 0;
if (pattern == NULL) { if (pattern == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "opening rule file null"); SCLogError("opening rule file null");
return -1; return -1;
} }
@ -238,13 +239,12 @@ static int ProcessSigFiles(DetectEngineCtx *de_ctx, char *pattern,
r = glob(pattern, 0, NULL, &files); r = glob(pattern, 0, NULL, &files);
if (r == GLOB_NOMATCH) { if (r == GLOB_NOMATCH) {
SCLogWarning(SC_ERR_NO_RULES, "No rule files match the pattern %s", pattern); SCLogWarning("No rule files match the pattern %s", pattern);
++(st->bad_files); ++(st->bad_files);
++(st->total_files); ++(st->total_files);
return -1; return -1;
} else if (r != 0) { } else if (r != 0) {
SCLogError(SC_ERR_OPENING_RULE_FILE, "error expanding template %s: %s", SCLogError("error expanding template %s: %s", pattern, strerror(errno));
pattern, strerror(errno));
return -1; return -1;
} }
@ -310,9 +310,8 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl
rule_files = ConfGetNode(varname); rule_files = ConfGetNode(varname);
if (rule_files != NULL) { if (rule_files != NULL) {
if (!ConfNodeIsSequence(rule_files)) { if (!ConfNodeIsSequence(rule_files)) {
SCLogWarning(SC_ERR_INVALID_ARGUMENT, SCLogWarning("Invalid rule-files configuration section: "
"Invalid rule-files configuration section: " "expected a list of filenames.");
"expected a list of filenames.");
} }
else { else {
TAILQ_FOREACH(file, &rule_files->head, next) { TAILQ_FOREACH(file, &rule_files->head, next) {
@ -353,7 +352,8 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl
/* now we should have signatures to work with */ /* now we should have signatures to work with */
if (sig_stat->good_sigs_total <= 0) { if (sig_stat->good_sigs_total <= 0) {
if (sig_stat->total_files > 0) { if (sig_stat->total_files > 0) {
SCLogWarning(SC_ERR_NO_RULES_LOADED, "%d rule files specified, but no rules were loaded!", sig_stat->total_files); SCLogWarning(
"%d rule files specified, but no rules were loaded!", sig_stat->total_files);
} else { } else {
SCLogInfo("No signatures supplied."); SCLogInfo("No signatures supplied.");
goto end; goto end;
@ -464,7 +464,7 @@ int DetectLoadersSync(void)
} }
if (errors) { if (errors) {
SCLogError(SC_ERR_INITIALIZATION, "%d loaders reported errors", errors); SCLogError("%d loaders reported errors", errors);
return -1; return -1;
} }
SCLogDebug("done"); SCLogDebug("done");
@ -484,8 +484,7 @@ void DetectLoadersInit(void)
(void)ConfGetInt("multi-detect.loaders", &setting); (void)ConfGetInt("multi-detect.loaders", &setting);
if (setting < 1 || setting > 1024) { if (setting < 1 || setting > 1024) {
SCLogError(SC_ERR_INVALID_ARGUMENTS, SCLogError("invalid multi-detect.loaders setting %" PRIdMAX, setting);
"invalid multi-detect.loaders setting %"PRIdMAX, setting);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
num_loaders = (int32_t)setting; num_loaders = (int32_t)setting;

21
src/detect-engine-mpm.c
Unescape Escape View File

@ -108,8 +108,7 @@ void DetectAppLayerMpmRegister2(const char *name,
DetectBufferTypeSupportsTransformations(name); DetectBufferTypeSupportsTransformations(name);
int sm_list = DetectBufferTypeGetByName(name); int sm_list = DetectBufferTypeGetByName(name);
if (sm_list == -1) { if (sm_list == -1) {
FatalError(SC_ERR_INITIALIZATION, FatalError("MPM engine registration for %s failed", name);
"MPM engine registration for %s failed", name);
} }
DetectBufferMpmRegistery *am = SCCalloc(1, sizeof(*am)); DetectBufferMpmRegistery *am = SCCalloc(1, sizeof(*am));
@ -299,7 +298,7 @@ void DetectFrameMpmRegister(const char *name, int direction, int priority,
DetectBufferTypeSupportsTransformations(name); DetectBufferTypeSupportsTransformations(name);
int sm_list = DetectBufferTypeGetByName(name); int sm_list = DetectBufferTypeGetByName(name);
if (sm_list < 0 || sm_list > UINT16_MAX) { if (sm_list < 0 || sm_list > UINT16_MAX) {
FatalError(SC_ERR_INITIALIZATION, "MPM engine registration for %s failed", name); FatalError("MPM engine registration for %s failed", name);
} }
DetectBufferMpmRegistery *am = SCCalloc(1, sizeof(*am)); DetectBufferMpmRegistery *am = SCCalloc(1, sizeof(*am));
@ -384,7 +383,7 @@ void DetectEngineFrameMpmRegister(DetectEngineCtx *de_ctx, const char *name, int
const int sm_list = DetectEngineBufferTypeRegister(de_ctx, name); const int sm_list = DetectEngineBufferTypeRegister(de_ctx, name);
if (sm_list < 0 || sm_list > UINT16_MAX) { if (sm_list < 0 || sm_list > UINT16_MAX) {
FatalError(SC_ERR_INITIALIZATION, "MPM engine registration for %s failed", name); FatalError("MPM engine registration for %s failed", name);
} }
DetectEngineBufferTypeSupportsMpm(de_ctx, name); DetectEngineBufferTypeSupportsMpm(de_ctx, name);
@ -533,8 +532,7 @@ void DetectPktMpmRegister(const char *name,
DetectBufferTypeSupportsTransformations(name); DetectBufferTypeSupportsTransformations(name);
int sm_list = DetectBufferTypeGetByName(name); int sm_list = DetectBufferTypeGetByName(name);
if (sm_list == -1) { if (sm_list == -1) {
FatalError(SC_ERR_INITIALIZATION, FatalError("MPM engine registration for %s failed", name);
"MPM engine registration for %s failed", name);
} }
DetectBufferMpmRegistery *am = SCCalloc(1, sizeof(*am)); DetectBufferMpmRegistery *am = SCCalloc(1, sizeof(*am));
@ -851,7 +849,7 @@ uint8_t PatternMatchDefaultMatcher(void)
if (mpm_algo != NULL) { if (mpm_algo != NULL) {
#if __BYTE_ORDER == __BIG_ENDIAN #if __BYTE_ORDER == __BIG_ENDIAN
if (strcmp(mpm_algo, "ac-ks") == 0) { if (strcmp(mpm_algo, "ac-ks") == 0) {
FatalError(SC_ERR_FATAL, "ac-ks does " FatalError("ac-ks does "
"not work on big endian systems at this time."); "not work on big endian systems at this time.");
} }
#endif #endif
@ -870,13 +868,14 @@ uint8_t PatternMatchDefaultMatcher(void)
#ifndef BUILD_HYPERSCAN #ifndef BUILD_HYPERSCAN
if ((strcmp(mpm_algo, "hs") == 0)) { if ((strcmp(mpm_algo, "hs") == 0)) {
FatalError(SC_EINVAL, "Hyperscan (hs) support for mpm-algo is " FatalError("Hyperscan (hs) support for mpm-algo is "
"not compiled into Suricata."); "not compiled into Suricata.");
} }
#endif #endif
} }
FatalError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid mpm algo supplied " FatalError("Invalid mpm algo supplied "
"in the yaml conf file: \"%s\"", mpm_algo); "in the yaml conf file: \"%s\"",
mpm_algo);
} }
done: done:

70
src/detect-engine-port.c
Unescape Escape View File

@ -757,7 +757,7 @@ static int DetectPortParseInsertString(const DetectEngineCtx *de_ctx,
/** parse the address */ /** parse the address */
ad = PortParse(s); ad = PortParse(s);
if (ad == NULL) { if (ad == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT," failed to parse port \"%s\"",s); SCLogError(" failed to parse port \"%s\"", s);
return -1; return -1;
} }
@ -803,7 +803,7 @@ static int DetectPortParseInsertString(const DetectEngineCtx *de_ctx,
return 0; return 0;
error: error:
SCLogError(SC_ERR_PORT_PARSE_INSERT_STRING,"DetectPortParseInsertString error"); SCLogError("DetectPortParseInsertString error");
if (ad != NULL) if (ad != NULL)
DetectPortCleanupList(de_ctx, ad); DetectPortCleanupList(de_ctx, ad);
if (ad_any != NULL) if (ad_any != NULL)
@ -849,8 +849,8 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
int r = 0; int r = 0;
if (recur++ > 64) { if (recur++ > 64) {
SCLogError(SC_ERR_PORT_ENGINE_GENERIC, "port block recursion " SCLogError("port block recursion "
"limit reached (max 64)"); "limit reached (max 64)");
goto error; goto error;
} }
@ -864,7 +864,7 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
range = 1; range = 1;
if (range == 1 && s[u] == '!') { if (range == 1 && s[u] == '!') {
SCLogError(SC_ERR_NEGATED_VALUE_IN_PORT_RANGE,"Can't have a negated value in a range."); SCLogError("Can't have a negated value in a range.");
return -1; return -1;
} else if (!o_set && s[u] == '!') { } else if (!o_set && s[u] == '!') {
SCLogDebug("negation encountered"); SCLogDebug("negation encountered");
@ -905,10 +905,11 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
if (rule_var_port == NULL) if (rule_var_port == NULL)
goto error; goto error;
if (strlen(rule_var_port) == 0) { if (strlen(rule_var_port) == 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved " SCLogError("variable %s resolved "
"to nothing. This is likely a misconfiguration. " "to nothing. This is likely a misconfiguration. "
"Note that a negated port needs to be quoted, " "Note that a negated port needs to be quoted, "
"\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.", s); "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.",
s);
goto error; goto error;
} }
if (negate == 1 || n_set == 1) { if (negate == 1 || n_set == 1) {
@ -960,8 +961,8 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
SCLogDebug("%s", address); SCLogDebug("%s", address);
if (AddVariableToResolveList(var_list, address) == -1) { if (AddVariableToResolveList(var_list, address) == -1) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a port " SCLogError("Found a loop in a port "
"groups declaration. This is likely a misconfiguration."); "groups declaration. This is likely a misconfiguration.");
goto error; goto error;
} }
@ -975,10 +976,11 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
if (rule_var_port == NULL) if (rule_var_port == NULL)
goto error; goto error;
if (strlen(rule_var_port) == 0) { if (strlen(rule_var_port) == 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved " SCLogError("variable %s resolved "
"to nothing. This is likely a misconfiguration. " "to nothing. This is likely a misconfiguration. "
"Note that a negated port needs to be quoted, " "Note that a negated port needs to be quoted, "
"\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.", s); "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.",
s);
goto error; goto error;
} }
if ((negate + n_set) % 2) { if ((negate + n_set) % 2) {
@ -1016,14 +1018,16 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
} }
if (depth > 0) { if (depth > 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not every port block was " SCLogError("not every port block was "
"properly closed in \"%s\", %d missing closing brackets (]). " "properly closed in \"%s\", %d missing closing brackets (]). "
"Note: problem might be in a variable.", s, depth); "Note: problem might be in a variable.",
s, depth);
goto error; goto error;
} else if (depth < 0) { } else if (depth < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not every port block was " SCLogError("not every port block was "
"properly opened in \"%s\", %d missing opening brackets ([). " "properly opened in \"%s\", %d missing opening brackets ([). "
"Note: problem might be in a variable.", s, depth*-1); "Note: problem might be in a variable.",
s, depth * -1);
goto error; goto error;
} }
@ -1086,7 +1090,7 @@ static int DetectPortParseMergeNotPorts(const DetectEngineCtx *de_ctx,
/** check if the full port space is negated */ /** check if the full port space is negated */
if (DetectPortIsCompletePortSpace(*nhead) == 1) { if (DetectPortIsCompletePortSpace(*nhead) == 1) {
SCLogError(SC_ERR_COMPLETE_PORT_SPACE_NEGATED,"Complete port space is negated"); SCLogError("Complete port space is negated");
goto error; goto error;
} }
@ -1155,7 +1159,7 @@ static int DetectPortParseMergeNotPorts(const DetectEngineCtx *de_ctx,
} }
if (*head == NULL) { if (*head == NULL) {
SCLogError(SC_ERR_NO_PORTS_LEFT_AFTER_MERGE,"no ports left after merging ports with negated ports"); SCLogError("no ports left after merging ports with negated ports");
goto error; goto error;
} }
@ -1188,10 +1192,10 @@ int DetectPortTestConfVars(void)
DetectPort *ghn = NULL; DetectPort *ghn = NULL;
if (seq_node->val == NULL) { if (seq_node->val == NULL) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, SCLogError("Port var \"%s\" probably has a sequence(something "
"Port var \"%s\" probably has a sequence(something "
"in brackets) value set without any quotes. Please " "in brackets) value set without any quotes. Please "
"quote it using \"..\".", seq_node->name); "quote it using \"..\".",
seq_node->name);
DetectPortCleanupList(NULL, gh); DetectPortCleanupList(NULL, gh);
goto error; goto error;
} }
@ -1203,19 +1207,17 @@ int DetectPortTestConfVars(void)
if (r < 0) { if (r < 0) {
DetectPortCleanupList(NULL, gh); DetectPortCleanupList(NULL, gh);
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, SCLogError("failed to parse port var \"%s\" with value \"%s\". "
"failed to parse port var \"%s\" with value \"%s\". " "Please check its syntax",
"Please check its syntax",
seq_node->name, seq_node->val); seq_node->name, seq_node->val);
goto error; goto error;
} }
if (DetectPortIsCompletePortSpace(ghn)) { if (DetectPortIsCompletePortSpace(ghn)) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, SCLogError("Port var - \"%s\" has the complete Port range negated "
"Port var - \"%s\" has the complete Port range negated " "with its value \"%s\". Port space range is NIL. "
"with its value \"%s\". Port space range is NIL. " "Probably have a !any or a port range that supplies "
"Probably have a !any or a port range that supplies " "a NULL address range",
"a NULL address range",
seq_node->name, seq_node->val); seq_node->name, seq_node->val);
DetectPortCleanupList(NULL, gh); DetectPortCleanupList(NULL, gh);
DetectPortCleanupList(NULL, ghn); DetectPortCleanupList(NULL, ghn);

2
src/detect-engine-prefilter.c
Unescape Escape View File

@ -414,7 +414,7 @@ void PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
{ {
int r = PatternMatchPrepareGroup(de_ctx, sgh); int r = PatternMatchPrepareGroup(de_ctx, sgh);
if (r != 0) { if (r != 0) {
FatalError(SC_ERR_INITIALIZATION, "failed to set up pattern matching"); FatalError("failed to set up pattern matching");
} }
/* set up engines if needed - when prefilter is set to auto we run /* set up engines if needed - when prefilter is set to auto we run

5
src/detect-engine-register.c
Unescape Escape View File

@ -707,8 +707,9 @@ void SigTableRegisterTests(void)
"registration function.", sigmatch_table[i].name); "registration function.", sigmatch_table[i].name);
if (coverage_unittests) if (coverage_unittests)
SCLogWarning(SC_WARN_NO_UNITTESTS, "detection plugin %s has no unittest " SCLogWarning("detection plugin %s has no unittest "
"registration function.", sigmatch_table[i].name); "registration function.",
sigmatch_table[i].name);
} }
} }
} }

3
src/detect-engine-sigorder.c
Unescape Escape View File

@ -98,8 +98,7 @@ static void SCSigRegisterSignatureOrderingFunc(DetectEngineCtx *de_ctx,
} }
if ( (temp = SCMalloc(sizeof(SCSigOrderFunc))) == NULL) { if ( (temp = SCMalloc(sizeof(SCSigOrderFunc))) == NULL) {
FatalError(SC_ERR_FATAL, FatalError("Fatal error encountered in SCSigRegisterSignatureOrderingFunc. Exiting...");
"Fatal error encountered in SCSigRegisterSignatureOrderingFunc. Exiting...");
} }
memset(temp, 0, sizeof(SCSigOrderFunc)); memset(temp, 0, sizeof(SCSigOrderFunc));

4
src/detect-engine-tag.c
Unescape Escape View File

@ -55,11 +55,11 @@ void TagInitCtx(void)
host_tag_id = HostStorageRegister("tag", sizeof(void *), NULL, DetectTagDataListFree); host_tag_id = HostStorageRegister("tag", sizeof(void *), NULL, DetectTagDataListFree);
if (host_tag_id.id == -1) { if (host_tag_id.id == -1) {
FatalError(SC_ERR_FATAL, "Can't initiate host storage for tag"); FatalError("Can't initiate host storage for tag");
} }
flow_tag_id = FlowStorageRegister("tag", sizeof(void *), NULL, DetectTagDataListFree); flow_tag_id = FlowStorageRegister("tag", sizeof(void *), NULL, DetectTagDataListFree);
if (flow_tag_id.id == -1) { if (flow_tag_id.id == -1) {
FatalError(SC_ERR_FATAL, "Can't initiate flow storage for tag"); FatalError("Can't initiate flow storage for tag");
} }
} }

20
src/detect-engine-threshold.c
Unescape Escape View File

@ -82,13 +82,11 @@ void ThresholdInit(void)
{ {
host_threshold_id = HostStorageRegister("threshold", sizeof(void *), NULL, ThresholdListFree); host_threshold_id = HostStorageRegister("threshold", sizeof(void *), NULL, ThresholdListFree);
if (host_threshold_id.id == -1) { if (host_threshold_id.id == -1) {
FatalError(SC_ERR_FATAL, FatalError("Can't initiate host storage for thresholding");
"Can't initiate host storage for thresholding");
} }
ippair_threshold_id = IPPairStorageRegister("threshold", sizeof(void *), NULL, ThresholdListFree); ippair_threshold_id = IPPairStorageRegister("threshold", sizeof(void *), NULL, ThresholdListFree);
if (ippair_threshold_id.id == -1) { if (ippair_threshold_id.id == -1) {
FatalError(SC_ERR_FATAL, FatalError("Can't initiate IP pair storage for thresholding");
"Can't initiate IP pair storage for thresholding");
} }
} }
@ -281,7 +279,7 @@ static int ThresholdHandlePacketSuppress(Packet *p,
break; break;
case TRACK_RULE: case TRACK_RULE:
default: default:
SCLogError(SC_EINVAL, "track mode %d is not supported", td->track); SCLogError("track mode %d is not supported", td->track);
break; break;
} }
if (m == NULL) if (m == NULL)
@ -528,7 +526,7 @@ static int ThresholdHandlePacket(Packet *p, DetectThresholdEntry *lookup_tsh,
} }
/* case TYPE_SUPPRESS: is not handled here */ /* case TYPE_SUPPRESS: is not handled here */
default: default:
SCLogError(SC_EINVAL, "type %d is not supported", td->type); SCLogError("type %d is not supported", td->type);
} }
return ret; return ret;
} }
@ -650,8 +648,7 @@ int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
void ThresholdHashInit(DetectEngineCtx *de_ctx) void ThresholdHashInit(DetectEngineCtx *de_ctx)
{ {
if (SCMutexInit(&de_ctx->ths_ctx.threshold_table_lock, NULL) != 0) { if (SCMutexInit(&de_ctx->ths_ctx.threshold_table_lock, NULL) != 0) {
FatalError(SC_ERR_FATAL, FatalError("Threshold: Failed to initialize hash table mutex.");
"Threshold: Failed to initialize hash table mutex.");
} }
} }
@ -716,10 +713,9 @@ void ThresholdHashAllocate(DetectEngineCtx *de_ctx)
de_ctx->ths_ctx.th_size = highest_signum + 1; de_ctx->ths_ctx.th_size = highest_signum + 1;
de_ctx->ths_ctx.th_entry = SCCalloc(de_ctx->ths_ctx.th_size, sizeof(DetectThresholdEntry *)); de_ctx->ths_ctx.th_entry = SCCalloc(de_ctx->ths_ctx.th_size, sizeof(DetectThresholdEntry *));
if (de_ctx->ths_ctx.th_entry == NULL) { if (de_ctx->ths_ctx.th_entry == NULL) {
FatalError(SC_ENOMEM, FatalError("Error allocating memory for rule "
"Error allocating memory for rule " "thresholds (tried to allocate %" PRIu32 " th_entrys for "
"thresholds (tried to allocate %" PRIu32 " th_entrys for " "rule tracking)",
"rule tracking)",
de_ctx->ths_ctx.th_size); de_ctx->ths_ctx.th_size);
} }
} }

218
src/detect-engine.c
Unescape Escape View File

@ -140,21 +140,19 @@ void DetectPktInspectEngineRegister(const char *name,
DetectBufferTypeRegister(name); DetectBufferTypeRegister(name);
const int sm_list = DetectBufferTypeGetByName(name); const int sm_list = DetectBufferTypeGetByName(name);
if (sm_list == -1) { if (sm_list == -1) {
FatalError(SC_ERR_INITIALIZATION, FatalError("failed to register inspect engine %s", name);
"failed to register inspect engine %s", name);
} }
if ((sm_list < DETECT_SM_LIST_MATCH) || (sm_list >= SHRT_MAX) || if ((sm_list < DETECT_SM_LIST_MATCH) || (sm_list >= SHRT_MAX) ||
(Callback == NULL)) (Callback == NULL))
{ {
SCLogError(SC_ERR_INVALID_ARGUMENTS, "Invalid arguments"); SCLogError("Invalid arguments");
BUG_ON(1); BUG_ON(1);
} }
DetectEnginePktInspectionEngine *new_engine = SCCalloc(1, sizeof(*new_engine)); DetectEnginePktInspectionEngine *new_engine = SCCalloc(1, sizeof(*new_engine));
if (unlikely(new_engine == NULL)) { if (unlikely(new_engine == NULL)) {
FatalError(SC_ERR_INITIALIZATION, FatalError("failed to register inspect engine %s: %s", name, strerror(errno));
"failed to register inspect engine %s: %s", name, strerror(errno));
} }
new_engine->sm_list = (uint16_t)sm_list; new_engine->sm_list = (uint16_t)sm_list;
new_engine->sm_list_base = (uint16_t)sm_list; new_engine->sm_list_base = (uint16_t)sm_list;
@ -182,11 +180,11 @@ void DetectFrameInspectEngineRegister(const char *name, int dir,
DetectBufferTypeRegister(name); DetectBufferTypeRegister(name);
const int sm_list = DetectBufferTypeGetByName(name); const int sm_list = DetectBufferTypeGetByName(name);
if (sm_list == -1) { if (sm_list == -1) {
FatalError(SC_ERR_INITIALIZATION, "failed to register inspect engine %s", name); FatalError("failed to register inspect engine %s", name);
} }
if ((sm_list < DETECT_SM_LIST_MATCH) || (sm_list >= SHRT_MAX) || (Callback == NULL)) { if ((sm_list < DETECT_SM_LIST_MATCH) || (sm_list >= SHRT_MAX) || (Callback == NULL)) {
SCLogError(SC_ERR_INVALID_ARGUMENTS, "Invalid arguments"); SCLogError("Invalid arguments");
BUG_ON(1); BUG_ON(1);
} }
@ -199,8 +197,7 @@ void DetectFrameInspectEngineRegister(const char *name, int dir,
DetectEngineFrameInspectionEngine *new_engine = SCCalloc(1, sizeof(*new_engine)); DetectEngineFrameInspectionEngine *new_engine = SCCalloc(1, sizeof(*new_engine));
if (unlikely(new_engine == NULL)) { if (unlikely(new_engine == NULL)) {
FatalError(SC_ERR_INITIALIZATION, "failed to register inspect engine %s: %s", name, FatalError("failed to register inspect engine %s: %s", name, strerror(errno));
strerror(errno));
} }
new_engine->sm_list = (uint16_t)sm_list; new_engine->sm_list = (uint16_t)sm_list;
new_engine->sm_list_base = (uint16_t)sm_list; new_engine->sm_list_base = (uint16_t)sm_list;
@ -234,8 +231,7 @@ void DetectAppLayerInspectEngineRegister2(const char *name,
DetectBufferTypeRegister(name); DetectBufferTypeRegister(name);
const int sm_list = DetectBufferTypeGetByName(name); const int sm_list = DetectBufferTypeGetByName(name);
if (sm_list == -1) { if (sm_list == -1) {
FatalError(SC_ERR_INITIALIZATION, FatalError("failed to register inspect engine %s", name);
"failed to register inspect engine %s", name);
} }
if ((alproto >= ALPROTO_FAILED) || if ((alproto >= ALPROTO_FAILED) ||
@ -244,11 +240,11 @@ void DetectAppLayerInspectEngineRegister2(const char *name,
(progress < 0 || progress >= SHRT_MAX) || (progress < 0 || progress >= SHRT_MAX) ||
(Callback2 == NULL)) (Callback2 == NULL))
{ {
SCLogError(SC_ERR_INVALID_ARGUMENTS, "Invalid arguments"); SCLogError("Invalid arguments");
BUG_ON(1); BUG_ON(1);
} else if (Callback2 == DetectEngineInspectBufferGeneric && GetData == NULL) { } else if (Callback2 == DetectEngineInspectBufferGeneric && GetData == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENTS, "Invalid arguments: must register " SCLogError("Invalid arguments: must register "
"GetData with DetectEngineInspectBufferGeneric"); "GetData with DetectEngineInspectBufferGeneric");
BUG_ON(1); BUG_ON(1);
} }
@ -422,11 +418,11 @@ void DetectEngineFrameInspectEngineRegister(DetectEngineCtx *de_ctx, const char
{ {
const int sm_list = DetectEngineBufferTypeRegister(de_ctx, name); const int sm_list = DetectEngineBufferTypeRegister(de_ctx, name);
if (sm_list < 0) { if (sm_list < 0) {
FatalError(SC_ERR_INITIALIZATION, "failed to register inspect engine %s", name); FatalError("failed to register inspect engine %s", name);
} }
if ((sm_list < DETECT_SM_LIST_MATCH) || (sm_list >= SHRT_MAX) || (Callback == NULL)) { if ((sm_list < DETECT_SM_LIST_MATCH) || (sm_list >= SHRT_MAX) || (Callback == NULL)) {
SCLogError(SC_ERR_INVALID_ARGUMENTS, "Invalid arguments"); SCLogError("Invalid arguments");
BUG_ON(1); BUG_ON(1);
} }
@ -439,8 +435,7 @@ void DetectEngineFrameInspectEngineRegister(DetectEngineCtx *de_ctx, const char
DetectEngineFrameInspectionEngine *new_engine = SCCalloc(1, sizeof(*new_engine)); DetectEngineFrameInspectionEngine *new_engine = SCCalloc(1, sizeof(*new_engine));
if (unlikely(new_engine == NULL)) { if (unlikely(new_engine == NULL)) {
FatalError(SC_ERR_INITIALIZATION, "failed to register inspect engine %s: %s", name, FatalError("failed to register inspect engine %s: %s", name, strerror(errno));
strerror(errno));
} }
new_engine->sm_list = (uint16_t)sm_list; new_engine->sm_list = (uint16_t)sm_list;
new_engine->sm_list_base = (uint16_t)sm_list; new_engine->sm_list_base = (uint16_t)sm_list;
@ -970,9 +965,8 @@ static void DetectBufferTypeFreeFunc(void *data)
if (map->transforms.transforms[i].options == NULL) if (map->transforms.transforms[i].options == NULL)
continue; continue;
if (sigmatch_table[map->transforms.transforms[i].transform].Free == NULL) { if (sigmatch_table[map->transforms.transforms[i].transform].Free == NULL) {
SCLogError(SC_ERR_UNIMPLEMENTED, SCLogError("%s allocates transform option memory but has no free routine",
"%s allocates transform option memory but has no free routine", sigmatch_table[map->transforms.transforms[i].transform].name);
sigmatch_table[map->transforms.transforms[i].transform].name);
continue; continue;
} }
sigmatch_table[map->transforms.transforms[i].transform].Free(NULL, map->transforms.transforms[i].options); sigmatch_table[map->transforms.transforms[i].transform].Free(NULL, map->transforms.transforms[i].options);
@ -1316,9 +1310,9 @@ int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s)
if (s->init_data->list && s->init_data->transforms.cnt) { if (s->init_data->list && s->init_data->transforms.cnt) {
if (s->init_data->list == DETECT_SM_LIST_NOTSET || if (s->init_data->list == DETECT_SM_LIST_NOTSET ||
s->init_data->list < DETECT_SM_LIST_DYNAMIC_START) { s->init_data->list < DETECT_SM_LIST_DYNAMIC_START) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "previous transforms not consumed " SCLogError("previous transforms not consumed "
"(list: %u, transform_cnt %u)", s->init_data->list, "(list: %u, transform_cnt %u)",
s->init_data->transforms.cnt); s->init_data->list, s->init_data->transforms.cnt);
SCReturnInt(-1); SCReturnInt(-1);
} }
@ -1669,8 +1663,7 @@ int DetectEngineBufferTypeGetByIdTransforms(
return -1; return -1;
} }
if (!base_map->supports_transforms) { if (!base_map->supports_transforms) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "buffer '%s' does not support transformations", SCLogError("buffer '%s' does not support transformations", base_map->name);
base_map->name);
return -1; return -1;
} }
@ -2220,7 +2213,7 @@ static int DetectEngineReloadThreads(DetectEngineCtx *new_de_ctx)
new_det_ctx[i] = DetectEngineThreadCtxInitForReload(tv, new_de_ctx, 1); new_det_ctx[i] = DetectEngineThreadCtxInitForReload(tv, new_de_ctx, 1);
if (new_det_ctx[i] == NULL) { if (new_det_ctx[i] == NULL) {
SCLogError(SC_ERR_LIVE_RULE_SWAP, "Detect engine thread init " SCLogError("Detect engine thread init "
"failure in live rule swap. Let's get out of here"); "failure in live rule swap. Let's get out of here");
SCMutexUnlock(&tv_root_lock); SCMutexUnlock(&tv_root_lock);
goto error; goto error;
@ -2563,9 +2556,8 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
} else if (strcmp(de_ctx_profile, "custom") == 0) { } else if (strcmp(de_ctx_profile, "custom") == 0) {
profile = ENGINE_PROFILE_CUSTOM; profile = ENGINE_PROFILE_CUSTOM;
} else { } else {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, SCLogError("invalid value for detect.profile: '%s'. "
"invalid value for detect.profile: '%s'. " "Valid options: low, medium, high and custom.",
"Valid options: low, medium, high and custom.",
de_ctx_profile); de_ctx_profile);
return -1; return -1;
} }
@ -2595,10 +2587,11 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
} else if (strcmp(sgh_mpm_context, "full") == 0) { } else if (strcmp(sgh_mpm_context, "full") == 0) {
de_ctx->sgh_mpm_ctx_cnf = ENGINE_SGH_MPM_FACTORY_CONTEXT_FULL; de_ctx->sgh_mpm_ctx_cnf = ENGINE_SGH_MPM_FACTORY_CONTEXT_FULL;
} else { } else {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "You have supplied an " SCLogError("You have supplied an "
"invalid conf value for detect-engine.sgh-mpm-context-" "invalid conf value for detect-engine.sgh-mpm-context-"
"%s", sgh_mpm_context); "%s",
exit(EXIT_FAILURE); sgh_mpm_context);
exit(EXIT_FAILURE);
} }
} }
@ -2653,10 +2646,9 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
(const char *)max_uniq_toclient_groups_str) <= 0) { (const char *)max_uniq_toclient_groups_str) <= 0) {
de_ctx->max_uniq_toclient_groups = 20; de_ctx->max_uniq_toclient_groups = 20;
SCLogWarning(SC_ERR_SIZE_PARSE, "parsing '%s' for " SCLogWarning("parsing '%s' for "
"toclient-groups failed, using %u", "toclient-groups failed, using %u",
max_uniq_toclient_groups_str, max_uniq_toclient_groups_str, de_ctx->max_uniq_toclient_groups);
de_ctx->max_uniq_toclient_groups);
} }
} else { } else {
de_ctx->max_uniq_toclient_groups = 20; de_ctx->max_uniq_toclient_groups = 20;
@ -2669,10 +2661,9 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
(const char *)max_uniq_toserver_groups_str) <= 0) { (const char *)max_uniq_toserver_groups_str) <= 0) {
de_ctx->max_uniq_toserver_groups = 40; de_ctx->max_uniq_toserver_groups = 40;
SCLogWarning(SC_ERR_SIZE_PARSE, "parsing '%s' for " SCLogWarning("parsing '%s' for "
"toserver-groups failed, using %u", "toserver-groups failed, using %u",
max_uniq_toserver_groups_str, max_uniq_toserver_groups_str, de_ctx->max_uniq_toserver_groups);
de_ctx->max_uniq_toserver_groups);
} }
} else { } else {
de_ctx->max_uniq_toserver_groups = 40; de_ctx->max_uniq_toserver_groups = 40;
@ -2709,8 +2700,8 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
insp_recursion_limit_node = ConfNodeLookupChild(opt, opt->val); insp_recursion_limit_node = ConfNodeLookupChild(opt, opt->val);
if (insp_recursion_limit_node == NULL) { if (insp_recursion_limit_node == NULL) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Error retrieving conf " SCLogError("Error retrieving conf "
"entry for detect-engine:inspection-recursion-limit"); "entry for detect-engine:inspection-recursion-limit");
break; break;
} }
insp_recursion_limit = insp_recursion_limit_node->val; insp_recursion_limit = insp_recursion_limit_node->val;
@ -2722,10 +2713,9 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
if (insp_recursion_limit != NULL) { if (insp_recursion_limit != NULL) {
if (StringParseInt32(&de_ctx->inspection_recursion_limit, 10, if (StringParseInt32(&de_ctx->inspection_recursion_limit, 10,
0, (const char *)insp_recursion_limit) < 0) { 0, (const char *)insp_recursion_limit) < 0) {
SCLogWarning(SC_EINVAL, SCLogWarning("Invalid value for "
"Invalid value for " "detect-engine.inspection-recursion-limit: %s "
"detect-engine.inspection-recursion-limit: %s " "resetting to %d",
"resetting to %d",
insp_recursion_limit, DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT); insp_recursion_limit, DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT);
de_ctx->inspection_recursion_limit = de_ctx->inspection_recursion_limit =
DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT; DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT;
@ -2755,14 +2745,16 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
} }
if (DetectPortParse(de_ctx, &de_ctx->tcp_whitelist, ports) != 0) { if (DetectPortParse(de_ctx, &de_ctx->tcp_whitelist, ports) != 0) {
SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY, "'%s' is not a valid value " SCLogWarning("'%s' is not a valid value "
"for detect.grouping.tcp-whitelist", ports); "for detect.grouping.tcp-whitelist",
ports);
} }
DetectPort *x = de_ctx->tcp_whitelist; DetectPort *x = de_ctx->tcp_whitelist;
for ( ; x != NULL; x = x->next) { for ( ; x != NULL; x = x->next) {
if (x->port != x->port2) { if (x->port != x->port2) {
SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY, "'%s' is not a valid value " SCLogWarning("'%s' is not a valid value "
"for detect.grouping.tcp-whitelist: only single ports allowed", ports); "for detect.grouping.tcp-whitelist: only single ports allowed",
ports);
DetectPortCleanupList(de_ctx, de_ctx->tcp_whitelist); DetectPortCleanupList(de_ctx, de_ctx->tcp_whitelist);
de_ctx->tcp_whitelist = NULL; de_ctx->tcp_whitelist = NULL;
break; break;
@ -2779,15 +2771,15 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
} }
if (DetectPortParse(de_ctx, &de_ctx->udp_whitelist, ports) != 0) { if (DetectPortParse(de_ctx, &de_ctx->udp_whitelist, ports) != 0) {
SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY, SCLogWarning("'%s' is not a valid value "
"'%s' is not a valid value " "for detect.grouping.udp-whitelist",
"for detect.grouping.udp-whitelist",
ports); ports);
} }
for (x = de_ctx->udp_whitelist; x != NULL; x = x->next) { for (x = de_ctx->udp_whitelist; x != NULL; x = x->next) {
if (x->port != x->port2) { if (x->port != x->port2) {
SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY, "'%s' is not a valid value " SCLogWarning("'%s' is not a valid value "
"for detect.grouping.udp-whitelist: only single ports allowed", ports); "for detect.grouping.udp-whitelist: only single ports allowed",
ports);
DetectPortCleanupList(de_ctx, de_ctx->udp_whitelist); DetectPortCleanupList(de_ctx, de_ctx->udp_whitelist);
de_ctx->udp_whitelist = NULL; de_ctx->udp_whitelist = NULL;
break; break;
@ -2837,7 +2829,7 @@ static int DetectEngineThreadCtxInitGlobalKeywords(DetectEngineThreadCtx *det_ct
// coverity[suspicious_sizeof : FALSE] // coverity[suspicious_sizeof : FALSE]
det_ctx->global_keyword_ctxs_array = (void **)SCCalloc(master->keyword_id, sizeof(void *)); det_ctx->global_keyword_ctxs_array = (void **)SCCalloc(master->keyword_id, sizeof(void *));
if (det_ctx->global_keyword_ctxs_array == NULL) { if (det_ctx->global_keyword_ctxs_array == NULL) {
SCLogError(SC_ERR_DETECT_PREPARE, "setting up thread local detect ctx"); SCLogError("setting up thread local detect ctx");
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
det_ctx->global_keyword_ctxs_size = master->keyword_id; det_ctx->global_keyword_ctxs_size = master->keyword_id;
@ -2846,8 +2838,9 @@ static int DetectEngineThreadCtxInitGlobalKeywords(DetectEngineThreadCtx *det_ct
while (item) { while (item) {
det_ctx->global_keyword_ctxs_array[item->id] = item->InitFunc(item->data); det_ctx->global_keyword_ctxs_array[item->id] = item->InitFunc(item->data);
if (det_ctx->global_keyword_ctxs_array[item->id] == NULL) { if (det_ctx->global_keyword_ctxs_array[item->id] == NULL) {
SCLogError(SC_ERR_DETECT_PREPARE, "setting up thread local detect ctx " SCLogError("setting up thread local detect ctx "
"for keyword \"%s\" failed", item->name); "for keyword \"%s\" failed",
item->name);
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
item = item->next; item = item->next;
@ -2884,7 +2877,7 @@ static int DetectEngineThreadCtxInitKeywords(DetectEngineCtx *de_ctx, DetectEngi
// coverity[suspicious_sizeof : FALSE] // coverity[suspicious_sizeof : FALSE]
det_ctx->keyword_ctxs_array = SCMalloc(de_ctx->keyword_id * sizeof(void *)); det_ctx->keyword_ctxs_array = SCMalloc(de_ctx->keyword_id * sizeof(void *));
if (det_ctx->keyword_ctxs_array == NULL) { if (det_ctx->keyword_ctxs_array == NULL) {
SCLogError(SC_ERR_DETECT_PREPARE, "setting up thread local detect ctx"); SCLogError("setting up thread local detect ctx");
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
@ -2898,8 +2891,9 @@ static int DetectEngineThreadCtxInitKeywords(DetectEngineCtx *de_ctx, DetectEngi
det_ctx->keyword_ctxs_array[item->id] = item->InitFunc(item->data); det_ctx->keyword_ctxs_array[item->id] = item->InitFunc(item->data);
if (det_ctx->keyword_ctxs_array[item->id] == NULL) { if (det_ctx->keyword_ctxs_array[item->id] == NULL) {
SCLogError(SC_ERR_DETECT_PREPARE, "setting up thread local detect ctx " SCLogError("setting up thread local detect ctx "
"for keyword \"%s\" failed", item->name); "for keyword \"%s\" failed",
item->name);
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
} }
@ -2935,8 +2929,8 @@ static TmEcode DetectEngineThreadCtxInitForMT(ThreadVars *tv, DetectEngineThread
HashTable *mt_det_ctxs_hash = NULL; HashTable *mt_det_ctxs_hash = NULL;
if (master->tenant_selector == TENANT_SELECTOR_UNKNOWN) { if (master->tenant_selector == TENANT_SELECTOR_UNKNOWN) {
SCLogError(SC_ERR_MT_NO_SELECTOR, "no tenant selector set: " SCLogError("no tenant selector set: "
"set using multi-detect.selector"); "set using multi-detect.selector");
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
@ -3370,7 +3364,7 @@ TmEcode DetectEngineThreadCtxDeinit(ThreadVars *tv, void *data)
DetectEngineThreadCtx *det_ctx = (DetectEngineThreadCtx *)data; DetectEngineThreadCtx *det_ctx = (DetectEngineThreadCtx *)data;
if (det_ctx == NULL) { if (det_ctx == NULL) {
SCLogWarning(SC_ERR_INVALID_ARGUMENTS, "argument \"data\" NULL"); SCLogWarning("argument \"data\" NULL");
return TM_ECODE_OK; return TM_ECODE_OK;
} }
@ -3670,28 +3664,27 @@ static int DetectEngineMultiTenantLoadTenant(uint32_t tenant_id, const char *fil
struct stat st; struct stat st;
if(stat(filename, &st) != 0) { if(stat(filename, &st) != 0) {
#endif /* OS_WIN32 */ #endif /* OS_WIN32 */
SCLogError(SC_ERR_FOPEN, "failed to stat file %s", filename); SCLogError("failed to stat file %s", filename);
goto error; goto error;
} }
de_ctx = DetectEngineGetByTenantId(tenant_id); de_ctx = DetectEngineGetByTenantId(tenant_id);
if (de_ctx != NULL) { if (de_ctx != NULL) {
SCLogError(SC_ERR_MT_DUPLICATE_TENANT, "tenant %u already registered", SCLogError("tenant %u already registered", tenant_id);
tenant_id);
DetectEngineDeReference(&de_ctx); DetectEngineDeReference(&de_ctx);
goto error; goto error;
} }
ConfNode *node = ConfGetNode(prefix); ConfNode *node = ConfGetNode(prefix);
if (node == NULL) { if (node == NULL) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "failed to properly setup yaml %s", filename); SCLogError("failed to properly setup yaml %s", filename);
goto error; goto error;
} }
de_ctx = DetectEngineCtxInitWithPrefix(prefix); de_ctx = DetectEngineCtxInitWithPrefix(prefix);
if (de_ctx == NULL) { if (de_ctx == NULL) {
SCLogError(SC_ERR_INITIALIZATION, "initializing detection engine " SCLogError("initializing detection engine "
"context failed."); "context failed.");
goto error; goto error;
} }
SCLogDebug("de_ctx %p with prefix %s", de_ctx, de_ctx->config_prefix); SCLogDebug("de_ctx %p with prefix %s", de_ctx, de_ctx->config_prefix);
@ -3701,7 +3694,7 @@ static int DetectEngineMultiTenantLoadTenant(uint32_t tenant_id, const char *fil
de_ctx->loader_id = loader_id; de_ctx->loader_id = loader_id;
if (SigLoadSignatures(de_ctx, NULL, 0) < 0) { if (SigLoadSignatures(de_ctx, NULL, 0) < 0) {
SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed."); SCLogError("Loading signatures failed.");
goto error; goto error;
} }
@ -3720,7 +3713,7 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
{ {
DetectEngineCtx *old_de_ctx = DetectEngineGetByTenantId(tenant_id); DetectEngineCtx *old_de_ctx = DetectEngineGetByTenantId(tenant_id);
if (old_de_ctx == NULL) { if (old_de_ctx == NULL) {
SCLogError(SC_ERR_INITIALIZATION, "tenant detect engine not found"); SCLogError("tenant detect engine not found");
return -1; return -1;
} }
@ -3730,20 +3723,20 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
SCLogDebug("prefix %s", prefix); SCLogDebug("prefix %s", prefix);
if (ConfYamlLoadFileWithPrefix(filename, prefix) != 0) { if (ConfYamlLoadFileWithPrefix(filename, prefix) != 0) {
SCLogError(SC_ERR_INITIALIZATION,"failed to load yaml"); SCLogError("failed to load yaml");
goto error; goto error;
} }
ConfNode *node = ConfGetNode(prefix); ConfNode *node = ConfGetNode(prefix);
if (node == NULL) { if (node == NULL) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "failed to properly setup yaml %s", filename); SCLogError("failed to properly setup yaml %s", filename);
goto error; goto error;
} }
DetectEngineCtx *new_de_ctx = DetectEngineCtxInitWithPrefix(prefix); DetectEngineCtx *new_de_ctx = DetectEngineCtxInitWithPrefix(prefix);
if (new_de_ctx == NULL) { if (new_de_ctx == NULL) {
SCLogError(SC_ERR_INITIALIZATION, "initializing detection engine " SCLogError("initializing detection engine "
"context failed."); "context failed.");
goto error; goto error;
} }
SCLogDebug("de_ctx %p with prefix %s", new_de_ctx, new_de_ctx->config_prefix); SCLogDebug("de_ctx %p with prefix %s", new_de_ctx, new_de_ctx->config_prefix);
@ -3753,7 +3746,7 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
new_de_ctx->loader_id = old_de_ctx->loader_id; new_de_ctx->loader_id = old_de_ctx->loader_id;
if (SigLoadSignatures(new_de_ctx, NULL, 0) < 0) { if (SigLoadSignatures(new_de_ctx, NULL, 0) < 0) {
SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed."); SCLogError("Loading signatures failed.");
goto error; goto error;
} }
@ -3878,21 +3871,21 @@ static int DetectEngineMultiTenantSetupLoadLivedevMappings(const ConfNode *mappi
uint32_t tenant_id = 0; uint32_t tenant_id = 0;
if (StringParseUint32(&tenant_id, 10, (uint16_t)strlen(tenant_id_node->val), if (StringParseUint32(&tenant_id, 10, (uint16_t)strlen(tenant_id_node->val),
tenant_id_node->val) < 0) { tenant_id_node->val) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "tenant-id " SCLogError("tenant-id "
"of %s is invalid", tenant_id_node->val); "of %s is invalid",
tenant_id_node->val);
goto bad_mapping; goto bad_mapping;
} }
const char *dev = device_node->val; const char *dev = device_node->val;
LiveDevice *ld = LiveGetDevice(dev); LiveDevice *ld = LiveGetDevice(dev);
if (ld == NULL) { if (ld == NULL) {
SCLogWarning(SC_ERR_MT_NO_MAPPING, "device %s not found", dev); SCLogWarning("device %s not found", dev);
goto bad_mapping; goto bad_mapping;
} }
if (ld->tenant_id_set) { if (ld->tenant_id_set) {
SCLogWarning(SC_ERR_MT_NO_MAPPING, "device %s already mapped to tenant-id %u", SCLogWarning("device %s already mapped to tenant-id %u", dev, ld->tenant_id);
dev, ld->tenant_id);
goto bad_mapping; goto bad_mapping;
} }
@ -3937,21 +3930,24 @@ static int DetectEngineMultiTenantSetupLoadVlanMappings(const ConfNode *mappings
uint32_t tenant_id = 0; uint32_t tenant_id = 0;
if (StringParseUint32(&tenant_id, 10, (uint16_t)strlen(tenant_id_node->val), if (StringParseUint32(&tenant_id, 10, (uint16_t)strlen(tenant_id_node->val),
tenant_id_node->val) < 0) { tenant_id_node->val) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "tenant-id " SCLogError("tenant-id "
"of %s is invalid", tenant_id_node->val); "of %s is invalid",
tenant_id_node->val);
goto bad_mapping; goto bad_mapping;
} }
uint16_t vlan_id = 0; uint16_t vlan_id = 0;
if (StringParseUint16( if (StringParseUint16(
&vlan_id, 10, (uint16_t)strlen(vlan_id_node->val), vlan_id_node->val) < 0) { &vlan_id, 10, (uint16_t)strlen(vlan_id_node->val), vlan_id_node->val) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "vlan-id " SCLogError("vlan-id "
"of %s is invalid", vlan_id_node->val); "of %s is invalid",
vlan_id_node->val);
goto bad_mapping; goto bad_mapping;
} }
if (vlan_id == 0 || vlan_id >= 4095) { if (vlan_id == 0 || vlan_id >= 4095) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "vlan-id " SCLogError("vlan-id "
"of %s is invalid. Valid range 1-4094.", vlan_id_node->val); "of %s is invalid. Valid range 1-4094.",
vlan_id_node->val);
goto bad_mapping; goto bad_mapping;
} }
@ -4007,8 +4003,8 @@ int DetectEngineMultiTenantSetup(const bool unix_socket)
int vlanbool = 0; int vlanbool = 0;
if ((ConfGetBool("vlan.use-for-tracking", &vlanbool)) == 1 && vlanbool == 0) { if ((ConfGetBool("vlan.use-for-tracking", &vlanbool)) == 1 && vlanbool == 0) {
SCLogError(SC_EINVAL, "vlan tracking is disabled, " SCLogError("vlan tracking is disabled, "
"can't use multi-detect selector 'vlan'"); "can't use multi-detect selector 'vlan'");
SCMutexUnlock(&master->lock); SCMutexUnlock(&master->lock);
goto error; goto error;
} }
@ -4018,16 +4014,14 @@ int DetectEngineMultiTenantSetup(const bool unix_socket)
} else if (strcmp(handler, "device") == 0) { } else if (strcmp(handler, "device") == 0) {
tenant_selector = master->tenant_selector = TENANT_SELECTOR_LIVEDEV; tenant_selector = master->tenant_selector = TENANT_SELECTOR_LIVEDEV;
if (EngineModeIsIPS()) { if (EngineModeIsIPS()) {
SCLogWarning(SC_ERR_MT_NO_MAPPING, SCLogWarning("multi-tenant 'device' mode not supported for IPS");
"multi-tenant 'device' mode not supported for IPS");
SCMutexUnlock(&master->lock); SCMutexUnlock(&master->lock);
goto error; goto error;
} }
} else { } else {
SCLogError(SC_EINVAL, SCLogError("unknown value %s "
"unknown value %s " "multi-detect.selector",
"multi-detect.selector",
handler); handler);
SCMutexUnlock(&master->lock); SCMutexUnlock(&master->lock);
goto error; goto error;
@ -4052,10 +4046,10 @@ int DetectEngineMultiTenantSetup(const bool unix_socket)
"tenants won't be used until mappings are added"); "tenants won't be used until mappings are added");
} else { } else {
if (failure_fatal) { if (failure_fatal) {
SCLogError(SC_ERR_MT_NO_MAPPING, "no multi-detect mappings defined"); SCLogError("no multi-detect mappings defined");
goto error; goto error;
} else { } else {
SCLogWarning(SC_ERR_MT_NO_MAPPING, "no multi-detect mappings defined"); SCLogWarning("no multi-detect mappings defined");
} }
} }
} }
@ -4064,10 +4058,10 @@ int DetectEngineMultiTenantSetup(const bool unix_socket)
failure_fatal); failure_fatal);
if (mapping_cnt == 0) { if (mapping_cnt == 0) {
if (failure_fatal) { if (failure_fatal) {
SCLogError(SC_ERR_MT_NO_MAPPING, "no multi-detect mappings defined"); SCLogError("no multi-detect mappings defined");
goto error; goto error;
} else { } else {
SCLogWarning(SC_ERR_MT_NO_MAPPING, "no multi-detect mappings defined"); SCLogWarning("no multi-detect mappings defined");
} }
} }
} }
@ -4090,8 +4084,9 @@ int DetectEngineMultiTenantSetup(const bool unix_socket)
uint32_t tenant_id = 0; uint32_t tenant_id = 0;
if (StringParseUint32( if (StringParseUint32(
&tenant_id, 10, (uint16_t)strlen(id_node->val), id_node->val) < 0) { &tenant_id, 10, (uint16_t)strlen(id_node->val), id_node->val) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "tenant_id " SCLogError("tenant_id "
"of %s is invalid", id_node->val); "of %s is invalid",
id_node->val);
goto bad_tenant; goto bad_tenant;
} }
SCLogDebug("tenant id: %u, %s", tenant_id, yaml_node->val); SCLogDebug("tenant id: %u, %s", tenant_id, yaml_node->val);
@ -4101,7 +4096,7 @@ int DetectEngineMultiTenantSetup(const bool unix_socket)
char prefix[64]; char prefix[64];
snprintf(prefix, sizeof(prefix), "multi-detect.%u", tenant_id); snprintf(prefix, sizeof(prefix), "multi-detect.%u", tenant_id);
if (ConfYamlLoadFileWithPrefix(yaml_node->val, prefix) != 0) { if (ConfYamlLoadFileWithPrefix(yaml_node->val, prefix) != 0) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "failed to load yaml %s", yaml_node->val); SCLogError("failed to load yaml %s", yaml_node->val);
goto bad_tenant; goto bad_tenant;
} }
@ -4447,15 +4442,13 @@ int DetectEngineReload(const SCInstance *suri)
if (suri->conf_filename != NULL) { if (suri->conf_filename != NULL) {
snprintf(prefix, sizeof(prefix), "detect-engine-reloads.%d", reloads++); snprintf(prefix, sizeof(prefix), "detect-engine-reloads.%d", reloads++);
if (ConfYamlLoadFileWithPrefix(suri->conf_filename, prefix) != 0) { if (ConfYamlLoadFileWithPrefix(suri->conf_filename, prefix) != 0) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "failed to load yaml %s", SCLogError("failed to load yaml %s", suri->conf_filename);
suri->conf_filename);
return -1; return -1;
} }
ConfNode *node = ConfGetNode(prefix); ConfNode *node = ConfGetNode(prefix);
if (node == NULL) { if (node == NULL) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "failed to properly setup yaml %s", SCLogError("failed to properly setup yaml %s", suri->conf_filename);
suri->conf_filename);
return -1; return -1;
} }
#if 0 #if 0
@ -4482,8 +4475,8 @@ int DetectEngineReload(const SCInstance *suri)
/* get new detection engine */ /* get new detection engine */
new_de_ctx = DetectEngineCtxInitWithPrefix(prefix); new_de_ctx = DetectEngineCtxInitWithPrefix(prefix);
if (new_de_ctx == NULL) { if (new_de_ctx == NULL) {
SCLogError(SC_ERR_INITIALIZATION, "initializing detection engine " SCLogError("initializing detection engine "
"context failed."); "context failed.");
DetectEngineDeReference(&old_de_ctx); DetectEngineDeReference(&old_de_ctx);
return -1; return -1;
} }
@ -4653,8 +4646,9 @@ int DetectEngineGetEventInfo(const char *event_name, int *event_id,
{ {
*event_id = SCMapEnumNameToValue(event_name, det_ctx_event_table); *event_id = SCMapEnumNameToValue(event_name, det_ctx_event_table);
if (*event_id == -1) { if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in " SCLogError("event \"%s\" not present in "
"det_ctx's enum map table.", event_name); "det_ctx's enum map table.",
event_name);
/* this should be treated as fatal */ /* this should be treated as fatal */
return -1; return -1;
} }

47
src/detect-fast-pattern.c
Unescape Escape View File

@ -155,7 +155,7 @@ void DetectEngineInitializeFastPatternList(DetectEngineCtx *de_ctx)
for (SCFPSupportSMList *tmp = g_fp_support_smlist_list; tmp != NULL; tmp = tmp->next) { for (SCFPSupportSMList *tmp = g_fp_support_smlist_list; tmp != NULL; tmp = tmp->next) {
SCFPSupportSMList *n = SCCalloc(1, sizeof(*n)); SCFPSupportSMList *n = SCCalloc(1, sizeof(*n));
if (n == NULL) { if (n == NULL) {
FatalError(SC_ERR_FATAL, "out of memory: %s", strerror(errno)); FatalError("out of memory: %s", strerror(errno));
} }
n->list_id = tmp->list_id; n->list_id = tmp->list_id;
n->priority = tmp->priority; n->priority = tmp->priority;
@ -221,9 +221,9 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
SigMatch *pm1 = DetectGetLastSMFromMpmLists(de_ctx, s); SigMatch *pm1 = DetectGetLastSMFromMpmLists(de_ctx, s);
SigMatch *pm2 = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1); SigMatch *pm2 = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
if (pm1 == NULL && pm2 == NULL) { if (pm1 == NULL && pm2 == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside " SCLogError("fast_pattern found inside "
"the rule, without a content context. Please use a " "the rule, without a content context. Please use a "
"content based keyword before using fast_pattern"); "content based keyword before using fast_pattern");
return -1; return -1;
} }
@ -247,15 +247,15 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
(cd->flags & DETECT_CONTENT_DEPTH))) { (cd->flags & DETECT_CONTENT_DEPTH))) {
/* we can't have any of these if we are having "only" */ /* we can't have any of these if we are having "only" */
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern; cannot be " SCLogError("fast_pattern; cannot be "
"used with negated content, along with relative modifiers"); "used with negated content, along with relative modifiers");
goto error; goto error;
} }
if (arg == NULL|| strcmp(arg, "") == 0) { if (arg == NULL|| strcmp(arg, "") == 0) {
if (cd->flags & DETECT_CONTENT_FAST_PATTERN) { if (cd->flags & DETECT_CONTENT_FAST_PATTERN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple fast_pattern " SCLogError("can't use multiple fast_pattern "
"options for the same content"); "options for the same content");
goto error; goto error;
} }
else { /*allow only one content to have fast_pattern modifier*/ else { /*allow only one content to have fast_pattern modifier*/
@ -266,8 +266,8 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
if (sm->type == DETECT_CONTENT) { if (sm->type == DETECT_CONTENT) {
DetectContentData *tmp_cd = (DetectContentData *)sm->ctx; DetectContentData *tmp_cd = (DetectContentData *)sm->ctx;
if (tmp_cd->flags & DETECT_CONTENT_FAST_PATTERN) { if (tmp_cd->flags & DETECT_CONTENT_FAST_PATTERN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern " SCLogError("fast_pattern "
"can be used on only one content in a rule"); "can be used on only one content in a rule");
goto error; goto error;
} }
} }
@ -289,7 +289,7 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
(cd->flags & DETECT_CONTENT_DEPTH)) { (cd->flags & DETECT_CONTENT_DEPTH)) {
/* we can't have any of these if we are having "only" */ /* we can't have any of these if we are having "only" */
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern: only; cannot be " SCLogError("fast_pattern: only; cannot be "
"used with negated content or with any of the relative " "used with negated content or with any of the relative "
"modifiers like distance, within, offset, depth"); "modifiers like distance, within, offset, depth");
goto error; goto error;
@ -302,15 +302,16 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
res = pcre2_substring_copy_bynumber( res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)arg_substr, &pcre2len); parse_regex.match, 2, (PCRE2_UCHAR8 *)arg_substr, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " SCLogError("pcre2_substring_copy_bynumber failed "
"for fast_pattern offset"); "for fast_pattern offset");
goto error; goto error;
} }
uint16_t offset; uint16_t offset;
if (StringParseUint16(&offset, 10, 0, if (StringParseUint16(&offset, 10, 0,
(const char *)arg_substr) < 0) { (const char *)arg_substr) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid fast pattern offset:" SCLogError("Invalid fast pattern offset:"
" \"%s\"", arg_substr); " \"%s\"",
arg_substr);
goto error; goto error;
} }
@ -318,29 +319,30 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
res = pcre2_substring_copy_bynumber( res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)arg_substr, &pcre2len); parse_regex.match, 3, (PCRE2_UCHAR8 *)arg_substr, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " SCLogError("pcre2_substring_copy_bynumber failed "
"for fast_pattern offset"); "for fast_pattern offset");
goto error; goto error;
} }
uint16_t length; uint16_t length;
if (StringParseUint16(&length, 10, 0, if (StringParseUint16(&length, 10, 0,
(const char *)arg_substr) < 0) { (const char *)arg_substr) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid value for fast " SCLogError("Invalid value for fast "
"pattern: \"%s\"", arg_substr); "pattern: \"%s\"",
arg_substr);
goto error; goto error;
} }
// Avoiding integer overflow // Avoiding integer overflow
if (offset > (65535 - length)) { if (offset > (65535 - length)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Fast pattern (length + offset) " SCLogError("Fast pattern (length + offset) "
"exceeds limit pattern length limit"); "exceeds limit pattern length limit");
goto error; goto error;
} }
if (offset + length > cd->content_len) { if (offset + length > cd->content_len) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Fast pattern (length + " SCLogError("Fast pattern (length + "
"offset (%u)) exceeds pattern length (%u)", "offset (%u)) exceeds pattern length (%u)",
offset + length, cd->content_len); offset + length, cd->content_len);
goto error; goto error;
} }
@ -349,8 +351,7 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
cd->flags |= DETECT_CONTENT_FAST_PATTERN_CHOP; cd->flags |= DETECT_CONTENT_FAST_PATTERN_CHOP;
} else { } else {
SCLogError(SC_ERR_PCRE_PARSE, "parse error, ret %" PRId32 SCLogError("parse error, ret %" PRId32 ", string %s", ret, arg);
", string %s", ret, arg);
goto error; goto error;
} }

6
src/detect-file-data.c
Unescape Escape View File

@ -205,14 +205,14 @@ static int DetectFiledataSetup (DetectEngineCtx *de_ctx, Signature *s, const cha
s->alproto != ALPROTO_HTTP2 && s->alproto != ALPROTO_FTP && s->alproto != ALPROTO_HTTP2 && s->alproto != ALPROTO_FTP &&
s->alproto != ALPROTO_FTPDATA && s->alproto != ALPROTO_HTTP && s->alproto != ALPROTO_FTPDATA && s->alproto != ALPROTO_HTTP &&
s->alproto != ALPROTO_NFS)) { s->alproto != ALPROTO_NFS)) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); SCLogError("rule contains conflicting keywords.");
return -1; return -1;
} }
if (s->alproto == ALPROTO_SMTP && (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) && if (s->alproto == ALPROTO_SMTP && (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) &&
!(s->flags & SIG_FLAG_TOSERVER) && (s->flags & SIG_FLAG_TOCLIENT)) { !(s->flags & SIG_FLAG_TOSERVER) && (s->flags & SIG_FLAG_TOCLIENT)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use file_data with " SCLogError("Can't use file_data with "
"flow:to_client or flow:from_server with smtp."); "flow:to_client or flow:from_server with smtp.");
return -1; return -1;
} }

11
src/detect-file-hash-common.c
Unescape Escape View File

@ -48,8 +48,7 @@ int ReadHashString(uint8_t *hash, const char *string, const char *filename, int
uint16_t expected_len) uint16_t expected_len)
{ {
if (strlen(string) != expected_len) { if (strlen(string) != expected_len) {
SCLogError(SC_ERR_INVALID_HASH, "%s:%d hash string not %d characters", SCLogError("%s:%d hash string not %d characters", filename, line_no, expected_len);
filename, line_no, expected_len);
return -1; return -1;
} }
@ -63,8 +62,7 @@ int ReadHashString(uint8_t *hash, const char *string, const char *filename, int
if (value >= 0 && value <= 255) if (value >= 0 && value <= 255)
hash[x] = (uint8_t)value; hash[x] = (uint8_t)value;
else { else {
SCLogError(SC_ERR_INVALID_HASH, "%s:%d hash byte out of range %ld", SCLogError("%s:%d hash byte out of range %ld", filename, line_no, value);
filename, line_no, value);
return -1; return -1;
} }
} }
@ -250,15 +248,14 @@ static DetectFileHashData *DetectFileHashParse (const DetectEngineCtx *de_ctx,
snprintf(path, sizeof(path), "%s/%s", dir, str); snprintf(path, sizeof(path), "%s/%s", dir, str);
fp = fopen(path, "r"); fp = fopen(path, "r");
if (fp == NULL) { if (fp == NULL) {
SCLogError(SC_ERR_OPENING_RULE_FILE, SCLogError("opening hash file %s: %s", path, strerror(errno));
"opening hash file %s: %s", path, strerror(errno));
goto error; goto error;
} }
} }
} }
if (fp == NULL) { if (fp == NULL) {
#endif #endif
SCLogError(SC_ERR_OPENING_RULE_FILE, "opening hash file %s: %s", filename, strerror(errno)); SCLogError("opening hash file %s: %s", filename, strerror(errno));
goto error; goto error;
#ifdef HAVE_LIBGEN_H #ifdef HAVE_LIBGEN_H
} }

4
src/detect-filemagic.c
Unescape Escape View File

@ -61,7 +61,7 @@
static int DetectFilemagicSetupNoSupport (DetectEngineCtx *de_ctx, Signature *s, const char *str) static int DetectFilemagicSetupNoSupport (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{ {
SCLogError(SC_ERR_NO_MAGIC_SUPPORT, "no libmagic support built in, needed for filemagic keyword"); SCLogError("no libmagic support built in, needed for filemagic keyword");
return -1; return -1;
} }
@ -325,7 +325,7 @@ static void *DetectFilemagicThreadInit(void *data /*@unused@*/)
{ {
DetectFilemagicThreadData *t = SCCalloc(1, sizeof(DetectFilemagicThreadData)); DetectFilemagicThreadData *t = SCCalloc(1, sizeof(DetectFilemagicThreadData));
if (unlikely(t == NULL)) { if (unlikely(t == NULL)) {
SCLogError(SC_ENOMEM, "couldn't alloc ctx memory"); SCLogError("couldn't alloc ctx memory");
return NULL; return NULL;
} }

13
src/detect-filestore.c
Unescape Escape View File

@ -338,7 +338,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
de_ctx->version); de_ctx->version);
} }
if (!RequiresFeature(FEATURE_OUTPUT_FILESTORE)) { if (!RequiresFeature(FEATURE_OUTPUT_FILESTORE)) {
SCLogWarning(SC_WARN_ALERT_CONFIG, "One or more rule(s) depends on the " SCLogWarning("One or more rule(s) depends on the "
"file-store output log which is not enabled. " "file-store output log which is not enabled. "
"Enable the output \"file-store\"."); "Enable the output \"file-store\".");
} }
@ -354,8 +354,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
/* filestore and bypass keywords can't work together */ /* filestore and bypass keywords can't work together */
if (s->flags & SIG_FLAG_BYPASS) { if (s->flags & SIG_FLAG_BYPASS) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, SCLogError("filestore can't work with bypass keyword");
"filestore can't work with bypass keyword");
return -1; return -1;
} }
@ -373,7 +372,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
ret = DetectParsePcreExec(&parse_regex, str, 0, 0); ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (ret < 1 || ret > 4) { if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, str); SCLogError("parse error, ret %" PRId32 ", string %s", ret, str);
goto error; goto error;
} }
@ -382,7 +381,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
res = pcre2_substring_copy_bynumber( res = pcre2_substring_copy_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 *)str_0, &pcre2len); parse_regex.match, 1, (PCRE2_UCHAR8 *)str_0, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
args[0] = (char *)str_0; args[0] = (char *)str_0;
@ -392,7 +391,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
res = pcre2_substring_copy_bynumber( res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)str_1, &pcre2len); parse_regex.match, 2, (PCRE2_UCHAR8 *)str_1, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
args[1] = (char *)str_1; args[1] = (char *)str_1;
@ -402,7 +401,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
res = pcre2_substring_copy_bynumber( res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)str_2, &pcre2len); parse_regex.match, 3, (PCRE2_UCHAR8 *)str_2, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
args[2] = (char *)str_2; args[2] = (char *)str_2;

52
src/detect-flow.c
Unescape Escape View File

@ -179,7 +179,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
ret = DetectParsePcreExec(&parse_regex, flowstr, 0, 0); ret = DetectParsePcreExec(&parse_regex, flowstr, 0, 0);
if (ret < 1 || ret > 4) { if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, flowstr); SCLogError("parse error, ret %" PRId32 ", string %s", ret, flowstr);
goto error; goto error;
} }
@ -187,7 +187,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
pcre2len = sizeof(str1); pcre2len = sizeof(str1);
res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len); res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
args[0] = (char *)str1; args[0] = (char *)str1;
@ -197,7 +197,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
res = pcre2_substring_copy_bynumber( res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len); parse_regex.match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
args[1] = (char *)str2; args[1] = (char *)str2;
@ -207,7 +207,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
res = pcre2_substring_copy_bynumber( res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)str3, &pcre2len); parse_regex.match, 3, (PCRE2_UCHAR8 *)str3, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
args[2] = (char *)str3; args[2] = (char *)str3;
@ -226,87 +226,91 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
/* inspect our options and set the flags */ /* inspect our options and set the flags */
if (strcasecmp(args[i], "established") == 0) { if (strcasecmp(args[i], "established") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED) { if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "DETECT_FLOW_FLAG_ESTABLISHED flag is already set"); SCLogError("DETECT_FLOW_FLAG_ESTABLISHED flag is already set");
goto error; goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_STATELESS) { } else if (fd->flags & DETECT_FLOW_FLAG_STATELESS) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "DETECT_FLOW_FLAG_STATELESS already set"); SCLogError("DETECT_FLOW_FLAG_STATELESS already set");
goto error; goto error;
} }
fd->flags |= DETECT_FLOW_FLAG_ESTABLISHED; fd->flags |= DETECT_FLOW_FLAG_ESTABLISHED;
} else if (strcasecmp(args[i], "not_established") == 0) { } else if (strcasecmp(args[i], "not_established") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_NOT_ESTABLISHED) { if (fd->flags & DETECT_FLOW_FLAG_NOT_ESTABLISHED) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "DETECT_FLOW_FLAG_NOT_ESTABLISHED flag is already set"); SCLogError("DETECT_FLOW_FLAG_NOT_ESTABLISHED flag is already set");
goto error; goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_NOT_ESTABLISHED) { } else if (fd->flags & DETECT_FLOW_FLAG_NOT_ESTABLISHED) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set DETECT_FLOW_FLAG_NOT_ESTABLISHED, DETECT_FLOW_FLAG_ESTABLISHED already set"); SCLogError("cannot set DETECT_FLOW_FLAG_NOT_ESTABLISHED, "
"DETECT_FLOW_FLAG_ESTABLISHED already set");
goto error; goto error;
} }
fd->flags |= DETECT_FLOW_FLAG_NOT_ESTABLISHED; fd->flags |= DETECT_FLOW_FLAG_NOT_ESTABLISHED;
} else if (strcasecmp(args[i], "stateless") == 0) { } else if (strcasecmp(args[i], "stateless") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_STATELESS) { if (fd->flags & DETECT_FLOW_FLAG_STATELESS) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "DETECT_FLOW_FLAG_STATELESS flag is already set"); SCLogError("DETECT_FLOW_FLAG_STATELESS flag is already set");
goto error; goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED) { } else if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set DETECT_FLOW_FLAG_STATELESS, DETECT_FLOW_FLAG_ESTABLISHED already set"); SCLogError("cannot set DETECT_FLOW_FLAG_STATELESS, "
"DETECT_FLOW_FLAG_ESTABLISHED already set");
goto error; goto error;
} }
fd->flags |= DETECT_FLOW_FLAG_STATELESS; fd->flags |= DETECT_FLOW_FLAG_STATELESS;
} else if (strcasecmp(args[i], "to_client") == 0 || strcasecmp(args[i], "from_server") == 0) { } else if (strcasecmp(args[i], "to_client") == 0 || strcasecmp(args[i], "from_server") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_TOCLIENT) { if (fd->flags & DETECT_FLOW_FLAG_TOCLIENT) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set DETECT_FLOW_FLAG_TOCLIENT flag is already set"); SCLogError("cannot set DETECT_FLOW_FLAG_TOCLIENT flag is already set");
goto error; goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_TOSERVER) { } else if (fd->flags & DETECT_FLOW_FLAG_TOSERVER) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set to_client, DETECT_FLOW_FLAG_TOSERVER already set"); SCLogError("cannot set to_client, DETECT_FLOW_FLAG_TOSERVER already set");
goto error; goto error;
} }
fd->flags |= DETECT_FLOW_FLAG_TOCLIENT; fd->flags |= DETECT_FLOW_FLAG_TOCLIENT;
} else if (strcasecmp(args[i], "to_server") == 0 || strcasecmp(args[i], "from_client") == 0){ } else if (strcasecmp(args[i], "to_server") == 0 || strcasecmp(args[i], "from_client") == 0){
if (fd->flags & DETECT_FLOW_FLAG_TOSERVER) { if (fd->flags & DETECT_FLOW_FLAG_TOSERVER) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set DETECT_FLOW_FLAG_TOSERVER flag is already set"); SCLogError("cannot set DETECT_FLOW_FLAG_TOSERVER flag is already set");
goto error; goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_TOCLIENT) { } else if (fd->flags & DETECT_FLOW_FLAG_TOCLIENT) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set to_server, DETECT_FLOW_FLAG_TO_CLIENT flag already set"); SCLogError("cannot set to_server, DETECT_FLOW_FLAG_TO_CLIENT flag already set");
goto error; goto error;
} }
fd->flags |= DETECT_FLOW_FLAG_TOSERVER; fd->flags |= DETECT_FLOW_FLAG_TOSERVER;
} else if (strcasecmp(args[i], "only_stream") == 0) { } else if (strcasecmp(args[i], "only_stream") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM) { if (fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set only_stream flag is already set"); SCLogError("cannot set only_stream flag is already set");
goto error; goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) { } else if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set only_stream flag, DETECT_FLOW_FLAG_NOSTREAM already set"); SCLogError(
"cannot set only_stream flag, DETECT_FLOW_FLAG_NOSTREAM already set");
goto error; goto error;
} }
fd->flags |= DETECT_FLOW_FLAG_ONLYSTREAM; fd->flags |= DETECT_FLOW_FLAG_ONLYSTREAM;
} else if (strcasecmp(args[i], "no_stream") == 0) { } else if (strcasecmp(args[i], "no_stream") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) { if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set no_stream flag is already set"); SCLogError("cannot set no_stream flag is already set");
goto error; goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM) { } else if (fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set no_stream flag, DETECT_FLOW_FLAG_ONLYSTREAM already set"); SCLogError(
"cannot set no_stream flag, DETECT_FLOW_FLAG_ONLYSTREAM already set");
goto error; goto error;
} }
fd->flags |= DETECT_FLOW_FLAG_NOSTREAM; fd->flags |= DETECT_FLOW_FLAG_NOSTREAM;
} else if (strcasecmp(args[i], "no_frag") == 0) { } else if (strcasecmp(args[i], "no_frag") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_NO_FRAG) { if (fd->flags & DETECT_FLOW_FLAG_NO_FRAG) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set no_frag flag is already set"); SCLogError("cannot set no_frag flag is already set");
goto error; goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_ONLY_FRAG) { } else if (fd->flags & DETECT_FLOW_FLAG_ONLY_FRAG) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set no_frag flag, only_frag already set"); SCLogError("cannot set no_frag flag, only_frag already set");
goto error; goto error;
} }
fd->flags |= DETECT_FLOW_FLAG_NO_FRAG; fd->flags |= DETECT_FLOW_FLAG_NO_FRAG;
} else if (strcasecmp(args[i], "only_frag") == 0) { } else if (strcasecmp(args[i], "only_frag") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_ONLY_FRAG) { if (fd->flags & DETECT_FLOW_FLAG_ONLY_FRAG) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set only_frag flag is already set"); SCLogError("cannot set only_frag flag is already set");
goto error; goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_NO_FRAG) { } else if (fd->flags & DETECT_FLOW_FLAG_NO_FRAG) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set only_frag flag, no_frag already set"); SCLogError("cannot set only_frag flag, no_frag already set");
goto error; goto error;
} }
fd->flags |= DETECT_FLOW_FLAG_ONLY_FRAG; fd->flags |= DETECT_FLOW_FLAG_ONLY_FRAG;
} else { } else {
SCLogError(SC_EINVAL, "invalid flow option \"%s\"", args[i]); SCLogError("invalid flow option \"%s\"", args[i]);
goto error; goto error;
} }
@ -368,7 +372,7 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *flowstr)
{ {
/* ensure only one flow option */ /* ensure only one flow option */
if (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) { if (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) {
SCLogError (SC_ERR_INVALID_SIGNATURE, "A signature may have only one flow option."); SCLogError("A signature may have only one flow option.");
return -1; return -1;
} }

27
src/detect-flowbits.c
Unescape Escape View File

@ -97,13 +97,14 @@ static int FlowbitOrAddData(DetectEngineCtx *de_ctx, DetectFlowbitsData *cd, cha
// Check for spaces in between the flowbit names // Check for spaces in between the flowbit names
if (strchr(token, ' ') != NULL) { if (strchr(token, ' ') != NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Spaces are not allowed in flowbit names."); SCLogError("Spaces are not allowed in flowbit names.");
return -1; return -1;
} }
if (i == MAX_TOKENS) { if (i == MAX_TOKENS) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Number of flowbits exceeds " SCLogError("Number of flowbits exceeds "
"maximum allowed: %d.", MAX_TOKENS); "maximum allowed: %d.",
MAX_TOKENS);
return -1; return -1;
} }
strarr[i++] = token; strarr[i++] = token;
@ -207,7 +208,7 @@ int DetectFlowbitMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
case DETECT_FLOWBITS_CMD_TOGGLE: case DETECT_FLOWBITS_CMD_TOGGLE:
return DetectFlowbitMatchToggle(p,fd); return DetectFlowbitMatchToggle(p,fd);
default: default:
SCLogError(SC_ERR_UNKNOWN_VALUE, "unknown cmd %" PRIu32 "", fd->cmd); SCLogError("unknown cmd %" PRIu32 "", fd->cmd);
return 0; return 0;
} }
@ -222,15 +223,14 @@ static int DetectFlowbitParse(const char *str, char *cmd, int cmd_len, char *nam
count = DetectParsePcreExec(&parse_regex, str, 0, 0); count = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (count != 2 && count != 3) { if (count != 2 && count != 3) {
SCLogError(SC_ERR_PCRE_MATCH, SCLogError("\"%s\" is not a valid setting for flowbits.", str);
"\"%s\" is not a valid setting for flowbits.", str);
return 0; return 0;
} }
pcre2len = cmd_len; pcre2len = cmd_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len); rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len);
if (rc < 0) { if (rc < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
return 0; return 0;
} }
@ -238,7 +238,7 @@ static int DetectFlowbitParse(const char *str, char *cmd, int cmd_len, char *nam
pcre2len = name_len; pcre2len = name_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len); rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len);
if (rc < 0) { if (rc < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
return 0; return 0;
} }
@ -251,8 +251,7 @@ static int DetectFlowbitParse(const char *str, char *cmd, int cmd_len, char *nam
/* Validate name, spaces are not allowed. */ /* Validate name, spaces are not allowed. */
for (size_t i = 0; i < strlen(name); i++) { for (size_t i = 0; i < strlen(name); i++) {
if (isblank(name[i])) { if (isblank(name[i])) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("spaces not allowed in flowbit names");
"spaces not allowed in flowbit names");
return 0; return 0;
} }
} }
@ -287,7 +286,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
} else if (strcmp(fb_cmd_str,"toggle") == 0) { } else if (strcmp(fb_cmd_str,"toggle") == 0) {
fb_cmd = DETECT_FLOWBITS_CMD_TOGGLE; fb_cmd = DETECT_FLOWBITS_CMD_TOGGLE;
} else { } else {
SCLogError(SC_ERR_UNKNOWN_VALUE, "ERROR: flowbits action \"%s\" is not supported.", fb_cmd_str); SCLogError("ERROR: flowbits action \"%s\" is not supported.", fb_cmd_str);
goto error; goto error;
} }
@ -417,7 +416,7 @@ int DetectFlowbitsAnalyze(DetectEngineCtx *de_ctx)
struct FBAnalyze *array = SCCalloc(array_size, sizeof(struct FBAnalyze)); struct FBAnalyze *array = SCCalloc(array_size, sizeof(struct FBAnalyze));
if (array == NULL) { if (array == NULL) {
SCLogError(SC_ENOMEM, "Unable to allocate flowbit analyze array"); SCLogError("Unable to allocate flowbit analyze array");
return -1; return -1;
} }
@ -587,8 +586,8 @@ int DetectFlowbitsAnalyze(DetectEngineCtx *de_ctx)
array[i].cnts[DETECT_FLOWBITS_CMD_SET] == 0) { array[i].cnts[DETECT_FLOWBITS_CMD_SET] == 0) {
const Signature *s = de_ctx->sig_array[array[i].isset_sids[0]]; const Signature *s = de_ctx->sig_array[array[i].isset_sids[0]];
SCLogWarning(SC_WARN_FLOWBIT, "flowbit '%s' is checked but not " SCLogWarning("flowbit '%s' is checked but not "
"set. Checked in %u and %u other sigs", "set. Checked in %u and %u other sigs",
varname, s->id, array[i].isset_sids_idx - 1); varname, s->id, array[i].isset_sids_idx - 1);
} }
if (array[i].state_cnts[DETECT_FLOWBITS_CMD_ISSET] && if (array[i].state_cnts[DETECT_FLOWBITS_CMD_ISSET] &&

14
src/detect-flowint.c
Unescape Escape View File

@ -238,21 +238,21 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 3 || ret > 4) { if (ret < 3 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowint(ret = %d).", rawstr, ret); SCLogError("\"%s\" is not a valid setting for flowint(ret = %d).", rawstr, ret);
return NULL; return NULL;
} }
/* Get our flowint varname */ /* Get our flowint varname */
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) { if (res < 0 || str_ptr == NULL) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); SCLogError("pcre2_substring_get_bynumber failed");
goto error; goto error;
} }
varname = (char *)str_ptr; varname = (char *)str_ptr;
res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) { if (res < 0 || str_ptr == NULL) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); SCLogError("pcre2_substring_get_bynumber failed");
goto error; goto error;
} }
modstr = (char *)str_ptr; modstr = (char *)str_ptr;
@ -283,7 +283,7 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
modifier = FLOWINT_MODIFIER_NOTSET; modifier = FLOWINT_MODIFIER_NOTSET;
if (modifier == FLOWINT_MODIFIER_UNKNOWN) { if (modifier == FLOWINT_MODIFIER_UNKNOWN) {
SCLogError(SC_ERR_UNKNOWN_VALUE, "Unknown modifier"); SCLogError("Unknown modifier");
goto error; goto error;
} }
@ -300,7 +300,7 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
varval = (char *)str_ptr; varval = (char *)str_ptr;
if (res < 0 || varval == NULL || strcmp(varval, "") == 0) { if (res < 0 || varval == NULL || strcmp(varval, "") == 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); SCLogError("pcre2_substring_get_bynumber failed");
goto error; goto error;
} }
@ -317,7 +317,7 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
sfd->targettype = FLOWINT_TARGET_VAR; sfd->targettype = FLOWINT_TARGET_VAR;
sfd->target.tvar.name = SCStrdup(varval); sfd->target.tvar.name = SCStrdup(varval);
if (unlikely(sfd->target.tvar.name == NULL)) { if (unlikely(sfd->target.tvar.name == NULL)) {
SCLogError(SC_ENOMEM, "malloc from strdup failed"); SCLogError("malloc from strdup failed");
goto error; goto error;
} }
} }
@ -328,7 +328,7 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
/* Set the name of the origin var to modify/compared with the target */ /* Set the name of the origin var to modify/compared with the target */
sfd->name = SCStrdup(varname); sfd->name = SCStrdup(varname);
if (unlikely(sfd->name == NULL)) { if (unlikely(sfd->name == NULL)) {
SCLogError(SC_ENOMEM, "malloc from strdup failed"); SCLogError("malloc from strdup failed");
goto error; goto error;
} }
sfd->idx = VarNameStoreSetupAdd(varname, VAR_TYPE_FLOW_INT); sfd->idx = VarNameStoreSetupAdd(varname, VAR_TYPE_FLOW_INT);

6
src/detect-flowvar.c
Unescape Escape View File

@ -124,14 +124,14 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret != 3) { if (ret != 3) {
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowvar.", rawstr); SCLogError("\"%s\" is not a valid setting for flowvar.", rawstr);
return -1; return -1;
} }
pcre2len = sizeof(varname); pcre2len = sizeof(varname);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)varname, &pcre2len); res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)varname, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
return -1; return -1;
} }
@ -139,7 +139,7 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
res = pcre2_substring_copy_bynumber( res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)varcontent, &pcre2len); parse_regex.match, 2, (PCRE2_UCHAR8 *)varcontent, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
return -1; return -1;
} }

6
src/detect-fragbits.c
Unescape Escape View File

@ -178,14 +178,14 @@ static DetectFragBitsData *DetectFragBitsParse (const char *rawstr)
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 1) { if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error; goto error;
} }
for (i = 0; i < (ret - 1); i++) { for (i = 0; i < (ret - 1); i++) {
res = SC_Pcre2SubstringGet(parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); res = SC_Pcre2SubstringGet(parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed %d", res); SCLogError("pcre2_substring_get_bynumber failed %d", res);
goto error; goto error;
} }
@ -193,7 +193,7 @@ static DetectFragBitsData *DetectFragBitsParse (const char *rawstr)
} }
if (args[1] == NULL) { if (args[1] == NULL) {
SCLogError(SC_EINVAL, "invalid value"); SCLogError("invalid value");
goto error; goto error;
} }

9
src/detect-fragoffset.c
Unescape Escape View File

@ -151,14 +151,14 @@ static DetectFragOffsetData *DetectFragOffsetParse (DetectEngineCtx *de_ctx, con
ret = DetectParsePcreExec(&parse_regex, fragoffsetstr, 0, 0); ret = DetectParsePcreExec(&parse_regex, fragoffsetstr, 0, 0);
if (ret < 1 || ret > 4) { if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", fragoffsetstr); SCLogError("Parse error %s", fragoffsetstr);
goto error; goto error;
} }
for (i = 1; i < ret; i++) { for (i = 1; i < ret; i++) {
res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); SCLogError("pcre2_substring_get_bynumber failed");
goto error; goto error;
} }
substr[i-1] = (char *)str_ptr; substr[i-1] = (char *)str_ptr;
@ -189,8 +189,9 @@ static DetectFragOffsetData *DetectFragOffsetParse (DetectEngineCtx *de_ctx, con
} }
if (StringParseUint16(&fragoff->frag_off, 10, 0, substr[1]) < 0) { if (StringParseUint16(&fragoff->frag_off, 10, 0, substr[1]) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "specified frag offset %s is not " SCLogError("specified frag offset %s is not "
"valid", substr[1]); "valid",
substr[1]);
goto error; goto error;
} }

11
src/detect-frame.c
Unescape Escape View File

@ -67,7 +67,7 @@ static int DetectFrameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *s
const bool is_tcp = DetectProtoContainsProto(&s->proto, IPPROTO_TCP); const bool is_tcp = DetectProtoContainsProto(&s->proto, IPPROTO_TCP);
const bool is_udp = DetectProtoContainsProto(&s->proto, IPPROTO_UDP); const bool is_udp = DetectProtoContainsProto(&s->proto, IPPROTO_UDP);
if (!(is_tcp || is_udp)) { if (!(is_tcp || is_udp)) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "'frame' keyword only supported for TCP and UDP"); SCLogError("'frame' keyword only supported for TCP and UDP");
return -1; return -1;
} }
@ -93,15 +93,13 @@ static int DetectFrameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *s
} }
if (is_short && rule_alproto == ALPROTO_UNKNOWN) { if (is_short && rule_alproto == ALPROTO_UNKNOWN) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, SCLogError("rule protocol unknown, can't use shorthand notation for frame '%s'", str);
"rule protocol unknown, can't use shorthand notation for frame '%s'", str);
return -1; return -1;
} else if (rule_alproto == ALPROTO_UNKNOWN) { } else if (rule_alproto == ALPROTO_UNKNOWN) {
if (DetectSignatureSetAppProto(s, keyword_alproto) < 0) if (DetectSignatureSetAppProto(s, keyword_alproto) < 0)
return -1; return -1;
} else if (!AppProtoEquals(rule_alproto, keyword_alproto)) { } else if (!AppProtoEquals(rule_alproto, keyword_alproto)) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, SCLogError("frame '%s' protocol '%s' mismatch with rule protocol '%s'", str,
"frame '%s' protocol '%s' mismatch with rule protocol '%s'", str,
AppProtoToString(keyword_alproto), AppProtoToString(s->alproto)); AppProtoToString(keyword_alproto), AppProtoToString(s->alproto));
return -1; return -1;
} }
@ -113,8 +111,7 @@ static int DetectFrameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *s
if (is_udp && raw_frame_type < 0) if (is_udp && raw_frame_type < 0)
raw_frame_type = AppLayerParserGetFrameIdByName(IPPROTO_UDP, keyword_alproto, frame_str); raw_frame_type = AppLayerParserGetFrameIdByName(IPPROTO_UDP, keyword_alproto, frame_str);
if (raw_frame_type < 0) { if (raw_frame_type < 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "unknown frame '%s' for protocol '%s'", frame_str, SCLogError("unknown frame '%s' for protocol '%s'", frame_str, proto);
proto);
return -1; return -1;
} }
BUG_ON(raw_frame_type >= UINT8_MAX); BUG_ON(raw_frame_type >= UINT8_MAX);

6
src/detect-ftpdata.c
Unescape Escape View File

@ -134,14 +134,14 @@ static DetectFtpdataData *DetectFtpdataParse(const char *ftpcommandstr)
int ret = DetectParsePcreExec(&parse_regex, ftpcommandstr, 0, 0); int ret = DetectParsePcreExec(&parse_regex, ftpcommandstr, 0, 0);
if (ret != 2) { if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); SCLogError("parse error, ret %" PRId32 "", ret);
goto error; goto error;
} }
pcre2len = sizeof(arg1); pcre2len = sizeof(arg1);
int res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); int res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
SCLogDebug("Arg1 \"%s\"", arg1); SCLogDebug("Arg1 \"%s\"", arg1);
@ -154,7 +154,7 @@ static DetectFtpdataData *DetectFtpdataParse(const char *ftpcommandstr)
} else if (!strcmp(arg1, "retr")) { } else if (!strcmp(arg1, "retr")) {
ftpcommandd->command = FTP_COMMAND_RETR; ftpcommandd->command = FTP_COMMAND_RETR;
} else { } else {
SCLogError(SC_ERR_NOT_SUPPORTED, "Invalid command value"); SCLogError("Invalid command value");
goto error; goto error;
} }

12
src/detect-geoip.c
Unescape Escape View File

@ -43,7 +43,7 @@
static int DetectGeoipSetupNoSupport (DetectEngineCtx *a, Signature *b, const char *c) static int DetectGeoipSetupNoSupport (DetectEngineCtx *a, Signature *b, const char *c)
{ {
SCLogError(SC_ERR_NO_GEOIP_SUPPORT, "no GeoIP support built in, needed for geoip keyword"); SCLogError("no GeoIP support built in, needed for geoip keyword");
return -1; return -1;
} }
@ -103,7 +103,7 @@ static bool InitGeolocationEngine(DetectGeoipData *geoipdata)
(void)ConfGet("geoip-database", &filename); (void)ConfGet("geoip-database", &filename);
if (filename == NULL) { if (filename == NULL) {
SCLogWarning(SC_ERR_INVALID_ARGUMENT, "Unable to locate a GeoIP2" SCLogWarning("Unable to locate a GeoIP2"
"database filename in YAML conf. GeoIP rule matching " "database filename in YAML conf. GeoIP rule matching "
"is disabled."); "is disabled.");
geoipdata->mmdb_status = MMDB_FILE_OPEN_ERROR; geoipdata->mmdb_status = MMDB_FILE_OPEN_ERROR;
@ -118,9 +118,9 @@ static bool InitGeolocationEngine(DetectGeoipData *geoipdata)
return true; return true;
} }
SCLogWarning(SC_ERR_INVALID_ARGUMENT, "Failed to open GeoIP2 database: %s. " SCLogWarning("Failed to open GeoIP2 database: %s. "
"Error was: %s. GeoIP rule matching is disabled.", filename, "Error was: %s. GeoIP rule matching is disabled.",
MMDB_strerror(status)); filename, MMDB_strerror(status));
geoipdata->mmdb_status = status; geoipdata->mmdb_status = status;
return false; return false;
} }
@ -351,7 +351,7 @@ static DetectGeoipData *DetectGeoipDataParse (DetectEngineCtx *de_ctx, const cha
} }
if (geoipdata->nlocations >= GEOOPTION_MAXLOCATIONS) { if (geoipdata->nlocations >= GEOOPTION_MAXLOCATIONS) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "too many arguements for geoip keyword"); SCLogError("too many arguements for geoip keyword");
goto error; goto error;
} }

4
src/detect-gid.c
Unescape Escape View File

@ -75,12 +75,12 @@ static int DetectGidSetup (DetectEngineCtx *de_ctx, Signature *s, const char *ra
char *endptr = NULL; char *endptr = NULL;
gid = strtoul(rawstr, &endptr, 10); gid = strtoul(rawstr, &endptr, 10);
if (endptr == NULL || *endptr != '\0') { if (endptr == NULL || *endptr != '\0') {
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid character as arg " SCLogError("invalid character as arg "
"to gid keyword"); "to gid keyword");
goto error; goto error;
} }
if (gid >= UINT_MAX) { if (gid >= UINT_MAX) {
SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "gid value to high, max %u", UINT_MAX); SCLogError("gid value to high, max %u", UINT_MAX);
goto error; goto error;
} }

15
src/detect-hostbits.c
Unescape Escape View File

@ -257,7 +257,7 @@ int DetectXbitMatchHost(Packet *p, const DetectXbitsData *xd)
case DETECT_XBITS_CMD_TOGGLE: case DETECT_XBITS_CMD_TOGGLE:
return DetectHostbitMatchToggle(p,xd); return DetectHostbitMatchToggle(p,xd);
default: default:
SCLogError(SC_ERR_UNKNOWN_VALUE, "unknown cmd %" PRIu32 "", xd->cmd); SCLogError("unknown cmd %" PRIu32 "", xd->cmd);
return 0; return 0;
} }
@ -288,15 +288,14 @@ static int DetectHostbitParse(const char *str, char *cmd, int cmd_len,
count = DetectParsePcreExec(&parse_regex, str, 0, 0); count = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (count != 2 && count != 3 && count != 4) { if (count != 2 && count != 3 && count != 4) {
SCLogError(SC_ERR_PCRE_MATCH, SCLogError("\"%s\" is not a valid setting for hostbits.", str);
"\"%s\" is not a valid setting for hostbits.", str);
return 0; return 0;
} }
pcre2len = cmd_len; pcre2len = cmd_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len); rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len);
if (rc < 0) { if (rc < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
return 0; return 0;
} }
@ -304,7 +303,7 @@ static int DetectHostbitParse(const char *str, char *cmd, int cmd_len,
pcre2len = name_len; pcre2len = name_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len); rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len);
if (rc < 0) { if (rc < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
return 0; return 0;
} }
if (count >= 4) { if (count >= 4) {
@ -312,7 +311,7 @@ static int DetectHostbitParse(const char *str, char *cmd, int cmd_len,
rc = pcre2_substring_copy_bynumber( rc = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)dir, &pcre2len); parse_regex.match, 3, (PCRE2_UCHAR8 *)dir, &pcre2len);
if (rc < 0) { if (rc < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
return 0; return 0;
} }
} }
@ -342,7 +341,7 @@ int DetectHostbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
hb_dir = DETECT_XBITS_TRACK_IPDST; hb_dir = DETECT_XBITS_TRACK_IPDST;
else if (strcmp(hb_dir_str, "both") == 0) { else if (strcmp(hb_dir_str, "both") == 0) {
//hb_dir = DETECT_XBITS_TRACK_IPBOTH; //hb_dir = DETECT_XBITS_TRACK_IPBOTH;
SCLogError(SC_ERR_UNIMPLEMENTED, "'both' not implemented"); SCLogError("'both' not implemented");
goto error; goto error;
} else { } else {
// TODO // TODO
@ -363,7 +362,7 @@ int DetectHostbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
} else if (strcmp(fb_cmd_str,"toggle") == 0) { } else if (strcmp(fb_cmd_str,"toggle") == 0) {
fb_cmd = DETECT_XBITS_CMD_TOGGLE; fb_cmd = DETECT_XBITS_CMD_TOGGLE;
} else { } else {
SCLogError(SC_ERR_UNKNOWN_VALUE, "ERROR: flowbits action \"%s\" is not supported.", fb_cmd_str); SCLogError("ERROR: flowbits action \"%s\" is not supported.", fb_cmd_str);
goto error; goto error;
} }

4
src/detect-http-host.c
Unescape Escape View File

@ -189,7 +189,7 @@ static bool DetectHttpHostValidateCallback(const Signature *s, const char **sige
"The hostname buffer is normalized " "The hostname buffer is normalized "
"to lowercase, specifying " "to lowercase, specifying "
"nocase is redundant."; "nocase is redundant.";
SCLogWarning(SC_WARN_POOR_RULE, "rule %u: %s", s->id, *sigerror); SCLogWarning("rule %u: %s", s->id, *sigerror);
return false; return false;
} else { } else {
uint32_t u; uint32_t u;
@ -202,7 +202,7 @@ static bool DetectHttpHostValidateCallback(const Signature *s, const char **sige
"uppercase characters detected for http.host. " "uppercase characters detected for http.host. "
"The hostname buffer is normalized to lowercase, " "The hostname buffer is normalized to lowercase, "
"please specify a lowercase pattern."; "please specify a lowercase pattern.";
SCLogWarning(SC_WARN_POOR_RULE, "rule %u: %s", s->id, *sigerror); SCLogWarning("rule %u: %s", s->id, *sigerror);
return false; return false;
} }
} }

8
src/detect-http-method.c
Unescape Escape View File

@ -171,19 +171,19 @@ static bool DetectHttpMethodValidateCallback(const Signature *s, const char **si
if (cd->content && cd->content_len) { if (cd->content && cd->content_len) {
if (cd->content[cd->content_len-1] == 0x20) { if (cd->content[cd->content_len-1] == 0x20) {
*sigerror = "http_method pattern with trailing space"; *sigerror = "http_method pattern with trailing space";
SCLogError(SC_ERR_INVALID_SIGNATURE, "%s", *sigerror); SCLogError("%s", *sigerror);
return false; return false;
} else if (cd->content[0] == 0x20) { } else if (cd->content[0] == 0x20) {
*sigerror = "http_method pattern with leading space"; *sigerror = "http_method pattern with leading space";
SCLogError(SC_ERR_INVALID_SIGNATURE, "%s", *sigerror); SCLogError("%s", *sigerror);
return false; return false;
} else if (cd->content[cd->content_len-1] == 0x09) { } else if (cd->content[cd->content_len-1] == 0x09) {
*sigerror = "http_method pattern with trailing tab"; *sigerror = "http_method pattern with trailing tab";
SCLogError(SC_ERR_INVALID_SIGNATURE, "%s", *sigerror); SCLogError("%s", *sigerror);
return false; return false;
} else if (cd->content[0] == 0x09) { } else if (cd->content[0] == 0x09) {
*sigerror = "http_method pattern with leading tab"; *sigerror = "http_method pattern with leading tab";
SCLogError(SC_ERR_INVALID_SIGNATURE, "%s", *sigerror); SCLogError("%s", *sigerror);
return false; return false;
} }
} }

2
src/detect-http-raw-header.c
Unescape Escape View File

@ -173,7 +173,7 @@ static bool DetectHttpRawHeaderValidateCallback(const Signature *s, const char *
"inspecting request headers or flow:to_client for " "inspecting request headers or flow:to_client for "
"inspecting response headers."; "inspecting response headers.";
SCLogError(SC_ERR_INVALID_SIGNATURE, "%s", *sigerror); SCLogError("%s", *sigerror);
SCReturnInt(false); SCReturnInt(false);
} }
return true; return true;

12
src/detect-http2.c
Unescape Escape View File

@ -290,8 +290,7 @@ static int DetectHTTP2frametypeSetup (DetectEngineCtx *de_ctx, Signature *s, con
return -1; return -1;
if (!DetectHTTP2FuncParseFrameType(str, &frame_type)) { if (!DetectHTTP2FuncParseFrameType(str, &frame_type)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("Invalid argument \"%s\" supplied to http2.frametype keyword.", str);
"Invalid argument \"%s\" supplied to http2.frametype keyword.", str);
return -1; return -1;
} }
@ -376,8 +375,7 @@ static int DetectHTTP2errorcodeSetup (DetectEngineCtx *de_ctx, Signature *s, con
return -1; return -1;
if (!DetectHTTP2FuncParseErrorCode(str, &error_code)) { if (!DetectHTTP2FuncParseErrorCode(str, &error_code)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError("Invalid argument \"%s\" supplied to http2.errorcode keyword.", str);
"Invalid argument \"%s\" supplied to http2.errorcode keyword.", str);
return -1; return -1;
} }
@ -933,7 +931,7 @@ static bool DetectHttp2HeaderValidateCallback(const Signature *s, const char **s
*sigerror = "Invalid http2.header string : " *sigerror = "Invalid http2.header string : "
"': ' is a special sequence for separation between name and value " "': ' is a special sequence for separation between name and value "
" and thus can only be present once"; " and thus can only be present once";
SCLogWarning(SC_WARN_POOR_RULE, "rule %u: %s", s->id, *sigerror); SCLogWarning("rule %u: %s", s->id, *sigerror);
return false; return false;
} }
namevaluesep = true; namevaluesep = true;
@ -941,7 +939,7 @@ static bool DetectHttp2HeaderValidateCallback(const Signature *s, const char **s
*sigerror = "Invalid http2.header string : " *sigerror = "Invalid http2.header string : "
"':' is an escaping character for itself, " "':' is an escaping character for itself, "
"or space for the separation between name and value"; "or space for the separation between name and value";
SCLogWarning(SC_WARN_POOR_RULE, "rule %u: %s", s->id, *sigerror); SCLogWarning("rule %u: %s", s->id, *sigerror);
return false; return false;
} }
escaped = false; escaped = false;
@ -953,7 +951,7 @@ static bool DetectHttp2HeaderValidateCallback(const Signature *s, const char **s
*sigerror = "Invalid http2.header string : " *sigerror = "Invalid http2.header string : "
"':' is an escaping character for itself, " "':' is an escaping character for itself, "
"or space for the separation between name and value"; "or space for the separation between name and value";
SCLogWarning(SC_WARN_POOR_RULE, "rule %u: %s", s->id, *sigerror); SCLogWarning("rule %u: %s", s->id, *sigerror);
return false; return false;
} }
} }

13
src/detect-icmp-id.c
Unescape Escape View File

@ -166,7 +166,7 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char
ret = DetectParsePcreExec(&parse_regex, icmpidstr, 0, 0); ret = DetectParsePcreExec(&parse_regex, icmpidstr, 0, 0);
if (ret < 1 || ret > 4) { if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", icmpidstr); SCLogError("Parse error %s", icmpidstr);
goto error; goto error;
} }
@ -175,7 +175,7 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char
for (i = 1; i < ret; i++) { for (i = 1; i < ret; i++) {
res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); SCLogError("pcre2_substring_get_bynumber failed");
goto error; goto error;
} }
substr[i-1] = (char *)str_ptr; substr[i-1] = (char *)str_ptr;
@ -188,20 +188,21 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char
if (substr[0]!= NULL && strlen(substr[0]) != 0) { if (substr[0]!= NULL && strlen(substr[0]) != 0) {
if (substr[2] == NULL) { if (substr[2] == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Missing close quote in input"); SCLogError("Missing close quote in input");
goto error; goto error;
} }
} else { } else {
if (substr[2] != NULL) { if (substr[2] != NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Missing open quote in input"); SCLogError("Missing open quote in input");
goto error; goto error;
} }
} }
uint16_t id = 0; uint16_t id = 0;
if (StringParseUint16(&id, 10, 0, substr[1]) < 0) { if (StringParseUint16(&id, 10, 0, substr[1]) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "specified icmp id %s is not " SCLogError("specified icmp id %s is not "
"valid", substr[1]); "valid",
substr[1]);
goto error; goto error;
} }
iid->id = htons(id); iid->id = htons(id);

13
src/detect-icmp-seq.c
Unescape Escape View File

@ -169,14 +169,14 @@ static DetectIcmpSeqData *DetectIcmpSeqParse (DetectEngineCtx *de_ctx, const cha
ret = DetectParsePcreExec(&parse_regex, icmpseqstr, 0, 0); ret = DetectParsePcreExec(&parse_regex, icmpseqstr, 0, 0);
if (ret < 1 || ret > 4) { if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", icmpseqstr); SCLogError("Parse error %s", icmpseqstr);
goto error; goto error;
} }
for (i = 1; i < ret; i++) { for (i = 1; i < ret; i++) {
res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); SCLogError("pcre2_substring_get_bynumber failed");
goto error; goto error;
} }
substr[i-1] = (char *)str_ptr; substr[i-1] = (char *)str_ptr;
@ -190,20 +190,21 @@ static DetectIcmpSeqData *DetectIcmpSeqParse (DetectEngineCtx *de_ctx, const cha
if (substr[0] != NULL && strlen(substr[0]) != 0) { if (substr[0] != NULL && strlen(substr[0]) != 0) {
if (substr[2] == NULL) { if (substr[2] == NULL) {
SCLogError(SC_ERR_MISSING_QUOTE,"Missing quote in input"); SCLogError("Missing quote in input");
goto error; goto error;
} }
} else { } else {
if (substr[2] != NULL) { if (substr[2] != NULL) {
SCLogError(SC_ERR_MISSING_QUOTE,"Missing quote in input"); SCLogError("Missing quote in input");
goto error; goto error;
} }
} }
uint16_t seq = 0; uint16_t seq = 0;
if (StringParseUint16(&seq, 10, 0, substr[1]) < 0) { if (StringParseUint16(&seq, 10, 0, substr[1]) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "specified icmp seq %s is not " SCLogError("specified icmp seq %s is not "
"valid", substr[1]); "valid",
substr[1]);
goto error; goto error;
} }
iseq->seq = htons(seq); iseq->seq = htons(seq);

9
src/detect-id.c
Unescape Escape View File

@ -129,9 +129,8 @@ static DetectIdData *DetectIdParse (const char *idstr)
ret = DetectParsePcreExec(&parse_regex, idstr, 0, 0); ret = DetectParsePcreExec(&parse_regex, idstr, 0, 0);
if (ret < 1 || ret > 3) { if (ret < 1 || ret > 3) {
SCLogError(SC_EINVAL, SCLogError("invalid id option '%s'. The id option "
"invalid id option '%s'. The id option " "value must be in the range %u - %u",
"value must be in the range %u - %u",
idstr, DETECT_IPID_MIN, DETECT_IPID_MAX); idstr, DETECT_IPID_MIN, DETECT_IPID_MAX);
return NULL; return NULL;
} }
@ -141,7 +140,7 @@ static DetectIdData *DetectIdParse (const char *idstr)
pcre2len = sizeof(copy_str); pcre2len = sizeof(copy_str);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len); res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
return NULL; return NULL;
} }
tmp_str = copy_str; tmp_str = copy_str;
@ -155,7 +154,7 @@ static DetectIdData *DetectIdParse (const char *idstr)
/* ok, fill the id data */ /* ok, fill the id data */
if (StringParseUint16(&temp, 10, 0, (const char *)tmp_str) < 0) { if (StringParseUint16(&temp, 10, 0, (const char *)tmp_str) < 0) {
SCLogError(SC_EINVAL, "invalid id option '%s'", tmp_str); SCLogError("invalid id option '%s'", tmp_str);
return NULL; return NULL;
} }

12
src/detect-ike-chosen-sa.c
Unescape Escape View File

@ -137,7 +137,7 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr)
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 3 || ret > 5) { if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_MATCH, SCLogError(
"pcre match for ike.chosen_sa_attribute failed, should be: <sa_attribute>=<type>, " "pcre match for ike.chosen_sa_attribute failed, should be: <sa_attribute>=<type>, "
"but was: %s; error code %d", "but was: %s; error code %d",
rawstr, ret); rawstr, ret);
@ -147,14 +147,14 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr)
pcre2len = sizeof(attribute); pcre2len = sizeof(attribute);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)attribute, &pcre2len); res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)attribute, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
pcre2len = sizeof(value); pcre2len = sizeof(value);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value, &pcre2len); res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value, &pcre2len);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCLogError("pcre2_substring_copy_bynumber failed");
goto error; goto error;
} }
@ -167,8 +167,8 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr)
goto error; goto error;
if (ByteExtractStringUint32(&dd->sa_value, 10, strlen(value), value) <= 0) { if (ByteExtractStringUint32(&dd->sa_value, 10, strlen(value), value) <= 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid input as arg " SCLogError("invalid input as arg "
"to ike.chosen_sa_attribute keyword"); "to ike.chosen_sa_attribute keyword");
goto error; goto error;
} }
@ -200,7 +200,7 @@ static int DetectIkeChosenSaSetup(DetectEngineCtx *de_ctx, Signature *s, const c
DetectIkeChosenSaData *dd = DetectIkeChosenSaParse(rawstr); DetectIkeChosenSaData *dd = DetectIkeChosenSaParse(rawstr);
if (dd == NULL) { if (dd == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Parsing \'%s\' failed", rawstr); SCLogError("Parsing \'%s\' failed", rawstr);
goto error; goto error;
} }

2
src/detect-ipopts.c
Unescape Escape View File

@ -164,7 +164,7 @@ static DetectIpOptsData *DetectIpOptsParse (const char *rawstr)
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 1) { if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error; goto error;
} }

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save