From bfff14aa784e8d9d70713e6197cc69c97e6477c7 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Tue, 25 Oct 2011 21:41:08 +0200
Subject: [PATCH] Improve error detection in the port and address parsing in
 signatures. Bug #295.

---
 src/detect-engine-address.c | 26 ++++++++++++++++++++++++++
 src/detect-engine-port.c    | 28 +++++++++++++++++++++++++++-
 2 files changed, 53 insertions(+), 1 deletion(-)

diff --git a/src/detect-engine-address.c b/src/detect-engine-address.c
index 738d1f12a0..ed9084102d 100644
--- a/src/detect-engine-address.c
+++ b/src/detect-engine-address.c
@@ -970,6 +970,13 @@ int DetectAddressParse2(DetectAddressHead *gh, DetectAddressHead *ghn, char *s,
                                                         SC_RULE_VARS_ADDRESS_GROUPS);
                 if (rule_var_address == NULL)
                     goto error;
+                if (strlen(rule_var_address) == 0) {
+                    SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
+                            "to nothing. This is likely a misconfiguration. "
+                            "Note that a negated address needs to be quoted, "
+                            "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
+                    goto error;
+                }
                 temp_rule_var_address = rule_var_address;
                 if ((negate + n_set) % 2) {
                     temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
@@ -1012,6 +1019,13 @@ int DetectAddressParse2(DetectAddressHead *gh, DetectAddressHead *ghn, char *s,
                                                         SC_RULE_VARS_ADDRESS_GROUPS);
                 if (rule_var_address == NULL)
                     goto error;
+                if (strlen(rule_var_address) == 0) {
+                    SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
+                            "to nothing. This is likely a misconfiguration. "
+                            "Note that a negated address needs to be quoted, "
+                            "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
+                    goto error;
+                }
                 temp_rule_var_address = rule_var_address;
                 if ((negate + n_set) % 2) {
                     temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
@@ -1038,6 +1052,18 @@ int DetectAddressParse2(DetectAddressHead *gh, DetectAddressHead *ghn, char *s,
         }
     }
 
+    if (depth > 0) {
+        SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
+                "properly closed in \"%s\", %d missing closing brackets (]). "
+                "Note: problem might be in a variable.", s, depth);
+        goto error;
+    } else if (depth < 0) {
+        SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
+                "properly opened in \"%s\", %d missing opening brackets ([). "
+                "Note: problem might be in a variable.", s, depth*-1);
+        goto error;
+    }
+
     return 0;
 
 error:
diff --git a/src/detect-engine-port.c b/src/detect-engine-port.c
index cdcdb8a878..53181dfa1a 100644
--- a/src/detect-engine-port.c
+++ b/src/detect-engine-port.c
@@ -1059,6 +1059,13 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,
                                                      SC_RULE_VARS_PORT_GROUPS);
                 if (rule_var_port == NULL)
                     goto error;
+                if (strlen(rule_var_port) == 0) {
+                    SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
+                            "to nothing. This is likely a misconfiguration. "
+                            "Note that a negated port needs to be quoted, "
+                            "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.", s);
+                    goto error;
+                }
                 temp_rule_var_port = rule_var_port;
                 if (negate == 1 || n_set == 1) {
                     temp_rule_var_port = SCMalloc(strlen(rule_var_port) + 3);
@@ -1108,6 +1115,13 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,
                                                      SC_RULE_VARS_PORT_GROUPS);
                 if (rule_var_port == NULL)
                     goto error;
+                if (strlen(rule_var_port) == 0) {
+                    SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
+                            "to nothing. This is likely a misconfiguration. "
+                            "Note that a negated port needs to be quoted, "
+                            "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.", s);
+                    goto error;
+                }
                 temp_rule_var_port = rule_var_port;
                 if ((negate + n_set) % 2) {
                     temp_rule_var_port = SCMalloc(strlen(rule_var_port) + 3);
@@ -1137,8 +1151,20 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,
         }
     }
 
+    if (depth > 0) {
+        SCLogError(SC_ERR_INVALID_SIGNATURE, "not every port block was "
+                "properly closed in \"%s\", %d missing closing brackets (]). "
+                "Note: problem might be in a variable.", s, depth);
+        goto error;
+    } else if (depth < 0) {
+        SCLogError(SC_ERR_INVALID_SIGNATURE, "not every port block was "
+                "properly opened in \"%s\", %d missing opening brackets ([). "
+                "Note: problem might be in a variable.", s, depth*-1);
+        goto error;
+    }
+
     return 0;
- error:
+error:
     return -1;
 }