aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve information about errors on signature failure

Browse Source
remotes/origin/master-1.0.x
Gerardo Iglesias Galvan 16 years ago committed by Victor Julien
parent cc28284598
commit ba6d807a6e
42 changed files with 267 additions and 222 deletions
Show Stats Download Patch File Download Diff File

3
src/detect-ack.c
Unescape Escape View File

@ -20,6 +20,7 @@
#include "util-byte.h"
#include "util-unittest.h"
#include "util-debug.h"
static int DetectAckSetup(DetectEngineCtx *, Signature *s, SigMatch *m,
char *sidstr);
@ -84,7 +85,7 @@ static int DetectAckSetup(DetectEngineCtx *de_ctx, Signature *s,
data = malloc(sizeof(DetectAckData));
if (data == NULL) {
printf("DetectAckSetup: malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}

20
src/detect-bytejump.c
Unescape Escape View File

@ -249,7 +249,7 @@ DetectBytejumpData *DetectBytejumpParse(char *optstr)
/* Initialize the data */
data = malloc(sizeof(DetectBytejumpData));
if (data == NULL) {
SCLogError(SC_ERR_MEM_ALLOC,"malloc failed");
SCLogError(SC_ERR_MEM_ALLOC,"malloc failed %s", strerror(errno));
goto error;
}
data->base = DETECT_BYTEJUMP_BASE_UNSET;
@ -264,13 +264,13 @@ DetectBytejumpData *DetectBytejumpParse(char *optstr)
/* Number of bytes */
if (ByteExtractStringUint32(&nbytes, 10, strlen(args[0]), args[0]) <= 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE,"Malformed number of bytes: %s", optstr);
SCLogError(SC_ERR_INVALID_VALUE, "Malformed number of bytes: %s", optstr);
goto error;
}
/* Offset */
if (ByteExtractStringInt32(&data->offset, 0, strlen(args[1]), args[1]) <= 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE,"Malformed offset: %s", optstr);
SCLogError(SC_ERR_INVALID_VALUE, "Malformed offset: %s", optstr);
goto error;
}
@ -303,7 +303,7 @@ DetectBytejumpData *DetectBytejumpParse(char *optstr)
strlen(args[i]) - 11,
args[i] + 11) <= 0)
{
SCLogError(SC_ERR_INVALID_SIGNATURE,"Malformed multiplier: %s", optstr);
SCLogError(SC_ERR_INVALID_VALUE, "Malformed multiplier: %s", optstr);
goto error;
}
} else if (strncasecmp("post_offset ", args[i], 12) == 0) {
@ -311,11 +311,11 @@ DetectBytejumpData *DetectBytejumpParse(char *optstr)
strlen(args[i]) - 12,
args[i] + 12) <= 0)
{
SCLogError(SC_ERR_INVALID_SIGNATURE,"Malformed post_offset: %s", optstr);
SCLogError(SC_ERR_INVALID_VALUE, "Malformed post_offset: %s", optstr);
goto error;
}
} else {
SCLogError(SC_ERR_INVALID_SIGNATURE,"Unknown option: \"%s\"", args[i]);
SCLogError(SC_ERR_INVALID_VALUE, "Unknown option: \"%s\"", args[i]);
goto error;
}
}
@ -329,18 +329,18 @@ DetectBytejumpData *DetectBytejumpParse(char *optstr)
* "01777777777777777777777" = 0xffffffffffffffff
*/
if (nbytes > 23) {
SCLogError(SC_ERR_INVALID_SIGNATURE,"Cannot test more than 23 bytes "
SCLogError(SC_ERR_INVALID_VALUE, "Cannot test more than 23 bytes "
"with \"string\": %s", optstr);
goto error;
}
} else {
if (nbytes > 8) {
SCLogError(SC_ERR_INVALID_SIGNATURE,"Cannot test more than 8 bytes "
"without \"string\": %s", optstr);
SCLogError(SC_ERR_INVALID_VALUE, "Cannot test more than 8 bytes "
"without \"string\": %s\n", optstr);
goto error;
}
if (data->base != DETECT_BYTEJUMP_BASE_UNSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE,"Cannot use a base "
SCLogError(SC_ERR_INVALID_VALUE, "Cannot use a base "
"without \"string\": %s", optstr);
goto error;
}

16
src/detect-bytetest.c
Unescape Escape View File

@ -242,7 +242,7 @@ DetectBytetestData *DetectBytetestParse(char *optstr)
/* Number of bytes */
if (ByteExtractStringUint32(&nbytes, 10, 0, args[0]) <= 0) {
SCLogDebug("Malformed number of bytes: %s", str_ptr);
SCLogError(SC_ERR_INVALID_VALUE, "Malformed number of bytes: %s", str_ptr);
goto error;
}
@ -264,19 +264,19 @@ DetectBytetestData *DetectBytetestParse(char *optstr)
} else if (strcmp("^", args[2]) == 0) {
data->op |= DETECT_BYTETEST_OP_OR;
} else {
// XXX Error
SCLogError(SC_ERR_INVALID_OPERATOR, "Invalid operator");
goto error;
}
/* Value */
if (ByteExtractStringUint64(&data->value, 0, 0, args[3]) <= 0) {
SCLogDebug("Malformed value: %s", str_ptr);
SCLogError(SC_ERR_INVALID_VALUE, "Malformed value: %s", str_ptr);
goto error;
}
/* Offset */
if (ByteExtractStringInt32(&data->offset, 0, 0, args[4]) <= 0) {
SCLogDebug(" Malformed offset: %s", str_ptr);
SCLogError(SC_ERR_INVALID_VALUE, " Malformed offset: %s", str_ptr);
goto error;
}
@ -301,7 +301,7 @@ DetectBytetestData *DetectBytetestParse(char *optstr)
} else if (strcasecmp("little", args[i]) == 0) {
data->flags |= DETECT_BYTETEST_LITTLE;
} else {
SCLogDebug("Unknown option: \"%s\"", args[i]);
SCLogError(SC_ERR_UNKNOWN_VALUE, "Unknown value: \"%s\"", args[i]);
goto error;
}
}
@ -315,18 +315,18 @@ DetectBytetestData *DetectBytetestParse(char *optstr)
* "01777777777777777777777" = 0xffffffffffffffff
*/
if (nbytes > 23) {
SCLogDebug("Cannot test more than 23 bytes with \"string\": %s",
SCLogError(SC_ERR_INVALID_VALUE, "Cannot test more than 23 bytes with \"string\": %s",
optstr);
goto error;
}
} else {
if (nbytes > 8) {
SCLogDebug("Cannot test more than 8 bytes without \"string\": %s",
SCLogError(SC_ERR_INVALID_VALUE, "Cannot test more than 8 bytes without \"string\": %s",
optstr);
goto error;
}
if (data->base != DETECT_BYTETEST_BASE_UNSET) {
SCLogDebug("Cannot use a base without \"string\": %s", optstr);
SCLogError(SC_ERR_INVALID_VALUE, "Cannot use a base without \"string\": %s", optstr);
goto error;
}
}

14
src/detect-classtype.c
Unescape Escape View File

@ -43,14 +43,14 @@ void DetectClasstypeRegister(void)
regex = pcre_compile(DETECT_CLASSTYPE_REGEX, opts, &eb, &eo, NULL);
if (regex == NULL) {
SCLogDebug("Compile of \"%s\" failed at offset %" PRId32 ": %s",
SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
DETECT_CLASSTYPE_REGEX, eo, eb);
goto end;
}
regex_study = pcre_study(regex, 0, &eb);
if (eb != NULL) {
SCLogDebug("pcre study failed: %s", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto end;
}
@ -76,20 +76,20 @@ static inline const char *DetectClasstypeParseRawString(char *rawstr)
if (rawstr[0] == '\"' && rawstr[strlen(rawstr) - 1] == '\"') {
if ( (rawstr = strdup(rawstr + 1)) == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
exit(EXIT_FAILURE);
goto end;
}
rawstr[strlen(rawstr) - 1] = '\0';
}
ret = pcre_exec(regex, regex_study, rawstr, strlen(rawstr), 0, 0, ov, 30);
if (ret < 0) {
SCLogWarning(SC_ERR_INVALID_SIGNATURE, "Invalid Classtype in Signature");
SCLogError(SC_ERR_PCRE_MATCH, "Invalid Classtype in Signature");
goto end;
}
ret = pcre_get_substring((char *)rawstr, ov, 30, 1, &ct_name);
if (ret < 0) {
SCLogInfo("pcre_get_substring() failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto end;
}
@ -138,14 +138,14 @@ int DetectClasstypeSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m,
SCClassConfClasstype *ct = NULL;
if ( (parsed_ct_name = DetectClasstypeParseRawString(rawstr)) == NULL) {
SCLogDebug("Error parsing classtype argument supplied with the "
SCLogError(SC_ERR_PCRE_PARSE, "Error parsing classtype argument supplied with the "
"classtype keyword");
goto error;
}
ct = DetectClasstypeGetClasstypeInfo(parsed_ct_name, de_ctx);
if (ct == NULL) {
SCLogDebug("Unknown Classtype: \"%s\". Invalidating the Signature",
SCLogError(SC_ERR_UNKNOWN_VALUE, "Unknown Classtype: \"%s\". Invalidating the Signature",
parsed_ct_name);
goto error;
}

6
src/detect-content.c
Unescape Escape View File

@ -587,8 +587,10 @@ DetectContentData *DetectContentParse (char *contentstr)
uint16_t pos = 0;
uint16_t slen = 0;
if ((temp = strdup(contentstr)) == NULL)
if ((temp = strdup(contentstr)) == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
goto error;
}
if (strlen(temp) == 0) {
free(temp);
@ -597,7 +599,7 @@ DetectContentData *DetectContentParse (char *contentstr)
cd = malloc(sizeof(DetectContentData));
if (cd == NULL) {
printf("DetectContentParse malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}
memset(cd, 0, sizeof(DetectContentData));

29
src/detect-csum.c
Unescape Escape View File

@ -12,6 +12,7 @@
#include "detect-csum.h"
#include "util-unittest.h"
#include "util-debug.h"
/* prototypes for the "ipv4-csum" rule keyword */
int DetectIPV4CsumMatch(ThreadVars *, DetectEngineThreadCtx *, Packet *,
@ -242,8 +243,8 @@ int DetectIPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m,
sm->type = DETECT_IPV4_CSUM;
if ( (cd = malloc(sizeof(DetectCsumData))) == NULL) {
printf("Error allocating memory\n");
exit(0);
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
goto error;
}
memset(cd, 0, sizeof(DetectCsumData));
@ -339,8 +340,8 @@ int DetectTCPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m,
sm->type = DETECT_TCPV4_CSUM;
if ( (cd = malloc(sizeof(DetectCsumData))) == NULL) {
printf("Error allocating memory\n");
exit(0);
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
goto error;
}
memset(cd, 0, sizeof(DetectCsumData));
@ -436,8 +437,8 @@ int DetectTCPV6CsumSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m,
sm->type = DETECT_TCPV6_CSUM;
if ( (cd = malloc(sizeof(DetectCsumData))) == NULL) {
printf("Error allocating memory\n");
exit(0);
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
goto error;
}
memset(cd, 0, sizeof(DetectCsumData));
@ -533,8 +534,8 @@ int DetectUDPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m,
sm->type = DETECT_UDPV4_CSUM;
if ( (cd = malloc(sizeof(DetectCsumData))) == NULL) {
printf("Error allocating memory\n");
exit(0);
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
goto error;
}
memset(cd, 0, sizeof(DetectCsumData));
@ -630,8 +631,8 @@ int DetectUDPV6CsumSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m,
sm->type = DETECT_UDPV6_CSUM;
if ( (cd = malloc(sizeof(DetectCsumData))) == NULL) {
printf("Error allocating memory\n");
exit(0);
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
goto error;
}
memset(cd, 0, sizeof(DetectCsumData));
@ -726,8 +727,8 @@ int DetectICMPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m,
sm->type = DETECT_ICMPV4_CSUM;
if ( (cd = malloc(sizeof(DetectCsumData))) == NULL) {
printf("Error allocating memory\n");
exit(0);
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
goto error;
}
memset(cd, 0, sizeof(DetectCsumData));
@ -822,8 +823,8 @@ int DetectICMPV6CsumSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m,
sm->type = DETECT_ICMPV6_CSUM;
if ( (cd = malloc(sizeof(DetectCsumData))) == NULL) {
printf("Error allocating memory\n");
exit(0);
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
goto error;
}
memset(cd, 0, sizeof(DetectCsumData));

2
src/detect-dce-iface.c
Unescape Escape View File

@ -94,7 +94,7 @@ static inline DetectDceIfaceData *DetectDceIfaceArgParse(const char *arg)
ret = pcre_exec(parse_regex, parse_regex_study, arg, strlen(arg), 0, 0, ov,
MAX_SUBSTRINGS);
if (ret < 2) {
SCLogDebug("pcre_exec parse error, ret %" PRId32 ", string %s", ret, arg);
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, arg);
goto error;
}

8
src/detect-dce-opnum.c
Unescape Escape View File

@ -51,14 +51,14 @@ void DetectDceOpnumRegister(void)
parse_regex = pcre_compile(DETECT_DCE_OPNUM_PCRE_PARSE_ARGS, opts, &eb,
&eo, NULL);
if (parse_regex == NULL) {
SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s",
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s",
DETECT_DCE_OPNUM_PCRE_PARSE_ARGS, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if (eb != NULL) {
SCLogDebug("pcre study failed: %s", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
@ -119,7 +119,7 @@ static inline DetectDceOpnumData *DetectDceOpnumArgParse(const char *arg)
ret = pcre_exec(parse_regex, parse_regex_study, arg, strlen(arg), 0, 0, ov,
MAX_SUBSTRINGS);
if (ret < 2) {
SCLogDebug("pcre_exec parse error, ret %" PRId32 ", string %s", ret, arg);
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, arg);
goto error;
}
@ -137,7 +137,7 @@ static inline DetectDceOpnumData *DetectDceOpnumArgParse(const char *arg)
if ( (dup_str = strdup(pcre_sub_str)) == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
exit(EXIT_FAILURE);
goto error;
}
/* free the substring */

10
src/detect-decode-event.c
Unescape Escape View File

@ -10,6 +10,8 @@
#include "flow-var.h"
#include "decode-events.h"
#include "util-debug.h"
/* Need to get the DEvents[] array */
#define DETECT_EVENTS
@ -43,14 +45,14 @@ void DetectDecodeEventRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if(parse_regex == NULL)
{
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL)
{
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s\n", eb);
goto error;
}
return;
@ -101,6 +103,7 @@ DetectDecodeEventData *DetectDecodeEventParse (char *rawstr)
ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
}
@ -108,6 +111,7 @@ DetectDecodeEventData *DetectDecodeEventParse (char *rawstr)
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 0, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
@ -123,7 +127,7 @@ DetectDecodeEventData *DetectDecodeEventParse (char *rawstr)
de = malloc(sizeof(DetectDecodeEventData));
if (de == NULL) {
printf("DetectDecodeEventSetup malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "Malloc failed");
goto error;
}

4
src/detect-distance.c
Unescape Escape View File

@ -52,7 +52,7 @@ int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha
DetectContentData *cd = (DetectContentData *)pm->ctx;
if (cd == NULL) {
printf("DetectDistanceSetup: Unknown previous keyword!\n");
SCLogError(SC_ERR_RULE_KEYWORD_UNKNOWN, "Unknown previous keyword!");
if (dubbed) free(str);
return -1;
}
@ -84,7 +84,7 @@ int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha
DetectUricontentData *cd = (DetectUricontentData *)pm->ctx;
cd->flags |= DETECT_URICONTENT_DISTANCE_NEXT;
} else {
printf("DetectDistanceSetup: Unknown previous-previous keyword!\n");
SCLogError(SC_ERR_RULE_KEYWORD_UNKNOWN, "Unknown previous-previous keyword!");
goto error;
}

4
src/detect-fast-pattern.c
Unescape Escape View File

@ -54,7 +54,7 @@ int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m,
}
if (m == NULL) {
SCLogWarning(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside the "
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside the "
"rule, without any preceding keywords");
return -1;
}
@ -62,7 +62,7 @@ int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m,
if (m->type != DETECT_CONTENT) {
m = SigMatchGetLastSM(s, DETECT_CONTENT);
if (m == NULL) {
SCLogWarning(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside "
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside "
"the rule, without a content context. Please use a "
"content keyword before using fast pattern");
return -1;

10
src/detect-flags.c
Unescape Escape View File

@ -56,14 +56,14 @@ void DetectFlagsRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if(parse_regex == NULL)
{
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL)
{
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
@ -160,7 +160,7 @@ static DetectFlagsData *DetectFlagsParse (char *rawstr)
ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1) {
SCLogDebug("pcre match failed");
SCLogError(SC_ERR_PCRE_MATCH, "pcre match failed");
goto error;
}
@ -168,7 +168,7 @@ static DetectFlagsData *DetectFlagsParse (char *rawstr)
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS,i + 1, &str_ptr);
if (res < 0) {
SCLogDebug("pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
@ -182,7 +182,7 @@ static DetectFlagsData *DetectFlagsParse (char *rawstr)
de = malloc(sizeof(DetectFlagsData));
if (de == NULL) {
printf("DetectFlagsSetup malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}

41
src/detect-flow.c
Unescape Escape View File

@ -16,6 +16,7 @@
#include "detect-flow.h"
#include "util-unittest.h"
#include "util-debug.h"
/**
* \brief Regex for parsing our flow options
@ -48,14 +49,14 @@ void DetectFlowRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if(parse_regex == NULL)
{
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL)
{
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
return;
@ -124,14 +125,14 @@ DetectFlowData *DetectFlowParse (char *flowstr)
ret = pcre_exec(parse_regex, parse_regex_study, flowstr, strlen(flowstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
//printf("DetectFlowParse: parse error, ret %" PRId32 ", string %s\n", ret, flowstr);
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, flowstr);
goto error;
}
if (ret > 1) {
const char *str_ptr;
res = pcre_get_substring((char *)flowstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
printf("DetectFlowParse: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[0] = (char *)str_ptr;
@ -139,7 +140,7 @@ DetectFlowData *DetectFlowParse (char *flowstr)
if (ret > 2) {
res = pcre_get_substring((char *)flowstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
if (res < 0) {
printf("DetectFlowParse: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[1] = (char *)str_ptr;
@ -147,7 +148,7 @@ DetectFlowData *DetectFlowParse (char *flowstr)
if (ret > 3) {
res = pcre_get_substring((char *)flowstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
if (res < 0) {
printf("DetectFlowParse: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[2] = (char *)str_ptr;
@ -156,7 +157,7 @@ DetectFlowData *DetectFlowParse (char *flowstr)
fd = malloc(sizeof(DetectFlowData));
if (fd == NULL) {
printf("DetectFlowParse malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}
fd->flags = 0;
@ -168,60 +169,60 @@ DetectFlowData *DetectFlowParse (char *flowstr)
/* inspect our options and set the flags */
if (strcasecmp(args[i], "established") == 0) {
if (fd->flags & FLOW_PKT_ESTABLISHED) {
//printf("DetectFlowParse error FLOW_PKT_ESTABLISHED flag is already set \n");
SCLogError(SC_ERR_FLAGS_MODIFIER, "FLOW_PKT_ESTABLISHED flag is already set");
goto error;
} else if (fd->flags & FLOW_PKT_STATELESS) {
//printf("DetectFlowParse error cannot set established, FLOW_PKT_STATELESS already set \n");
SCLogError(SC_ERR_FLAGS_MODIFIER, "FLOW_PKT_STATELESS already set");
goto error;
}
fd->flags |= FLOW_PKT_ESTABLISHED;
} else if (strcasecmp(args[i], "stateless") == 0) {
if (fd->flags & FLOW_PKT_STATELESS) {
//printf("DetectFlowParse error FLOW_PKT_STATELESS flag is already set \n");
SCLogError(SC_ERR_FLAGS_MODIFIER, "FLOW_PKT_STATELESS flag is already set");
goto error;
} else if (fd->flags & FLOW_PKT_ESTABLISHED) {
//printf("DetectFlowParse error cannot set FLOW_PKT_STATELESS, FLOW_PKT_ESTABLISHED already set\n");
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set FLOW_PKT_STATELESS, FLOW_PKT_ESTABLISHED already set");
goto error;
}
fd->flags |= FLOW_PKT_STATELESS;
} else if (strcasecmp(args[i], "to_client") == 0 || strcasecmp(args[i], "from_server") == 0) {
if (fd->flags & FLOW_PKT_TOCLIENT) {
//printf("DetectFlowParse error cannot set FLOW_PKT_TOCLIENT flag is already set\n");
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set FLOW_PKT_TOCLIENT flag is already set");
goto error;
} else if (fd->flags & FLOW_PKT_TOSERVER) {
//printf("DetectFlowParse error cannot set to_client, FLOW_PKT_TOSERVER already set\n");
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set to_client, FLOW_PKT_TOSERVER already set");
goto error;
}
fd->flags |= FLOW_PKT_TOCLIENT;
} else if (strcasecmp(args[i], "to_server") == 0 || strcasecmp(args[i], "from_client") == 0){
if (fd->flags & FLOW_PKT_TOSERVER) {
//printf("DetectFlowParse error cannot set FLOW_PKT_TOSERVER flag is already set\n");
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set FLOW_PKT_TOSERVER flag is already set");
goto error;
} else if (fd->flags & FLOW_PKT_TOCLIENT) {
//printf("DetectFlowParse error cannot set to_server, FLOW_PKT_TO_CLIENT flag already set\n");
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set to_server, FLOW_PKT_TO_CLIENT flag already set");
goto error;
}
fd->flags |= FLOW_PKT_TOSERVER;
} else if (strcasecmp(args[i], "stream_only") == 0) {
if (fd->flags & FLOW_PKT_STREAMONLY) {
//printf("DetectFlowParse error cannot set stream_only flag is already set \n");
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set stream_only flag is already set");
goto error;
} else if (fd->flags & FLOW_PKT_NOSTREAM) {
//printf("DetectFlowParse error cannot set stream_only flag, FLOW_PKT_NOSTREAM already set\n");
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set stream_only flag, FLOW_PKT_NOSTREAM already set");
goto error;
}
fd->flags |= FLOW_PKT_STREAMONLY;
} else if (strcasecmp(args[i], "no_stream") == 0) {
if (fd->flags & FLOW_PKT_NOSTREAM) {
//printf("DetectFlowParse error cannot set no_stream flag is already set \n");
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set no_stream flag is already set");
goto error;
} else if (fd->flags & FLOW_PKT_STREAMONLY) {
//printf("DetectFlowParse error cannot set no_stream flag, FLOW_PKT_STREAMONLY already set\n");
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set no_stream flag, FLOW_PKT_STREAMONLY already set");
goto error;
}
fd->flags |= FLOW_PKT_NOSTREAM;
} else {
//printf("invalid flow option %s\n",args[i]);
SCLogError(SC_ERR_INVALID_VALUE, "invalid flow option \"%s\"", args[i]);
goto error;
}

16
src/detect-flowbits.c
Unescape Escape View File

@ -46,14 +46,14 @@ void DetectFlowbitsRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if(parse_regex == NULL)
{
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL)
{
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
@ -126,7 +126,7 @@ int DetectFlowbitMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p
case DETECT_FLOWBITS_CMD_TOGGLE:
return DetectFlowbitMatchToggle(p,fd);
default:
printf("ERROR: DetectFlowbitMatch unknown cmd %" PRIu32 "\n", fd->cmd);
SCLogError(SC_ERR_UNKNOWN_VALUE, "unknown cmd %" PRIu32 "", fd->cmd);
return 0;
}
@ -145,14 +145,14 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 2 && ret != 3) {
printf("ERROR: \"%s\" is not a valid setting for flowbits.\n", rawstr);
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowbits.", rawstr);
return -1;
}
const char *str_ptr;
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
printf("DetectPcreSetup: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
return -1;
}
fb_cmd_str = (char *)str_ptr;
@ -160,7 +160,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
if (ret == 3) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
if (res < 0) {
printf("DetectPcreSetup: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
fb_name = (char *)str_ptr;
@ -179,7 +179,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
} else if (strcmp(fb_cmd_str,"toggle") == 0) {
fb_cmd = DETECT_FLOWBITS_CMD_TOGGLE;
} else {
printf("ERROR: flowbits action \"%s\" is not supported.\n", fb_cmd_str);
SCLogError(SC_ERR_UNKNOWN_VALUE, "ERROR: flowbits action \"%s\" is not supported.", fb_cmd_str);
goto error;
}
@ -201,7 +201,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
cd = malloc(sizeof(DetectFlowbitsData));
if (cd == NULL) {
printf("DetectFlowbitsSetup malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "DetectFlowbitsSetup malloc failed");
goto error;
}

20
src/detect-flowint.c
Unescape Escape View File

@ -48,14 +48,14 @@ void DetectFlowintRegister(void)
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if (parse_regex == NULL) {
SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s",
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s",
PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if (eb != NULL) {
SCLogDebug("pcre study failed: %s", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
@ -214,14 +214,14 @@ DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx,
ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr),
0, 0, ov, MAX_SUBSTRINGS);
if (ret < 3 || ret > 4) {
SCLogDebug("ERROR: \"%s\" is not a valid setting for flowint(ret = %d).", rawstr, ret);
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowint(ret = %d).", rawstr, ret);
return NULL;
}
/* Get our flowint varname */
res = pcre_get_substring((char *) rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
SCLogDebug("DetectFlowintParse: pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
return NULL;
}
varname =(char *) str_ptr;
@ -229,7 +229,7 @@ DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx,
res = pcre_get_substring((char *) rawstr, ov, MAX_SUBSTRINGS, 2,
&str_ptr);
if (res < 0) {
SCLogDebug("DetectFlowintParse: pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
return NULL;
}
@ -258,12 +258,14 @@ DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx,
if (strcmp("notset", str_ptr) == 0)
modifier = FLOWINT_MODIFIER_NOTSET;
if (modifier == FLOWINT_MODIFIER_UNKNOWN)
if (modifier == FLOWINT_MODIFIER_UNKNOWN) {
SCLogError(SC_ERR_UNKNOWN_VALUE, "Unknown modifier");
goto error;
}
sfd = malloc(sizeof(DetectFlowintData));
if (sfd == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "DetectFlowintSetup malloc failed");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}
@ -273,7 +275,7 @@ DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx,
&str_ptr);
varval =(char *) str_ptr;
if (res < 0 || strcmp(varval,"") == 0) {
SCLogDebug("DetectFlowintParse: pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
free(sfd);
return NULL;
}
@ -282,7 +284,7 @@ DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx,
*(it should be a value or another var) */
str = strdup(varval);
if (str == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "DetectFlowintSetup malloc from strdup failed");
SCLogError(SC_ERR_MEM_ALLOC, "malloc from strdup failed");
goto error;
}

12
src/detect-flowvar.c
Unescape Escape View File

@ -35,14 +35,14 @@ void DetectFlowvarRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if(parse_regex == NULL)
{
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL)
{
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
@ -93,14 +93,14 @@ int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 3) {
printf("ERROR: \"%s\" is not a valid setting for flowvar.\n", rawstr);
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowvar.", rawstr);
return -1;
}
const char *str_ptr;
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
printf("DetectPcreSetup: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
return -1;
}
varname = (char *)str_ptr;
@ -108,7 +108,7 @@ int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
if (ret > 2) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
if (res < 0) {
printf("DetectPcreSetup: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
return -1;
}
varcontent = (char *)str_ptr;
@ -130,7 +130,7 @@ int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
cd = malloc(sizeof(DetectFlowvarData));
if (cd == NULL) {
printf("DetectFlowvarSetup malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}

13
src/detect-fragbits.c
Unescape Escape View File

@ -13,6 +13,7 @@
#include "detect-fragbits.h"
#include "util-unittest.h"
#include "util-debug.h"
/**
* Regex
@ -54,14 +55,14 @@ void DetectFragBitsRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if(parse_regex == NULL)
{
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL)
{
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
@ -143,6 +144,7 @@ static DetectFragBitsData *DetectFragBitsParse (char *rawstr)
ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
}
@ -151,18 +153,21 @@ static DetectFragBitsData *DetectFragBitsParse (char *rawstr)
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS,i + 1, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[i] = (char *)str_ptr;
}
if(args[1] == NULL)
if(args[1] == NULL) {
SCLogError(SC_ERR_INVALID_VALUE, "invalid value");
goto error;
}
de = malloc(sizeof(DetectFragBitsData));
if (de == NULL) {
printf("DetectFragBitsSetup malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
goto error;
}

9
src/detect-gid.c
Unescape Escape View File

@ -13,6 +13,7 @@
#include "detect-gid.h"
#include "util-unittest.h"
#include "util-debug.h"
#define PARSE_REGEX "[0-9]+"
@ -39,14 +40,14 @@ void DetectGidRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if(parse_regex == NULL)
{
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL)
{
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
@ -74,14 +75,14 @@ static uint32_t DetectGidParse (char *rawstr)
uint32_t rc;
ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
return -1;
}
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 0, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
return -1;
}

4
src/detect-icmp-id.c
Unescape Escape View File

@ -44,13 +44,13 @@ void DetectIcmpIdRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if (parse_regex == NULL) {
SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if (eb != NULL) {
SCLogDebug("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
return;

8
src/detect-icode.c
Unescape Escape View File

@ -56,7 +56,7 @@ void DetectICodeRegister (void) {
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL)
{
SCLogError(SC_ERR_PCRE_COMPILE, "pcre study failed: %s", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
return;
@ -125,7 +125,7 @@ DetectICodeData *DetectICodeParse(char *icodestr) {
ret = pcre_exec(parse_regex, parse_regex_study, icodestr, strlen(icodestr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "DetectICodeParse: parse error");
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, icodestr);
goto error;
}
@ -134,7 +134,7 @@ DetectICodeData *DetectICodeParse(char *icodestr) {
for (i = 1; i < ret; i++) {
res = pcre_get_substring((char *)icodestr, ov, MAX_SUBSTRINGS, i, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "DetectICodeParse: pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[i-1] = (char *)str_ptr;
@ -153,7 +153,7 @@ DetectICodeData *DetectICodeParse(char *icodestr) {
if (strlen(args[0]) != 0) {
/* we have a third part ("<> y"), therefore it's invalid */
if (args[2] != NULL) {
SCLogInfo("icode: invalid value");
SCLogError(SC_ERR_INVALID_VALUE, "icode: invalid value");
goto error;
}
/* we have only a comparison ("<", ">") */

18
src/detect-id.c
Unescape Escape View File

@ -52,18 +52,18 @@ void DetectIdRegister (void) {
int eo;
int opts = 0;
SCLogDebug("detect-id: Registering id rule option\n");
SCLogDebug("registering id rule option");
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if (parse_regex == NULL) {
SCLogDebug("Compile of \"%s\" failed at offset %" PRId32 ": %s\n",
SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if (eb != NULL) {
SCLogDebug("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
return;
@ -125,8 +125,8 @@ DetectIdData *DetectIdParse (char *idstr)
ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 3) {
SCLogDebug("detect-id: invalid id option. The id option value must be"
" in the range %u - %u\n",
SCLogError(SC_ERR_PCRE_MATCH, "invalid id option. The id option value must be"
" in the range %u - %u",
DETECT_IPID_MIN, DETECT_IPID_MAX);
goto error;
}
@ -139,14 +139,14 @@ DetectIdData *DetectIdParse (char *idstr)
res = pcre_get_substring((char *)idstr, ov, MAX_SUBSTRINGS, 1,
&str_ptr);
if (res < 0) {
SCLogDebug("DetectIdParse: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
/* We have a correct id option */
id_d = malloc(sizeof(DetectIdData));
if (id_d == NULL) {
SCLogDebug("DetectIdParse malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}
@ -163,8 +163,8 @@ DetectIdData *DetectIdParse (char *idstr)
temp = atoi((char *)tmp_str);
if (temp > DETECT_IPID_MAX) {
SCLogDebug("detect-id: \"id\" option must be in "
"the range %u - %u\n",
SCLogError(SC_ERR_INVALID_VALUE, "\"id\" option must be in "
"the range %u - %u",
DETECT_IPID_MIN, DETECT_IPID_MAX);
free(orig);

9
src/detect-ipopts.c
Unescape Escape View File

@ -11,6 +11,8 @@
#include "flow-var.h"
#include "decode-events.h"
#include "util-debug.h"
/* Need to get the DIpOpts[] array */
#define DETECT_EVENTS
@ -44,14 +46,14 @@ void DetectIpOptsRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if(parse_regex == NULL)
{
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL)
{
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
return;
@ -122,6 +124,7 @@ DetectIpOptsData *DetectIpOptsParse (char *rawstr)
ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
}
@ -137,7 +140,7 @@ DetectIpOptsData *DetectIpOptsParse (char *rawstr)
de = malloc(sizeof(DetectIpOptsData));
if (de == NULL) {
printf("DetectIpOptsSetup malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}

16
src/detect-ipproto.c
Unescape Escape View File

@ -57,14 +57,14 @@ void DetectIPProtoRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if(parse_regex == NULL)
{
printf("DetectIPProtoRegister: pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL)
{
printf("DetectIPProtoRegister: pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
return;
@ -96,16 +96,14 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
ret = pcre_exec(parse_regex, parse_regex_study, optstr,
strlen(optstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 3) {
printf("DetectIPProtoParse: parse error, ret %" PRId32
", string %s\n", ret, optstr);
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, optstr);
goto error;
}
for (i = 0; i < (ret - 1); i++) {
res = pcre_get_substring((char *)optstr, ov, MAX_SUBSTRINGS,
i + 1, &str_ptr);
if (res < 0) {
printf("DetectIPProtoParse: pcre_get_substring failed "
"for arg %d\n", i + 1);
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[i] = (char *)str_ptr;
@ -114,7 +112,7 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
/* Initialize the data */
data = malloc(sizeof(DetectIPProtoData));
if (data == NULL) {
printf("DetectIPProtoParse: malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
goto error;
}
data->op = DETECT_IPPROTO_OP_EQ;
@ -129,14 +127,14 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
if (!isdigit(*(args[1]))) {
struct protoent *pent = getprotobyname(args[1]);
if (pent == NULL) {
printf("DetectIPProtoParse: Malformed protocol name: %s\n", str_ptr);
SCLogError(SC_ERR_INVALID_VALUE, "Malformed protocol name: %s", str_ptr);
goto error;
}
data->proto = (uint8_t)pent->p_proto;
}
else {
if (ByteExtractStringUint8(&data->proto, 10, 0, args[1]) <= 0) {
printf("DetectIPProtoParse: Malformed protocol number: %s\n", str_ptr);
SCLogError(SC_ERR_INVALID_VALUE, "Malformed protocol number: %s", str_ptr);
goto error;
}
}

22
src/detect-isdataat.c
Unescape Escape View File

@ -53,13 +53,13 @@ void DetectIsdataatRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if(parse_regex == NULL) {
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL) {
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
return;
@ -119,6 +119,7 @@ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr)
ret = pcre_exec(parse_regex, parse_regex_study, isdataatstr, strlen(isdataatstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, isdataatstr);
goto error;
}
@ -126,7 +127,7 @@ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr)
const char *str_ptr;
res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
printf("DetectIsdataatParse: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[0] = (char *)str_ptr;
@ -135,7 +136,7 @@ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr)
if (ret > 2) {
res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
if (res < 0) {
printf("DetectIsdataatParse: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[1] = (char *)str_ptr;
@ -143,7 +144,7 @@ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr)
if (ret > 3) {
res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
if (res < 0) {
printf("DetectIsdataatParse: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[2] = (char *)str_ptr;
@ -151,7 +152,7 @@ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr)
idad = malloc(sizeof(DetectIsdataatData));
if (idad == NULL) {
printf("DetectIsdataatParse malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}
@ -161,7 +162,7 @@ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr)
if (args[0] != NULL) {
if (ByteExtractStringUint16(&idad->dataat, 10,
strlen(args[0]), args[0]) < 0 ) {
printf("detect-isdataat: DetectIsdataatParse: isdataat out of range\n");
SCLogError(SC_ERR_INVALID_VALUE, "isdataat out of range");
free(idad);
idad=NULL;
goto error;
@ -221,7 +222,8 @@ int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha
SCLogDebug("set it in the last parsed content because it is relative to that content match");
if( m == NULL ) {
printf("detect-isdataat: No previous content, the flag 'relative' cant be used without content\n");
SCLogError(SC_ERR_INVALID_SIGNATURE, "No previous content, the flag "
"'relative' cant be used without content");
goto error;
} else {
SigMatch *pm = NULL;
@ -229,13 +231,13 @@ int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha
* SigMatch (it can be the same as this one) */
pm = DetectContentFindPrevApplicableSM(m);
if (pm == NULL) {
printf("DetectIsdataatSetup: Unknown previous keyword!\n");
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous keyword!");
return -1;
}
cd = (DetectContentData *)pm->ctx;
if (cd == NULL) {
printf("DetectIsdataatSetup: Unknown previous keyword!\n");
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous keyword!");
return -1;
}

8
src/detect-itype.c
Unescape Escape View File

@ -56,7 +56,7 @@ void DetectITypeRegister (void) {
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL)
{
SCLogError(SC_ERR_PCRE_COMPILE, "pcre study failed: %s", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
return;
@ -125,7 +125,7 @@ DetectITypeData *DetectITypeParse(char *itypestr) {
ret = pcre_exec(parse_regex, parse_regex_study, itypestr, strlen(itypestr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "DetectITypeParse: parse error");
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, itypestr);
goto error;
}
@ -134,7 +134,7 @@ DetectITypeData *DetectITypeParse(char *itypestr) {
for (i = 1; i < ret; i++) {
res = pcre_get_substring((char *)itypestr, ov, MAX_SUBSTRINGS, i, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "DetectITypeParse: pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[i-1] = (char *)str_ptr;
@ -153,7 +153,7 @@ DetectITypeData *DetectITypeParse(char *itypestr) {
if (strlen(args[0]) != 0) {
/* we have a third part ("<> y"), therefore it's invalid */
if (args[2] != NULL) {
SCLogInfo("itype: invalid value");
SCLogError(SC_ERR_INVALID_VALUE, "itype: invalid value");
goto error;
}
/* we have only a comparison ("<", ">") */

2
src/detect-msg.c
Unescape Escape View File

@ -40,7 +40,7 @@ int DetectMsgSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *ms
str[strlen(msgstr)-3] = '\0';
//printf("DetectMsgSetup: format hack applied: \'%s\'\n", str);
} else {
printf("DetectMsgSetup: format error \'%s\'\n", msgstr);
SCLogError(SC_ERR_INVALID_VALUE, "format error \'%s\'", msgstr);
goto error;
}

3
src/detect-noalert.c
Unescape Escape View File

@ -2,6 +2,7 @@
#include "suricata-common.h"
#include "detect.h"
#include "util-debug.h"
int DetectNoalertSetup (DetectEngineCtx *, Signature *, SigMatch *, char *);
@ -18,7 +19,7 @@ void DetectNoalertRegister (void) {
int DetectNoalertSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *nullstr)
{
if (nullstr != NULL) {
printf("DetectNoalertSetup: nocase has no value\n");
SCLogError(SC_ERR_INVALID_VALUE, "nocase has no value");
return -1;
}

4
src/detect-nocase.c
Unescape Escape View File

@ -9,6 +9,8 @@
#include "detect-uricontent.h"
#include "detect-pcre.h"
#include "util-debug.h"
int DetectNocaseSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *depthstr);
void DetectNocaseRegister (void) {
@ -27,7 +29,7 @@ int DetectNocaseSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
int ret = 0;
if (nullstr != NULL) {
printf("DetectNocaseSetup: nocase has no value\n");
SCLogError(SC_ERR_INVALID_VALUE, "nocase has no value");
return -1;
}

10
src/detect-parse.c
Unescape Escape View File

@ -189,14 +189,14 @@ void SigParsePrepare(void) {
config_pcre = pcre_compile(regexstr, opts, &eb, &eo, NULL);
if(config_pcre == NULL)
{
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", regexstr, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", regexstr, eo, eb);
exit(1);
}
config_pcre_extra = pcre_study(config_pcre, 0, &eb);
if(eb != NULL)
{
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
exit(1);
}
@ -206,14 +206,14 @@ void SigParsePrepare(void) {
option_pcre = pcre_compile(regexstr, opts, &eb, &eo, NULL);
if(option_pcre == NULL)
{
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", regexstr, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", regexstr, eo, eb);
exit(1);
}
option_pcre_extra = pcre_study(option_pcre, 0, &eb);
if(eb != NULL)
{
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
exit(1);
}
}
@ -236,7 +236,7 @@ int SigParseOptions(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *op
* 4: keyword w value, more options coming
*/
if (ret != 2 && ret != 3 && ret != 4) {
printf("pcre_exec failed: ret %" PRId32 ", optstr \"%s\"\n", ret, optstr);
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec failed: ret %" PRId32 ", optstr \"%s\"", ret, optstr);
goto error;
}

25
src/detect-pcre.c
Unescape Escape View File

@ -73,14 +73,14 @@ void DetectPcreRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if(parse_regex == NULL)
{
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL)
{
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
@ -88,14 +88,14 @@ void DetectPcreRegister (void) {
parse_capture_regex = pcre_compile(PARSE_CAPTURE_REGEX, opts, &eb, &eo, NULL);
if(parse_capture_regex == NULL)
{
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_CAPTURE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_CAPTURE_REGEX, eo, eb);
goto error;
}
parse_capture_regex_study = pcre_study(parse_capture_regex, 0, &eb);
if(eb != NULL)
{
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
return;
@ -251,6 +251,7 @@ DetectPcreData *DetectPcreParse (char *regexstr)
ret = pcre_exec(parse_regex, parse_regex_study, regexstr+pos, slen-pos, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 0) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error");
goto error;
}
@ -258,7 +259,7 @@ DetectPcreData *DetectPcreParse (char *regexstr)
const char *str_ptr;
res = pcre_get_substring((char *)regexstr+pos, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
printf("DetectPcreParse: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
return NULL;
}
re = (char *)str_ptr;
@ -266,7 +267,7 @@ DetectPcreData *DetectPcreParse (char *regexstr)
if (ret > 2) {
res = pcre_get_substring((char *)regexstr+pos, ov, MAX_SUBSTRINGS, 2, &str_ptr);
if (res < 0) {
printf("DetectPcreParse: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
return NULL;
}
op_ptr = op = (char *)str_ptr;
@ -276,7 +277,7 @@ DetectPcreData *DetectPcreParse (char *regexstr)
pd = malloc(sizeof(DetectPcreData));
if (pd == NULL) {
printf("DetectPcreParse: malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}
memset(pd, 0, sizeof(DetectPcreData));
@ -325,7 +326,7 @@ DetectPcreData *DetectPcreParse (char *regexstr)
pd->flags |= DETECT_PCRE_MATCH_LIMIT;
break;
default:
printf("DetectPcreParse: unknown regex modifier '%c'\n", *op);
SCLogError(SC_ERR_UNKNOWN_REGEX_MOD, "unknown regex modifier '%c'", *op);
goto error;
}
op++;
@ -336,13 +337,13 @@ DetectPcreData *DetectPcreParse (char *regexstr)
pd->re = pcre_compile(re, opts, &eb, &eo, NULL);
if(pd->re == NULL) {
printf("DetectPcreParse: pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", regexstr, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", regexstr, eo, eb);
goto error;
}
pd->sd = pcre_study(pd->re, 0, &eb);
if(eb != NULL) {
printf("DetectPcreParse: pcre study failed : %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed : %s", eb);
goto error;
}
@ -406,12 +407,12 @@ DetectPcreData *DetectPcreParseCapture(char *regexstr, DetectEngineCtx *de_ctx,
if (ret > 1) {
res = pcre_get_substring((char *)regexstr, ov, MAX_SUBSTRINGS, 1, &type_str_ptr);
if (res < 0) {
printf("DetectPcreParseCapture: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
res = pcre_get_substring((char *)regexstr, ov, MAX_SUBSTRINGS, 2, &capture_str_ptr);
if (res < 0) {
printf("DetectPcreParseCapture: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
}

12
src/detect-pktvar.c
Unescape Escape View File

@ -34,14 +34,14 @@ void DetectPktvarRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if(parse_regex == NULL)
{
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL)
{
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
@ -86,7 +86,7 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 3) {
printf("ERROR: \"%s\" is not a valid setting for pktvar.\n", rawstr);
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for pktvar.", rawstr);
return -1;
}
@ -94,7 +94,7 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
const char *str_ptr;
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
printf("DetectPcreSetup: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
return -1;
}
varname = (char *)str_ptr;
@ -102,7 +102,7 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
if (ret > 2) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
if (res < 0) {
printf("DetectPcreSetup: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
return -1;
}
varcontent = (char *)str_ptr;
@ -124,7 +124,7 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
cd = malloc(sizeof(DetectPktvarData));
if (cd == NULL) {
printf("DetectPktvarSetup malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}

8
src/detect-priority.c
Unescape Escape View File

@ -37,14 +37,14 @@ void DetectPriorityRegister (void)
regex = pcre_compile(DETECT_PRIORITY_REGEX, opts, &eb, &eo, NULL);
if (regex == NULL) {
SCLogDebug("Compile of \"%s\" failed at offset %" PRId32 ": %s",
SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
DETECT_PRIORITY_REGEX, eo, eb);
goto end;
}
regex_study = pcre_study(regex, 0, &eb);
if (eb != NULL) {
SCLogDebug("pcre study failed: %s", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto end;
}
@ -62,14 +62,14 @@ int DetectPrioritySetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha
ret = pcre_exec(regex, regex_study, rawstr, strlen(rawstr), 0, 0, ov, 30);
if (ret < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid Priority in Signature "
SCLogError(SC_ERR_PCRE_MATCH, "Invalid Priority in Signature "
"- %s", rawstr);
return -1;
}
ret = pcre_get_substring((char *)rawstr, ov, 30, 1, &prio_str);
if (ret < 0) {
SCLogInfo("pcre_get_substring() failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
return -1;
}

8
src/detect-rawbytes.c
Unescape Escape View File

@ -9,6 +9,8 @@
#include "detect-content.h"
#include "detect-pcre.h"
#include "util-debug.h"
int DetectRawbytesSetup (DetectEngineCtx *, Signature *, SigMatch *, char *);
void DetectRawbytesRegister (void) {
@ -27,7 +29,7 @@ int DetectRawbytesSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha
//printf("DetectRawbytesSetup: s->match:%p,m:%p\n", s->match, m);
if (nullstr != NULL) {
printf("DetectRawbytesSetup: nocase has no value\n");
SCLogError(SC_ERR_INVALID_VALUE, "nocase has no value");
return -1;
}
@ -44,10 +46,10 @@ int DetectRawbytesSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha
//printf("DetectRawbytesSetup: set nocase for previous content\n");
cd->flags |= DETECT_CONTENT_RAWBYTES;
} else {
printf("DetectRawbytesSetup: Unknown previous keyword!\n");
SCLogDebug("Unknown previous keyword!");
}
} else {
printf("DetectRawbytesSetup: No previous match!\n");
SCLogDebug("No previous match!");
}
return 0;

16
src/detect-rpc.c
Unescape Escape View File

@ -52,14 +52,14 @@ void DetectRpcRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if(parse_regex == NULL)
{
SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL)
{
SCLogDebug("pcre study failed: %s", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
return;
@ -150,14 +150,14 @@ DetectRpcData *DetectRpcParse (char *rpcstr)
ret = pcre_exec(parse_regex, parse_regex_study, rpcstr, strlen(rpcstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogDebug("DetectRpcParse: parse error, ret %" PRId32 ", string %s", ret, rpcstr);
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, rpcstr);
goto error;
}
if (ret > 1) {
const char *str_ptr;
res = pcre_get_substring((char *)rpcstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
SCLogDebug("DetectRpcParse: pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[0] = (char *)str_ptr;
@ -165,7 +165,7 @@ DetectRpcData *DetectRpcParse (char *rpcstr)
if (ret > 2) {
res = pcre_get_substring((char *)rpcstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
if (res < 0) {
SCLogDebug("DetectRpcParse: pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[1] = (char *)str_ptr;
@ -173,7 +173,7 @@ DetectRpcData *DetectRpcParse (char *rpcstr)
if (ret > 3) {
res = pcre_get_substring((char *)rpcstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
if (res < 0) {
SCLogDebug("DetectRpcParse: pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[2] = (char *)str_ptr;
@ -182,7 +182,7 @@ DetectRpcData *DetectRpcParse (char *rpcstr)
rd = malloc(sizeof(DetectRpcData));
if (rd == NULL) {
SCLogError(SC_ERR_MEM_ALLOC ,"DetectRpcParse malloc failed");
SCLogError(SC_ERR_MEM_ALLOC ,"malloc failed");
goto error;
}
rd->flags = 0;
@ -221,7 +221,7 @@ DetectRpcData *DetectRpcParse (char *rpcstr)
break;
}
} else {
SCLogDebug("invalid rpc option %s",args[i]);
SCLogError(SC_ERR_INVALID_VALUE, "invalid rpc option %s",args[i]);
goto error;
}
}

3
src/detect-seq.c
Unescape Escape View File

@ -21,6 +21,7 @@
#include "util-byte.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-debug.h"
static int DetectSeqSetup(DetectEngineCtx *, Signature *s, SigMatch *m,
char *sidstr);
@ -85,7 +86,7 @@ static int DetectSeqSetup (DetectEngineCtx *de_ctx, Signature *s,
data = malloc(sizeof(DetectSeqData));
if (data == NULL) {
printf("DetectSeqSetup: malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}

15
src/detect-stream_size.c
Unescape Escape View File

@ -45,13 +45,13 @@ void DetectStreamSizeRegister(void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if (parse_regex == NULL) {
SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if (eb != NULL) {
SCLogDebug("pcre study failed: %s", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
return;
@ -182,7 +182,7 @@ DetectStreamSizeData *DetectStreamSizeParse (char *streamstr) {
ret = pcre_exec(parse_regex, parse_regex_study, streamstr, strlen(streamstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 4) {
SCLogDebug("DetectStreamSizeSetup: parse error, ret %" PRId32 "", ret);
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, streamstr);
goto error;
}
@ -190,28 +190,28 @@ DetectStreamSizeData *DetectStreamSizeParse (char *streamstr) {
res = pcre_get_substring((char *)streamstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
SCLogDebug("DetectStreamSizeSetup: pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
arg = (char *)str_ptr;
res = pcre_get_substring((char *)streamstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
if (res < 0) {
SCLogDebug("DetectStreamSizeSetup: pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
mode = (char *)str_ptr;
res = pcre_get_substring((char *)streamstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
if (res < 0) {
SCLogDebug("DetectStreamSizeSetup: pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
value = (char *)str_ptr;
sd = malloc(sizeof(DetectStreamSizeData));
if (sd == NULL) {
SCLogDebug("DetectStreamSizeSetup malloc failed");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}
sd->ssize = 0;
@ -227,6 +227,7 @@ DetectStreamSizeData *DetectStreamSizeParse (char *streamstr) {
else if (strcmp("!=", mode)) sd->mode = DETECTSSIZE_NEQ;
else if (mode[0] == '=') sd->mode = DETECTSSIZE_EQ;
else {
SCLogError(SC_ERR_INVALID_OPERATOR, "Invalid operator");
goto error;
}

14
src/detect-threshold.c
Unescape Escape View File

@ -45,14 +45,14 @@ void DetectThresholdRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if (parse_regex == NULL)
{
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if (eb != NULL)
{
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
@ -112,12 +112,14 @@ static DetectThresholdData *DetectThresholdParse (char *rawstr)
ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 5)
if (ret < 5) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
}
de = malloc(sizeof(DetectThresholdData));
if (de == NULL) {
printf("DetectThresholdSetup malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}
@ -127,8 +129,10 @@ static DetectThresholdData *DetectThresholdParse (char *rawstr)
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS,i + 1, &str_ptr);
if (res < 0)
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[i] = (char *)str_ptr;

11
src/detect-tls-version.c
Unescape Escape View File

@ -61,14 +61,14 @@ void DetectTlsVersionRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if (parse_regex == NULL) {
SCLogDebug("Compile of \"%s\" failed at offset %" PRId32 ": %s",
SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if (eb != NULL) {
SCLogDebug("pcre study failed: %s", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
return;
@ -137,7 +137,7 @@ DetectTlsVersionData *DetectTlsVersionParse (char *str)
ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 3) {
SCLogDebug("invalid tls.version option");
SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.version option");
goto error;
}
@ -147,14 +147,14 @@ DetectTlsVersionData *DetectTlsVersionParse (char *str)
char *tmp_str;
res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
SCLogDebug("DetectTlsVersionParse: pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
/* We have a correct id option */
tls = malloc(sizeof(DetectTlsVersionData));
if (tls == NULL) {
SCLogDebug("DetectTlsVersionParse malloc failed");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}
@ -174,6 +174,7 @@ DetectTlsVersionData *DetectTlsVersionParse (char *str)
} else if (strcmp("1.2", tmp_str) == 0) {
temp = TLS_VERSION_12;
} else {
SCLogError(SC_ERR_INVALID_VALUE, "Invalid value");
goto error;
}

14
src/detect-ttl.c
Unescape Escape View File

@ -43,13 +43,13 @@ void DetectTtlRegister(void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if (parse_regex == NULL) {
SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if (eb != NULL) {
SCLogDebug("pcre study failed: %s", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
return;
@ -119,14 +119,14 @@ DetectTtlData *DetectTtlParse (char *ttlstr) {
ret = pcre_exec(parse_regex, parse_regex_study, ttlstr, strlen(ttlstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 2 || ret > 4) {
SCLogDebug("DetectTtlSetup: parse error, ret %" PRId32 "", ret);
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
goto error;
}
const char *str_ptr;
res = pcre_get_substring((char *) ttlstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
SCLogDebug("DetectTtlSetup: pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
arg1 = (char *) str_ptr;
@ -134,7 +134,7 @@ DetectTtlData *DetectTtlParse (char *ttlstr) {
res = pcre_get_substring((char *) ttlstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
if (res < 0) {
SCLogDebug("DetectTtlSetup: pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
arg2 = (char *) str_ptr;
@ -142,7 +142,7 @@ DetectTtlData *DetectTtlParse (char *ttlstr) {
res = pcre_get_substring((char *) ttlstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
if (res < 0) {
SCLogDebug("DetectTtlSetup: pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
arg3 = (char *) str_ptr;
@ -150,7 +150,7 @@ DetectTtlData *DetectTtlParse (char *ttlstr) {
ttld = malloc(sizeof (DetectTtlData));
if (ttld == NULL) {
SCLogDebug("DetectTtlSetup malloc failed");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}
ttld->ttl1 = 0;

11
src/detect-window.c
Unescape Escape View File

@ -53,14 +53,14 @@ void DetectWindowRegister (void) {
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if(parse_regex == NULL)
{
printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error;
}
parse_regex_study = pcre_study(parse_regex, 0, &eb);
if(eb != NULL)
{
printf("pcre study failed: %s\n", eb);
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error;
}
return;
@ -114,12 +114,13 @@ DetectWindowData *DetectWindowParse(char *windowstr) {
ret = pcre_exec(parse_regex, parse_regex_study, windowstr, strlen(windowstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 3) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, windowstr);
goto error;
}
wd = malloc(sizeof(DetectWindowData));
if (wd == NULL) {
printf("DetectWindowParse malloc failed\n");
SCLogError(SC_ERR_MEM_ALLOC, "malloc failed");
goto error;
}
@ -128,7 +129,7 @@ DetectWindowData *DetectWindowParse(char *windowstr) {
const char *str_ptr;
res = pcre_get_substring((char *)windowstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
printf("DetectWindowParse: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[0] = (char *)str_ptr;
@ -141,7 +142,7 @@ DetectWindowData *DetectWindowParse(char *windowstr) {
if (ret > 2) {
res = pcre_get_substring((char *)windowstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
if (res < 0) {
printf("DetectWindowParse: pcre_get_substring failed\n");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}

7
src/util-error.c
Unescape Escape View File

@ -71,8 +71,11 @@ const char * SCErrorToString(SCError err)
CASE_CODE (SC_ERR_DEPTH_MISSING_CONTENT);
CASE_CODE (SC_ERR_OFFSET_MISSING_CONTENT);
CASE_CODE (SC_ERR_NO_URICONTENT_NEGATION);
CASE_CODE (SC_ERR_HASH_TABLE_INIT);
CASE_CODE (SC_ERR_STAT);
CASE_CODE (SC_ERR_LOGDIR_CONFIG);
CASE_CODE (SC_ERR_LOGDIR_CMDLINE);
CASE_CODE (SC_ERR_RADIX_TREE_GENERIC);
CASE_CODE (SC_ERR_MISSING_QUOTE);
CASE_CODE (SC_ERR_UNKNOWN_PROTOCOL);
CASE_CODE (SC_ERR_UNKNOWN_RUN_MODE);
@ -88,6 +91,10 @@ const char * SCErrorToString(SCError err)
CASE_CODE (SC_ERR_BPF);
CASE_CODE (SC_ERR_PCAP_DISPATCH);
CASE_CODE (SC_ERR_MISSING_CONFIG_PARAM);
CASE_CODE (SC_ERR_UNKNOWN_VALUE);
CASE_CODE (SC_ERR_INVALID_VALUE);
CASE_CODE (SC_ERR_UNKNOWN_REGEX_MOD);
CASE_CODE (SC_ERR_INVALID_OPERATOR);
default:
return "UNKNOWN_ERROR";
}

4
src/util-error.h
Unescape Escape View File

@ -110,6 +110,10 @@ typedef enum {
SC_ERR_BPF,
SC_ERR_PCAP_DISPATCH,
SC_ERR_BYTE_EXTRACT_FAILED,
SC_ERR_UNKNOWN_VALUE,
SC_ERR_INVALID_VALUE,
SC_ERR_UNKNOWN_REGEX_MOD,
SC_ERR_INVALID_OPERATOR,
} SCError;
const char *SCErrorToString(SCError);

Write Preview
Loading…
Cancel
Save