Various fixes and improvements based on feedback by Coverity analyzer.

remotes/origin/HEAD
Victor Julien 14 years ago
parent 4b2d94a841
commit cdba2f50d1

@ -286,11 +286,11 @@ static int Unified2ForgeFakeIPv4Header(FakeIPv4Hdr *fakehdr, Packet *p, int pkt_
fakehdr->ip4h.ip_verhl = p->ip4h->ip_verhl; fakehdr->ip4h.ip_verhl = p->ip4h->ip_verhl;
fakehdr->ip4h.ip_proto = p->ip4h->ip_proto; fakehdr->ip4h.ip_proto = p->ip4h->ip_proto;
if (! invert) { if (! invert) {
fakehdr->ip4h.ip_src.s_addr = p->ip4h->ip_src.s_addr; fakehdr->ip4h.s_ip_src.s_addr = p->ip4h->s_ip_src.s_addr;
fakehdr->ip4h.ip_dst.s_addr = p->ip4h->ip_dst.s_addr; fakehdr->ip4h.s_ip_dst.s_addr = p->ip4h->s_ip_dst.s_addr;
} else { } else {
fakehdr->ip4h.ip_dst.s_addr = p->ip4h->ip_src.s_addr; fakehdr->ip4h.s_ip_dst.s_addr = p->ip4h->s_ip_src.s_addr;
fakehdr->ip4h.ip_src.s_addr = p->ip4h->ip_dst.s_addr; fakehdr->ip4h.s_ip_src.s_addr = p->ip4h->s_ip_dst.s_addr;
} }
fakehdr->ip4h.ip_len = htons((uint16_t)pkt_len); fakehdr->ip4h.ip_len = htons((uint16_t)pkt_len);
@ -317,10 +317,10 @@ static int Unified2ForgeFakeIPv6Header(FakeIPv6Hdr *fakehdr, Packet *p, int pkt_
fakehdr->ip6h.s_ip6_nxt = IPPROTO_TCP; fakehdr->ip6h.s_ip6_nxt = IPPROTO_TCP;
fakehdr->ip6h.s_ip6_plen = htons(sizeof(TCPHdr)); fakehdr->ip6h.s_ip6_plen = htons(sizeof(TCPHdr));
if (!invert) { if (!invert) {
memcpy(fakehdr->ip6h.ip6_src, p->ip6h->ip6_src, 32); memcpy(fakehdr->ip6h.s_ip6_addrs, p->ip6h->s_ip6_addrs, 32);
} else { } else {
memcpy(fakehdr->ip6h.ip6_src, p->ip6h->ip6_dst, 16); memcpy(fakehdr->ip6h.s_ip6_src, p->ip6h->s_ip6_dst, 16);
memcpy(fakehdr->ip6h.ip6_dst, p->ip6h->ip6_src, 16); memcpy(fakehdr->ip6h.s_ip6_dst, p->ip6h->s_ip6_src, 16);
} }
if (! invert) { if (! invert) {
fakehdr->tcph.th_sport = p->tcph->th_sport; fakehdr->tcph.th_sport = p->tcph->th_sport;
@ -387,8 +387,8 @@ static int Unified2StreamTypeAlertIPv4 (Unified2AlertThread *aun,
fakehdr.ip4h.ip_verhl = p->ip4h->ip_verhl; fakehdr.ip4h.ip_verhl = p->ip4h->ip_verhl;
fakehdr.ip4h.ip_proto = p->ip4h->ip_proto; fakehdr.ip4h.ip_proto = p->ip4h->ip_proto;
fakehdr.ip4h.ip_src.s_addr = p->ip4h->ip_src.s_addr; fakehdr.ip4h.s_ip_src.s_addr = p->ip4h->s_ip_src.s_addr;
fakehdr.ip4h.ip_dst.s_addr = p->ip4h->ip_dst.s_addr; fakehdr.ip4h.s_ip_dst.s_addr = p->ip4h->s_ip_dst.s_addr;
fakehdr.ip4h.ip_len = htons((uint16_t)pkt_len); fakehdr.ip4h.ip_len = htons((uint16_t)pkt_len);
fakehdr.tcph.th_sport = p->tcph->th_sport; fakehdr.tcph.th_sport = p->tcph->th_sport;
@ -487,12 +487,13 @@ static int Unified2StreamTypeAlertIPv6 (Unified2AlertThread *aun,
fakehdr.ethh.eth_type = htons(ETHERNET_TYPE_IPV6); fakehdr.ethh.eth_type = htons(ETHERNET_TYPE_IPV6);
if (p->ethh != NULL) { if (p->ethh != NULL) {
memcpy(&fakehdr.ethh.eth_dst, p->ethh->eth_dst, 12); memcpy(&fakehdr.ethh.eth_src, p->ethh->eth_src, 6);
memcpy(&fakehdr.ethh.eth_dst, p->ethh->eth_dst, 6);
} }
fakehdr.ip6h.s_ip6_vfc = p->ip6h->s_ip6_vfc; fakehdr.ip6h.s_ip6_vfc = p->ip6h->s_ip6_vfc;
fakehdr.ip6h.s_ip6_nxt = IPPROTO_TCP; fakehdr.ip6h.s_ip6_nxt = IPPROTO_TCP;
fakehdr.ip6h.s_ip6_plen = htons(sizeof(TCPHdr) + stream_msg->data.data_len); fakehdr.ip6h.s_ip6_plen = htons(sizeof(TCPHdr) + stream_msg->data.data_len);
memcpy(&fakehdr.ip6h.ip6_src, p->ip6h->ip6_src, 32); memcpy(&fakehdr.ip6h.s_ip6_addrs, p->ip6h->s_ip6_addrs, 32);
fakehdr.tcph.th_sport = p->tcph->th_sport; fakehdr.tcph.th_sport = p->tcph->th_sport;
fakehdr.tcph.th_dport = p->tcph->th_dport; fakehdr.tcph.th_dport = p->tcph->th_dport;
fakehdr.tcph.th_offx2 = 0x50; /* just the TCP header, no options */ fakehdr.tcph.th_offx2 = 0x50; /* just the TCP header, no options */
@ -573,12 +574,12 @@ static int Unified2PrintStreamSegmentCallback(Packet *p, void *data, uint8_t *bu
if (PKT_IS_IPV6(p)) { if (PKT_IS_IPV6(p)) {
FakeIPv6Hdr *fakehdr = (FakeIPv6Hdr *)aun->iphdr; FakeIPv6Hdr *fakehdr = (FakeIPv6Hdr *)aun->iphdr;
fakehdr->tcph.th_sum = TCPV6CalculateChecksum( fakehdr->tcph.th_sum = TCPV6CalculateChecksum(
(uint16_t *)&(fakehdr->ip6h.ip6_src), fakehdr->ip6h.s_ip6_addrs,
(uint16_t *)&fakehdr->tcph, buflen + sizeof(TCPHdr)); (uint16_t *)&fakehdr->tcph, buflen + sizeof(TCPHdr));
} else { } else {
FakeIPv4Hdr *fakehdr = (FakeIPv4Hdr *)aun->iphdr; FakeIPv4Hdr *fakehdr = (FakeIPv4Hdr *)aun->iphdr;
fakehdr->tcph.th_sum = TCPCalculateChecksum( fakehdr->tcph.th_sum = TCPCalculateChecksum(
(uint16_t *)&(fakehdr->ip4h.ip_src), fakehdr->ip4h.s_ip_addrs,
(uint16_t *)&fakehdr->tcph, buflen + sizeof(TCPHdr)); (uint16_t *)&fakehdr->tcph, buflen + sizeof(TCPHdr));
fakehdr->ip4h.ip_csum = IPV4CalculateChecksum( fakehdr->ip4h.ip_csum = IPV4CalculateChecksum(
(uint16_t *)&fakehdr->ip4h, (uint16_t *)&fakehdr->ip4h,
@ -905,8 +906,8 @@ int Unified2IPv6TypeAlert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq
SCMutexLock(&aun->file_ctx->fp_mutex); SCMutexLock(&aun->file_ctx->fp_mutex);
if ((aun->file_ctx->size_current +(sizeof(hdr) + sizeof(*phdr))) > aun->file_ctx->size_limit) { if ((aun->file_ctx->size_current +(sizeof(hdr) + sizeof(*phdr))) > aun->file_ctx->size_limit) {
if (Unified2AlertRotateFile(t,aun) < 0) { if (Unified2AlertRotateFile(t,aun) < 0) {
SCMutexUnlock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += i; aun->file_ctx->alerts += i;
SCMutexUnlock(&aun->file_ctx->fp_mutex);
return -1; return -1;
} }
} }
@ -919,15 +920,17 @@ int Unified2IPv6TypeAlert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq
ret = Unified2PacketTypeAlert(aun, p, pa->alert_msg, phdr->event_id, pa->flags & PACKET_ALERT_FLAG_STATE_MATCH ? 1 : 0); ret = Unified2PacketTypeAlert(aun, p, pa->alert_msg, phdr->event_id, pa->flags & PACKET_ALERT_FLAG_STATE_MATCH ? 1 : 0);
if (ret != 1) { if (ret != 1) {
SCLogError(SC_ERR_FWRITE, "Error: fwrite failed: %s", strerror(errno)); SCLogError(SC_ERR_FWRITE, "Error: fwrite failed: %s", strerror(errno));
SCMutexUnlock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += i; aun->file_ctx->alerts += i;
SCMutexUnlock(&aun->file_ctx->fp_mutex);
return -1; return -1;
} }
fflush(aun->file_ctx->fp); fflush(aun->file_ctx->fp);
SCMutexUnlock(&aun->file_ctx->fp_mutex); SCMutexUnlock(&aun->file_ctx->fp_mutex);
} }
aun->file_ctx->alerts += p->alerts.cnt;
SCMutexLock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += p->alerts.cnt;
SCMutexUnlock(&aun->file_ctx->fp_mutex);
return 0; return 0;
} }
@ -972,8 +975,8 @@ int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *p
gphdr.event_id = 0; gphdr.event_id = 0;
gphdr.event_second = htonl(p->ts.tv_sec); gphdr.event_second = htonl(p->ts.tv_sec);
gphdr.event_microsecond = htonl(p->ts.tv_usec); gphdr.event_microsecond = htonl(p->ts.tv_usec);
gphdr.src_ip = p->ip4h->ip_src.s_addr; gphdr.src_ip = p->ip4h->s_ip_src.s_addr;
gphdr.dst_ip = p->ip4h->ip_dst.s_addr; gphdr.dst_ip = p->ip4h->s_ip_dst.s_addr;
gphdr.protocol = IPV4_GET_RAW_IPPROTO(p->ip4h); gphdr.protocol = IPV4_GET_RAW_IPPROTO(p->ip4h);
@ -1039,8 +1042,8 @@ int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *p
if ((aun->file_ctx->size_current +(sizeof(hdr) + sizeof(*phdr))) > aun->file_ctx->size_limit) { if ((aun->file_ctx->size_current +(sizeof(hdr) + sizeof(*phdr))) > aun->file_ctx->size_limit) {
if (Unified2AlertRotateFile(tv,aun) < 0) { if (Unified2AlertRotateFile(tv,aun) < 0) {
SCMutexUnlock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += i; aun->file_ctx->alerts += i;
SCMutexUnlock(&aun->file_ctx->fp_mutex);
return -1; return -1;
} }
} }
@ -1056,15 +1059,17 @@ int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *p
ret = Unified2PacketTypeAlert(aun, p, pa->alert_msg, event_id, pa->flags & PACKET_ALERT_FLAG_STATE_MATCH ? 1 : 0); ret = Unified2PacketTypeAlert(aun, p, pa->alert_msg, event_id, pa->flags & PACKET_ALERT_FLAG_STATE_MATCH ? 1 : 0);
if (ret != 1) { if (ret != 1) {
SCLogError(SC_ERR_FWRITE, "Error: PacketTypeAlert writing failed"); SCLogError(SC_ERR_FWRITE, "Error: PacketTypeAlert writing failed");
SCMutexUnlock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += i; aun->file_ctx->alerts += i;
SCMutexUnlock(&aun->file_ctx->fp_mutex);
return -1; return -1;
} }
fflush(aun->file_ctx->fp); fflush(aun->file_ctx->fp);
SCMutexUnlock(&aun->file_ctx->fp_mutex); SCMutexUnlock(&aun->file_ctx->fp_mutex);
} }
aun->file_ctx->alerts += p->alerts.cnt;
SCMutexLock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += p->alerts.cnt;
SCMutexUnlock(&aun->file_ctx->fp_mutex);
return 0; return 0;
} }

@ -2413,7 +2413,7 @@ int HTPParserTest01(void) {
table_iterator_reset(tx->request_headers); table_iterator_reset(tx->request_headers);
table_iterator_next(tx->request_headers, (void **) & h); table_iterator_next(tx->request_headers, (void **) & h);
if (htp_state->connp == NULL || strcmp(bstr_tocstr(h->value), "Victor/1.0") if (strcmp(bstr_tocstr(h->value), "Victor/1.0")
|| tx->request_method_number != M_POST || || tx->request_method_number != M_POST ||
tx->request_protocol_number != HTTP_1_0) tx->request_protocol_number != HTTP_1_0)
{ {
@ -2537,7 +2537,7 @@ int HTPParserTest03(void) {
table_iterator_reset(tx->request_headers); table_iterator_reset(tx->request_headers);
table_iterator_next(tx->request_headers, (void **) & h); table_iterator_next(tx->request_headers, (void **) & h);
if (htp_state->connp == NULL || tx->request_method_number != M_UNKNOWN || if (tx->request_method_number != M_UNKNOWN ||
h != NULL || tx->request_protocol_number != HTTP_1_0) h != NULL || tx->request_protocol_number != HTTP_1_0)
{ {
printf("expected method M_UNKNOWN and got %s: , expected protocol " printf("expected method M_UNKNOWN and got %s: , expected protocol "
@ -2594,7 +2594,7 @@ int HTPParserTest04(void) {
table_iterator_reset(tx->request_headers); table_iterator_reset(tx->request_headers);
table_iterator_next(tx->request_headers, (void **) & h); table_iterator_next(tx->request_headers, (void **) & h);
if (htp_state->connp == NULL || tx->request_method_number != M_UNKNOWN || if (tx->request_method_number != M_UNKNOWN ||
h != NULL || tx->request_protocol_number != PROTOCOL_UNKNOWN) h != NULL || tx->request_protocol_number != PROTOCOL_UNKNOWN)
{ {
printf("expected method M_UNKNOWN and got %s: , expected protocol " printf("expected method M_UNKNOWN and got %s: , expected protocol "
@ -2701,7 +2701,7 @@ int HTPParserTest05(void) {
table_iterator_reset(tx->request_headers); table_iterator_reset(tx->request_headers);
table_iterator_next(tx->request_headers, (void **) & h); table_iterator_next(tx->request_headers, (void **) & h);
if (http_state->connp == NULL || tx->request_method_number != M_POST || if (tx->request_method_number != M_POST ||
h == NULL || tx->request_protocol_number != HTTP_1_0) h == NULL || tx->request_protocol_number != HTTP_1_0)
{ {
printf("expected method M_POST and got %s: , expected protocol " printf("expected method M_POST and got %s: , expected protocol "
@ -2815,7 +2815,7 @@ int HTPParserTest06(void) {
table_iterator_reset(tx->request_headers); table_iterator_reset(tx->request_headers);
table_iterator_next(tx->request_headers, (void **) & h); table_iterator_next(tx->request_headers, (void **) & h);
if (http_state->connp == NULL || tx->request_method_number != M_GET || if (tx->request_method_number != M_GET ||
h == NULL || tx->request_protocol_number != HTTP_1_1) h == NULL || tx->request_protocol_number != HTTP_1_1)
{ {
printf("expected method M_GET and got %s: , expected protocol " printf("expected method M_GET and got %s: , expected protocol "

@ -1485,7 +1485,7 @@ static AppLayerProbingParserElement *
AppLayerDuplicateAppLayerProbingParserElement(AppLayerProbingParserElement *pe) AppLayerDuplicateAppLayerProbingParserElement(AppLayerProbingParserElement *pe)
{ {
AppLayerProbingParserElement *new_pe = SCMalloc(sizeof(AppLayerProbingParserElement)); AppLayerProbingParserElement *new_pe = SCMalloc(sizeof(AppLayerProbingParserElement));
if (pe == NULL) { if (new_pe == NULL) {
return NULL; return NULL;
} }

@ -671,7 +671,7 @@ ConfNode *ConfNodeLookupKeyValue(ConfNode *base, const char *key, const char *va
ConfNode *child; ConfNode *child;
TAILQ_FOREACH(child, &base->head, next) { TAILQ_FOREACH(child, &base->head, next) {
if (!strncmp(child->val, key, sizeof(child->val))) { if (!strncmp(child->val, key, strlen(child->val))) {
ConfNode *subchild; ConfNode *subchild;
TAILQ_FOREACH(subchild, &child->head, next) { TAILQ_FOREACH(subchild, &child->head, next) {
if ((!strcmp(subchild->name, key)) && (!strcmp(subchild->val, value))) { if ((!strcmp(subchild->name, key)) && (!strcmp(subchild->val, value))) {
@ -844,7 +844,7 @@ ConfTestGetInt(void)
return 0; return 0;
if (ConfGetInt(name, &val) != 1) if (ConfGetInt(name, &val) != 1)
return 0; return 0;
return 1;
if (val != 0) if (val != 0)
return 0; return 0;

@ -187,7 +187,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE); ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else { } else {
/* parse IP header plus 64 bytes */ /* parse IP header plus 64 bytes */
if (len >= ICMPV4_HEADER_PKT_OFFSET) { if (len > ICMPV4_HEADER_PKT_OFFSET) {
DecodePartialIPV4( p, (uint8_t *)(pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET ); DecodePartialIPV4( p, (uint8_t *)(pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET );
/* ICMP ICMP_DEST_UNREACH influence TCP/UDP flows */ /* ICMP ICMP_DEST_UNREACH influence TCP/UDP flows */
@ -215,7 +215,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE); ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else { } else {
// parse IP header plus 64 bytes // parse IP header plus 64 bytes
if (len >= ICMPV4_HEADER_PKT_OFFSET) if (len > ICMPV4_HEADER_PKT_OFFSET)
DecodePartialIPV4( p, (uint8_t*) (pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET ); DecodePartialIPV4( p, (uint8_t*) (pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET );
} }
break; break;
@ -233,7 +233,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE); ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else { } else {
// parse IP header plus 64 bytes // parse IP header plus 64 bytes
if (len >= ICMPV4_HEADER_PKT_OFFSET) if (len > ICMPV4_HEADER_PKT_OFFSET)
DecodePartialIPV4( p, (uint8_t*) (pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET ); DecodePartialIPV4( p, (uint8_t*) (pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET );
} }
break; break;
@ -243,7 +243,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE); ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else { } else {
// parse IP header plus 64 bytes // parse IP header plus 64 bytes
if (len >= ICMPV4_HEADER_PKT_OFFSET) if (len > ICMPV4_HEADER_PKT_OFFSET)
DecodePartialIPV4( p, (uint8_t*) (pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET ); DecodePartialIPV4( p, (uint8_t*) (pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET );
} }
break; break;
@ -341,8 +341,8 @@ static int DecodeICMPV4test01(void) {
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");; p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");; p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h; p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
@ -392,8 +392,8 @@ static int DecodeICMPV4test02(void) {
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");; p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");; p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h; p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
@ -441,8 +441,8 @@ static int DecodeICMPV4test03(void) {
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");; p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");; p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h; p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
@ -521,8 +521,8 @@ static int DecodeICMPV4test04(void) {
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");; p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");; p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h; p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
@ -591,8 +591,8 @@ static int DecodeICMPV4test05(void) {
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");; p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");; p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h; p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
@ -696,8 +696,8 @@ static int ICMPV4InvalidType07(void) {
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");; p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");; p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h; p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
@ -740,8 +740,8 @@ static int DecodeICMPV4test08(void) {
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");; p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");; p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h; p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);

@ -76,15 +76,15 @@ void DecodePartialIPV6(Packet *p, uint8_t *partial_packet, uint16_t len )
p->icmpv6vars.emb_ipv6h = icmp6_ip6h; p->icmpv6vars.emb_ipv6h = icmp6_ip6h;
/** Get the IP6 address */ /** Get the IP6 address */
p->icmpv6vars.emb_ip6_src[0] = icmp6_ip6h->ip6_src[0]; p->icmpv6vars.emb_ip6_src[0] = icmp6_ip6h->s_ip6_src[0];
p->icmpv6vars.emb_ip6_src[1] = icmp6_ip6h->ip6_src[1]; p->icmpv6vars.emb_ip6_src[1] = icmp6_ip6h->s_ip6_src[1];
p->icmpv6vars.emb_ip6_src[2] = icmp6_ip6h->ip6_src[2]; p->icmpv6vars.emb_ip6_src[2] = icmp6_ip6h->s_ip6_src[2];
p->icmpv6vars.emb_ip6_src[3] = icmp6_ip6h->ip6_src[3]; p->icmpv6vars.emb_ip6_src[3] = icmp6_ip6h->s_ip6_src[3];
p->icmpv6vars.emb_ip6_dst[0] = icmp6_ip6h->ip6_dst[0]; p->icmpv6vars.emb_ip6_dst[0] = icmp6_ip6h->s_ip6_dst[0];
p->icmpv6vars.emb_ip6_dst[1] = icmp6_ip6h->ip6_dst[1]; p->icmpv6vars.emb_ip6_dst[1] = icmp6_ip6h->s_ip6_dst[1];
p->icmpv6vars.emb_ip6_dst[2] = icmp6_ip6h->ip6_dst[2]; p->icmpv6vars.emb_ip6_dst[2] = icmp6_ip6h->s_ip6_dst[2];
p->icmpv6vars.emb_ip6_dst[3] = icmp6_ip6h->ip6_dst[3]; p->icmpv6vars.emb_ip6_dst[3] = icmp6_ip6h->s_ip6_dst[3];
/** Get protocol and ports inside the embedded ipv6 packet and set the pointers */ /** Get protocol and ports inside the embedded ipv6 packet and set the pointers */
p->icmpv6vars.emb_ip6_proto_next = icmp6_ip6h->s_ip6_nxt; p->icmpv6vars.emb_ip6_proto_next = icmp6_ip6h->s_ip6_nxt;

@ -77,10 +77,20 @@ typedef struct IPV4Hdr_
uint8_t ip_ttl; /**< time to live */ uint8_t ip_ttl; /**< time to live */
uint8_t ip_proto; /**< protocol (tcp, udp, etc) */ uint8_t ip_proto; /**< protocol (tcp, udp, etc) */
uint16_t ip_csum; /**< checksum */ uint16_t ip_csum; /**< checksum */
union {
struct {
struct in_addr ip_src;/**< source address */ struct in_addr ip_src;/**< source address */
struct in_addr ip_dst;/**< destination address */ struct in_addr ip_dst;/**< destination address */
} ip4_un1;
uint16_t ip_addrs[4];
} ip4_hdrun1;
} IPV4Hdr; } IPV4Hdr;
#define s_ip_src ip4_hdrun1.ip4_un1.ip_src
#define s_ip_dst ip4_hdrun1.ip4_un1.ip_dst
#define s_ip_addrs ip4_hdrun1.ip_addrs
#define IPV4_GET_RAW_VER(ip4h) (((ip4h)->ip_verhl & 0xf0) >> 4) #define IPV4_GET_RAW_VER(ip4h) (((ip4h)->ip_verhl & 0xf0) >> 4)
#define IPV4_GET_RAW_HLEN(ip4h) ((ip4h)->ip_verhl & 0x0f) #define IPV4_GET_RAW_HLEN(ip4h) ((ip4h)->ip_verhl & 0x0f)
#define IPV4_GET_RAW_IPTOS(ip4h) ((ip4h)->ip_tos) #define IPV4_GET_RAW_IPTOS(ip4h) ((ip4h)->ip_tos)
@ -89,13 +99,13 @@ typedef struct IPV4Hdr_
#define IPV4_GET_RAW_IPOFFSET(ip4h) ((ip4h)->ip_off) #define IPV4_GET_RAW_IPOFFSET(ip4h) ((ip4h)->ip_off)
#define IPV4_GET_RAW_IPTTL(ip4h) ((ip4h)->ip_ttl) #define IPV4_GET_RAW_IPTTL(ip4h) ((ip4h)->ip_ttl)
#define IPV4_GET_RAW_IPPROTO(ip4h) ((ip4h)->ip_proto) #define IPV4_GET_RAW_IPPROTO(ip4h) ((ip4h)->ip_proto)
#define IPV4_GET_RAW_IPSRC(ip4h) ((ip4h)->ip_src) #define IPV4_GET_RAW_IPSRC(ip4h) ((ip4h)->s_ip_src)
#define IPV4_GET_RAW_IPDST(ip4h) ((ip4h)->ip_dst) #define IPV4_GET_RAW_IPDST(ip4h) ((ip4h)->s_ip_dst)
/** return the raw (directly from the header) src ip as uint32_t */ /** return the raw (directly from the header) src ip as uint32_t */
#define IPV4_GET_RAW_IPSRC_U32(ip4h) (uint32_t)((ip4h)->ip_src.s_addr) #define IPV4_GET_RAW_IPSRC_U32(ip4h) (uint32_t)((ip4h)->s_ip_src.s_addr)
/** return the raw (directly from the header) dst ip as uint32_t */ /** return the raw (directly from the header) dst ip as uint32_t */
#define IPV4_GET_RAW_IPDST_U32(ip4h) (uint32_t)((ip4h)->ip_dst.s_addr) #define IPV4_GET_RAW_IPDST_U32(ip4h) (uint32_t)((ip4h)->s_ip_dst.s_addr)
/* we need to change them as well as get them */ /* we need to change them as well as get them */
#define IPV4_SET_RAW_VER(ip4h, value) ((ip4h)->ip_verhl = (((ip4h)->ip_verhl & 0x0f) | (value << 4))) #define IPV4_SET_RAW_VER(ip4h, value) ((ip4h)->ip_verhl = (((ip4h)->ip_verhl & 0x0f) | (value << 4)))

@ -40,10 +40,19 @@ typedef struct IPV6Hdr_
uint8_t ip6_un2_vfc; /* 4 bits version, top 4 bits class */ uint8_t ip6_un2_vfc; /* 4 bits version, top 4 bits class */
} ip6_hdrun; } ip6_hdrun;
union {
struct {
uint32_t ip6_src[4]; uint32_t ip6_src[4];
uint32_t ip6_dst[4]; uint32_t ip6_dst[4];
} ip6_un2;
uint16_t ip6_addrs[16];
} ip6_hdrun2;
} IPV6Hdr; } IPV6Hdr;
#define s_ip6_src ip6_hdrun2.ip6_un2.ip6_src
#define s_ip6_dst ip6_hdrun2.ip6_un2.ip6_dst
#define s_ip6_addrs ip6_hdrun2.ip6_addrs
#define s_ip6_vfc ip6_hdrun.ip6_un2_vfc #define s_ip6_vfc ip6_hdrun.ip6_un2_vfc
#define s_ip6_flow ip6_hdrun.ip6_un1.ip6_un1_flow #define s_ip6_flow ip6_hdrun.ip6_un1.ip6_un1_flow
#define s_ip6_plen ip6_hdrun.ip6_un1.ip6_un1_plen #define s_ip6_plen ip6_hdrun.ip6_un1.ip6_un1_plen

@ -100,7 +100,7 @@ typedef struct Address_ {
* prevent using memset. */ * prevent using memset. */
#define SET_IPV4_SRC_ADDR(p, a) do { \ #define SET_IPV4_SRC_ADDR(p, a) do { \
(a)->family = AF_INET; \ (a)->family = AF_INET; \
(a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_src.s_addr; \ (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_src.s_addr; \
(a)->addr_data32[1] = 0; \ (a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \ (a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \ (a)->addr_data32[3] = 0; \
@ -108,7 +108,7 @@ typedef struct Address_ {
#define SET_IPV4_DST_ADDR(p, a) do { \ #define SET_IPV4_DST_ADDR(p, a) do { \
(a)->family = AF_INET; \ (a)->family = AF_INET; \
(a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_dst.s_addr; \ (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_dst.s_addr; \
(a)->addr_data32[1] = 0; \ (a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \ (a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \ (a)->addr_data32[3] = 0; \
@ -127,18 +127,18 @@ typedef struct Address_ {
* Make sure p->ip6h is initialized and validated. */ * Make sure p->ip6h is initialized and validated. */
#define SET_IPV6_SRC_ADDR(p, a) do { \ #define SET_IPV6_SRC_ADDR(p, a) do { \
(a)->family = AF_INET6; \ (a)->family = AF_INET6; \
(a)->addr_data32[0] = (p)->ip6h->ip6_src[0]; \ (a)->addr_data32[0] = (p)->ip6h->s_ip6_src[0]; \
(a)->addr_data32[1] = (p)->ip6h->ip6_src[1]; \ (a)->addr_data32[1] = (p)->ip6h->s_ip6_src[1]; \
(a)->addr_data32[2] = (p)->ip6h->ip6_src[2]; \ (a)->addr_data32[2] = (p)->ip6h->s_ip6_src[2]; \
(a)->addr_data32[3] = (p)->ip6h->ip6_src[3]; \ (a)->addr_data32[3] = (p)->ip6h->s_ip6_src[3]; \
} while (0) } while (0)
#define SET_IPV6_DST_ADDR(p, a) do { \ #define SET_IPV6_DST_ADDR(p, a) do { \
(a)->family = AF_INET6; \ (a)->family = AF_INET6; \
(a)->addr_data32[0] = (p)->ip6h->ip6_dst[0]; \ (a)->addr_data32[0] = (p)->ip6h->s_ip6_dst[0]; \
(a)->addr_data32[1] = (p)->ip6h->ip6_dst[1]; \ (a)->addr_data32[1] = (p)->ip6h->s_ip6_dst[1]; \
(a)->addr_data32[2] = (p)->ip6h->ip6_dst[2]; \ (a)->addr_data32[2] = (p)->ip6h->s_ip6_dst[2]; \
(a)->addr_data32[3] = (p)->ip6h->ip6_dst[3]; \ (a)->addr_data32[3] = (p)->ip6h->s_ip6_dst[3]; \
} while (0) } while (0)
/* Set the TCP ports into the Ports of the Packet. /* Set the TCP ports into the Ports of the Packet.

@ -614,7 +614,7 @@ Defrag4Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
remove_tracker: remove_tracker:
/* Remove the frag tracker. */ /* Remove the frag tracker. */
SCMutexLock(&dc->frag_table_lock); SCMutexLock(&dc->frag_table_lock);
HashListTableRemove(dc->frag_table, tracker, sizeof(*tracker)); HashListTableRemove(dc->frag_table, tracker, HASHLIST_NO_SIZE);
SCMutexUnlock(&dc->frag_table_lock); SCMutexUnlock(&dc->frag_table_lock);
DefragTrackerReset(tracker); DefragTrackerReset(tracker);
SCMutexLock(&dc->tracker_pool_lock); SCMutexLock(&dc->tracker_pool_lock);
@ -725,7 +725,7 @@ Defrag6Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
remove_tracker: remove_tracker:
/* Remove the frag tracker. */ /* Remove the frag tracker. */
SCMutexLock(&dc->frag_table_lock); SCMutexLock(&dc->frag_table_lock);
HashListTableRemove(dc->frag_table, tracker, sizeof(*tracker)); HashListTableRemove(dc->frag_table, tracker, HASHLIST_NO_SIZE);
SCMutexUnlock(&dc->frag_table_lock); SCMutexUnlock(&dc->frag_table_lock);
DefragTrackerReset(tracker); DefragTrackerReset(tracker);
SCMutexLock(&dc->tracker_pool_lock); SCMutexLock(&dc->tracker_pool_lock);
@ -1026,7 +1026,7 @@ DefragTimeoutTracker(ThreadVars *tv, DecodeThreadVars *dtv, DefragContext *dc,
if (tracker->timeout < (unsigned int)p->ts.tv_sec) { if (tracker->timeout < (unsigned int)p->ts.tv_sec) {
/* Tracker has timeout out. */ /* Tracker has timeout out. */
HashListTableRemove(dc->frag_table, tracker, sizeof(tracker)); HashListTableRemove(dc->frag_table, tracker, HASHLIST_NO_SIZE);
DefragTrackerReset(tracker); DefragTrackerReset(tracker);
PoolReturn(dc->tracker_pool, tracker); PoolReturn(dc->tracker_pool, tracker);
if (tv != NULL && dtv != NULL) { if (tv != NULL && dtv != NULL) {
@ -1144,7 +1144,7 @@ DefragGetTracker(ThreadVars *tv, DecodeThreadVars *dtv, DefragContext *dc,
tracker->dst_addr = lookup_key->dst_addr; tracker->dst_addr = lookup_key->dst_addr;
tracker->policy = DefragGetOsPolicy(p); tracker->policy = DefragGetOsPolicy(p);
if (HashListTableAdd(dc->frag_table, tracker, sizeof(*tracker)) != 0) { if (HashListTableAdd(dc->frag_table, tracker, HASHLIST_NO_SIZE) != 0) {
/* Failed to add new tracker. */ /* Failed to add new tracker. */
SCLogError(SC_ERR_MEM_ALLOC, SCLogError(SC_ERR_MEM_ALLOC,
"Defrag: Failed to add new tracker to hash table."); "Defrag: Failed to add new tracker to hash table.");
@ -1290,8 +1290,8 @@ BuildTestPacket(uint16_t id, uint16_t off, int mf, const char content,
ip4h.ip_ttl = ttl; ip4h.ip_ttl = ttl;
ip4h.ip_proto = IPPROTO_ICMP; ip4h.ip_proto = IPPROTO_ICMP;
ip4h.ip_src.s_addr = 0x01010101; /* 1.1.1.1 */ ip4h.s_ip_src.s_addr = 0x01010101; /* 1.1.1.1 */
ip4h.ip_dst.s_addr = 0x02020202; /* 2.2.2.2 */ ip4h.s_ip_dst.s_addr = 0x02020202; /* 2.2.2.2 */
/* copy content_len crap, we need full length */ /* copy content_len crap, we need full length */
PacketCopyData(p, (uint8_t *)&ip4h, sizeof(ip4h) + content_len); PacketCopyData(p, (uint8_t *)&ip4h, sizeof(ip4h) + content_len);
@ -1354,14 +1354,14 @@ IPV6BuildTestPacket(uint32_t id, uint16_t off, int mf, const char content,
ip6h.s_ip6_hlim = 2; ip6h.s_ip6_hlim = 2;
/* Source and dest address - very bogus addresses. */ /* Source and dest address - very bogus addresses. */
ip6h.ip6_src[0] = 0x01010101; ip6h.s_ip6_src[0] = 0x01010101;
ip6h.ip6_src[1] = 0x01010101; ip6h.s_ip6_src[1] = 0x01010101;
ip6h.ip6_src[2] = 0x01010101; ip6h.s_ip6_src[2] = 0x01010101;
ip6h.ip6_src[3] = 0x01010101; ip6h.s_ip6_src[3] = 0x01010101;
ip6h.ip6_dst[0] = 0x02020202; ip6h.s_ip6_dst[0] = 0x02020202;
ip6h.ip6_dst[1] = 0x02020202; ip6h.s_ip6_dst[1] = 0x02020202;
ip6h.ip6_dst[2] = 0x02020202; ip6h.s_ip6_dst[2] = 0x02020202;
ip6h.ip6_dst[3] = 0x02020202; ip6h.s_ip6_dst[3] = 0x02020202;
/* copy content_len crap, we need full length */ /* copy content_len crap, we need full length */
PacketCopyData(p, (uint8_t *)&ip6h, sizeof(IPV6Hdr) + sizeof(IPV6FragHdr) + content_len); PacketCopyData(p, (uint8_t *)&ip6h, sizeof(IPV6Hdr) + sizeof(IPV6FragHdr) + content_len);

@ -64,68 +64,48 @@ uint32_t DetectContentMaxId(DetectEngineCtx *de_ctx) {
return MpmPatternIdStoreGetMaxId(de_ctx->mpm_pattern_id_store); return MpmPatternIdStoreGetMaxId(de_ctx->mpm_pattern_id_store);
} }
int DetectContentDataParse(char *contentstr, char** pstr, uint16_t *plen, int *flags) int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_t *plen, int *flags)
{ {
char *str = NULL; char *str = NULL;
char *temp = NULL;
uint16_t len; uint16_t len;
uint16_t pos = 0; uint16_t pos = 0;
uint16_t slen = 0; uint16_t slen = 0;
if ((temp = SCStrdup(contentstr)) == NULL) { slen = strlen(contentstr);
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory. Exiting..."); if (slen == 0) {
exit(EXIT_FAILURE);
}
if (strlen(temp) == 0) {
SCFree(temp);
return -1; return -1;
} }
/* skip the first spaces */ /* skip the first spaces */
slen = strlen(temp); while (pos < slen && isspace(contentstr[pos]))
while (pos < slen && isspace(temp[pos])) {
pos++; pos++;
};
if (temp[pos] == '!') {
SCFree(temp);
if ((temp = SCStrdup(contentstr + pos + 1)) == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "error allocating memory. exiting...");
exit(EXIT_FAILURE);
}
pos = 0; if (contentstr[pos] == '!') {
*flags = DETECT_CONTENT_NEGATED; *flags = DETECT_CONTENT_NEGATED;
pos++;
} else } else
*flags = 0; *flags = 0;
if (temp[pos] == '\"' && strlen(temp + pos) == 1) if (contentstr[pos] == '\"' && ((slen - pos) <= 1))
goto error; goto error;
if (temp[pos] == '\"' && temp[pos + strlen(temp + pos) - 1] == '\"') { if (!(contentstr[pos] == '\"' && contentstr[slen - 1] == '\"')) {
if ((str = SCStrdup(temp + pos + 1)) == NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "%s keyword arguments "
SCLogError(SC_ERR_MEM_ALLOC, "error allocating memory. exiting...");
exit(EXIT_FAILURE);
}
str[strlen(temp) - pos - 2] = '\0';
} else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "content keywords's argument "
"should be always enclosed in double quotes. Invalid " "should be always enclosed in double quotes. Invalid "
"content keyword passed in this rule - \"%s\"", "content keyword passed in this rule - \"%s\"",
contentstr); keyword, contentstr);
goto error; goto error;
} }
if ((str = SCStrdup(temp + pos + 1)) == NULL) { if ((str = SCStrdup(contentstr + pos + 1)) == NULL)
SCLogError(SC_ERR_MEM_ALLOC, "error allocating memory. exiting..."); goto error;
exit(EXIT_FAILURE); str[strlen(str) - 1] = '\0';
}
str[strlen(temp) - pos - 2] = '\0';
SCFree(temp); len = strlen(str);
temp = NULL; if (len == 0)
goto error;
SCLogDebug("\"%s\", len %" PRIu32 "", str, len);
len = strlen(str); len = strlen(str);
if (len == 0) if (len == 0)
@ -201,20 +181,10 @@ int DetectContentDataParse(char *contentstr, char** pstr, uint16_t *plen, int *f
if (bin_count % 2 != 0) { if (bin_count % 2 != 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code assembly in " SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code assembly in "
"content - %s. Invalidating signature", str); "%s - %s. Invalidating signature", keyword, contentstr);
goto error; goto error;
} }
#if 0//def DEBUG
if (SCLogDebugEnabled()) {
for (i = 0; i < x; i++) {
if (isprint(str[i])) SCLogDebug("%c", str[i]);
else SCLogDebug("\\x%02u", str[i]);
}
SCLogDebug("");
}
#endif
if (converted) { if (converted) {
len = x; len = x;
} }
@ -225,8 +195,8 @@ int DetectContentDataParse(char *contentstr, char** pstr, uint16_t *plen, int *f
return 0; return 0;
error: error:
if (str != NULL)
SCFree(str); SCFree(str);
SCFree(temp);
return -1; return -1;
} }
/** /**
@ -241,30 +211,23 @@ DetectContentData *DetectContentParse (char *contentstr)
int flags; int flags;
int ret; int ret;
ret = DetectContentDataParse(contentstr, &str, &len, &flags); ret = DetectContentDataParse("content", contentstr, &str, &len, &flags);
if (ret == -1) { if (ret == -1) {
return NULL; return NULL;
} }
cd = SCMalloc(sizeof(DetectContentData)); cd = SCMalloc(sizeof(DetectContentData) + len);
if (cd == NULL) { if (cd == NULL) {
SCFree(str); SCFree(str);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
memset(cd, 0, sizeof(DetectContentData)); memset(cd, 0, sizeof(DetectContentData) + len);
if (flags == DETECT_CONTENT_NEGATED) if (flags == DETECT_CONTENT_NEGATED)
cd->flags |= DETECT_CONTENT_NEGATED; cd->flags |= DETECT_CONTENT_NEGATED;
cd->content = SCMalloc(len); cd->content = (uint8_t *)cd + sizeof(DetectContentData);
if (cd->content == NULL) {
SCFree(str);
SCFree(cd);
exit(EXIT_FAILURE);
}
memcpy(cd->content, str, len); memcpy(cd->content, str, len);
cd->content_len = len; cd->content_len = len;
@ -449,9 +412,6 @@ void DetectContentFree(void *ptr) {
if (cd == NULL) if (cd == NULL)
SCReturn; SCReturn;
if (cd->content != NULL)
SCFree(cd->content);
BoyerMooreCtxDeInit(cd->bm_ctx); BoyerMooreCtxDeInit(cd->bm_ctx);
SCFree(cd); SCFree(cd);

@ -99,7 +99,7 @@ typedef struct DetectContentData_ {
void DetectContentRegister (void); void DetectContentRegister (void);
uint32_t DetectContentMaxId(DetectEngineCtx *); uint32_t DetectContentMaxId(DetectEngineCtx *);
DetectContentData *DetectContentParse (char *contentstr); DetectContentData *DetectContentParse (char *contentstr);
int DetectContentDataParse(char *contentstr, char** pstr, uint16_t *plen, int *flags); int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_t *plen, int *flags);
DetectContentData *DetectContentParseEncloseQuotes(char *); DetectContentData *DetectContentParseEncloseQuotes(char *);
void DetectContentPrint(DetectContentData *); void DetectContentPrint(DetectContentData *);

@ -332,7 +332,7 @@ int DetectTCPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
} }
if (p->tcpvars.comp_csum == -1) if (p->tcpvars.comp_csum == -1)
p->tcpvars.comp_csum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src), p->tcpvars.comp_csum = TCPCalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->tcph, (uint16_t *)p->tcph,
(p->payload_len + TCP_GET_HLEN(p))); (p->payload_len + TCP_GET_HLEN(p)));
@ -427,7 +427,7 @@ int DetectTCPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
} }
if (p->tcpvars.comp_csum == -1) if (p->tcpvars.comp_csum == -1)
p->tcpvars.comp_csum = TCPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src), p->tcpvars.comp_csum = TCPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->tcph, (uint16_t *)p->tcph,
(p->payload_len + TCP_GET_HLEN(p))); (p->payload_len + TCP_GET_HLEN(p)));
@ -522,7 +522,7 @@ int DetectUDPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
} }
if (p->udpvars.comp_csum == -1) if (p->udpvars.comp_csum == -1)
p->udpvars.comp_csum = UDPV4CalculateChecksum((uint16_t *)&(p->ip4h->ip_src), p->udpvars.comp_csum = UDPV4CalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->udph, (uint16_t *)p->udph,
(p->payload_len + (p->payload_len +
UDP_HEADER_LEN) ); UDP_HEADER_LEN) );
@ -618,7 +618,7 @@ int DetectUDPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
} }
if (p->udpvars.comp_csum == -1) if (p->udpvars.comp_csum == -1)
p->udpvars.comp_csum = UDPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src), p->udpvars.comp_csum = UDPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->udph, (uint16_t *)p->udph,
(p->payload_len + (p->payload_len +
UDP_HEADER_LEN) ); UDP_HEADER_LEN) );
@ -809,7 +809,7 @@ int DetectICMPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
} }
if (p->icmpv6vars.comp_csum == -1) if (p->icmpv6vars.comp_csum == -1)
p->icmpv6vars.comp_csum = ICMPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src), p->icmpv6vars.comp_csum = ICMPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->icmpv6h, (uint16_t *)p->icmpv6h,
IPV6_GET_PLEN(p)); IPV6_GET_PLEN(p));

@ -155,7 +155,6 @@ DetectDsizeData *DetectDsizeParse (char *rawstr)
mode = (char *)str_ptr; mode = (char *)str_ptr;
SCLogDebug("mode \"%s\"", mode); SCLogDebug("mode \"%s\"", mode);
if (ret >= 3) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed"); SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed");
@ -164,7 +163,7 @@ DetectDsizeData *DetectDsizeParse (char *rawstr)
value1 = (char *)str_ptr; value1 = (char *)str_ptr;
SCLogDebug("value1 \"%s\"", value1); SCLogDebug("value1 \"%s\"", value1);
if (ret >= 4) { if (ret > 3) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed"); SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed");
@ -173,7 +172,7 @@ DetectDsizeData *DetectDsizeParse (char *rawstr)
range = (char *)str_ptr; range = (char *)str_ptr;
SCLogDebug("range \"%s\"", range); SCLogDebug("range \"%s\"", range);
if (ret >= 5) { if (ret > 4) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, &str_ptr); res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, &str_ptr);
if (res < 0) { if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed"); SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed");
@ -183,7 +182,6 @@ DetectDsizeData *DetectDsizeParse (char *rawstr)
SCLogDebug("value2 \"%s\"", value2); SCLogDebug("value2 \"%s\"", value2);
} }
} }
}
dd = SCMalloc(sizeof(DetectDsizeData)); dd = SCMalloc(sizeof(DetectDsizeData));
if (dd == NULL) if (dd == NULL)
@ -235,12 +233,11 @@ DetectDsizeData *DetectDsizeParse (char *rawstr)
SCLogDebug("dsize parsed succesfully dsize: %"PRIu16" dsize2: %"PRIu16"",dd->dsize,dd->dsize2); SCLogDebug("dsize parsed succesfully dsize: %"PRIu16" dsize2: %"PRIu16"",dd->dsize,dd->dsize2);
if (value1)
SCFree(value1); SCFree(value1);
SCFree(mode);
if (value2) if (value2)
SCFree(value2); SCFree(value2);
if (mode)
SCFree(mode);
if (range) if (range)
SCFree(range); SCFree(range);
return dd; return dd;

@ -914,11 +914,9 @@ static void SigGroupHeadFreeSigArraysHash2(DetectEngineCtx *de_ctx,
sgh->init->sig_size = 0; sgh->init->sig_size = 0;
} }
if (sgh->init != NULL) {
SigGroupHeadInitDataFree(sgh->init); SigGroupHeadInitDataFree(sgh->init);
sgh->init = NULL; sgh->init = NULL;
} }
}
return; return;
} }

@ -855,13 +855,17 @@ static inline SCSigSignatureWrapper *SCSigAllocSignatureWrapper(Signature *sig)
sw->sig = sig; sw->sig = sig;
if ( (sw->user = SCMalloc(SC_RADIX_USER_DATA_MAX * sizeof(int *))) == NULL) if ( (sw->user = SCMalloc(SC_RADIX_USER_DATA_MAX * sizeof(int *))) == NULL) {
SCFree(sw);
return NULL; return NULL;
}
memset(sw->user, 0, SC_RADIX_USER_DATA_MAX * sizeof(int *)); memset(sw->user, 0, SC_RADIX_USER_DATA_MAX * sizeof(int *));
for (i = 0; i < SC_RADIX_USER_DATA_MAX; i++) { for (i = 0; i < SC_RADIX_USER_DATA_MAX; i++) {
if ( (sw->user[i] = SCMalloc(sizeof(int))) == NULL) if ( (sw->user[i] = SCMalloc(sizeof(int))) == NULL) {
SCFree(sw);
return NULL; return NULL;
}
memset(sw->user[i], 0, sizeof(int)); memset(sw->user[i], 0, sizeof(int));
} }

@ -1155,10 +1155,12 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
} }
end: end:
if (f->de_state != NULL) {
if (flags & STREAM_TOCLIENT) if (flags & STREAM_TOCLIENT)
f->de_state->flags &= ~DE_STATE_FILE_TC_NEW; f->de_state->flags &= ~DE_STATE_FILE_TC_NEW;
else else
f->de_state->flags &= ~DE_STATE_FILE_TS_NEW; f->de_state->flags &= ~DE_STATE_FILE_TS_NEW;
}
SCMutexUnlock(&f->de_state_m); SCMutexUnlock(&f->de_state_m);
SCReturnInt(0); SCReturnInt(0);

@ -281,7 +281,6 @@ int TagHashAddTag(DetectTagHostCtx *tag_ctx, DetectTagDataEntry *tde, Packet *p)
SCFree(new); SCFree(new);
} else { } else {
new->header_entry = new_tde; new->header_entry = new_tde;
}
/* increment num_tags before adding to prevent a minor race, /* increment num_tags before adding to prevent a minor race,
* on setting and checking the first tag */ * on setting and checking the first tag */
@ -291,6 +290,7 @@ int TagHashAddTag(DetectTagHostCtx *tag_ctx, DetectTagDataEntry *tde, Packet *p)
SCFree(new_tde); SCFree(new_tde);
SCFree(new); SCFree(new);
} }
}
} else { } else {
SCLogDebug("Failed to allocate a new session"); SCLogDebug("Failed to allocate a new session");
} }

@ -257,7 +257,7 @@ int DetectFilestoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f
SCEnter(); SCEnter();
if (det_ctx->filestore_cnt > DETECT_FILESTORE_MAX) { if (det_ctx->filestore_cnt >= DETECT_FILESTORE_MAX) {
SCReturnInt(1); SCReturnInt(1);
} }

@ -323,8 +323,8 @@ int DetectFragOffsetMatchTest01 (void) {
p->src.addr_data32[0] = 0x01020304; p->src.addr_data32[0] = 0x01020304;
p->dst.addr_data32[0] = 0x04030201; p->dst.addr_data32[0] = 0x04030201;
ip4h.ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
ip4h.ip_off = 0x2222; ip4h.ip_off = 0x2222;
p->ip4h = &ip4h; p->ip4h = &ip4h;

@ -426,8 +426,8 @@ int DetectIcmpIdMatchTest02 (void) {
p->src.addr_data32[0] = 0x01020304; p->src.addr_data32[0] = 0x01020304;
p->dst.addr_data32[0] = 0x04030201; p->dst.addr_data32[0] = 0x04030201;
ip4h.ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h; p->ip4h = &ip4h;
DecodeICMPV4(&th_v, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); DecodeICMPV4(&th_v, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);

@ -1940,8 +1940,10 @@ int SigParseTest06 (void) {
} }
end: end:
if (sig != NULL) SigFree(sig); if (sig != NULL)
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); SigFree(sig);
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
return result; return result;
} }

@ -75,8 +75,8 @@ int DetectReplaceSetup(DetectEngineCtx *de_ctx, Signature *s, char *replacestr)
int flags; int flags;
SigMatch *pm = NULL; SigMatch *pm = NULL;
DetectContentData *ud = NULL; DetectContentData *ud = NULL;
int ret = DetectContentDataParse(replacestr, &str, &len, &flags);
int ret = DetectContentDataParse("replace", replacestr, &str, &len, &flags);
if (ret == -1) if (ret == -1)
goto error; goto error;

@ -119,6 +119,10 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
{ {
SCEnter(); SCEnter();
int ret = 0;
uint16_t ver = 0;
uint8_t sig_ver = TLS_UNKNOWN;
DetectSslVersionData *ssl = (DetectSslVersionData *)m->ctx; DetectSslVersionData *ssl = (DetectSslVersionData *)m->ctx;
SSLState *app_state = (SSLState *)state; SSLState *app_state = (SSLState *)state;
if (app_state == NULL) { if (app_state == NULL) {
@ -128,9 +132,6 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
SCMutexLock(&f->m); SCMutexLock(&f->m);
int ret = 0;
uint16_t ver = 0;
uint8_t sig_ver = -1;
if (flags & STREAM_TOCLIENT) { if (flags & STREAM_TOCLIENT) {
SCLogDebug("server (toclient) version is 0x%02X", SCLogDebug("server (toclient) version is 0x%02X",
app_state->server_version); app_state->server_version);
@ -140,7 +141,10 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
app_state->client_version); app_state->client_version);
ver = app_state->client_version; ver = app_state->client_version;
} }
switch(ver) {
SCMutexUnlock(&f->m);
switch (ver) {
case SSL_VERSION_2: case SSL_VERSION_2:
if (ver == ssl->data[SSLv2].ver) if (ver == ssl->data[SSLv2].ver)
ret = 1; ret = 1;
@ -168,7 +172,8 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
break; break;
} }
SCMutexUnlock(&f->m); if (sig_ver == TLS_UNKNOWN)
SCReturnInt(0);
SCReturnInt(ret ^ ((ssl->data[sig_ver].flags & DETECT_SSL_VERSION_NEGATED) ? 1 : 0)); SCReturnInt(ret ^ ((ssl->data[sig_ver].flags & DETECT_SSL_VERSION_NEGATED) ? 1 : 0));
} }

@ -27,19 +27,24 @@
#define DETECT_SSL_VERSION_NEGATED 0x01 #define DETECT_SSL_VERSION_NEGATED 0x01
#define SSLv2 0 enum {
#define SSLv3 1 SSLv2 = 0,
#define TLS10 2 SSLv3 = 1,
#define TLS11 3 TLS10 = 2,
#define TLS12 4 TLS11 = 3,
TLS12 = 4,
TLS_SIZE = 5,
TLS_UNKNOWN = 6,
};
typedef struct SSLVersionData_ { typedef struct SSLVersionData_ {
uint16_t ver; /** ssl version to match */ uint16_t ver; /** ssl version to match */
uint8_t flags; uint8_t flags;
}SSLVersionData; } SSLVersionData;
typedef struct DetectSslVersionData_ { typedef struct DetectSslVersionData_ {
SSLVersionData data[5]; SSLVersionData data[TLS_SIZE];
} DetectSslVersionData; } DetectSslVersionData;
/* prototypes */ /* prototypes */

@ -272,11 +272,8 @@ DetectStreamSizeData *DetectStreamSizeParse (char *streamstr) {
goto error; goto error;
} }
if (mode != NULL)
SCFree(mode); SCFree(mode);
if (arg != NULL)
SCFree(arg); SCFree(arg);
if (value != NULL)
SCFree(value); SCFree(value);
return sd; return sd;

@ -582,7 +582,7 @@ static int DetectThresholdTestSig3(void) {
ste = SCMalloc(sizeof(DetectThresholdEntry)); ste = SCMalloc(sizeof(DetectThresholdEntry));
if (ste == NULL) if (ste == NULL)
goto end; goto end;
memset(ste, 0x00, sizeof(ste)); memset(ste, 0x00, sizeof(*ste));
if (PKT_IS_IPV4(p)) if (PKT_IS_IPV4(p))
ste->ipv = 4; ste->ipv = 4;

@ -101,12 +101,9 @@ void DetectUricontentFree(void *ptr) {
if (cd == NULL) if (cd == NULL)
SCReturn; SCReturn;
if (cd->content != NULL)
SCFree(cd->content);
BoyerMooreCtxDeInit(cd->bm_ctx); BoyerMooreCtxDeInit(cd->bm_ctx);
SCFree(cd); SCFree(cd);
SCReturn; SCReturn;
} }
@ -159,183 +156,43 @@ void DetectUricontentPrint(DetectContentData *cd)
* the rule set. * the rule set.
* \param contentstr Pointer to the string which has been defined in the rule * \param contentstr Pointer to the string which has been defined in the rule
*/ */
DetectContentData *DoDetectUricontentSetup (char * contentstr) DetectContentData *DoDetectUricontentSetup (char *contentstr)
{ {
DetectContentData *cd = NULL; DetectContentData *cd = NULL;
char *temp = NULL;
char *str = NULL; char *str = NULL;
uint16_t len = 0; uint16_t len;
uint16_t pos = 0; int flags;
uint16_t slen = 0; int ret;
if ((temp = SCStrdup(contentstr)) == NULL) ret = DetectContentDataParse("uricontent", contentstr, &str, &len, &flags);
goto error; if (ret == -1) {
if (strlen(temp) == 0) {
SCFree(temp);
return NULL; return NULL;
} }
cd = SCMalloc(sizeof(DetectContentData)); cd = SCMalloc(sizeof(DetectContentData) + len);
if (cd == NULL) if (cd == NULL) {
goto error; SCFree(str);
memset(cd,0,sizeof(DetectContentData)); exit(EXIT_FAILURE);
/* skip the first spaces */
slen = strlen(temp);
while (pos < slen && isspace(temp[pos])) {
pos++;
};
if (temp[pos] == '!') {
cd->flags |= DETECT_CONTENT_NEGATED;
pos++;
}
if (temp[pos] == '\"' && strlen(temp + pos) == 1)
goto error;
if (temp[pos] == '\"' && temp[pos + strlen(temp + pos) - 1] == '\"') {
if ((str = SCStrdup(temp + pos + 1)) == NULL)
goto error;
str[strlen(temp) - pos - 2] = '\0';
} else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "uricontent keywords's argument "
"should be always enclosed in double quotes. Invalid "
"content keyword passed in this rule - \"%s\"",
contentstr);
goto error;
}
str[strlen(temp) - pos - 2] = '\0';
SCFree(temp);
temp = NULL;
len = strlen(str);
if (len == 0)
goto error;
SCLogDebug("\"%s\", len %" PRIu32 "", str, len);
char converted = 0;
{
uint8_t escape = 0;
uint16_t i, x;
uint8_t bin = 0, binstr[3] = "", binpos = 0;
uint16_t bin_count = 0;
for (i = 0, x = 0; i < len; i++) {
SCLogDebug("str[%02u]: %c", i, str[i]);
if (str[i] == '|') {
bin_count++;
if (bin) {
bin = 0;
} else {
bin = 1;
}
} else if(!escape && str[i] == '\\') {
escape = 1;
} else {
if (bin) {
if (isdigit(str[i]) ||
str[i] == 'A' || str[i] == 'a' ||
str[i] == 'B' || str[i] == 'b' ||
str[i] == 'C' || str[i] == 'c' ||
str[i] == 'D' || str[i] == 'd' ||
str[i] == 'E' || str[i] == 'e' ||
str[i] == 'F' || str[i] == 'f') {
SCLogDebug("part of binary: %c", str[i]);
binstr[binpos] = (char)str[i];
binpos++;
if (binpos == 2) {
uint8_t c = strtol((char *)binstr, (char **) NULL,
16) & 0xFF;
binpos = 0;
str[x] = c;
x++;
converted = 1;
}
} else if (str[i] == ' ') {
SCLogDebug("space as part of binary string");
}
} else if (escape) {
if (str[i] == ':' ||
str[i] == ';' ||
str[i] == '\\' ||
str[i] == '\"')
{
str[x] = str[i];
x++;
} else {
//SCLogDebug("Can't escape %c", str[i]);
goto error;
}
escape = 0;
converted = 1;
} else {
str[x] = str[i];
x++;
}
}
}
if (bin_count % 2 != 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code assembly in "
"content - %s. Invalidating signature", str);
goto error;
}
#ifdef DEBUG
if (SCLogDebugEnabled()) {
char *prstr = SCMalloc(3 * x);
char onechar[3];
memset(prstr, 0, 3 * x);
if (prstr != NULL) {
for (i = 0; i < x; i++) {
if (isprint(str[i]))
snprintf(onechar, 3, "%c", str[i]);
else
snprintf(onechar, 3, "\\x%02u", str[i]);
strlcat(prstr, onechar, 3 * x);
}
SCLogDebug("\"%s\"", prstr);
SCFree(prstr);
}
}
#endif
if (converted)
len = x;
} }
SCLogDebug("len %" PRIu32 "", len); memset(cd, 0, sizeof(DetectContentData) + len);
cd->content = SCMalloc(len); if (flags == DETECT_CONTENT_NEGATED)
if (cd->content == NULL) { cd->flags |= DETECT_CONTENT_NEGATED;
SCFree(cd);
SCFree(str);
return NULL;;
}
cd->content = (uint8_t *)cd + sizeof(DetectContentData);
memcpy(cd->content, str, len); memcpy(cd->content, str, len);
cd->content_len = len; cd->content_len = len;
/* Prepare Boyer Moore context for searching faster */
cd->bm_ctx = BoyerMooreCtxInit(cd->content, cd->content_len);
cd->depth = 0; cd->depth = 0;
cd->offset = 0; cd->offset = 0;
cd->within = 0; cd->within = 0;
cd->distance = 0; cd->distance = 0;
/* Prepare Boyer Moore context for searching faster */
cd->bm_ctx = BoyerMooreCtxInit(cd->content, cd->content_len);
SCFree(str); SCFree(str);
return cd; return cd;
error:
SCFree(str);
if (cd) SCFree(cd);
return NULL;
} }
/** /**
@ -356,8 +213,9 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents
DetectContentData *cd = NULL; DetectContentData *cd = NULL;
SigMatch *sm = NULL; SigMatch *sm = NULL;
if (s->alproto == ALPROTO_DCERPC) { if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "uri content specified in a dcerpc sig"); SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting"
" keywords.");
goto error; goto error;
} }
@ -379,12 +237,6 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents
/* Flagged the signature as to inspect the app layer data */ /* Flagged the signature as to inspect the app layer data */
s->flags |= SIG_FLAG_APPLAYER; s->flags |= SIG_FLAG_APPLAYER;
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting"
" keywords.");
goto error;
}
s->alproto = ALPROTO_HTTP; s->alproto = ALPROTO_HTTP;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_UMATCH); SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_UMATCH);
@ -392,8 +244,10 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents
SCReturnInt(0); SCReturnInt(0);
error: error:
if (cd) SCFree(cd); if (cd != NULL)
if (sm != NULL) SCFree(sm); SCFree(cd);
if (sm != NULL)
SCFree(sm);
SCReturnInt(-1); SCReturnInt(-1);
} }
@ -532,7 +386,7 @@ static int HTTPUriTest01(void) {
htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0); htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0);
if (htp_state->connp == NULL || tx->request_method_number != M_GET || if (tx->request_method_number != M_GET ||
tx->request_protocol_number != HTTP_1_1) tx->request_protocol_number != HTTP_1_1)
{ {
printf("expected method GET and got %s: , expected protocol " printf("expected method GET and got %s: , expected protocol "
@ -599,7 +453,7 @@ static int HTTPUriTest02(void) {
htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0); htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0);
if (htp_state->connp == NULL || tx->request_method_number != M_GET || if (tx->request_method_number != M_GET ||
tx->request_protocol_number != HTTP_1_1) tx->request_protocol_number != HTTP_1_1)
{ {
printf("expected method GET and got %s: , expected protocol " printf("expected method GET and got %s: , expected protocol "
@ -668,7 +522,7 @@ static int HTTPUriTest03(void) {
htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0); htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0);
if (htp_state->connp == NULL || tx->request_method_number != M_UNKNOWN || if (tx->request_method_number != M_UNKNOWN ||
tx->request_protocol_number != HTTP_1_1) tx->request_protocol_number != HTTP_1_1)
{ {
printf("expected method GET and got %s: , expected protocol " printf("expected method GET and got %s: , expected protocol "
@ -739,7 +593,7 @@ static int HTTPUriTest04(void) {
htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0); htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0);
if (htp_state->connp == NULL || tx->request_method_number != M_GET || if (tx->request_method_number != M_GET ||
tx->request_protocol_number != HTTP_1_1) tx->request_protocol_number != HTTP_1_1)
{ {
printf("expected method GET and got %s: , expected protocol " printf("expected method GET and got %s: , expected protocol "
@ -1061,9 +915,13 @@ end:
*/ */
static int DetectUriSigTest04(void) { static int DetectUriSigTest04(void) {
int result = 0; int result = 0;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
Signature *s = NULL; Signature *s = NULL;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
s = SigInit(de_ctx,"alert tcp any any -> any any (msg:" s = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
"\" Test uricontent\"; " "\" Test uricontent\"; "
"uricontent:\"foo\"; sid:1;)"); "uricontent:\"foo\"; sid:1;)");
@ -1247,8 +1105,8 @@ static int DetectUriSigTest04(void) {
result = 1; result = 1;
end: end:
if (de_ctx != NULL) SigCleanSignatures(de_ctx); if (de_ctx != NULL)
if (de_ctx != NULL) SigGroupCleanup(de_ctx); DetectEngineCtxFree(de_ctx);
return result; return result;
} }
@ -1363,7 +1221,8 @@ end:
if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx); if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamTcpFreeConfig(TRUE); StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f); FLOW_DESTROY(&f);
@ -2096,6 +1955,35 @@ int DetectUriContentParseTest23(void)
return result; return result;
} }
/**
* \test Parsing test
*/
int DetectUriContentParseTest24(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert tcp any any -> any any "
"(msg:\"test\"; uricontent:\"\"; sid:1;)");
if (de_ctx->sig_list != NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
int DetectUricontentSigTest08(void) int DetectUricontentSigTest08(void)
{ {
DetectEngineCtx *de_ctx = NULL; DetectEngineCtx *de_ctx = NULL;
@ -2345,6 +2233,8 @@ void HttpUriRegisterTests(void) {
UtRegisterTest("DetectUriContentParseTest21", DetectUriContentParseTest21, 1); UtRegisterTest("DetectUriContentParseTest21", DetectUriContentParseTest21, 1);
UtRegisterTest("DetectUriContentParseTest22", DetectUriContentParseTest22, 1); UtRegisterTest("DetectUriContentParseTest22", DetectUriContentParseTest22, 1);
UtRegisterTest("DetectUriContentParseTest23", DetectUriContentParseTest23, 1); UtRegisterTest("DetectUriContentParseTest23", DetectUriContentParseTest23, 1);
UtRegisterTest("DetectUriContentParseTest24", DetectUriContentParseTest24, 1);
UtRegisterTest("DetectUricontentSigTest08", DetectUricontentSigTest08, 1); UtRegisterTest("DetectUricontentSigTest08", DetectUricontentSigTest08, 1);
UtRegisterTest("DetectUricontentSigTest09", DetectUricontentSigTest09, 1); UtRegisterTest("DetectUricontentSigTest09", DetectUricontentSigTest09, 1);
UtRegisterTest("DetectUricontentSigTest10", DetectUricontentSigTest10, 1); UtRegisterTest("DetectUricontentSigTest10", DetectUricontentSigTest10, 1);

@ -128,11 +128,11 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p,
p->ip4h->ip_proto = IPPROTO_TCP; p->ip4h->ip_proto = IPPROTO_TCP;
//p->ip4h->ip_csum = //p->ip4h->ip_csum =
if (direction == 0) { if (direction == 0) {
p->ip4h->ip_src.s_addr = f->src.addr_data32[0]; p->ip4h->s_ip_src.s_addr = f->src.addr_data32[0];
p->ip4h->ip_dst.s_addr = f->dst.addr_data32[0]; p->ip4h->s_ip_dst.s_addr = f->dst.addr_data32[0];
} else { } else {
p->ip4h->ip_src.s_addr = f->dst.addr_data32[0]; p->ip4h->s_ip_src.s_addr = f->dst.addr_data32[0];
p->ip4h->ip_dst.s_addr = f->src.addr_data32[0]; p->ip4h->s_ip_dst.s_addr = f->src.addr_data32[0];
} }
/* set the tcp header */ /* set the tcp header */
@ -160,23 +160,23 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p,
p->ip6h->s_ip6_plen = htons(20); p->ip6h->s_ip6_plen = htons(20);
p->ip6h->s_ip6_hlim = 64; p->ip6h->s_ip6_hlim = 64;
if (direction == 0) { if (direction == 0) {
p->ip6h->ip6_src[0] = f->src.addr_data32[0]; p->ip6h->s_ip6_src[0] = f->src.addr_data32[0];
p->ip6h->ip6_src[1] = f->src.addr_data32[1]; p->ip6h->s_ip6_src[1] = f->src.addr_data32[1];
p->ip6h->ip6_src[2] = f->src.addr_data32[2]; p->ip6h->s_ip6_src[2] = f->src.addr_data32[2];
p->ip6h->ip6_src[3] = f->src.addr_data32[3]; p->ip6h->s_ip6_src[3] = f->src.addr_data32[3];
p->ip6h->ip6_dst[0] = f->dst.addr_data32[0]; p->ip6h->s_ip6_dst[0] = f->dst.addr_data32[0];
p->ip6h->ip6_dst[1] = f->dst.addr_data32[1]; p->ip6h->s_ip6_dst[1] = f->dst.addr_data32[1];
p->ip6h->ip6_dst[2] = f->dst.addr_data32[2]; p->ip6h->s_ip6_dst[2] = f->dst.addr_data32[2];
p->ip6h->ip6_dst[3] = f->dst.addr_data32[3]; p->ip6h->s_ip6_dst[3] = f->dst.addr_data32[3];
} else { } else {
p->ip6h->ip6_src[0] = f->dst.addr_data32[0]; p->ip6h->s_ip6_src[0] = f->dst.addr_data32[0];
p->ip6h->ip6_src[1] = f->dst.addr_data32[1]; p->ip6h->s_ip6_src[1] = f->dst.addr_data32[1];
p->ip6h->ip6_src[2] = f->dst.addr_data32[2]; p->ip6h->s_ip6_src[2] = f->dst.addr_data32[2];
p->ip6h->ip6_src[3] = f->dst.addr_data32[3]; p->ip6h->s_ip6_src[3] = f->dst.addr_data32[3];
p->ip6h->ip6_dst[0] = f->src.addr_data32[0]; p->ip6h->s_ip6_dst[0] = f->src.addr_data32[0];
p->ip6h->ip6_dst[1] = f->src.addr_data32[1]; p->ip6h->s_ip6_dst[1] = f->src.addr_data32[1];
p->ip6h->ip6_dst[2] = f->src.addr_data32[2]; p->ip6h->s_ip6_dst[2] = f->src.addr_data32[2];
p->ip6h->ip6_dst[3] = f->src.addr_data32[3]; p->ip6h->s_ip6_dst[3] = f->src.addr_data32[3];
} }
/* set the tcp header */ /* set the tcp header */
@ -218,10 +218,10 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p,
} }
if (FLOW_IS_IPV4(f)) { if (FLOW_IS_IPV4(f)) {
p->tcph->th_sum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src), p->tcph->th_sum = TCPCalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->tcph, 20); (uint16_t *)p->tcph, 20);
} else if (FLOW_IS_IPV6(f)) { } else if (FLOW_IS_IPV6(f)) {
p->tcph->th_sum = TCPCalculateChecksum((uint16_t *)&(p->ip6h->ip6_src), p->tcph->th_sum = TCPCalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->tcph, 20); (uint16_t *)p->tcph, 20);
} }

@ -124,14 +124,14 @@
* We set the rest of the struct to 0 so we can * We set the rest of the struct to 0 so we can
* prevent using memset. */ * prevent using memset. */
#define FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET(p, a) do { \ #define FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET(p, a) do { \
(a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_src.s_addr; \ (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_src.s_addr; \
(a)->addr_data32[1] = 0; \ (a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \ (a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \ (a)->addr_data32[3] = 0; \
} while (0) } while (0)
#define FLOW_SET_IPV4_DST_ADDR_FROM_PACKET(p, a) do { \ #define FLOW_SET_IPV4_DST_ADDR_FROM_PACKET(p, a) do { \
(a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_dst.s_addr; \ (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_dst.s_addr; \
(a)->addr_data32[1] = 0; \ (a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \ (a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \ (a)->addr_data32[3] = 0; \
@ -148,17 +148,17 @@
/* Set the IPv6 addressesinto the Addrs of the Packet. /* Set the IPv6 addressesinto the Addrs of the Packet.
* Make sure p->ip6h is initialized and validated. */ * Make sure p->ip6h is initialized and validated. */
#define FLOW_SET_IPV6_SRC_ADDR_FROM_PACKET(p, a) do { \ #define FLOW_SET_IPV6_SRC_ADDR_FROM_PACKET(p, a) do { \
(a)->addr_data32[0] = (p)->ip6h->ip6_src[0]; \ (a)->addr_data32[0] = (p)->ip6h->s_ip6_src[0]; \
(a)->addr_data32[1] = (p)->ip6h->ip6_src[1]; \ (a)->addr_data32[1] = (p)->ip6h->s_ip6_src[1]; \
(a)->addr_data32[2] = (p)->ip6h->ip6_src[2]; \ (a)->addr_data32[2] = (p)->ip6h->s_ip6_src[2]; \
(a)->addr_data32[3] = (p)->ip6h->ip6_src[3]; \ (a)->addr_data32[3] = (p)->ip6h->s_ip6_src[3]; \
} while (0) } while (0)
#define FLOW_SET_IPV6_DST_ADDR_FROM_PACKET(p, a) do { \ #define FLOW_SET_IPV6_DST_ADDR_FROM_PACKET(p, a) do { \
(a)->addr_data32[0] = (p)->ip6h->ip6_dst[0]; \ (a)->addr_data32[0] = (p)->ip6h->s_ip6_dst[0]; \
(a)->addr_data32[1] = (p)->ip6h->ip6_dst[1]; \ (a)->addr_data32[1] = (p)->ip6h->s_ip6_dst[1]; \
(a)->addr_data32[2] = (p)->ip6h->ip6_dst[2]; \ (a)->addr_data32[2] = (p)->ip6h->s_ip6_dst[2]; \
(a)->addr_data32[3] = (p)->ip6h->ip6_dst[3]; \ (a)->addr_data32[3] = (p)->ip6h->s_ip6_dst[3]; \
} while (0) } while (0)
/* pkt flow flags */ /* pkt flow flags */

@ -54,6 +54,7 @@
#include "util-logopenfile.h" #include "util-logopenfile.h"
#include "app-layer-htp.h" #include "app-layer-htp.h"
#include "util-memcmp.h"
#define MODULE_NAME "LogFileLog" #define MODULE_NAME "LogFileLog"
@ -124,7 +125,8 @@ static void LogFileMetaGetHost(FILE *fp, Packet *p, File *ff) {
table_iterator_reset(headers); table_iterator_reset(headers);
while (table_iterator_next(headers, (void **)&h) != NULL) { while (table_iterator_next(headers, (void **)&h) != NULL) {
if (strcasecmp("Host", bstr_tocstr(h->name)) == 0) { if (bstr_len(h->name) >= 4 &&
SCMemcmpLowercase((uint8_t *)"host", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) {
PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(h->value), PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(h->value),
bstr_len(h->value)); bstr_len(h->value));
return; return;
@ -147,7 +149,8 @@ static void LogFileMetaGetReferer(FILE *fp, Packet *p, File *ff) {
table_iterator_reset(headers); table_iterator_reset(headers);
while (table_iterator_next(headers, (void **)&h) != NULL) { while (table_iterator_next(headers, (void **)&h) != NULL) {
if (strcasecmp("Referer", bstr_tocstr(h->name)) == 0) { if (bstr_len(h->name) >= 7 &&
SCMemcmpLowercase((uint8_t *)"referer", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) {
PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(h->value), PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(h->value),
bstr_len(h->value)); bstr_len(h->value));
return; return;

@ -52,6 +52,7 @@
#include "util-logopenfile.h" #include "util-logopenfile.h"
#include "app-layer-htp.h" #include "app-layer-htp.h"
#include "util-memcmp.h"
#define MODULE_NAME "LogFilestoreLog" #define MODULE_NAME "LogFilestoreLog"
@ -127,7 +128,8 @@ static void LogFilestoreMetaGetHost(FILE *fp, Packet *p, File *ff) {
table_iterator_reset(headers); table_iterator_reset(headers);
while (table_iterator_next(headers, (void **)&h) != NULL) { while (table_iterator_next(headers, (void **)&h) != NULL) {
if (strcasecmp("Host", bstr_tocstr(h->name)) == 0) { if (bstr_len(h->name) >= 4 &&
SCMemcmpLowercase((uint8_t *)"host", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) {
PrintRawUriFp(fp, (uint8_t *)bstr_ptr(h->value), PrintRawUriFp(fp, (uint8_t *)bstr_ptr(h->value),
bstr_len(h->value)); bstr_len(h->value));
return; return;
@ -150,7 +152,8 @@ static void LogFilestoreMetaGetReferer(FILE *fp, Packet *p, File *ff) {
table_iterator_reset(headers); table_iterator_reset(headers);
while (table_iterator_next(headers, (void **)&h) != NULL) { while (table_iterator_next(headers, (void **)&h) != NULL) {
if (strcasecmp("Referer", bstr_tocstr(h->name)) == 0) { if (bstr_len(h->name) >= 7 &&
SCMemcmpLowercase((uint8_t *)"referer", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) {
PrintRawUriFp(fp, (uint8_t *)bstr_ptr(h->value), PrintRawUriFp(fp, (uint8_t *)bstr_ptr(h->value),
bstr_len(h->value)); bstr_len(h->value));
return; return;
@ -600,7 +603,7 @@ static void LogFilestoreLogDeInitCtx(OutputCtx *output_ctx)
LogFileFreeCtx(logfile_ctx); LogFileFreeCtx(logfile_ctx);
free(output_ctx); free(output_ctx);
if (g_waldo != NULL) { if (strlen(g_waldo) > 0) {
LogFilestoreLogStoreWaldo(g_waldo); LogFilestoreLogStoreWaldo(g_waldo);
} }
} }

@ -414,7 +414,6 @@ TmEcode ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) {
SCFree(ptv); SCFree(ptv);
pcapconfig->DerefFunc(pcapconfig); pcapconfig->DerefFunc(pcapconfig);
SCReturnInt(TM_ECODE_FAILED); SCReturnInt(TM_ECODE_FAILED);
ptv->pcap_state = PCAP_STATE_DOWN;
} else { } else {
ptv->pcap_state = PCAP_STATE_UP; ptv->pcap_state = PCAP_STATE_UP;
} }

@ -133,11 +133,6 @@ static int StreamTcpSackInsertRange(TcpStream *stream, uint32_t le, uint32_t re)
rec->re = re; rec->re = re;
goto end; goto end;
} }
le = rec->re;
//int r = StreamTcpSackInsertRange(stream, rec->re+1, re);
//SCReturnInt(r);
continue;
} }
SCLogDebug("new range fully overlapped"); SCLogDebug("new range fully overlapped");

@ -3837,12 +3837,12 @@ static inline int StreamTcpValidateChecksum(Packet *p)
if (p->tcpvars.comp_csum == -1) { if (p->tcpvars.comp_csum == -1) {
if (PKT_IS_IPV4(p)) { if (PKT_IS_IPV4(p)) {
p->tcpvars.comp_csum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src), p->tcpvars.comp_csum = TCPCalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->tcph, (uint16_t *)p->tcph,
(p->payload_len + (p->payload_len +
TCP_GET_HLEN(p))); TCP_GET_HLEN(p)));
} else if (PKT_IS_IPV6(p)) { } else if (PKT_IS_IPV6(p)) {
p->tcpvars.comp_csum = TCPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src), p->tcpvars.comp_csum = TCPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->tcph, (uint16_t *)p->tcph,
(p->payload_len + (p->payload_len +
TCP_GET_HLEN(p))); TCP_GET_HLEN(p)));
@ -4567,19 +4567,19 @@ void StreamTcpSetSessionNoReassemblyFlag (TcpSession *ssn, char direction)
IPV4_SET_RAW_IPLEN(nipv4h, IPV4_GET_RAW_IPLEN(ipv4h)); \ IPV4_SET_RAW_IPLEN(nipv4h, IPV4_GET_RAW_IPLEN(ipv4h)); \
IPV4_SET_RAW_IPTOS(nipv4h, IPV4_GET_RAW_IPTOS(ipv4h)); \ IPV4_SET_RAW_IPTOS(nipv4h, IPV4_GET_RAW_IPTOS(ipv4h)); \
IPV4_SET_RAW_IPPROTO(nipv4h, IPV4_GET_RAW_IPPROTO(ipv4h)); \ IPV4_SET_RAW_IPPROTO(nipv4h, IPV4_GET_RAW_IPPROTO(ipv4h)); \
(nipv4h)->ip_src = IPV4_GET_RAW_IPDST(ipv4h); \ (nipv4h)->s_ip_src = IPV4_GET_RAW_IPDST(ipv4h); \
(nipv4h)->ip_dst = IPV4_GET_RAW_IPSRC(ipv4h); \ (nipv4h)->s_ip_dst = IPV4_GET_RAW_IPSRC(ipv4h); \
} while (0) } while (0)
#define PSEUDO_PKT_SET_IPV6HDR(nipv6h,ipv6h) do { \ #define PSEUDO_PKT_SET_IPV6HDR(nipv6h,ipv6h) do { \
(nipv6h)->ip6_src[0] = (ipv6h)->ip6_dst[0]; \ (nipv6h)->s_ip6_src[0] = (ipv6h)->s_ip6_dst[0]; \
(nipv6h)->ip6_src[1] = (ipv6h)->ip6_dst[1]; \ (nipv6h)->s_ip6_src[1] = (ipv6h)->s_ip6_dst[1]; \
(nipv6h)->ip6_src[2] = (ipv6h)->ip6_dst[2]; \ (nipv6h)->s_ip6_src[2] = (ipv6h)->s_ip6_dst[2]; \
(nipv6h)->ip6_src[3] = (ipv6h)->ip6_dst[3]; \ (nipv6h)->s_ip6_src[3] = (ipv6h)->s_ip6_dst[3]; \
(nipv6h)->ip6_dst[0] = (ipv6h)->ip6_src[0]; \ (nipv6h)->s_ip6_dst[0] = (ipv6h)->s_ip6_src[0]; \
(nipv6h)->ip6_dst[1] = (ipv6h)->ip6_src[1]; \ (nipv6h)->s_ip6_dst[1] = (ipv6h)->s_ip6_src[1]; \
(nipv6h)->ip6_dst[2] = (ipv6h)->ip6_src[2]; \ (nipv6h)->s_ip6_dst[2] = (ipv6h)->s_ip6_src[2]; \
(nipv6h)->ip6_dst[3] = (ipv6h)->ip6_src[3]; \ (nipv6h)->s_ip6_dst[3] = (ipv6h)->s_ip6_src[3]; \
IPV6_SET_RAW_NH(nipv6h, IPV6_GET_RAW_NH(ipv6h)); \ IPV6_SET_RAW_NH(nipv6h, IPV6_GET_RAW_NH(ipv6h)); \
} while (0) } while (0)

@ -260,6 +260,7 @@ SignalHandlerSetup(int sig, void (*handler)())
signal(sig, handler); signal(sig, handler);
#else #else
struct sigaction action; struct sigaction action;
memset(&action, 0x00, sizeof(struct sigaction));
action.sa_handler = handler; action.sa_handler = handler;
sigemptyset(&(action.sa_mask)); sigemptyset(&(action.sa_mask));
@ -360,28 +361,27 @@ static void SetBpfStringFromFile(char *filename) {
SCLogError(SC_ERR_FOPEN, "Failed to stat file %s", filename); SCLogError(SC_ERR_FOPEN, "Failed to stat file %s", filename);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
bpf_len=st.st_size + 1; bpf_len = st.st_size + 1;
bpf_filter = SCMalloc(bpf_len*sizeof(char)); fp = fopen(filename,"r");
if(bpf_filter == NULL) { if (fp == NULL) {
SCLogError(SC_ERR_FOPEN, "Failed to open file %s", filename);
exit(EXIT_FAILURE);
}
bpf_filter = SCMalloc(bpf_len * sizeof(char));
if (bpf_filter == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, SCLogError(SC_ERR_MEM_ALLOC,
"Failed to allocate buffer for bpf filter in file %s", filename); "Failed to allocate buffer for bpf filter in file %s", filename);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
memset(bpf_filter, 0x00, bpf_len); memset(bpf_filter, 0x00, bpf_len);
fp = fopen(filename,"r");
if(fp == NULL) {
SCLogError(SC_ERR_FOPEN, "Failed to open file %s", filename);
SCFree(bpf_filter);
exit(EXIT_FAILURE);
}else {
nm = fread(bpf_filter, bpf_len - 1, 1, fp); nm = fread(bpf_filter, bpf_len - 1, 1, fp);
if((ferror(fp) != 0)||( nm != 1)) { if((ferror(fp) != 0)||( nm != 1)) {
*bpf_filter='\0'; *bpf_filter='\0';
} }
fclose(fp); fclose(fp);
}
if(strlen(bpf_filter) > 0) { if(strlen(bpf_filter) > 0) {
/*replace comments with space*/ /*replace comments with space*/

@ -1050,7 +1050,7 @@ TmEcode TmThreadSetCPU(ThreadVars *tv, uint8_t type)
int TmThreadGetNbThreads(uint8_t type) int TmThreadGetNbThreads(uint8_t type)
{ {
if (type > MAX_CPU_SET) { if (type >= MAX_CPU_SET) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid cpu type family"); SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid cpu type family");
return 0; return 0;
} }

@ -33,11 +33,11 @@ int ReCalculateChecksum(Packet *p)
if (PKT_IS_TCP(p)) { if (PKT_IS_TCP(p)) {
/* TCP */ /* TCP */
p->tcph->th_sum = 0; p->tcph->th_sum = 0;
p->tcph->th_sum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src), p->tcph->th_sum = TCPCalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p))); (uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p)));
} else if (PKT_IS_UDP(p)) { } else if (PKT_IS_UDP(p)) {
p->udph->uh_sum = 0; p->udph->uh_sum = 0;
p->udph->uh_sum = UDPV4CalculateChecksum((uint16_t *)&(p->ip4h->ip_src), p->udph->uh_sum = UDPV4CalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN)); (uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN));
} }
/* IPV4 */ /* IPV4 */
@ -48,11 +48,11 @@ int ReCalculateChecksum(Packet *p)
/* just TCP for IPV6 */ /* just TCP for IPV6 */
if (PKT_IS_TCP(p)) { if (PKT_IS_TCP(p)) {
p->tcph->th_sum = 0; p->tcph->th_sum = 0;
p->tcph->th_sum = TCPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src), p->tcph->th_sum = TCPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p))); (uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p)));
} else if (PKT_IS_UDP(p)) { } else if (PKT_IS_UDP(p)) {
p->udph->uh_sum = 0; p->udph->uh_sum = 0;
p->udph->uh_sum = UDPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src), p->udph->uh_sum = UDPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN)); (uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN));
} }
} }

@ -136,7 +136,7 @@ int LiveBuildDeviceList(char * runmode)
return 0; return 0;
TAILQ_FOREACH(child, &base->head, next) { TAILQ_FOREACH(child, &base->head, next) {
if (!strncmp(child->val, "interface", sizeof(child->val))) { if (!strcmp(child->val, "interface")) {
ConfNode *subchild; ConfNode *subchild;
TAILQ_FOREACH(subchild, &child->head, next) { TAILQ_FOREACH(subchild, &child->head, next) {
if ((!strcmp(subchild->name, "interface"))) { if ((!strcmp(subchild->name, "interface"))) {

@ -43,6 +43,8 @@ typedef struct HashTable_ {
void (*Free)(void *); void (*Free)(void *);
} HashTable; } HashTable;
#define HASH_NO_SIZE 0
/* prototypes */ /* prototypes */
HashTable* HashTableInit(uint32_t, uint32_t (*Hash)(struct HashTable_ *, void *, uint16_t), char (*Compare)(void *, uint16_t, void *, uint16_t), void (*Free)(void *)); HashTable* HashTableInit(uint32_t, uint32_t (*Hash)(struct HashTable_ *, void *, uint16_t), char (*Compare)(void *, uint16_t, void *, uint16_t), void (*Free)(void *));
void HashTableFree(HashTable *); void HashTableFree(HashTable *);

@ -44,6 +44,8 @@ typedef struct HashListTable_ {
void (*Free)(void *); void (*Free)(void *);
} HashListTable; } HashListTable;
#define HASHLIST_NO_SIZE 0
/* prototypes */ /* prototypes */
HashListTable* HashListTableInit(uint32_t, uint32_t (*Hash)(struct HashListTable_ *, void *, uint16_t), char (*Compare)(void *, uint16_t, void *, uint16_t), void (*Free)(void *)); HashListTable* HashListTableInit(uint32_t, uint32_t (*Hash)(struct HashListTable_ *, void *, uint16_t), char (*Compare)(void *, uint16_t, void *, uint16_t), void (*Free)(void *));
void HashListTableFree(HashListTable *); void HashListTableFree(HashListTable *);

@ -112,10 +112,13 @@ char *MagicLookup(uint8_t *buf, uint32_t buflen) {
} }
void MagicDeinit(void) { void MagicDeinit(void) {
SCMutexLock(&g_magic_lock);
if (g_magic_ctx != NULL) { if (g_magic_ctx != NULL) {
magic_close(g_magic_ctx); magic_close(g_magic_ctx);
g_magic_ctx = NULL; g_magic_ctx = NULL;
} }
SCMutexUnlock(&g_magic_lock);
SCMutexDestroy(&g_magic_lock);
} }
#ifdef UNITTESTS #ifdef UNITTESTS

@ -157,8 +157,9 @@ SC_ATOMIC_EXTERN(unsigned int, engine_stage);
ptrmem = malloc((a)); \ ptrmem = malloc((a)); \
if (ptrmem == NULL) { \ if (ptrmem == NULL) { \
if (SC_ATOMIC_GET(engine_stage) == SURICATA_INIT) {\ if (SC_ATOMIC_GET(engine_stage) == SURICATA_INIT) {\
uintmax_t size = (uintmax_t)(a); \
SCLogError(SC_ERR_MEM_ALLOC, "SCMalloc failed: %s, while trying " \ SCLogError(SC_ERR_MEM_ALLOC, "SCMalloc failed: %s, while trying " \
"to allocate %"PRIuMAX" bytes", strerror(errno), (uintmax_t)(a)); \ "to allocate %"PRIuMAX" bytes", strerror(errno), size); \
SCLogError(SC_ERR_FATAL, "Out of memory. The engine cannot be initialized. Exiting..."); \ SCLogError(SC_ERR_FATAL, "Out of memory. The engine cannot be initialized. Exiting..."); \
exit(EXIT_FAILURE); \ exit(EXIT_FAILURE); \
} \ } \

@ -68,7 +68,7 @@ void PrintRawLineHexBuf(char *retbuf, uint32_t retbuflen, uint8_t *buf, uint32_t
for (u = 0; u < buflen; u++) { for (u = 0; u < buflen; u++) {
written += (uint32_t)snprintf(temp, sizeof(temp), "%02X ", buf[u]); written += (uint32_t)snprintf(temp, sizeof(temp), "%02X ", buf[u]);
if (written < retbuflen) { if (written < retbuflen) {
strlcat(retbuf, temp, sizeof(retbuf)); strlcat(retbuf, temp, retbuflen);
} }
} }
} }

@ -904,10 +904,6 @@ int RunModeSetIPSAuto(DetectEngineCtx *de_ctx,
for (int i = 0; i < nqueue; i++) { for (int i = 0; i < nqueue; i++) {
memset(tname, 0, sizeof(tname)); memset(tname, 0, sizeof(tname));
snprintf(tname, sizeof(tname), "Verdict%"PRIu16, i); snprintf(tname, sizeof(tname), "Verdict%"PRIu16, i);
if (tname == NULL) {
printf("ERROR: Unable to build thread name\n");
exit(EXIT_FAILURE);
}
char *thread_name = SCStrdup(tname); char *thread_name = SCStrdup(tname);
ThreadVars *tv_verdict = ThreadVars *tv_verdict =
@ -1097,10 +1093,6 @@ int RunModeSetIPSAutoFp(DetectEngineCtx *de_ctx,
for (int i = 0; i < nqueue; i++) { for (int i = 0; i < nqueue; i++) {
memset(tname, 0, sizeof(tname)); memset(tname, 0, sizeof(tname));
snprintf(tname, sizeof(tname), "Verdict%"PRIu16, i); snprintf(tname, sizeof(tname), "Verdict%"PRIu16, i);
if (tname == NULL) {
printf("ERROR: Unable to build thread name\n");
exit(EXIT_FAILURE);
}
char *thread_name = SCStrdup(tname); char *thread_name = SCStrdup(tname);
ThreadVars *tv_verdict = ThreadVars *tv_verdict =
@ -1179,10 +1171,6 @@ int RunModeSetIPSWorker(DetectEngineCtx *de_ctx,
} }
memset(tname, 0, sizeof(tname)); memset(tname, 0, sizeof(tname));
snprintf(tname, sizeof(tname), "Worker-Q%s", cur_queue); snprintf(tname, sizeof(tname), "Worker-Q%s", cur_queue);
if (tname == NULL) {
printf("ERROR: Unable to build thread name\n");
exit(EXIT_FAILURE);
}
char *thread_name = SCStrdup(tname); char *thread_name = SCStrdup(tname);
tv = TmThreadCreatePacketHandler(thread_name, tv = TmThreadCreatePacketHandler(thread_name,

@ -1543,8 +1543,8 @@ int SCThresholdConfTest09(void)
SigMatchSignatures(&th_v, de_ctx, det_ctx, p); SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10); alerts += PacketAlertCheck(p, 10);
if (alerts > 0) { if (alerts > 0) {
goto end;
result = 0; result = 0;
goto end;
} }
SigMatchSignatures(&th_v, de_ctx, det_ctx, p); SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
@ -1636,8 +1636,8 @@ int SCThresholdConfTest10(void)
SigMatchSignatures(&th_v, de_ctx, det_ctx, p2); SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
alerts += PacketAlertCheck(p2, 10); alerts += PacketAlertCheck(p2, 10);
if (alerts > 0) { if (alerts > 0) {
goto end;
result = 0; result = 0;
goto end;
} }
SigMatchSignatures(&th_v, de_ctx, det_ctx, p); SigMatchSignatures(&th_v, de_ctx, det_ctx, p);

@ -103,10 +103,10 @@ Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
p->src.addr_data32[2] = in[2]; p->src.addr_data32[2] = in[2];
p->src.addr_data32[3] = in[3]; p->src.addr_data32[3] = in[3];
p->sp = sport; p->sp = sport;
p->ip6h->ip6_src[0] = in[0]; p->ip6h->s_ip6_src[0] = in[0];
p->ip6h->ip6_src[1] = in[1]; p->ip6h->s_ip6_src[1] = in[1];
p->ip6h->ip6_src[2] = in[2]; p->ip6h->s_ip6_src[2] = in[2];
p->ip6h->ip6_src[3] = in[3]; p->ip6h->s_ip6_src[3] = in[3];
if (inet_pton(AF_INET6, dst, &in) <= 0) if (inet_pton(AF_INET6, dst, &in) <= 0)
goto error; goto error;
@ -115,10 +115,10 @@ Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
p->dst.addr_data32[2] = in[2]; p->dst.addr_data32[2] = in[2];
p->dst.addr_data32[3] = in[3]; p->dst.addr_data32[3] = in[3];
p->dp = dport; p->dp = dport;
p->ip6h->ip6_dst[0] = in[0]; p->ip6h->s_ip6_dst[0] = in[0];
p->ip6h->ip6_dst[1] = in[1]; p->ip6h->s_ip6_dst[1] = in[1];
p->ip6h->ip6_dst[2] = in[2]; p->ip6h->s_ip6_dst[2] = in[2];
p->ip6h->ip6_dst[3] = in[3]; p->ip6h->s_ip6_dst[3] = in[3];
p->tcph = SCMalloc(sizeof(TCPHdr)); p->tcph = SCMalloc(sizeof(TCPHdr));
if (p->tcph == NULL) if (p->tcph == NULL)
@ -192,8 +192,8 @@ Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
if (p->ip4h == NULL) if (p->ip4h == NULL)
goto error; goto error;
p->ip4h->ip_src.s_addr = p->src.addr_data32[0]; p->ip4h->s_ip_src.s_addr = p->src.addr_data32[0];
p->ip4h->ip_dst.s_addr = p->dst.addr_data32[0]; p->ip4h->s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h->ip_proto = ipproto; p->ip4h->ip_proto = ipproto;
p->ip4h->ip_verhl = sizeof(IPV4Hdr); p->ip4h->ip_verhl = sizeof(IPV4Hdr);
p->proto = ipproto; p->proto = ipproto;

Loading…
Cancel
Save