From dddd2d06f6ada5fd2edd689673ed217c833df516 Mon Sep 17 00:00:00 2001
From: Jason Ish <ish@unx.ca>
Date: Tue, 1 Mar 2016 15:08:14 -0600
Subject: [PATCH] dcerpc: cleanup list handling

---
 src/app-layer-dcerpc-common.h |  6 ++++--
 src/app-layer-dcerpc.c        | 38 +++++++++++++----------------------
 2 files changed, 18 insertions(+), 26 deletions(-)

diff --git a/src/app-layer-dcerpc-common.h b/src/app-layer-dcerpc-common.h
index cdda563009..72fe4574fb 100644
--- a/src/app-layer-dcerpc-common.h
+++ b/src/app-layer-dcerpc-common.h
@@ -145,6 +145,8 @@ typedef struct DCERPCUuidEntry_ {
     TAILQ_ENTRY(DCERPCUuidEntry_) next;
 } DCERPCUuidEntry;
 
+typedef TAILQ_HEAD(DCERPCUuidEntryList_, DCERPCUuidEntry_) DCERPCUuidEntryList;
+
 typedef struct DCERPCBindBindAck_ {
     uint8_t numctxitems;
     uint8_t numctxitemsleft;
@@ -154,9 +156,9 @@ typedef struct DCERPCBindBindAck_ {
     uint16_t version;
     uint16_t versionminor;
     DCERPCUuidEntry *uuid_entry;
-    TAILQ_HEAD(, DCERPCUuidEntry_) uuid_list;
+    DCERPCUuidEntryList uuid_list;
     /* the interface uuids that the server has accepted */
-    TAILQ_HEAD(, DCERPCUuidEntry_) accepted_uuid_list;
+    DCERPCUuidEntryList accepted_uuid_list;
     uint16_t uuid_internal_id;
     uint16_t secondaryaddrlen;
     uint16_t secondaryaddrlenleft;
diff --git a/src/app-layer-dcerpc.c b/src/app-layer-dcerpc.c
index 9f9862f043..5e1d5ba784 100644
--- a/src/app-layer-dcerpc.c
+++ b/src/app-layer-dcerpc.c
@@ -77,6 +77,8 @@ enum {
     DCERPC_FIELD_MAX,
 };
 
+void DCERPCUuidListFree(DCERPCUuidEntryList *list);
+
 /* \brief hexdump function from libdnet, used for debugging only */
 void hexdump(/*Flow *f,*/ const void *buf, size_t len)
 {
@@ -875,22 +877,15 @@ static uint32_t DCERPCParseBINDACKCTXItem(DCERPC *dcerpc, uint8_t *input, uint32
 static uint32_t DCERPCParseBIND(DCERPC *dcerpc, uint8_t *input, uint32_t input_len)
 {
     SCEnter();
-    DCERPCUuidEntry *item;
     uint8_t *p = input;
     if (input_len) {
         switch (dcerpc->bytesprocessed) {
             case 16:
                 dcerpc->dcerpcbindbindack.numctxitems = 0;
                 if (input_len >= 12) {
-                    while ((item = TAILQ_FIRST(&dcerpc->dcerpcbindbindack.uuid_list))) {
-                        TAILQ_REMOVE(&dcerpc->dcerpcbindbindack.uuid_list, item, next);
-                        SCFree(item);
-                    }
+                    DCERPCUuidListFree(&dcerpc->dcerpcbindbindack.uuid_list);
                     if (dcerpc->dcerpchdr.type == BIND) {
-                        while ((item = TAILQ_FIRST(&dcerpc->dcerpcbindbindack.accepted_uuid_list))) {
-                            TAILQ_REMOVE(&dcerpc->dcerpcbindbindack.accepted_uuid_list, item, next);
-                            SCFree(item);
-                        }
+                        DCERPCUuidListFree(&dcerpc->dcerpcbindbindack.accepted_uuid_list);
                     }
                     dcerpc->dcerpcbindbindack.uuid_internal_id = 0;
                     dcerpc->dcerpcbindbindack.numctxitems = *(p + 8);
@@ -947,15 +942,9 @@ static uint32_t DCERPCParseBIND(DCERPC *dcerpc, uint8_t *input, uint32_t input_l
                     break;
                 /* fall through */
             case 24:
-                while ((item = TAILQ_FIRST(&dcerpc->dcerpcbindbindack.uuid_list))) {
-                    TAILQ_REMOVE(&dcerpc->dcerpcbindbindack.uuid_list, item, next);
-                    SCFree(item);
-                }
+                DCERPCUuidListFree(&dcerpc->dcerpcbindbindack.uuid_list);
                 if (dcerpc->dcerpchdr.type == BIND) {
-                    while ((item = TAILQ_FIRST(&dcerpc->dcerpcbindbindack.accepted_uuid_list))) {
-                        TAILQ_REMOVE(&dcerpc->dcerpcbindbindack.accepted_uuid_list, item, next);
-                        SCFree(item);
-                    }
+                    DCERPCUuidListFree(&dcerpc->dcerpcbindbindack.accepted_uuid_list);
                 }
                 dcerpc->dcerpcbindbindack.uuid_internal_id = 0;
                 dcerpc->dcerpcbindbindack.numctxitems = *(p++);
@@ -1970,19 +1959,20 @@ static void *DCERPCStateAlloc(void)
     SCReturnPtr((void *)s, "void");
 }
 
-void DCERPCCleanup(DCERPC *dcerpc)
+void DCERPCUuidListFree(DCERPCUuidEntryList *list)
 {
     DCERPCUuidEntry *entry;
 
-    while ((entry = TAILQ_FIRST(&dcerpc->dcerpcbindbindack.uuid_list))) {
-        TAILQ_REMOVE(&dcerpc->dcerpcbindbindack.uuid_list, entry, next);
+    while ((entry = TAILQ_FIRST(list))) {
+        TAILQ_REMOVE(list, entry, next);
         SCFree(entry);
     }
+}
 
-    while ((entry = TAILQ_FIRST(&dcerpc->dcerpcbindbindack.accepted_uuid_list))) {
-        TAILQ_REMOVE(&dcerpc->dcerpcbindbindack.accepted_uuid_list, entry, next);
-        SCFree(entry);
-    }
+void DCERPCCleanup(DCERPC *dcerpc)
+{
+    DCERPCUuidListFree(&dcerpc->dcerpcbindbindack.uuid_list);
+    DCERPCUuidListFree(&dcerpc->dcerpcbindbindack.accepted_uuid_list);
 
     if (dcerpc->dcerpcrequest.stub_data_buffer != NULL) {
         SCFree(dcerpc->dcerpcrequest.stub_data_buffer);