aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Various fixes and improvements based on feedback by Coverity analyzer.

Browse Source
remotes/origin/HEAD
Victor Julien 14 years ago
parent 4b2d94a841
commit cdba2f50d1
47 changed files with 405 additions and 525 deletions
Show Stats Download Patch File Download Diff File

47
src/alert-unified2-alert.c
Unescape Escape View File

@ -286,11 +286,11 @@ static int Unified2ForgeFakeIPv4Header(FakeIPv4Hdr *fakehdr, Packet *p, int pkt_
fakehdr->ip4h.ip_verhl = p->ip4h->ip_verhl;
fakehdr->ip4h.ip_proto = p->ip4h->ip_proto;
if (! invert) {
fakehdr->ip4h.ip_src.s_addr = p->ip4h->ip_src.s_addr;
fakehdr->ip4h.ip_dst.s_addr = p->ip4h->ip_dst.s_addr;
fakehdr->ip4h.s_ip_src.s_addr = p->ip4h->s_ip_src.s_addr;
fakehdr->ip4h.s_ip_dst.s_addr = p->ip4h->s_ip_dst.s_addr;
} else {
fakehdr->ip4h.ip_dst.s_addr = p->ip4h->ip_src.s_addr;
fakehdr->ip4h.ip_src.s_addr = p->ip4h->ip_dst.s_addr;
fakehdr->ip4h.s_ip_dst.s_addr = p->ip4h->s_ip_src.s_addr;
fakehdr->ip4h.s_ip_src.s_addr = p->ip4h->s_ip_dst.s_addr;
}
fakehdr->ip4h.ip_len = htons((uint16_t)pkt_len);
@ -317,10 +317,10 @@ static int Unified2ForgeFakeIPv6Header(FakeIPv6Hdr *fakehdr, Packet *p, int pkt_
fakehdr->ip6h.s_ip6_nxt = IPPROTO_TCP;
fakehdr->ip6h.s_ip6_plen = htons(sizeof(TCPHdr));
if (!invert) {
memcpy(fakehdr->ip6h.ip6_src, p->ip6h->ip6_src, 32);
memcpy(fakehdr->ip6h.s_ip6_addrs, p->ip6h->s_ip6_addrs, 32);
} else {
memcpy(fakehdr->ip6h.ip6_src, p->ip6h->ip6_dst, 16);
memcpy(fakehdr->ip6h.ip6_dst, p->ip6h->ip6_src, 16);
memcpy(fakehdr->ip6h.s_ip6_src, p->ip6h->s_ip6_dst, 16);
memcpy(fakehdr->ip6h.s_ip6_dst, p->ip6h->s_ip6_src, 16);
}
if (! invert) {
fakehdr->tcph.th_sport = p->tcph->th_sport;
@ -387,8 +387,8 @@ static int Unified2StreamTypeAlertIPv4 (Unified2AlertThread *aun,
fakehdr.ip4h.ip_verhl = p->ip4h->ip_verhl;
fakehdr.ip4h.ip_proto = p->ip4h->ip_proto;
fakehdr.ip4h.ip_src.s_addr = p->ip4h->ip_src.s_addr;
fakehdr.ip4h.ip_dst.s_addr = p->ip4h->ip_dst.s_addr;
fakehdr.ip4h.s_ip_src.s_addr = p->ip4h->s_ip_src.s_addr;
fakehdr.ip4h.s_ip_dst.s_addr = p->ip4h->s_ip_dst.s_addr;
fakehdr.ip4h.ip_len = htons((uint16_t)pkt_len);
fakehdr.tcph.th_sport = p->tcph->th_sport;
@ -487,12 +487,13 @@ static int Unified2StreamTypeAlertIPv6 (Unified2AlertThread *aun,
fakehdr.ethh.eth_type = htons(ETHERNET_TYPE_IPV6);
if (p->ethh != NULL) {
memcpy(&fakehdr.ethh.eth_dst, p->ethh->eth_dst, 12);
memcpy(&fakehdr.ethh.eth_src, p->ethh->eth_src, 6);
memcpy(&fakehdr.ethh.eth_dst, p->ethh->eth_dst, 6);
}
fakehdr.ip6h.s_ip6_vfc = p->ip6h->s_ip6_vfc;
fakehdr.ip6h.s_ip6_nxt = IPPROTO_TCP;
fakehdr.ip6h.s_ip6_plen = htons(sizeof(TCPHdr) + stream_msg->data.data_len);
memcpy(&fakehdr.ip6h.ip6_src, p->ip6h->ip6_src, 32);
memcpy(&fakehdr.ip6h.s_ip6_addrs, p->ip6h->s_ip6_addrs, 32);
fakehdr.tcph.th_sport = p->tcph->th_sport;
fakehdr.tcph.th_dport = p->tcph->th_dport;
fakehdr.tcph.th_offx2 = 0x50; /* just the TCP header, no options */
@ -573,12 +574,12 @@ static int Unified2PrintStreamSegmentCallback(Packet *p, void *data, uint8_t *bu
if (PKT_IS_IPV6(p)) {
FakeIPv6Hdr *fakehdr = (FakeIPv6Hdr *)aun->iphdr;
fakehdr->tcph.th_sum = TCPV6CalculateChecksum(
(uint16_t *)&(fakehdr->ip6h.ip6_src),
fakehdr->ip6h.s_ip6_addrs,
(uint16_t *)&fakehdr->tcph, buflen + sizeof(TCPHdr));
} else {
FakeIPv4Hdr *fakehdr = (FakeIPv4Hdr *)aun->iphdr;
fakehdr->tcph.th_sum = TCPCalculateChecksum(
(uint16_t *)&(fakehdr->ip4h.ip_src),
fakehdr->ip4h.s_ip_addrs,
(uint16_t *)&fakehdr->tcph, buflen + sizeof(TCPHdr));
fakehdr->ip4h.ip_csum = IPV4CalculateChecksum(
(uint16_t *)&fakehdr->ip4h,
@ -905,8 +906,8 @@ int Unified2IPv6TypeAlert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq
SCMutexLock(&aun->file_ctx->fp_mutex);
if ((aun->file_ctx->size_current +(sizeof(hdr) + sizeof(*phdr))) > aun->file_ctx->size_limit) {
if (Unified2AlertRotateFile(t,aun) < 0) {
SCMutexUnlock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += i;
SCMutexUnlock(&aun->file_ctx->fp_mutex);
return -1;
}
}
@ -919,15 +920,17 @@ int Unified2IPv6TypeAlert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq
ret = Unified2PacketTypeAlert(aun, p, pa->alert_msg, phdr->event_id, pa->flags & PACKET_ALERT_FLAG_STATE_MATCH ? 1 : 0);
if (ret != 1) {
SCLogError(SC_ERR_FWRITE, "Error: fwrite failed: %s", strerror(errno));
SCMutexUnlock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += i;
SCMutexUnlock(&aun->file_ctx->fp_mutex);
return -1;
}
fflush(aun->file_ctx->fp);
SCMutexUnlock(&aun->file_ctx->fp_mutex);
}
aun->file_ctx->alerts += p->alerts.cnt;
SCMutexLock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += p->alerts.cnt;
SCMutexUnlock(&aun->file_ctx->fp_mutex);
return 0;
}
@ -972,8 +975,8 @@ int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *p
gphdr.event_id = 0;
gphdr.event_second = htonl(p->ts.tv_sec);
gphdr.event_microsecond = htonl(p->ts.tv_usec);
gphdr.src_ip = p->ip4h->ip_src.s_addr;
gphdr.dst_ip = p->ip4h->ip_dst.s_addr;
gphdr.src_ip = p->ip4h->s_ip_src.s_addr;
gphdr.dst_ip = p->ip4h->s_ip_dst.s_addr;
gphdr.protocol = IPV4_GET_RAW_IPPROTO(p->ip4h);
@ -1039,8 +1042,8 @@ int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *p
if ((aun->file_ctx->size_current +(sizeof(hdr) + sizeof(*phdr))) > aun->file_ctx->size_limit) {
if (Unified2AlertRotateFile(tv,aun) < 0) {
SCMutexUnlock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += i;
SCMutexUnlock(&aun->file_ctx->fp_mutex);
return -1;
}
}
@ -1056,15 +1059,17 @@ int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *p
ret = Unified2PacketTypeAlert(aun, p, pa->alert_msg, event_id, pa->flags & PACKET_ALERT_FLAG_STATE_MATCH ? 1 : 0);
if (ret != 1) {
SCLogError(SC_ERR_FWRITE, "Error: PacketTypeAlert writing failed");
SCMutexUnlock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += i;
SCMutexUnlock(&aun->file_ctx->fp_mutex);
return -1;
}
fflush(aun->file_ctx->fp);
SCMutexUnlock(&aun->file_ctx->fp_mutex);
}
aun->file_ctx->alerts += p->alerts.cnt;
SCMutexLock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += p->alerts.cnt;
SCMutexUnlock(&aun->file_ctx->fp_mutex);
return 0;
}

10
src/app-layer-htp.c
Unescape Escape View File

@ -2413,7 +2413,7 @@ int HTPParserTest01(void) {
table_iterator_reset(tx->request_headers);
table_iterator_next(tx->request_headers, (void **) & h);
if (htp_state->connp == NULL || strcmp(bstr_tocstr(h->value), "Victor/1.0")
if (strcmp(bstr_tocstr(h->value), "Victor/1.0")
|| tx->request_method_number != M_POST ||
tx->request_protocol_number != HTTP_1_0)
{
@ -2537,7 +2537,7 @@ int HTPParserTest03(void) {
table_iterator_reset(tx->request_headers);
table_iterator_next(tx->request_headers, (void **) & h);
if (htp_state->connp == NULL || tx->request_method_number != M_UNKNOWN ||
if (tx->request_method_number != M_UNKNOWN ||
h != NULL || tx->request_protocol_number != HTTP_1_0)
{
printf("expected method M_UNKNOWN and got %s: , expected protocol "
@ -2594,7 +2594,7 @@ int HTPParserTest04(void) {
table_iterator_reset(tx->request_headers);
table_iterator_next(tx->request_headers, (void **) & h);
if (htp_state->connp == NULL || tx->request_method_number != M_UNKNOWN ||
if (tx->request_method_number != M_UNKNOWN ||
h != NULL || tx->request_protocol_number != PROTOCOL_UNKNOWN)
{
printf("expected method M_UNKNOWN and got %s: , expected protocol "
@ -2701,7 +2701,7 @@ int HTPParserTest05(void) {
table_iterator_reset(tx->request_headers);
table_iterator_next(tx->request_headers, (void **) & h);
if (http_state->connp == NULL || tx->request_method_number != M_POST ||
if (tx->request_method_number != M_POST ||
h == NULL || tx->request_protocol_number != HTTP_1_0)
{
printf("expected method M_POST and got %s: , expected protocol "
@ -2815,7 +2815,7 @@ int HTPParserTest06(void) {
table_iterator_reset(tx->request_headers);
table_iterator_next(tx->request_headers, (void **) & h);
if (http_state->connp == NULL || tx->request_method_number != M_GET ||
if (tx->request_method_number != M_GET ||
h == NULL || tx->request_protocol_number != HTTP_1_1)
{
printf("expected method M_GET and got %s: , expected protocol "

2
src/app-layer-parser.c
Unescape Escape View File

@ -1485,7 +1485,7 @@ static AppLayerProbingParserElement *
AppLayerDuplicateAppLayerProbingParserElement(AppLayerProbingParserElement *pe)
{
AppLayerProbingParserElement *new_pe = SCMalloc(sizeof(AppLayerProbingParserElement));
if (pe == NULL) {
if (new_pe == NULL) {
return NULL;
}

4
src/conf.c
Unescape Escape View File

@ -671,7 +671,7 @@ ConfNode *ConfNodeLookupKeyValue(ConfNode *base, const char *key, const char *va
ConfNode *child;
TAILQ_FOREACH(child, &base->head, next) {
if (!strncmp(child->val, key, sizeof(child->val))) {
if (!strncmp(child->val, key, strlen(child->val))) {
ConfNode *subchild;
TAILQ_FOREACH(subchild, &child->head, next) {
if ((!strcmp(subchild->name, key)) && (!strcmp(subchild->val, value))) {
@ -844,7 +844,7 @@ ConfTestGetInt(void)
return 0;
if (ConfGetInt(name, &val) != 1)
return 0;
return 1;
if (val != 0)
return 0;

36
src/decode-icmpv4.c
Unescape Escape View File

@ -187,7 +187,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else {
/* parse IP header plus 64 bytes */
if (len >= ICMPV4_HEADER_PKT_OFFSET) {
if (len > ICMPV4_HEADER_PKT_OFFSET) {
DecodePartialIPV4( p, (uint8_t *)(pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET );
/* ICMP ICMP_DEST_UNREACH influence TCP/UDP flows */
@ -215,7 +215,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else {
// parse IP header plus 64 bytes
if (len >= ICMPV4_HEADER_PKT_OFFSET)
if (len > ICMPV4_HEADER_PKT_OFFSET)
DecodePartialIPV4( p, (uint8_t*) (pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET );
}
break;
@ -233,7 +233,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else {
// parse IP header plus 64 bytes
if (len >= ICMPV4_HEADER_PKT_OFFSET)
if (len > ICMPV4_HEADER_PKT_OFFSET)
DecodePartialIPV4( p, (uint8_t*) (pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET );
}
break;
@ -243,7 +243,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else {
// parse IP header plus 64 bytes
if (len >= ICMPV4_HEADER_PKT_OFFSET)
if (len > ICMPV4_HEADER_PKT_OFFSET)
DecodePartialIPV4( p, (uint8_t*) (pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET );
}
break;
@ -341,8 +341,8 @@ static int DecodeICMPV4test01(void) {
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
@ -392,8 +392,8 @@ static int DecodeICMPV4test02(void) {
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
@ -441,8 +441,8 @@ static int DecodeICMPV4test03(void) {
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
@ -521,8 +521,8 @@ static int DecodeICMPV4test04(void) {
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
@ -591,8 +591,8 @@ static int DecodeICMPV4test05(void) {
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
@ -696,8 +696,8 @@ static int ICMPV4InvalidType07(void) {
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
@ -740,8 +740,8 @@ static int DecodeICMPV4test08(void) {
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);

18
src/decode-icmpv6.c
Unescape Escape View File

@ -76,15 +76,15 @@ void DecodePartialIPV6(Packet *p, uint8_t *partial_packet, uint16_t len )
p->icmpv6vars.emb_ipv6h = icmp6_ip6h;
/** Get the IP6 address */
p->icmpv6vars.emb_ip6_src[0] = icmp6_ip6h->ip6_src[0];
p->icmpv6vars.emb_ip6_src[1] = icmp6_ip6h->ip6_src[1];
p->icmpv6vars.emb_ip6_src[2] = icmp6_ip6h->ip6_src[2];
p->icmpv6vars.emb_ip6_src[3] = icmp6_ip6h->ip6_src[3];
p->icmpv6vars.emb_ip6_dst[0] = icmp6_ip6h->ip6_dst[0];
p->icmpv6vars.emb_ip6_dst[1] = icmp6_ip6h->ip6_dst[1];
p->icmpv6vars.emb_ip6_dst[2] = icmp6_ip6h->ip6_dst[2];
p->icmpv6vars.emb_ip6_dst[3] = icmp6_ip6h->ip6_dst[3];
p->icmpv6vars.emb_ip6_src[0] = icmp6_ip6h->s_ip6_src[0];
p->icmpv6vars.emb_ip6_src[1] = icmp6_ip6h->s_ip6_src[1];
p->icmpv6vars.emb_ip6_src[2] = icmp6_ip6h->s_ip6_src[2];
p->icmpv6vars.emb_ip6_src[3] = icmp6_ip6h->s_ip6_src[3];
p->icmpv6vars.emb_ip6_dst[0] = icmp6_ip6h->s_ip6_dst[0];
p->icmpv6vars.emb_ip6_dst[1] = icmp6_ip6h->s_ip6_dst[1];
p->icmpv6vars.emb_ip6_dst[2] = icmp6_ip6h->s_ip6_dst[2];
p->icmpv6vars.emb_ip6_dst[3] = icmp6_ip6h->s_ip6_dst[3];
/** Get protocol and ports inside the embedded ipv6 packet and set the pointers */
p->icmpv6vars.emb_ip6_proto_next = icmp6_ip6h->s_ip6_nxt;

22
src/decode-ipv4.h
Unescape Escape View File

@ -77,10 +77,20 @@ typedef struct IPV4Hdr_
uint8_t ip_ttl; /**< time to live */
uint8_t ip_proto; /**< protocol (tcp, udp, etc) */
uint16_t ip_csum; /**< checksum */
struct in_addr ip_src;/**< source address */
struct in_addr ip_dst;/**< destination address */
union {
struct {
struct in_addr ip_src;/**< source address */
struct in_addr ip_dst;/**< destination address */
} ip4_un1;
uint16_t ip_addrs[4];
} ip4_hdrun1;
} IPV4Hdr;
#define s_ip_src ip4_hdrun1.ip4_un1.ip_src
#define s_ip_dst ip4_hdrun1.ip4_un1.ip_dst
#define s_ip_addrs ip4_hdrun1.ip_addrs
#define IPV4_GET_RAW_VER(ip4h) (((ip4h)->ip_verhl & 0xf0) >> 4)
#define IPV4_GET_RAW_HLEN(ip4h) ((ip4h)->ip_verhl & 0x0f)
#define IPV4_GET_RAW_IPTOS(ip4h) ((ip4h)->ip_tos)
@ -89,13 +99,13 @@ typedef struct IPV4Hdr_
#define IPV4_GET_RAW_IPOFFSET(ip4h) ((ip4h)->ip_off)
#define IPV4_GET_RAW_IPTTL(ip4h) ((ip4h)->ip_ttl)
#define IPV4_GET_RAW_IPPROTO(ip4h) ((ip4h)->ip_proto)
#define IPV4_GET_RAW_IPSRC(ip4h) ((ip4h)->ip_src)
#define IPV4_GET_RAW_IPDST(ip4h) ((ip4h)->ip_dst)
#define IPV4_GET_RAW_IPSRC(ip4h) ((ip4h)->s_ip_src)
#define IPV4_GET_RAW_IPDST(ip4h) ((ip4h)->s_ip_dst)
/** return the raw (directly from the header) src ip as uint32_t */
#define IPV4_GET_RAW_IPSRC_U32(ip4h) (uint32_t)((ip4h)->ip_src.s_addr)
#define IPV4_GET_RAW_IPSRC_U32(ip4h) (uint32_t)((ip4h)->s_ip_src.s_addr)
/** return the raw (directly from the header) dst ip as uint32_t */
#define IPV4_GET_RAW_IPDST_U32(ip4h) (uint32_t)((ip4h)->ip_dst.s_addr)
#define IPV4_GET_RAW_IPDST_U32(ip4h) (uint32_t)((ip4h)->s_ip_dst.s_addr)
/* we need to change them as well as get them */
#define IPV4_SET_RAW_VER(ip4h, value) ((ip4h)->ip_verhl = (((ip4h)->ip_verhl & 0x0f) | (value << 4)))

41
src/decode-ipv6.h
Unescape Escape View File

@ -40,27 +40,36 @@ typedef struct IPV6Hdr_
uint8_t ip6_un2_vfc; /* 4 bits version, top 4 bits class */
} ip6_hdrun;
uint32_t ip6_src[4];
uint32_t ip6_dst[4];
union {
struct {
uint32_t ip6_src[4];
uint32_t ip6_dst[4];
} ip6_un2;
uint16_t ip6_addrs[16];
} ip6_hdrun2;
} IPV6Hdr;
#define s_ip6_vfc ip6_hdrun.ip6_un2_vfc
#define s_ip6_flow ip6_hdrun.ip6_un1.ip6_un1_flow
#define s_ip6_plen ip6_hdrun.ip6_un1.ip6_un1_plen
#define s_ip6_nxt ip6_hdrun.ip6_un1.ip6_un1_nxt
#define s_ip6_hlim ip6_hdrun.ip6_un1.ip6_un1_hlim
#define s_ip6_src ip6_hdrun2.ip6_un2.ip6_src
#define s_ip6_dst ip6_hdrun2.ip6_un2.ip6_dst
#define s_ip6_addrs ip6_hdrun2.ip6_addrs
#define s_ip6_vfc ip6_hdrun.ip6_un2_vfc
#define s_ip6_flow ip6_hdrun.ip6_un1.ip6_un1_flow
#define s_ip6_plen ip6_hdrun.ip6_un1.ip6_un1_plen
#define s_ip6_nxt ip6_hdrun.ip6_un1.ip6_un1_nxt
#define s_ip6_hlim ip6_hdrun.ip6_un1.ip6_un1_hlim
#define IPV6_GET_RAW_VER(ip6h) (((ip6h)->s_ip6_vfc & 0xf0) >> 4)
#define IPV6_GET_RAW_CLASS(ip6h) ((ntohl((ip6h)->s_ip6_flow) & 0x0FF00000) >> 20)
#define IPV6_GET_RAW_FLOW(ip6h) (ntohl((ip6h)->s_ip6_flow) & 0x000FFFFF)
#define IPV6_GET_RAW_NH(ip6h) ((ip6h)->s_ip6_nxt)
#define IPV6_GET_RAW_PLEN(ip6h) (ntohs((ip6h)->s_ip6_plen))
#define IPV6_GET_RAW_HLIM(ip6h) ((ip6h)->s_ip6_hlim)
#define IPV6_GET_RAW_VER(ip6h) (((ip6h)->s_ip6_vfc & 0xf0) >> 4)
#define IPV6_GET_RAW_CLASS(ip6h) ((ntohl((ip6h)->s_ip6_flow) & 0x0FF00000) >> 20)
#define IPV6_GET_RAW_FLOW(ip6h) (ntohl((ip6h)->s_ip6_flow) & 0x000FFFFF)
#define IPV6_GET_RAW_NH(ip6h) ((ip6h)->s_ip6_nxt)
#define IPV6_GET_RAW_PLEN(ip6h) (ntohs((ip6h)->s_ip6_plen))
#define IPV6_GET_RAW_HLIM(ip6h) ((ip6h)->s_ip6_hlim)
#define IPV6_SET_RAW_VER(ip6h, value) ((ip6h)->s_ip6_vfc = (((ip6h)->s_ip6_vfc & 0x0f) | (value << 4)))
#define IPV6_SET_RAW_NH(ip6h, value) ((ip6h)->s_ip6_nxt = (value))
#define IPV6_SET_RAW_VER(ip6h, value) ((ip6h)->s_ip6_vfc = (((ip6h)->s_ip6_vfc & 0x0f) | (value << 4)))
#define IPV6_SET_RAW_NH(ip6h, value) ((ip6h)->s_ip6_nxt = (value))
#define IPV6_SET_L4PROTO(p,proto) (p)->ip6vars.l4proto = proto
#define IPV6_SET_L4PROTO(p,proto) (p)->ip6vars.l4proto = proto
/* ONLY call these functions after making sure that:
* 1. p->ip6h is set

28
src/decode.h
Unescape Escape View File

@ -100,7 +100,7 @@ typedef struct Address_ {
* prevent using memset. */
#define SET_IPV4_SRC_ADDR(p, a) do { \
(a)->family = AF_INET; \
(a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_src.s_addr; \
(a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_src.s_addr; \
(a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \
@ -108,7 +108,7 @@ typedef struct Address_ {
#define SET_IPV4_DST_ADDR(p, a) do { \
(a)->family = AF_INET; \
(a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_dst.s_addr; \
(a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_dst.s_addr; \
(a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \
@ -125,20 +125,20 @@ typedef struct Address_ {
/* Set the IPv6 addressesinto the Addrs of the Packet.
* Make sure p->ip6h is initialized and validated. */
#define SET_IPV6_SRC_ADDR(p, a) do { \
(a)->family = AF_INET6; \
(a)->addr_data32[0] = (p)->ip6h->ip6_src[0]; \
(a)->addr_data32[1] = (p)->ip6h->ip6_src[1]; \
(a)->addr_data32[2] = (p)->ip6h->ip6_src[2]; \
(a)->addr_data32[3] = (p)->ip6h->ip6_src[3]; \
#define SET_IPV6_SRC_ADDR(p, a) do { \
(a)->family = AF_INET6; \
(a)->addr_data32[0] = (p)->ip6h->s_ip6_src[0]; \
(a)->addr_data32[1] = (p)->ip6h->s_ip6_src[1]; \
(a)->addr_data32[2] = (p)->ip6h->s_ip6_src[2]; \
(a)->addr_data32[3] = (p)->ip6h->s_ip6_src[3]; \
} while (0)
#define SET_IPV6_DST_ADDR(p, a) do { \
(a)->family = AF_INET6; \
(a)->addr_data32[0] = (p)->ip6h->ip6_dst[0]; \
(a)->addr_data32[1] = (p)->ip6h->ip6_dst[1]; \
(a)->addr_data32[2] = (p)->ip6h->ip6_dst[2]; \
(a)->addr_data32[3] = (p)->ip6h->ip6_dst[3]; \
#define SET_IPV6_DST_ADDR(p, a) do { \
(a)->family = AF_INET6; \
(a)->addr_data32[0] = (p)->ip6h->s_ip6_dst[0]; \
(a)->addr_data32[1] = (p)->ip6h->s_ip6_dst[1]; \
(a)->addr_data32[2] = (p)->ip6h->s_ip6_dst[2]; \
(a)->addr_data32[3] = (p)->ip6h->s_ip6_dst[3]; \
} while (0)
/* Set the TCP ports into the Ports of the Packet.

28
src/defrag.c
Unescape Escape View File

@ -614,7 +614,7 @@ Defrag4Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
remove_tracker:
/* Remove the frag tracker. */
SCMutexLock(&dc->frag_table_lock);
HashListTableRemove(dc->frag_table, tracker, sizeof(*tracker));
HashListTableRemove(dc->frag_table, tracker, HASHLIST_NO_SIZE);
SCMutexUnlock(&dc->frag_table_lock);
DefragTrackerReset(tracker);
SCMutexLock(&dc->tracker_pool_lock);
@ -725,7 +725,7 @@ Defrag6Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
remove_tracker:
/* Remove the frag tracker. */
SCMutexLock(&dc->frag_table_lock);
HashListTableRemove(dc->frag_table, tracker, sizeof(*tracker));
HashListTableRemove(dc->frag_table, tracker, HASHLIST_NO_SIZE);
SCMutexUnlock(&dc->frag_table_lock);
DefragTrackerReset(tracker);
SCMutexLock(&dc->tracker_pool_lock);
@ -1026,7 +1026,7 @@ DefragTimeoutTracker(ThreadVars *tv, DecodeThreadVars *dtv, DefragContext *dc,
if (tracker->timeout < (unsigned int)p->ts.tv_sec) {
/* Tracker has timeout out. */
HashListTableRemove(dc->frag_table, tracker, sizeof(tracker));
HashListTableRemove(dc->frag_table, tracker, HASHLIST_NO_SIZE);
DefragTrackerReset(tracker);
PoolReturn(dc->tracker_pool, tracker);
if (tv != NULL && dtv != NULL) {
@ -1144,7 +1144,7 @@ DefragGetTracker(ThreadVars *tv, DecodeThreadVars *dtv, DefragContext *dc,
tracker->dst_addr = lookup_key->dst_addr;
tracker->policy = DefragGetOsPolicy(p);
if (HashListTableAdd(dc->frag_table, tracker, sizeof(*tracker)) != 0) {
if (HashListTableAdd(dc->frag_table, tracker, HASHLIST_NO_SIZE) != 0) {
/* Failed to add new tracker. */
SCLogError(SC_ERR_MEM_ALLOC,
"Defrag: Failed to add new tracker to hash table.");
@ -1290,8 +1290,8 @@ BuildTestPacket(uint16_t id, uint16_t off, int mf, const char content,
ip4h.ip_ttl = ttl;
ip4h.ip_proto = IPPROTO_ICMP;
ip4h.ip_src.s_addr = 0x01010101; /* 1.1.1.1 */
ip4h.ip_dst.s_addr = 0x02020202; /* 2.2.2.2 */
ip4h.s_ip_src.s_addr = 0x01010101; /* 1.1.1.1 */
ip4h.s_ip_dst.s_addr = 0x02020202; /* 2.2.2.2 */
/* copy content_len crap, we need full length */
PacketCopyData(p, (uint8_t *)&ip4h, sizeof(ip4h) + content_len);
@ -1354,14 +1354,14 @@ IPV6BuildTestPacket(uint32_t id, uint16_t off, int mf, const char content,
ip6h.s_ip6_hlim = 2;
/* Source and dest address - very bogus addresses. */
ip6h.ip6_src[0] = 0x01010101;
ip6h.ip6_src[1] = 0x01010101;
ip6h.ip6_src[2] = 0x01010101;
ip6h.ip6_src[3] = 0x01010101;
ip6h.ip6_dst[0] = 0x02020202;
ip6h.ip6_dst[1] = 0x02020202;
ip6h.ip6_dst[2] = 0x02020202;
ip6h.ip6_dst[3] = 0x02020202;
ip6h.s_ip6_src[0] = 0x01010101;
ip6h.s_ip6_src[1] = 0x01010101;
ip6h.s_ip6_src[2] = 0x01010101;
ip6h.s_ip6_src[3] = 0x01010101;
ip6h.s_ip6_dst[0] = 0x02020202;
ip6h.s_ip6_dst[1] = 0x02020202;
ip6h.s_ip6_dst[2] = 0x02020202;
ip6h.s_ip6_dst[3] = 0x02020202;
/* copy content_len crap, we need full length */
PacketCopyData(p, (uint8_t *)&ip6h, sizeof(IPV6Hdr) + sizeof(IPV6FragHdr) + content_len);

90
src/detect-content.c
Unescape Escape View File

@ -64,68 +64,48 @@ uint32_t DetectContentMaxId(DetectEngineCtx *de_ctx) {
return MpmPatternIdStoreGetMaxId(de_ctx->mpm_pattern_id_store);
}
int DetectContentDataParse(char *contentstr, char** pstr, uint16_t *plen, int *flags)
int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_t *plen, int *flags)
{
char *str = NULL;
char *temp = NULL;
uint16_t len;
uint16_t pos = 0;
uint16_t slen = 0;
if ((temp = SCStrdup(contentstr)) == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory. Exiting...");
exit(EXIT_FAILURE);
}
if (strlen(temp) == 0) {
SCFree(temp);
slen = strlen(contentstr);
if (slen == 0) {
return -1;
}
/* skip the first spaces */
slen = strlen(temp);
while (pos < slen && isspace(temp[pos])) {
while (pos < slen && isspace(contentstr[pos]))
pos++;
};
if (temp[pos] == '!') {
SCFree(temp);
if ((temp = SCStrdup(contentstr + pos + 1)) == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "error allocating memory. exiting...");
exit(EXIT_FAILURE);
}
pos = 0;
if (contentstr[pos] == '!') {
*flags = DETECT_CONTENT_NEGATED;
pos++;
} else
*flags = 0;
if (temp[pos] == '\"' && strlen(temp + pos) == 1)
if (contentstr[pos] == '\"' && ((slen - pos) <= 1))
goto error;
if (temp[pos] == '\"' && temp[pos + strlen(temp + pos) - 1] == '\"') {
if ((str = SCStrdup(temp + pos + 1)) == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "error allocating memory. exiting...");
exit(EXIT_FAILURE);
}
str[strlen(temp) - pos - 2] = '\0';
} else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "content keywords's argument "
if (!(contentstr[pos] == '\"' && contentstr[slen - 1] == '\"')) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "%s keyword arguments "
"should be always enclosed in double quotes. Invalid "
"content keyword passed in this rule - \"%s\"",
contentstr);
keyword, contentstr);
goto error;
}
if ((str = SCStrdup(temp + pos + 1)) == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "error allocating memory. exiting...");
exit(EXIT_FAILURE);
}
str[strlen(temp) - pos - 2] = '\0';
if ((str = SCStrdup(contentstr + pos + 1)) == NULL)
goto error;
str[strlen(str) - 1] = '\0';
SCFree(temp);
temp = NULL;
len = strlen(str);
if (len == 0)
goto error;
SCLogDebug("\"%s\", len %" PRIu32 "", str, len);
len = strlen(str);
if (len == 0)
@ -201,20 +181,10 @@ int DetectContentDataParse(char *contentstr, char** pstr, uint16_t *plen, int *f
if (bin_count % 2 != 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code assembly in "
"content - %s. Invalidating signature", str);
"%s - %s. Invalidating signature", keyword, contentstr);
goto error;
}
#if 0//def DEBUG
if (SCLogDebugEnabled()) {
for (i = 0; i < x; i++) {
if (isprint(str[i])) SCLogDebug("%c", str[i]);
else SCLogDebug("\\x%02u", str[i]);
}
SCLogDebug("");
}
#endif
if (converted) {
len = x;
}
@ -225,8 +195,8 @@ int DetectContentDataParse(char *contentstr, char** pstr, uint16_t *plen, int *f
return 0;
error:
SCFree(str);
SCFree(temp);
if (str != NULL)
SCFree(str);
return -1;
}
/**
@ -241,30 +211,23 @@ DetectContentData *DetectContentParse (char *contentstr)
int flags;
int ret;
ret = DetectContentDataParse(contentstr, &str, &len, &flags);
ret = DetectContentDataParse("content", contentstr, &str, &len, &flags);
if (ret == -1) {
return NULL;
}
cd = SCMalloc(sizeof(DetectContentData));
cd = SCMalloc(sizeof(DetectContentData) + len);
if (cd == NULL) {
SCFree(str);
exit(EXIT_FAILURE);
}
memset(cd, 0, sizeof(DetectContentData));
memset(cd, 0, sizeof(DetectContentData) + len);
if (flags == DETECT_CONTENT_NEGATED)
cd->flags |= DETECT_CONTENT_NEGATED;
cd->content = SCMalloc(len);
if (cd->content == NULL) {
SCFree(str);
SCFree(cd);
exit(EXIT_FAILURE);
}
cd->content = (uint8_t *)cd + sizeof(DetectContentData);
memcpy(cd->content, str, len);
cd->content_len = len;
@ -449,9 +412,6 @@ void DetectContentFree(void *ptr) {
if (cd == NULL)
SCReturn;
if (cd->content != NULL)
SCFree(cd->content);
BoyerMooreCtxDeInit(cd->bm_ctx);
SCFree(cd);

2
src/detect-content.h
Unescape Escape View File

@ -99,7 +99,7 @@ typedef struct DetectContentData_ {
void DetectContentRegister (void);
uint32_t DetectContentMaxId(DetectEngineCtx *);
DetectContentData *DetectContentParse (char *contentstr);
int DetectContentDataParse(char *contentstr, char** pstr, uint16_t *plen, int *flags);
int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_t *plen, int *flags);
DetectContentData *DetectContentParseEncloseQuotes(char *);
void DetectContentPrint(DetectContentData *);

10
src/detect-csum.c
Unescape Escape View File

@ -332,7 +332,7 @@ int DetectTCPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
}
if (p->tcpvars.comp_csum == -1)
p->tcpvars.comp_csum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src),
p->tcpvars.comp_csum = TCPCalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->tcph,
(p->payload_len + TCP_GET_HLEN(p)));
@ -427,7 +427,7 @@ int DetectTCPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
}
if (p->tcpvars.comp_csum == -1)
p->tcpvars.comp_csum = TCPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
p->tcpvars.comp_csum = TCPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->tcph,
(p->payload_len + TCP_GET_HLEN(p)));
@ -522,7 +522,7 @@ int DetectUDPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
}
if (p->udpvars.comp_csum == -1)
p->udpvars.comp_csum = UDPV4CalculateChecksum((uint16_t *)&(p->ip4h->ip_src),
p->udpvars.comp_csum = UDPV4CalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->udph,
(p->payload_len +
UDP_HEADER_LEN) );
@ -618,7 +618,7 @@ int DetectUDPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
}
if (p->udpvars.comp_csum == -1)
p->udpvars.comp_csum = UDPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
p->udpvars.comp_csum = UDPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->udph,
(p->payload_len +
UDP_HEADER_LEN) );
@ -809,7 +809,7 @@ int DetectICMPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
}
if (p->icmpv6vars.comp_csum == -1)
p->icmpv6vars.comp_csum = ICMPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
p->icmpv6vars.comp_csum = ICMPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->icmpv6h,
IPV6_GET_PLEN(p));

41
src/detect-dsize.c
Unescape Escape View File

@ -155,33 +155,31 @@ DetectDsizeData *DetectDsizeParse (char *rawstr)
mode = (char *)str_ptr;
SCLogDebug("mode \"%s\"", mode);
if (ret >= 3) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed");
goto error;
}
value1 = (char *)str_ptr;
SCLogDebug("value1 \"%s\"", value1);
if (ret > 3) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed");
goto error;
}
value1 = (char *)str_ptr;
SCLogDebug("value1 \"%s\"", value1);
range = (char *)str_ptr;
SCLogDebug("range \"%s\"", range);
if (ret >= 4) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
if (ret > 4) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed");
goto error;
}
range = (char *)str_ptr;
SCLogDebug("range \"%s\"", range);
if (ret >= 5) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed");
goto error;
}
value2 = (char *)str_ptr;
SCLogDebug("value2 \"%s\"", value2);
}
value2 = (char *)str_ptr;
SCLogDebug("value2 \"%s\"", value2);
}
}
@ -235,12 +233,11 @@ DetectDsizeData *DetectDsizeParse (char *rawstr)
SCLogDebug("dsize parsed succesfully dsize: %"PRIu16" dsize2: %"PRIu16"",dd->dsize,dd->dsize2);
if (value1)
SCFree(value1);
SCFree(value1);
SCFree(mode);
if (value2)
SCFree(value2);
if (mode)
SCFree(mode);
if (range)
SCFree(range);
return dd;

6
src/detect-engine-siggroup.c
Unescape Escape View File

@ -914,10 +914,8 @@ static void SigGroupHeadFreeSigArraysHash2(DetectEngineCtx *de_ctx,
sgh->init->sig_size = 0;
}
if (sgh->init != NULL) {
SigGroupHeadInitDataFree(sgh->init);
sgh->init = NULL;
}
SigGroupHeadInitDataFree(sgh->init);
sgh->init = NULL;
}
return;

8
src/detect-engine-sigorder.c
Unescape Escape View File

@ -855,13 +855,17 @@ static inline SCSigSignatureWrapper *SCSigAllocSignatureWrapper(Signature *sig)
sw->sig = sig;
if ( (sw->user = SCMalloc(SC_RADIX_USER_DATA_MAX * sizeof(int *))) == NULL)
if ( (sw->user = SCMalloc(SC_RADIX_USER_DATA_MAX * sizeof(int *))) == NULL) {
SCFree(sw);
return NULL;
}
memset(sw->user, 0, SC_RADIX_USER_DATA_MAX * sizeof(int *));
for (i = 0; i < SC_RADIX_USER_DATA_MAX; i++) {
if ( (sw->user[i] = SCMalloc(sizeof(int))) == NULL)
if ( (sw->user[i] = SCMalloc(sizeof(int))) == NULL) {
SCFree(sw);
return NULL;
}
memset(sw->user[i], 0, sizeof(int));
}

10
src/detect-engine-state.c
Unescape Escape View File

@ -1155,10 +1155,12 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
}
end:
if (flags & STREAM_TOCLIENT)
f->de_state->flags &= ~DE_STATE_FILE_TC_NEW;
else
f->de_state->flags &= ~DE_STATE_FILE_TS_NEW;
if (f->de_state != NULL) {
if (flags & STREAM_TOCLIENT)
f->de_state->flags &= ~DE_STATE_FILE_TC_NEW;
else
f->de_state->flags &= ~DE_STATE_FILE_TS_NEW;
}
SCMutexUnlock(&f->de_state_m);
SCReturnInt(0);

16
src/detect-engine-tag.c
Unescape Escape View File

@ -281,15 +281,15 @@ int TagHashAddTag(DetectTagHostCtx *tag_ctx, DetectTagDataEntry *tde, Packet *p)
SCFree(new);
} else {
new->header_entry = new_tde;
}
/* increment num_tags before adding to prevent a minor race,
* on setting and checking the first tag */
SC_ATOMIC_ADD(num_tags, 1);
if (!(TagHashAdd(tag_ctx, new, p))) {
SC_ATOMIC_SUB(num_tags, 1);
SCFree(new_tde);
SCFree(new);
/* increment num_tags before adding to prevent a minor race,
* on setting and checking the first tag */
SC_ATOMIC_ADD(num_tags, 1);
if (!(TagHashAdd(tag_ctx, new, p))) {
SC_ATOMIC_SUB(num_tags, 1);
SCFree(new_tde);
SCFree(new);
}
}
} else {
SCLogDebug("Failed to allocate a new session");

2
src/detect-filestore.c
Unescape Escape View File

@ -257,7 +257,7 @@ int DetectFilestoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f
SCEnter();
if (det_ctx->filestore_cnt > DETECT_FILESTORE_MAX) {
if (det_ctx->filestore_cnt >= DETECT_FILESTORE_MAX) {
SCReturnInt(1);
}

4
src/detect-fragoffset.c
Unescape Escape View File

@ -323,8 +323,8 @@ int DetectFragOffsetMatchTest01 (void) {
p->src.addr_data32[0] = 0x01020304;
p->dst.addr_data32[0] = 0x04030201;
ip4h.ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
ip4h.ip_off = 0x2222;
p->ip4h = &ip4h;

4
src/detect-icmp-id.c
Unescape Escape View File

@ -426,8 +426,8 @@ int DetectIcmpIdMatchTest02 (void) {
p->src.addr_data32[0] = 0x01020304;
p->dst.addr_data32[0] = 0x04030201;
ip4h.ip_src.s_addr = p->src.addr_data32[0];
ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&th_v, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);

6
src/detect-parse.c
Unescape Escape View File

@ -1940,8 +1940,10 @@ int SigParseTest06 (void) {
}
end:
if (sig != NULL) SigFree(sig);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
if (sig != NULL)
SigFree(sig);
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
return result;
}

2
src/detect-replace.c
Unescape Escape View File

@ -75,8 +75,8 @@ int DetectReplaceSetup(DetectEngineCtx *de_ctx, Signature *s, char *replacestr)
int flags;
SigMatch *pm = NULL;
DetectContentData *ud = NULL;
int ret = DetectContentDataParse(replacestr, &str, &len, &flags);
int ret = DetectContentDataParse("replace", replacestr, &str, &len, &flags);
if (ret == -1)
goto error;

15
src/detect-ssl-version.c
Unescape Escape View File

@ -119,6 +119,10 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
{
SCEnter();
int ret = 0;
uint16_t ver = 0;
uint8_t sig_ver = TLS_UNKNOWN;
DetectSslVersionData *ssl = (DetectSslVersionData *)m->ctx;
SSLState *app_state = (SSLState *)state;
if (app_state == NULL) {
@ -128,9 +132,6 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
SCMutexLock(&f->m);
int ret = 0;
uint16_t ver = 0;
uint8_t sig_ver = -1;
if (flags & STREAM_TOCLIENT) {
SCLogDebug("server (toclient) version is 0x%02X",
app_state->server_version);
@ -140,7 +141,10 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
app_state->client_version);
ver = app_state->client_version;
}
switch(ver) {
SCMutexUnlock(&f->m);
switch (ver) {
case SSL_VERSION_2:
if (ver == ssl->data[SSLv2].ver)
ret = 1;
@ -168,7 +172,8 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
break;
}
SCMutexUnlock(&f->m);
if (sig_ver == TLS_UNKNOWN)
SCReturnInt(0);
SCReturnInt(ret ^ ((ssl->data[sig_ver].flags & DETECT_SSL_VERSION_NEGATED) ? 1 : 0));
}

19
src/detect-ssl-version.h
Unescape Escape View File

@ -27,19 +27,24 @@
#define DETECT_SSL_VERSION_NEGATED 0x01
#define SSLv2 0
#define SSLv3 1
#define TLS10 2
#define TLS11 3
#define TLS12 4
enum {
SSLv2 = 0,
SSLv3 = 1,
TLS10 = 2,
TLS11 = 3,
TLS12 = 4,
TLS_SIZE = 5,
TLS_UNKNOWN = 6,
};
typedef struct SSLVersionData_ {
uint16_t ver; /** ssl version to match */
uint8_t flags;
}SSLVersionData;
} SSLVersionData;
typedef struct DetectSslVersionData_ {
SSLVersionData data[5];
SSLVersionData data[TLS_SIZE];
} DetectSslVersionData;
/* prototypes */

9
src/detect-stream_size.c
Unescape Escape View File

@ -272,12 +272,9 @@ DetectStreamSizeData *DetectStreamSizeParse (char *streamstr) {
goto error;
}
if (mode != NULL)
SCFree(mode);
if (arg != NULL)
SCFree(arg);
if (value != NULL)
SCFree(value);
SCFree(mode);
SCFree(arg);
SCFree(value);
return sd;
error:

2
src/detect-threshold.c
Unescape Escape View File

@ -582,7 +582,7 @@ static int DetectThresholdTestSig3(void) {
ste = SCMalloc(sizeof(DetectThresholdEntry));
if (ste == NULL)
goto end;
memset(ste, 0x00, sizeof(ste));
memset(ste, 0x00, sizeof(*ste));
if (PKT_IS_IPV4(p))
ste->ipv = 4;

248
src/detect-uricontent.c
Unescape Escape View File

@ -101,12 +101,9 @@ void DetectUricontentFree(void *ptr) {
if (cd == NULL)
SCReturn;
if (cd->content != NULL)
SCFree(cd->content);
BoyerMooreCtxDeInit(cd->bm_ctx);
SCFree(cd);
SCReturn;
}
@ -159,183 +156,43 @@ void DetectUricontentPrint(DetectContentData *cd)
* the rule set.
* \param contentstr Pointer to the string which has been defined in the rule
*/
DetectContentData *DoDetectUricontentSetup (char * contentstr)
DetectContentData *DoDetectUricontentSetup (char *contentstr)
{
DetectContentData *cd = NULL;
char *temp = NULL;
char *str = NULL;
uint16_t len = 0;
uint16_t pos = 0;
uint16_t slen = 0;
uint16_t len;
int flags;
int ret;
if ((temp = SCStrdup(contentstr)) == NULL)
goto error;
if (strlen(temp) == 0) {
SCFree(temp);
ret = DetectContentDataParse("uricontent", contentstr, &str, &len, &flags);
if (ret == -1) {
return NULL;
}
cd = SCMalloc(sizeof(DetectContentData));
if (cd == NULL)
goto error;
memset(cd,0,sizeof(DetectContentData));
/* skip the first spaces */
slen = strlen(temp);
while (pos < slen && isspace(temp[pos])) {
pos++;
};
if (temp[pos] == '!') {
cd->flags |= DETECT_CONTENT_NEGATED;
pos++;
}
if (temp[pos] == '\"' && strlen(temp + pos) == 1)
goto error;
if (temp[pos] == '\"' && temp[pos + strlen(temp + pos) - 1] == '\"') {
if ((str = SCStrdup(temp + pos + 1)) == NULL)
goto error;
str[strlen(temp) - pos - 2] = '\0';
} else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "uricontent keywords's argument "
"should be always enclosed in double quotes. Invalid "
"content keyword passed in this rule - \"%s\"",
contentstr);
goto error;
}
str[strlen(temp) - pos - 2] = '\0';
SCFree(temp);
temp = NULL;
len = strlen(str);
if (len == 0)
goto error;
SCLogDebug("\"%s\", len %" PRIu32 "", str, len);
char converted = 0;
{
uint8_t escape = 0;
uint16_t i, x;
uint8_t bin = 0, binstr[3] = "", binpos = 0;
uint16_t bin_count = 0;
for (i = 0, x = 0; i < len; i++) {
SCLogDebug("str[%02u]: %c", i, str[i]);
if (str[i] == '|') {
bin_count++;
if (bin) {
bin = 0;
} else {
bin = 1;
}
} else if(!escape && str[i] == '\\') {
escape = 1;
} else {
if (bin) {
if (isdigit(str[i]) ||
str[i] == 'A' || str[i] == 'a' ||
str[i] == 'B' || str[i] == 'b' ||
str[i] == 'C' || str[i] == 'c' ||
str[i] == 'D' || str[i] == 'd' ||
str[i] == 'E' || str[i] == 'e' ||
str[i] == 'F' || str[i] == 'f') {
SCLogDebug("part of binary: %c", str[i]);
binstr[binpos] = (char)str[i];
binpos++;
if (binpos == 2) {
uint8_t c = strtol((char *)binstr, (char **) NULL,
16) & 0xFF;
binpos = 0;
str[x] = c;
x++;
converted = 1;
}
} else if (str[i] == ' ') {
SCLogDebug("space as part of binary string");
}
} else if (escape) {
if (str[i] == ':' ||
str[i] == ';' ||
str[i] == '\\' ||
str[i] == '\"')
{
str[x] = str[i];
x++;
} else {
//SCLogDebug("Can't escape %c", str[i]);
goto error;
}
escape = 0;
converted = 1;
} else {
str[x] = str[i];
x++;
}
}
}
if (bin_count % 2 != 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code assembly in "
"content - %s. Invalidating signature", str);
goto error;
}
#ifdef DEBUG
if (SCLogDebugEnabled()) {
char *prstr = SCMalloc(3 * x);
char onechar[3];
memset(prstr, 0, 3 * x);
if (prstr != NULL) {
for (i = 0; i < x; i++) {
if (isprint(str[i]))
snprintf(onechar, 3, "%c", str[i]);
else
snprintf(onechar, 3, "\\x%02u", str[i]);
strlcat(prstr, onechar, 3 * x);
}
SCLogDebug("\"%s\"", prstr);
SCFree(prstr);
}
}
#endif
if (converted)
len = x;
cd = SCMalloc(sizeof(DetectContentData) + len);
if (cd == NULL) {
SCFree(str);
exit(EXIT_FAILURE);
}
SCLogDebug("len %" PRIu32 "", len);
memset(cd, 0, sizeof(DetectContentData) + len);
cd->content = SCMalloc(len);
if (cd->content == NULL) {
SCFree(cd);
SCFree(str);
return NULL;;
}
if (flags == DETECT_CONTENT_NEGATED)
cd->flags |= DETECT_CONTENT_NEGATED;
cd->content = (uint8_t *)cd + sizeof(DetectContentData);
memcpy(cd->content, str, len);
cd->content_len = len;
/* Prepare Boyer Moore context for searching faster */
cd->bm_ctx = BoyerMooreCtxInit(cd->content, cd->content_len);
cd->depth = 0;
cd->offset = 0;
cd->within = 0;
cd->distance = 0;
/* Prepare Boyer Moore context for searching faster */
cd->bm_ctx = BoyerMooreCtxInit(cd->content, cd->content_len);
SCFree(str);
return cd;
error:
SCFree(str);
if (cd) SCFree(cd);
return NULL;
}
/**
@ -356,8 +213,9 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents
DetectContentData *cd = NULL;
SigMatch *sm = NULL;
if (s->alproto == ALPROTO_DCERPC) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "uri content specified in a dcerpc sig");
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting"
" keywords.");
goto error;
}
@ -379,12 +237,6 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents
/* Flagged the signature as to inspect the app layer data */
s->flags |= SIG_FLAG_APPLAYER;
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting"
" keywords.");
goto error;
}
s->alproto = ALPROTO_HTTP;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_UMATCH);
@ -392,8 +244,10 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents
SCReturnInt(0);
error:
if (cd) SCFree(cd);
if (sm != NULL) SCFree(sm);
if (cd != NULL)
SCFree(cd);
if (sm != NULL)
SCFree(sm);
SCReturnInt(-1);
}
@ -532,7 +386,7 @@ static int HTTPUriTest01(void) {
htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0);
if (htp_state->connp == NULL || tx->request_method_number != M_GET ||
if (tx->request_method_number != M_GET ||
tx->request_protocol_number != HTTP_1_1)
{
printf("expected method GET and got %s: , expected protocol "
@ -599,7 +453,7 @@ static int HTTPUriTest02(void) {
htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0);
if (htp_state->connp == NULL || tx->request_method_number != M_GET ||
if (tx->request_method_number != M_GET ||
tx->request_protocol_number != HTTP_1_1)
{
printf("expected method GET and got %s: , expected protocol "
@ -668,7 +522,7 @@ static int HTTPUriTest03(void) {
htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0);
if (htp_state->connp == NULL || tx->request_method_number != M_UNKNOWN ||
if (tx->request_method_number != M_UNKNOWN ||
tx->request_protocol_number != HTTP_1_1)
{
printf("expected method GET and got %s: , expected protocol "
@ -739,7 +593,7 @@ static int HTTPUriTest04(void) {
htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0);
if (htp_state->connp == NULL || tx->request_method_number != M_GET ||
if (tx->request_method_number != M_GET ||
tx->request_protocol_number != HTTP_1_1)
{
printf("expected method GET and got %s: , expected protocol "
@ -1061,9 +915,13 @@ end:
*/
static int DetectUriSigTest04(void) {
int result = 0;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
Signature *s = NULL;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
s = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
"\" Test uricontent\"; "
"uricontent:\"foo\"; sid:1;)");
@ -1247,8 +1105,8 @@ static int DetectUriSigTest04(void) {
result = 1;
end:
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
return result;
}
@ -1363,7 +1221,8 @@ end:
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
@ -2096,6 +1955,35 @@ int DetectUriContentParseTest23(void)
return result;
}
/**
* \test Parsing test
*/
int DetectUriContentParseTest24(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert tcp any any -> any any "
"(msg:\"test\"; uricontent:\"\"; sid:1;)");
if (de_ctx->sig_list != NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
int DetectUricontentSigTest08(void)
{
DetectEngineCtx *de_ctx = NULL;
@ -2345,6 +2233,8 @@ void HttpUriRegisterTests(void) {
UtRegisterTest("DetectUriContentParseTest21", DetectUriContentParseTest21, 1);
UtRegisterTest("DetectUriContentParseTest22", DetectUriContentParseTest22, 1);
UtRegisterTest("DetectUriContentParseTest23", DetectUriContentParseTest23, 1);
UtRegisterTest("DetectUriContentParseTest24", DetectUriContentParseTest24, 1);
UtRegisterTest("DetectUricontentSigTest08", DetectUricontentSigTest08, 1);
UtRegisterTest("DetectUricontentSigTest09", DetectUricontentSigTest09, 1);
UtRegisterTest("DetectUricontentSigTest10", DetectUricontentSigTest10, 1);

44
src/flow-timeout.c
Unescape Escape View File

@ -128,11 +128,11 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p,
p->ip4h->ip_proto = IPPROTO_TCP;
//p->ip4h->ip_csum =
if (direction == 0) {
p->ip4h->ip_src.s_addr = f->src.addr_data32[0];
p->ip4h->ip_dst.s_addr = f->dst.addr_data32[0];
p->ip4h->s_ip_src.s_addr = f->src.addr_data32[0];
p->ip4h->s_ip_dst.s_addr = f->dst.addr_data32[0];
} else {
p->ip4h->ip_src.s_addr = f->dst.addr_data32[0];
p->ip4h->ip_dst.s_addr = f->src.addr_data32[0];
p->ip4h->s_ip_src.s_addr = f->dst.addr_data32[0];
p->ip4h->s_ip_dst.s_addr = f->src.addr_data32[0];
}
/* set the tcp header */
@ -160,23 +160,23 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p,
p->ip6h->s_ip6_plen = htons(20);
p->ip6h->s_ip6_hlim = 64;
if (direction == 0) {
p->ip6h->ip6_src[0] = f->src.addr_data32[0];
p->ip6h->ip6_src[1] = f->src.addr_data32[1];
p->ip6h->ip6_src[2] = f->src.addr_data32[2];
p->ip6h->ip6_src[3] = f->src.addr_data32[3];
p->ip6h->ip6_dst[0] = f->dst.addr_data32[0];
p->ip6h->ip6_dst[1] = f->dst.addr_data32[1];
p->ip6h->ip6_dst[2] = f->dst.addr_data32[2];
p->ip6h->ip6_dst[3] = f->dst.addr_data32[3];
p->ip6h->s_ip6_src[0] = f->src.addr_data32[0];
p->ip6h->s_ip6_src[1] = f->src.addr_data32[1];
p->ip6h->s_ip6_src[2] = f->src.addr_data32[2];
p->ip6h->s_ip6_src[3] = f->src.addr_data32[3];
p->ip6h->s_ip6_dst[0] = f->dst.addr_data32[0];
p->ip6h->s_ip6_dst[1] = f->dst.addr_data32[1];
p->ip6h->s_ip6_dst[2] = f->dst.addr_data32[2];
p->ip6h->s_ip6_dst[3] = f->dst.addr_data32[3];
} else {
p->ip6h->ip6_src[0] = f->dst.addr_data32[0];
p->ip6h->ip6_src[1] = f->dst.addr_data32[1];
p->ip6h->ip6_src[2] = f->dst.addr_data32[2];
p->ip6h->ip6_src[3] = f->dst.addr_data32[3];
p->ip6h->ip6_dst[0] = f->src.addr_data32[0];
p->ip6h->ip6_dst[1] = f->src.addr_data32[1];
p->ip6h->ip6_dst[2] = f->src.addr_data32[2];
p->ip6h->ip6_dst[3] = f->src.addr_data32[3];
p->ip6h->s_ip6_src[0] = f->dst.addr_data32[0];
p->ip6h->s_ip6_src[1] = f->dst.addr_data32[1];
p->ip6h->s_ip6_src[2] = f->dst.addr_data32[2];
p->ip6h->s_ip6_src[3] = f->dst.addr_data32[3];
p->ip6h->s_ip6_dst[0] = f->src.addr_data32[0];
p->ip6h->s_ip6_dst[1] = f->src.addr_data32[1];
p->ip6h->s_ip6_dst[2] = f->src.addr_data32[2];
p->ip6h->s_ip6_dst[3] = f->src.addr_data32[3];
}
/* set the tcp header */
@ -218,10 +218,10 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p,
}
if (FLOW_IS_IPV4(f)) {
p->tcph->th_sum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src),
p->tcph->th_sum = TCPCalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->tcph, 20);
} else if (FLOW_IS_IPV6(f)) {
p->tcph->th_sum = TCPCalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
p->tcph->th_sum = TCPCalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->tcph, 20);
}

20
src/flow.h
Unescape Escape View File

@ -124,14 +124,14 @@
* We set the rest of the struct to 0 so we can
* prevent using memset. */
#define FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET(p, a) do { \
(a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_src.s_addr; \
(a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_src.s_addr; \
(a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \
} while (0)
#define FLOW_SET_IPV4_DST_ADDR_FROM_PACKET(p, a) do { \
(a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_dst.s_addr; \
(a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_dst.s_addr; \
(a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \
@ -148,17 +148,17 @@
/* Set the IPv6 addressesinto the Addrs of the Packet.
* Make sure p->ip6h is initialized and validated. */
#define FLOW_SET_IPV6_SRC_ADDR_FROM_PACKET(p, a) do { \
(a)->addr_data32[0] = (p)->ip6h->ip6_src[0]; \
(a)->addr_data32[1] = (p)->ip6h->ip6_src[1]; \
(a)->addr_data32[2] = (p)->ip6h->ip6_src[2]; \
(a)->addr_data32[3] = (p)->ip6h->ip6_src[3]; \
(a)->addr_data32[0] = (p)->ip6h->s_ip6_src[0]; \
(a)->addr_data32[1] = (p)->ip6h->s_ip6_src[1]; \
(a)->addr_data32[2] = (p)->ip6h->s_ip6_src[2]; \
(a)->addr_data32[3] = (p)->ip6h->s_ip6_src[3]; \
} while (0)
#define FLOW_SET_IPV6_DST_ADDR_FROM_PACKET(p, a) do { \
(a)->addr_data32[0] = (p)->ip6h->ip6_dst[0]; \
(a)->addr_data32[1] = (p)->ip6h->ip6_dst[1]; \
(a)->addr_data32[2] = (p)->ip6h->ip6_dst[2]; \
(a)->addr_data32[3] = (p)->ip6h->ip6_dst[3]; \
(a)->addr_data32[0] = (p)->ip6h->s_ip6_dst[0]; \
(a)->addr_data32[1] = (p)->ip6h->s_ip6_dst[1]; \
(a)->addr_data32[2] = (p)->ip6h->s_ip6_dst[2]; \
(a)->addr_data32[3] = (p)->ip6h->s_ip6_dst[3]; \
} while (0)
/* pkt flow flags */

7
src/log-file.c
Unescape Escape View File

@ -54,6 +54,7 @@
#include "util-logopenfile.h"
#include "app-layer-htp.h"
#include "util-memcmp.h"
#define MODULE_NAME "LogFileLog"
@ -124,7 +125,8 @@ static void LogFileMetaGetHost(FILE *fp, Packet *p, File *ff) {
table_iterator_reset(headers);
while (table_iterator_next(headers, (void **)&h) != NULL) {
if (strcasecmp("Host", bstr_tocstr(h->name)) == 0) {
if (bstr_len(h->name) >= 4 &&
SCMemcmpLowercase((uint8_t *)"host", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) {
PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(h->value),
bstr_len(h->value));
return;
@ -147,7 +149,8 @@ static void LogFileMetaGetReferer(FILE *fp, Packet *p, File *ff) {
table_iterator_reset(headers);
while (table_iterator_next(headers, (void **)&h) != NULL) {
if (strcasecmp("Referer", bstr_tocstr(h->name)) == 0) {
if (bstr_len(h->name) >= 7 &&
SCMemcmpLowercase((uint8_t *)"referer", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) {
PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(h->value),
bstr_len(h->value));
return;

9
src/log-filestore.c
Unescape Escape View File

@ -52,6 +52,7 @@
#include "util-logopenfile.h"
#include "app-layer-htp.h"
#include "util-memcmp.h"
#define MODULE_NAME "LogFilestoreLog"
@ -127,7 +128,8 @@ static void LogFilestoreMetaGetHost(FILE *fp, Packet *p, File *ff) {
table_iterator_reset(headers);
while (table_iterator_next(headers, (void **)&h) != NULL) {
if (strcasecmp("Host", bstr_tocstr(h->name)) == 0) {
if (bstr_len(h->name) >= 4 &&
SCMemcmpLowercase((uint8_t *)"host", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) {
PrintRawUriFp(fp, (uint8_t *)bstr_ptr(h->value),
bstr_len(h->value));
return;
@ -150,7 +152,8 @@ static void LogFilestoreMetaGetReferer(FILE *fp, Packet *p, File *ff) {
table_iterator_reset(headers);
while (table_iterator_next(headers, (void **)&h) != NULL) {
if (strcasecmp("Referer", bstr_tocstr(h->name)) == 0) {
if (bstr_len(h->name) >= 7 &&
SCMemcmpLowercase((uint8_t *)"referer", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) {
PrintRawUriFp(fp, (uint8_t *)bstr_ptr(h->value),
bstr_len(h->value));
return;
@ -600,7 +603,7 @@ static void LogFilestoreLogDeInitCtx(OutputCtx *output_ctx)
LogFileFreeCtx(logfile_ctx);
free(output_ctx);
if (g_waldo != NULL) {
if (strlen(g_waldo) > 0) {
LogFilestoreLogStoreWaldo(g_waldo);
}
}

1
src/source-pcap.c
Unescape Escape View File

@ -414,7 +414,6 @@ TmEcode ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) {
SCFree(ptv);
pcapconfig->DerefFunc(pcapconfig);
SCReturnInt(TM_ECODE_FAILED);
ptv->pcap_state = PCAP_STATE_DOWN;
} else {
ptv->pcap_state = PCAP_STATE_UP;
}

5
src/stream-tcp-sack.c
Unescape Escape View File

@ -133,11 +133,6 @@ static int StreamTcpSackInsertRange(TcpStream *stream, uint32_t le, uint32_t re)
rec->re = re;
goto end;
}
le = rec->re;
//int r = StreamTcpSackInsertRange(stream, rec->re+1, re);
//SCReturnInt(r);
continue;
}
SCLogDebug("new range fully overlapped");

24
src/stream-tcp.c
Unescape Escape View File

@ -3837,12 +3837,12 @@ static inline int StreamTcpValidateChecksum(Packet *p)
if (p->tcpvars.comp_csum == -1) {
if (PKT_IS_IPV4(p)) {
p->tcpvars.comp_csum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src),
p->tcpvars.comp_csum = TCPCalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->tcph,
(p->payload_len +
TCP_GET_HLEN(p)));
} else if (PKT_IS_IPV6(p)) {
p->tcpvars.comp_csum = TCPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
p->tcpvars.comp_csum = TCPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->tcph,
(p->payload_len +
TCP_GET_HLEN(p)));
@ -4567,19 +4567,19 @@ void StreamTcpSetSessionNoReassemblyFlag (TcpSession *ssn, char direction)
IPV4_SET_RAW_IPLEN(nipv4h, IPV4_GET_RAW_IPLEN(ipv4h)); \
IPV4_SET_RAW_IPTOS(nipv4h, IPV4_GET_RAW_IPTOS(ipv4h)); \
IPV4_SET_RAW_IPPROTO(nipv4h, IPV4_GET_RAW_IPPROTO(ipv4h)); \
(nipv4h)->ip_src = IPV4_GET_RAW_IPDST(ipv4h); \
(nipv4h)->ip_dst = IPV4_GET_RAW_IPSRC(ipv4h); \
(nipv4h)->s_ip_src = IPV4_GET_RAW_IPDST(ipv4h); \
(nipv4h)->s_ip_dst = IPV4_GET_RAW_IPSRC(ipv4h); \
} while (0)
#define PSEUDO_PKT_SET_IPV6HDR(nipv6h,ipv6h) do { \
(nipv6h)->ip6_src[0] = (ipv6h)->ip6_dst[0]; \
(nipv6h)->ip6_src[1] = (ipv6h)->ip6_dst[1]; \
(nipv6h)->ip6_src[2] = (ipv6h)->ip6_dst[2]; \
(nipv6h)->ip6_src[3] = (ipv6h)->ip6_dst[3]; \
(nipv6h)->ip6_dst[0] = (ipv6h)->ip6_src[0]; \
(nipv6h)->ip6_dst[1] = (ipv6h)->ip6_src[1]; \
(nipv6h)->ip6_dst[2] = (ipv6h)->ip6_src[2]; \
(nipv6h)->ip6_dst[3] = (ipv6h)->ip6_src[3]; \
(nipv6h)->s_ip6_src[0] = (ipv6h)->s_ip6_dst[0]; \
(nipv6h)->s_ip6_src[1] = (ipv6h)->s_ip6_dst[1]; \
(nipv6h)->s_ip6_src[2] = (ipv6h)->s_ip6_dst[2]; \
(nipv6h)->s_ip6_src[3] = (ipv6h)->s_ip6_dst[3]; \
(nipv6h)->s_ip6_dst[0] = (ipv6h)->s_ip6_src[0]; \
(nipv6h)->s_ip6_dst[1] = (ipv6h)->s_ip6_src[1]; \
(nipv6h)->s_ip6_dst[2] = (ipv6h)->s_ip6_src[2]; \
(nipv6h)->s_ip6_dst[3] = (ipv6h)->s_ip6_src[3]; \
IPV6_SET_RAW_NH(nipv6h, IPV6_GET_RAW_NH(ipv6h)); \
} while (0)

30
src/suricata.c
Unescape Escape View File

@ -260,6 +260,7 @@ SignalHandlerSetup(int sig, void (*handler)())
signal(sig, handler);
#else
struct sigaction action;
memset(&action, 0x00, sizeof(struct sigaction));
action.sa_handler = handler;
sigemptyset(&(action.sa_mask));
@ -360,28 +361,27 @@ static void SetBpfStringFromFile(char *filename) {
SCLogError(SC_ERR_FOPEN, "Failed to stat file %s", filename);
exit(EXIT_FAILURE);
}
bpf_len=st.st_size + 1;
bpf_len = st.st_size + 1;
bpf_filter = SCMalloc(bpf_len*sizeof(char));
if(bpf_filter == NULL) {
fp = fopen(filename,"r");
if (fp == NULL) {
SCLogError(SC_ERR_FOPEN, "Failed to open file %s", filename);
exit(EXIT_FAILURE);
}
bpf_filter = SCMalloc(bpf_len * sizeof(char));
if (bpf_filter == NULL) {
SCLogError(SC_ERR_MEM_ALLOC,
"Failed to allocate buffer for bpf filter in file %s", filename);
"Failed to allocate buffer for bpf filter in file %s", filename);
exit(EXIT_FAILURE);
}
memset(bpf_filter, 0x00, bpf_len);
fp = fopen(filename,"r");
if(fp == NULL) {
SCLogError(SC_ERR_FOPEN, "Failed to open file %s", filename);
SCFree(bpf_filter);
exit(EXIT_FAILURE);
}else {
nm = fread(bpf_filter, bpf_len - 1, 1, fp);
if((ferror(fp) != 0)||( nm != 1)) {
*bpf_filter='\0';
}
fclose(fp);
nm = fread(bpf_filter, bpf_len - 1, 1, fp);
if((ferror(fp) != 0)||( nm != 1)) {
*bpf_filter='\0';
}
fclose(fp);
if(strlen(bpf_filter) > 0) {
/*replace comments with space*/

2
src/tm-threads.c
Unescape Escape View File

@ -1050,7 +1050,7 @@ TmEcode TmThreadSetCPU(ThreadVars *tv, uint8_t type)
int TmThreadGetNbThreads(uint8_t type)
{
if (type > MAX_CPU_SET) {
if (type >= MAX_CPU_SET) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid cpu type family");
return 0;
}

8
src/util-checksum.c
Unescape Escape View File

@ -33,11 +33,11 @@ int ReCalculateChecksum(Packet *p)
if (PKT_IS_TCP(p)) {
/* TCP */
p->tcph->th_sum = 0;
p->tcph->th_sum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src),
p->tcph->th_sum = TCPCalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p)));
} else if (PKT_IS_UDP(p)) {
p->udph->uh_sum = 0;
p->udph->uh_sum = UDPV4CalculateChecksum((uint16_t *)&(p->ip4h->ip_src),
p->udph->uh_sum = UDPV4CalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN));
}
/* IPV4 */
@ -48,11 +48,11 @@ int ReCalculateChecksum(Packet *p)
/* just TCP for IPV6 */
if (PKT_IS_TCP(p)) {
p->tcph->th_sum = 0;
p->tcph->th_sum = TCPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
p->tcph->th_sum = TCPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p)));
} else if (PKT_IS_UDP(p)) {
p->udph->uh_sum = 0;
p->udph->uh_sum = UDPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
p->udph->uh_sum = UDPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN));
}
}

2
src/util-device.c
Unescape Escape View File

@ -136,7 +136,7 @@ int LiveBuildDeviceList(char * runmode)
return 0;
TAILQ_FOREACH(child, &base->head, next) {
if (!strncmp(child->val, "interface", sizeof(child->val))) {
if (!strcmp(child->val, "interface")) {
ConfNode *subchild;
TAILQ_FOREACH(subchild, &child->head, next) {
if ((!strcmp(subchild->name, "interface"))) {

2
src/util-hash.h
Unescape Escape View File

@ -43,6 +43,8 @@ typedef struct HashTable_ {
void (*Free)(void *);
} HashTable;
#define HASH_NO_SIZE 0
/* prototypes */
HashTable* HashTableInit(uint32_t, uint32_t (*Hash)(struct HashTable_ *, void *, uint16_t), char (*Compare)(void *, uint16_t, void *, uint16_t), void (*Free)(void *));
void HashTableFree(HashTable *);

2
src/util-hashlist.h
Unescape Escape View File

@ -44,6 +44,8 @@ typedef struct HashListTable_ {
void (*Free)(void *);
} HashListTable;
#define HASHLIST_NO_SIZE 0
/* prototypes */
HashListTable* HashListTableInit(uint32_t, uint32_t (*Hash)(struct HashListTable_ *, void *, uint16_t), char (*Compare)(void *, uint16_t, void *, uint16_t), void (*Free)(void *));
void HashListTableFree(HashListTable *);

3
src/util-magic.c
Unescape Escape View File

@ -112,10 +112,13 @@ char *MagicLookup(uint8_t *buf, uint32_t buflen) {
}
void MagicDeinit(void) {
SCMutexLock(&g_magic_lock);
if (g_magic_ctx != NULL) {
magic_close(g_magic_ctx);
g_magic_ctx = NULL;
}
SCMutexUnlock(&g_magic_lock);
SCMutexDestroy(&g_magic_lock);
}
#ifdef UNITTESTS

3
src/util-mem.h
Unescape Escape View File

@ -157,8 +157,9 @@ SC_ATOMIC_EXTERN(unsigned int, engine_stage);
ptrmem = malloc((a)); \
if (ptrmem == NULL) { \
if (SC_ATOMIC_GET(engine_stage) == SURICATA_INIT) {\
uintmax_t size = (uintmax_t)(a); \
SCLogError(SC_ERR_MEM_ALLOC, "SCMalloc failed: %s, while trying " \
"to allocate %"PRIuMAX" bytes", strerror(errno), (uintmax_t)(a)); \
"to allocate %"PRIuMAX" bytes", strerror(errno), size); \
SCLogError(SC_ERR_FATAL, "Out of memory. The engine cannot be initialized. Exiting..."); \
exit(EXIT_FAILURE); \
} \

2
src/util-print.c
Unescape Escape View File

@ -68,7 +68,7 @@ void PrintRawLineHexBuf(char *retbuf, uint32_t retbuflen, uint8_t *buf, uint32_t
for (u = 0; u < buflen; u++) {
written += (uint32_t)snprintf(temp, sizeof(temp), "%02X ", buf[u]);
if (written < retbuflen) {
strlcat(retbuf, temp, sizeof(retbuf));
strlcat(retbuf, temp, retbuflen);
}
}
}

12
src/util-runmodes.c
Unescape Escape View File

@ -904,10 +904,6 @@ int RunModeSetIPSAuto(DetectEngineCtx *de_ctx,
for (int i = 0; i < nqueue; i++) {
memset(tname, 0, sizeof(tname));
snprintf(tname, sizeof(tname), "Verdict%"PRIu16, i);
if (tname == NULL) {
printf("ERROR: Unable to build thread name\n");
exit(EXIT_FAILURE);
}
char *thread_name = SCStrdup(tname);
ThreadVars *tv_verdict =
@ -1097,10 +1093,6 @@ int RunModeSetIPSAutoFp(DetectEngineCtx *de_ctx,
for (int i = 0; i < nqueue; i++) {
memset(tname, 0, sizeof(tname));
snprintf(tname, sizeof(tname), "Verdict%"PRIu16, i);
if (tname == NULL) {
printf("ERROR: Unable to build thread name\n");
exit(EXIT_FAILURE);
}
char *thread_name = SCStrdup(tname);
ThreadVars *tv_verdict =
@ -1179,10 +1171,6 @@ int RunModeSetIPSWorker(DetectEngineCtx *de_ctx,
}
memset(tname, 0, sizeof(tname));
snprintf(tname, sizeof(tname), "Worker-Q%s", cur_queue);
if (tname == NULL) {
printf("ERROR: Unable to build thread name\n");
exit(EXIT_FAILURE);
}
char *thread_name = SCStrdup(tname);
tv = TmThreadCreatePacketHandler(thread_name,

4
src/util-threshold-config.c
Unescape Escape View File

@ -1543,8 +1543,8 @@ int SCThresholdConfTest09(void)
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
if (alerts > 0) {
goto end;
result = 0;
goto end;
}
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
@ -1636,8 +1636,8 @@ int SCThresholdConfTest10(void)
SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
alerts += PacketAlertCheck(p2, 10);
if (alerts > 0) {
goto end;
result = 0;
goto end;
}
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);

20
src/util-unittest-helper.c
Unescape Escape View File

@ -103,10 +103,10 @@ Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
p->src.addr_data32[2] = in[2];
p->src.addr_data32[3] = in[3];
p->sp = sport;
p->ip6h->ip6_src[0] = in[0];
p->ip6h->ip6_src[1] = in[1];
p->ip6h->ip6_src[2] = in[2];
p->ip6h->ip6_src[3] = in[3];
p->ip6h->s_ip6_src[0] = in[0];
p->ip6h->s_ip6_src[1] = in[1];
p->ip6h->s_ip6_src[2] = in[2];
p->ip6h->s_ip6_src[3] = in[3];
if (inet_pton(AF_INET6, dst, &in) <= 0)
goto error;
@ -115,10 +115,10 @@ Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
p->dst.addr_data32[2] = in[2];
p->dst.addr_data32[3] = in[3];
p->dp = dport;
p->ip6h->ip6_dst[0] = in[0];
p->ip6h->ip6_dst[1] = in[1];
p->ip6h->ip6_dst[2] = in[2];
p->ip6h->ip6_dst[3] = in[3];
p->ip6h->s_ip6_dst[0] = in[0];
p->ip6h->s_ip6_dst[1] = in[1];
p->ip6h->s_ip6_dst[2] = in[2];
p->ip6h->s_ip6_dst[3] = in[3];
p->tcph = SCMalloc(sizeof(TCPHdr));
if (p->tcph == NULL)
@ -192,8 +192,8 @@ Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
if (p->ip4h == NULL)
goto error;
p->ip4h->ip_src.s_addr = p->src.addr_data32[0];
p->ip4h->ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h->s_ip_src.s_addr = p->src.addr_data32[0];
p->ip4h->s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h->ip_proto = ipproto;
p->ip4h->ip_verhl = sizeof(IPV4Hdr);
p->proto = ipproto;

Write Preview
Loading…
Cancel
Save