aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve error detection in the port and address parsing in signatures. Bug #295.

Browse Source
remotes/origin/master-1.1.x
Victor Julien 14 years ago
parent ba6bada155
commit bfff14aa78
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File

26
src/detect-engine-address.c
Unescape Escape View File

@ -970,6 +970,13 @@ int DetectAddressParse2(DetectAddressHead *gh, DetectAddressHead *ghn, char *s,
SC_RULE_VARS_ADDRESS_GROUPS);
if (rule_var_address == NULL)
goto error;
if (strlen(rule_var_address) == 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
"to nothing. This is likely a misconfiguration. "
"Note that a negated address needs to be quoted, "
"\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
goto error;
}
temp_rule_var_address = rule_var_address;
if ((negate + n_set) % 2) {
temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
@ -1012,6 +1019,13 @@ int DetectAddressParse2(DetectAddressHead *gh, DetectAddressHead *ghn, char *s,
SC_RULE_VARS_ADDRESS_GROUPS);
if (rule_var_address == NULL)
goto error;
if (strlen(rule_var_address) == 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
"to nothing. This is likely a misconfiguration. "
"Note that a negated address needs to be quoted, "
"\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
goto error;
}
temp_rule_var_address = rule_var_address;
if ((negate + n_set) % 2) {
temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
@ -1038,6 +1052,18 @@ int DetectAddressParse2(DetectAddressHead *gh, DetectAddressHead *ghn, char *s,
}
}
if (depth > 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
"properly closed in \"%s\", %d missing closing brackets (]). "
"Note: problem might be in a variable.", s, depth);
goto error;
} else if (depth < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
"properly opened in \"%s\", %d missing opening brackets ([). "
"Note: problem might be in a variable.", s, depth*-1);
goto error;
}
return 0;
error:

28
src/detect-engine-port.c
Unescape Escape View File

@ -1059,6 +1059,13 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,
SC_RULE_VARS_PORT_GROUPS);
if (rule_var_port == NULL)
goto error;
if (strlen(rule_var_port) == 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
"to nothing. This is likely a misconfiguration. "
"Note that a negated port needs to be quoted, "
"\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.", s);
goto error;
}
temp_rule_var_port = rule_var_port;
if (negate == 1 || n_set == 1) {
temp_rule_var_port = SCMalloc(strlen(rule_var_port) + 3);
@ -1108,6 +1115,13 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,
SC_RULE_VARS_PORT_GROUPS);
if (rule_var_port == NULL)
goto error;
if (strlen(rule_var_port) == 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
"to nothing. This is likely a misconfiguration. "
"Note that a negated port needs to be quoted, "
"\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.", s);
goto error;
}
temp_rule_var_port = rule_var_port;
if ((negate + n_set) % 2) {
temp_rule_var_port = SCMalloc(strlen(rule_var_port) + 3);
@ -1137,8 +1151,20 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,
}
}
if (depth > 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not every port block was "
"properly closed in \"%s\", %d missing closing brackets (]). "
"Note: problem might be in a variable.", s, depth);
goto error;
} else if (depth < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not every port block was "
"properly opened in \"%s\", %d missing opening brackets ([). "
"Note: problem might be in a variable.", s, depth*-1);
goto error;
}
return 0;
error:
error:
return -1;
}

Write Preview
Loading…
Cancel
Save