diff --git a/src/detect-engine-dns.c b/src/detect-engine-dns.c index 3efb848f01..915533f150 100644 --- a/src/detect-engine-dns.c +++ b/src/detect-engine-dns.c @@ -104,9 +104,9 @@ int DetectEngineInspectDnsQueryName(ThreadVars *tv, * * \retval ret Number of matches. */ -static uint32_t DnsQueryPatternSearch(DetectEngineThreadCtx *det_ctx, - uint8_t *buffer, uint32_t buffer_len, - uint8_t flags) +static inline uint32_t DnsQueryPatternSearch(DetectEngineThreadCtx *det_ctx, + const uint8_t *buffer, const uint32_t buffer_len, + const uint8_t flags) { SCEnter(); @@ -115,9 +115,11 @@ static uint32_t DnsQueryPatternSearch(DetectEngineThreadCtx *det_ctx, DEBUG_VALIDATE_BUG_ON(flags & STREAM_TOCLIENT); DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_dnsquery_ctx_ts == NULL); - ret = mpm_table[det_ctx->sgh->mpm_dnsquery_ctx_ts->mpm_type]. - Search(det_ctx->sgh->mpm_dnsquery_ctx_ts, &det_ctx->mtcu, - &det_ctx->pmq, buffer, buffer_len); + if (buffer_len >= det_ctx->sgh->mpm_dnsquery_ctx_ts->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_dnsquery_ctx_ts->mpm_type]. + Search(det_ctx->sgh->mpm_dnsquery_ctx_ts, &det_ctx->mtcu, + &det_ctx->pmq, buffer, buffer_len); + } SCReturnUInt(ret); } diff --git a/src/detect-engine-filedata-smtp.c b/src/detect-engine-filedata-smtp.c index 8b2f5caead..80fec628dc 100644 --- a/src/detect-engine-filedata-smtp.c +++ b/src/detect-engine-filedata-smtp.c @@ -281,9 +281,9 @@ void DetectEngineCleanSMTPBuffers(DetectEngineThreadCtx *det_ctx) * * \retval ret Number of matches. */ -static uint32_t SMTPFiledataPatternSearch(DetectEngineThreadCtx *det_ctx, - uint8_t *buffer, uint32_t buffer_len, - uint8_t flags) +static inline uint32_t SMTPFiledataPatternSearch(DetectEngineThreadCtx *det_ctx, + const uint8_t *buffer, const uint32_t buffer_len, + const uint8_t flags) { SCEnter(); @@ -292,9 +292,11 @@ static uint32_t SMTPFiledataPatternSearch(DetectEngineThreadCtx *det_ctx, DEBUG_VALIDATE_BUG_ON(flags & STREAM_TOCLIENT); DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_smtp_filedata_ctx_ts == NULL); - ret = mpm_table[det_ctx->sgh->mpm_smtp_filedata_ctx_ts->mpm_type]. - Search(det_ctx->sgh->mpm_smtp_filedata_ctx_ts, &det_ctx->mtcu, - &det_ctx->pmq, buffer, buffer_len); + if (buffer_len >= det_ctx->sgh->mpm_smtp_filedata_ctx_ts->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_smtp_filedata_ctx_ts->mpm_type]. + Search(det_ctx->sgh->mpm_smtp_filedata_ctx_ts, &det_ctx->mtcu, + &det_ctx->pmq, buffer, buffer_len); + } SCReturnUInt(ret); } diff --git a/src/detect-engine-hcbd.c b/src/detect-engine-hcbd.c index 28ebfe584f..42ef760aa2 100644 --- a/src/detect-engine-hcbd.c +++ b/src/detect-engine-hcbd.c @@ -230,19 +230,22 @@ static uint8_t *DetectEngineHCBDGetBufferForTX(htp_tx_t *tx, uint64_t tx_id, * * \retval ret Number of matches. */ -static uint32_t HttpClientBodyPatternSearch(DetectEngineThreadCtx *det_ctx, - uint8_t *body, uint32_t body_len, uint8_t flags) +static inline uint32_t HttpClientBodyPatternSearch(DetectEngineThreadCtx *det_ctx, + const uint8_t *body, const uint32_t body_len, + const uint8_t flags) { SCEnter(); - uint32_t ret; + uint32_t ret = 0; DEBUG_VALIDATE_BUG_ON(flags & STREAM_TOCLIENT); DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_hcbd_ctx_ts == NULL); - ret = mpm_table[det_ctx->sgh->mpm_hcbd_ctx_ts->mpm_type]. - Search(det_ctx->sgh->mpm_hcbd_ctx_ts, &det_ctx->mtcu, - &det_ctx->pmq, body, body_len); + if (body_len >= det_ctx->sgh->mpm_hcbd_ctx_ts->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_hcbd_ctx_ts->mpm_type]. + Search(det_ctx->sgh->mpm_hcbd_ctx_ts, &det_ctx->mtcu, + &det_ctx->pmq, body, body_len); + } SCReturnUInt(ret); } diff --git a/src/detect-engine-hcd.c b/src/detect-engine-hcd.c index 432266e706..dfc97a9add 100644 --- a/src/detect-engine-hcd.c +++ b/src/detect-engine-hcd.c @@ -67,24 +67,30 @@ * * \retval ret Number of matches. */ -static uint32_t HttpCookiePatternSearch(DetectEngineThreadCtx *det_ctx, - uint8_t *cookie, uint32_t cookie_len, uint8_t flags) +static inline uint32_t HttpCookiePatternSearch(DetectEngineThreadCtx *det_ctx, + const uint8_t *cookie, const uint32_t cookie_len, + const uint8_t flags) { SCEnter(); - uint32_t ret; + uint32_t ret = 0; + if (flags & STREAM_TOSERVER) { DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_hcd_ctx_ts == NULL); - ret = mpm_table[det_ctx->sgh->mpm_hcd_ctx_ts->mpm_type]. - Search(det_ctx->sgh->mpm_hcd_ctx_ts, &det_ctx->mtcu, - &det_ctx->pmq, cookie, cookie_len); + if (cookie_len >= det_ctx->sgh->mpm_hcd_ctx_ts->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_hcd_ctx_ts->mpm_type]. + Search(det_ctx->sgh->mpm_hcd_ctx_ts, &det_ctx->mtcu, + &det_ctx->pmq, cookie, cookie_len); + } } else { DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_hcd_ctx_tc == NULL); - ret = mpm_table[det_ctx->sgh->mpm_hcd_ctx_tc->mpm_type]. - Search(det_ctx->sgh->mpm_hcd_ctx_tc, &det_ctx->mtcu, - &det_ctx->pmq, cookie, cookie_len); + if (cookie_len >= det_ctx->sgh->mpm_hcd_ctx_tc->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_hcd_ctx_tc->mpm_type]. + Search(det_ctx->sgh->mpm_hcd_ctx_tc, &det_ctx->mtcu, + &det_ctx->pmq, cookie, cookie_len); + } } SCReturnUInt(ret); diff --git a/src/detect-engine-hhd.c b/src/detect-engine-hhd.c index 0656b112af..acfae6f54b 100644 --- a/src/detect-engine-hhd.c +++ b/src/detect-engine-hhd.c @@ -223,24 +223,30 @@ static uint8_t *DetectEngineHHDGetBufferForTX(htp_tx_t *tx, uint64_t tx_id, * * \retval ret Number of matches. */ -static uint32_t HttpHeaderPatternSearch(DetectEngineThreadCtx *det_ctx, - uint8_t *headers, uint32_t headers_len, uint8_t flags) +static inline uint32_t HttpHeaderPatternSearch(DetectEngineThreadCtx *det_ctx, + const uint8_t *headers, const uint32_t headers_len, + const uint8_t flags) { SCEnter(); - uint32_t ret; + uint32_t ret = 0; + if (flags & STREAM_TOSERVER) { DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_hhd_ctx_ts == NULL); - ret = mpm_table[det_ctx->sgh->mpm_hhd_ctx_ts->mpm_type]. - Search(det_ctx->sgh->mpm_hhd_ctx_ts, &det_ctx->mtcu, - &det_ctx->pmq, headers, headers_len); + if (headers_len >= det_ctx->sgh->mpm_hhd_ctx_ts->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_hhd_ctx_ts->mpm_type]. + Search(det_ctx->sgh->mpm_hhd_ctx_ts, &det_ctx->mtcu, + &det_ctx->pmq, headers, headers_len); + } } else { DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_hhd_ctx_tc == NULL); - ret = mpm_table[det_ctx->sgh->mpm_hhd_ctx_tc->mpm_type]. - Search(det_ctx->sgh->mpm_hhd_ctx_tc, &det_ctx->mtcu, - &det_ctx->pmq, headers, headers_len); + if (headers_len >= det_ctx->sgh->mpm_hhd_ctx_tc->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_hhd_ctx_tc->mpm_type]. + Search(det_ctx->sgh->mpm_hhd_ctx_tc, &det_ctx->mtcu, + &det_ctx->pmq, headers, headers_len); + } } SCReturnUInt(ret); diff --git a/src/detect-engine-hhhd.c b/src/detect-engine-hhhd.c index 0882d16d1a..e86debc243 100644 --- a/src/detect-engine-hhhd.c +++ b/src/detect-engine-hhhd.c @@ -70,19 +70,22 @@ * * \retval ret Number of matches. */ -static uint32_t HttpHHPatternSearch(DetectEngineThreadCtx *det_ctx, - uint8_t *hh, uint32_t hh_len, uint8_t flags) +static inline uint32_t HttpHHPatternSearch(DetectEngineThreadCtx *det_ctx, + const uint8_t *hh, const uint32_t hh_len, + const uint8_t flags) { SCEnter(); - uint32_t ret; + uint32_t ret = 0; DEBUG_VALIDATE_BUG_ON(flags & STREAM_TOCLIENT); DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_hhhd_ctx_ts == NULL); - ret = mpm_table[det_ctx->sgh->mpm_hhhd_ctx_ts->mpm_type]. - Search(det_ctx->sgh->mpm_hhhd_ctx_ts, &det_ctx->mtcu, - &det_ctx->pmq, hh, hh_len); + if (hh_len >= det_ctx->sgh->mpm_hhhd_ctx_ts->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_hhhd_ctx_ts->mpm_type]. + Search(det_ctx->sgh->mpm_hhhd_ctx_ts, &det_ctx->mtcu, + &det_ctx->pmq, hh, hh_len); + } SCReturnUInt(ret); } @@ -95,12 +98,12 @@ int DetectEngineRunHttpHHMpm(DetectEngineThreadCtx *det_ctx, Flow *f, htp_tx_t *tx = (htp_tx_t *)txv; if (tx->request_hostname == NULL) goto end; - uint8_t *hname = (uint8_t *)bstr_ptr(tx->request_hostname); + const uint8_t *hname = (const uint8_t *)bstr_ptr(tx->request_hostname); if (hname == NULL) goto end; - uint32_t hname_len = bstr_len(tx->request_hostname); + const uint32_t hname_len = bstr_len(tx->request_hostname); - cnt += HttpHHPatternSearch(det_ctx, hname, hname_len, flags); + cnt = HttpHHPatternSearch(det_ctx, hname, hname_len, flags); end: return cnt; diff --git a/src/detect-engine-hmd.c b/src/detect-engine-hmd.c index f80e279a39..e410286859 100644 --- a/src/detect-engine-hmd.c +++ b/src/detect-engine-hmd.c @@ -67,19 +67,22 @@ * * \retval ret Number of matches. */ -static uint32_t HttpMethodPatternSearch(DetectEngineThreadCtx *det_ctx, - uint8_t *raw_method, uint32_t raw_method_len, uint8_t flags) +static inline uint32_t HttpMethodPatternSearch(DetectEngineThreadCtx *det_ctx, + const uint8_t *raw_method, const uint32_t raw_method_len, + const uint8_t flags) { SCEnter(); - uint32_t ret; + uint32_t ret = 0; DEBUG_VALIDATE_BUG_ON(flags & STREAM_TOCLIENT); DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_hmd_ctx_ts == NULL); - ret = mpm_table[det_ctx->sgh->mpm_hmd_ctx_ts->mpm_type]. - Search(det_ctx->sgh->mpm_hmd_ctx_ts, &det_ctx->mtcu, - &det_ctx->pmq, raw_method, raw_method_len); + if (raw_method_len >= det_ctx->sgh->mpm_hmd_ctx_ts->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_hmd_ctx_ts->mpm_type]. + Search(det_ctx->sgh->mpm_hmd_ctx_ts, &det_ctx->mtcu, + &det_ctx->pmq, raw_method, raw_method_len); + } SCReturnUInt(ret); } @@ -92,11 +95,11 @@ int DetectEngineRunHttpMethodMpm(DetectEngineThreadCtx *det_ctx, Flow *f, htp_tx_t *tx = (htp_tx_t *)txv; if (tx->request_method == NULL) goto end; + cnt = HttpMethodPatternSearch(det_ctx, - (uint8_t *)bstr_ptr(tx->request_method), + (const uint8_t *)bstr_ptr(tx->request_method), bstr_len(tx->request_method), flags); - end: return cnt; } diff --git a/src/detect-engine-hrhd.c b/src/detect-engine-hrhd.c index 54618a3df1..2dd26f2f23 100644 --- a/src/detect-engine-hrhd.c +++ b/src/detect-engine-hrhd.c @@ -62,30 +62,36 @@ /** * \brief Http raw header match -- searches for one pattern per signature. * - * \param det_ctx Detection engine thread ctx. - * \param headers Raw headers to inspect. - * \param headers_len Raw headers length. + * \param det_ctx Detection engine thread ctx. + * \param raw_headers Raw headers to inspect. + * \param raw_headers_len Raw headers length. * * \retval ret Number of matches. */ -static uint32_t HttpRawHeaderPatternSearch(DetectEngineThreadCtx *det_ctx, - uint8_t *raw_headers, uint32_t raw_headers_len, uint8_t flags) +static inline uint32_t HttpRawHeaderPatternSearch(DetectEngineThreadCtx *det_ctx, + const uint8_t *raw_headers, const uint32_t raw_headers_len, + const uint8_t flags) { SCEnter(); - uint32_t ret; + uint32_t ret = 0; + if (flags & STREAM_TOSERVER) { DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_hrhd_ctx_ts == NULL); - ret = mpm_table[det_ctx->sgh->mpm_hrhd_ctx_ts->mpm_type]. - Search(det_ctx->sgh->mpm_hrhd_ctx_ts, &det_ctx->mtcu, - &det_ctx->pmq, raw_headers, raw_headers_len); + if (raw_headers_len >= det_ctx->sgh->mpm_hrhd_ctx_ts->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_hrhd_ctx_ts->mpm_type]. + Search(det_ctx->sgh->mpm_hrhd_ctx_ts, &det_ctx->mtcu, + &det_ctx->pmq, raw_headers, raw_headers_len); + } } else { DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_hrhd_ctx_tc == NULL); - ret = mpm_table[det_ctx->sgh->mpm_hrhd_ctx_tc->mpm_type]. - Search(det_ctx->sgh->mpm_hrhd_ctx_tc, &det_ctx->mtcu, - &det_ctx->pmq, raw_headers, raw_headers_len); + if (raw_headers_len >= det_ctx->sgh->mpm_hrhd_ctx_tc->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_hrhd_ctx_tc->mpm_type]. + Search(det_ctx->sgh->mpm_hrhd_ctx_tc, &det_ctx->mtcu, + &det_ctx->pmq, raw_headers, raw_headers_len); + } } SCReturnUInt(ret); @@ -98,14 +104,16 @@ int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f, SCEnter(); uint32_t cnt = 0; + htp_tx_t *tx = (htp_tx_t *)txv; HtpTxUserData *tx_ud = htp_tx_get_user_data(tx); - if (tx_ud == NULL) - SCReturnInt(cnt); + if (tx_ud == NULL) { + SCReturnInt(0); + } if (flags & STREAM_TOSERVER) { if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, flags) <= HTP_REQUEST_HEADERS) - SCReturnInt(cnt); + SCReturnInt(0); if (tx_ud->request_headers_raw != NULL) { cnt = HttpRawHeaderPatternSearch(det_ctx, @@ -115,10 +123,10 @@ int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f, } } else { if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, flags) <= HTP_RESPONSE_HEADERS) - SCReturnInt(cnt); + SCReturnInt(0); if (tx_ud->response_headers_raw != NULL) { - cnt += HttpRawHeaderPatternSearch(det_ctx, + cnt = HttpRawHeaderPatternSearch(det_ctx, tx_ud->response_headers_raw, tx_ud->response_headers_raw_len, flags); diff --git a/src/detect-engine-hrhhd.c b/src/detect-engine-hrhhd.c index 732226c468..bee6cd8eff 100644 --- a/src/detect-engine-hrhhd.c +++ b/src/detect-engine-hrhhd.c @@ -70,19 +70,22 @@ * * \retval ret Number of matches. */ -static uint32_t HttpHRHPatternSearch(DetectEngineThreadCtx *det_ctx, - uint8_t *hrh, uint32_t hrh_len, uint8_t flags) +static inline uint32_t HttpHRHPatternSearch(DetectEngineThreadCtx *det_ctx, + const uint8_t *hrh, const uint32_t hrh_len, + const uint8_t flags) { SCEnter(); - uint32_t ret; + uint32_t ret = 0; DEBUG_VALIDATE_BUG_ON(flags & STREAM_TOCLIENT); DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_hrhhd_ctx_ts == NULL); - ret = mpm_table[det_ctx->sgh->mpm_hrhhd_ctx_ts->mpm_type]. - Search(det_ctx->sgh->mpm_hrhhd_ctx_ts, &det_ctx->mtcu, - &det_ctx->pmq, hrh, hrh_len); + if (hrh_len >= det_ctx->sgh->mpm_hrhhd_ctx_ts->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_hrhhd_ctx_ts->mpm_type]. + Search(det_ctx->sgh->mpm_hrhhd_ctx_ts, &det_ctx->mtcu, + &det_ctx->pmq, hrh, hrh_len); + } SCReturnUInt(ret); } @@ -93,7 +96,7 @@ int DetectEngineRunHttpHRHMpm(DetectEngineThreadCtx *det_ctx, Flow *f, { uint32_t cnt = 0; htp_tx_t *tx = (htp_tx_t *)txv; - uint8_t *hname = NULL; + const uint8_t *hname = NULL; uint32_t hname_len = 0; if (tx->parsed_uri == NULL || tx->parsed_uri->hostname == NULL) { @@ -102,21 +105,22 @@ int DetectEngineRunHttpHRHMpm(DetectEngineThreadCtx *det_ctx, Flow *f, htp_header_t *h = NULL; h = (htp_header_t *)htp_table_get_c(tx->request_headers, "Host"); if (h != NULL) { - SCLogDebug("HTTP host header not present in this request"); - hname = (uint8_t *)bstr_ptr(h->value); - hname_len = bstr_len(h->value); + hname = (const uint8_t *)bstr_ptr(h->value); + if (hname != NULL) + hname_len = bstr_len(h->value); } else { + SCLogDebug("HTTP host header not present in this request"); goto end; } } else { hname = (uint8_t *)bstr_ptr(tx->parsed_uri->hostname); if (hname != NULL) hname_len = bstr_len(tx->parsed_uri->hostname); - else - goto end; } - cnt = HttpHRHPatternSearch(det_ctx, hname, hname_len, flags); + if (hname != NULL) { + cnt = HttpHRHPatternSearch(det_ctx, hname, hname_len, flags); + } end: return cnt; diff --git a/src/detect-engine-hrud.c b/src/detect-engine-hrud.c index 4249cccc3a..e7b08cf536 100644 --- a/src/detect-engine-hrud.c +++ b/src/detect-engine-hrud.c @@ -67,19 +67,22 @@ * * \retval ret Number of matches. */ -static uint32_t HttpRawUriPatternSearch(DetectEngineThreadCtx *det_ctx, - uint8_t *uri, uint32_t uri_len, uint8_t flags) +static inline uint32_t HttpRawUriPatternSearch(DetectEngineThreadCtx *det_ctx, + const uint8_t *uri, const uint32_t uri_len, + const uint8_t flags) { SCEnter(); - uint32_t ret; + uint32_t ret = 0; DEBUG_VALIDATE_BUG_ON(flags & STREAM_TOCLIENT); DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_hrud_ctx_ts == NULL); - ret = mpm_table[det_ctx->sgh->mpm_hrud_ctx_ts->mpm_type]. - Search(det_ctx->sgh->mpm_hrud_ctx_ts, &det_ctx->mtcu, - &det_ctx->pmq, uri, uri_len); + if (uri_len >= det_ctx->sgh->mpm_hrud_ctx_ts->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_hrud_ctx_ts->mpm_type]. + Search(det_ctx->sgh->mpm_hrud_ctx_ts, &det_ctx->mtcu, + &det_ctx->pmq, uri, uri_len); + } SCReturnUInt(ret); } @@ -99,10 +102,10 @@ int DetectEngineRunHttpRawUriMpm(DetectEngineThreadCtx *det_ctx, Flow *f, uint32_t cnt = 0; if (tx->request_uri == NULL) goto end; + cnt = HttpRawUriPatternSearch(det_ctx, - (uint8_t *)bstr_ptr(tx->request_uri), + (const uint8_t *)bstr_ptr(tx->request_uri), bstr_len(tx->request_uri), flags); - end: SCReturnInt(cnt); } diff --git a/src/detect-engine-hsbd.c b/src/detect-engine-hsbd.c index 401296e38d..93d9adee6d 100644 --- a/src/detect-engine-hsbd.c +++ b/src/detect-engine-hsbd.c @@ -324,19 +324,22 @@ static uint8_t *DetectEngineHSBDGetBufferForTX(htp_tx_t *tx, uint64_t tx_id, * * \retval ret Number of matches. */ -static uint32_t HttpServerBodyPatternSearch(DetectEngineThreadCtx *det_ctx, - uint8_t *body, uint32_t body_len, uint8_t flags) +static inline uint32_t HttpServerBodyPatternSearch(DetectEngineThreadCtx *det_ctx, + const uint8_t *body, const uint32_t body_len, + const uint8_t flags) { SCEnter(); - uint32_t ret; + uint32_t ret = 0; DEBUG_VALIDATE_BUG_ON(!(flags & STREAM_TOCLIENT)); DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_hsbd_ctx_tc == NULL); - ret = mpm_table[det_ctx->sgh->mpm_hsbd_ctx_tc->mpm_type]. - Search(det_ctx->sgh->mpm_hsbd_ctx_tc, &det_ctx->mtcu, - &det_ctx->pmq, body, body_len); + if (body_len >= det_ctx->sgh->mpm_hsbd_ctx_tc->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_hsbd_ctx_tc->mpm_type]. + Search(det_ctx->sgh->mpm_hsbd_ctx_tc, &det_ctx->mtcu, + &det_ctx->pmq, body, body_len); + } SCReturnUInt(ret); } @@ -349,7 +352,7 @@ int DetectEngineRunHttpServerBodyMpm(DetectEngineCtx *de_ctx, uint32_t cnt = 0; uint32_t buffer_len = 0; uint32_t stream_start_offset = 0; - uint8_t *buffer = DetectEngineHSBDGetBufferForTX(tx, idx, + const uint8_t *buffer = DetectEngineHSBDGetBufferForTX(tx, idx, de_ctx, det_ctx, f, htp_state, flags, diff --git a/src/detect-engine-hscd.c b/src/detect-engine-hscd.c index 6fd938d184..72df1c8d5f 100644 --- a/src/detect-engine-hscd.c +++ b/src/detect-engine-hscd.c @@ -64,19 +64,22 @@ * * \retval ret Number of matches. */ -static uint32_t HttpStatCodePatternSearch(DetectEngineThreadCtx *det_ctx, - uint8_t *stat_code, uint32_t stat_code_len, uint8_t flags) +static inline uint32_t HttpStatCodePatternSearch(DetectEngineThreadCtx *det_ctx, + const uint8_t *stat_code, const uint32_t stat_code_len, + const uint8_t flags) { SCEnter(); - uint32_t ret; + uint32_t ret = 0; DEBUG_VALIDATE_BUG_ON(!(flags & STREAM_TOCLIENT)); DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_hscd_ctx_tc == NULL); - ret = mpm_table[det_ctx->sgh->mpm_hscd_ctx_tc->mpm_type]. - Search(det_ctx->sgh->mpm_hscd_ctx_tc, &det_ctx->mtcu, - &det_ctx->pmq, stat_code, stat_code_len); + if (stat_code_len >= det_ctx->sgh->mpm_hscd_ctx_tc->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_hscd_ctx_tc->mpm_type]. + Search(det_ctx->sgh->mpm_hscd_ctx_tc, &det_ctx->mtcu, + &det_ctx->pmq, stat_code, stat_code_len); + } SCReturnUInt(ret); } @@ -98,9 +101,8 @@ int DetectEngineRunHttpStatCodeMpm(DetectEngineThreadCtx *det_ctx, Flow *f, goto end; cnt = HttpStatCodePatternSearch(det_ctx, - (uint8_t *)bstr_ptr(tx->response_status), - bstr_len(tx->response_status), flags); - + (const uint8_t *)bstr_ptr(tx->response_status), + bstr_len(tx->response_status), flags); end: SCReturnInt(cnt); } diff --git a/src/detect-engine-hsmd.c b/src/detect-engine-hsmd.c index 9017ebfd55..3b8a0004d9 100644 --- a/src/detect-engine-hsmd.c +++ b/src/detect-engine-hsmd.c @@ -64,19 +64,22 @@ * * \retval ret Number of matches. */ -static uint32_t HttpStatMsgPatternSearch(DetectEngineThreadCtx *det_ctx, - uint8_t *stat_msg, uint32_t stat_msg_len, uint8_t flags) +static inline uint32_t HttpStatMsgPatternSearch(DetectEngineThreadCtx *det_ctx, + const uint8_t *stat_msg, const uint32_t stat_msg_len, + const uint8_t flags) { SCEnter(); - uint32_t ret; + uint32_t ret = 0; DEBUG_VALIDATE_BUG_ON(!(flags & STREAM_TOCLIENT)); DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_hsmd_ctx_tc == NULL); - ret = mpm_table[det_ctx->sgh->mpm_hsmd_ctx_tc->mpm_type]. - Search(det_ctx->sgh->mpm_hsmd_ctx_tc, &det_ctx->mtcu, - &det_ctx->pmq, stat_msg, stat_msg_len); + if (stat_msg_len >= det_ctx->sgh->mpm_hsmd_ctx_tc->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_hsmd_ctx_tc->mpm_type]. + Search(det_ctx->sgh->mpm_hsmd_ctx_tc, &det_ctx->mtcu, + &det_ctx->pmq, stat_msg, stat_msg_len); + } SCReturnUInt(ret); } @@ -98,9 +101,8 @@ int DetectEngineRunHttpStatMsgMpm(DetectEngineThreadCtx *det_ctx, Flow *f, goto end; cnt = HttpStatMsgPatternSearch(det_ctx, - (uint8_t *)bstr_ptr(tx->response_message), + (const uint8_t *)bstr_ptr(tx->response_message), bstr_len(tx->response_message), flags); - end: SCReturnInt(cnt); } diff --git a/src/detect-engine-hua.c b/src/detect-engine-hua.c index 27e1383f0f..a459776b6e 100644 --- a/src/detect-engine-hua.c +++ b/src/detect-engine-hua.c @@ -63,24 +63,27 @@ * \brief Http user agent match -- searches for one pattern per signature. * * \param det_ctx Detection engine thread ctx. - * \param cookie User-Agent to inspect. - * \param cookie_len User-Agent buffer length. + * \param ua User-Agent to inspect. + * \param ua_len User-Agent buffer length. * * \retval ret Number of matches. */ -static uint32_t HttpUAPatternSearch(DetectEngineThreadCtx *det_ctx, - uint8_t *ua, uint32_t ua_len, uint8_t flags) +static inline uint32_t HttpUAPatternSearch(DetectEngineThreadCtx *det_ctx, + const uint8_t *ua, const uint32_t ua_len, + const uint8_t flags) { SCEnter(); - uint32_t ret; + uint32_t ret = 0; DEBUG_VALIDATE_BUG_ON(flags & STREAM_TOCLIENT); DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_huad_ctx_ts == NULL); - ret = mpm_table[det_ctx->sgh->mpm_huad_ctx_ts->mpm_type]. - Search(det_ctx->sgh->mpm_huad_ctx_ts, &det_ctx->mtcu, - &det_ctx->pmq, ua, ua_len); + if (ua_len >= det_ctx->sgh->mpm_huad_ctx_ts->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_huad_ctx_ts->mpm_type]. + Search(det_ctx->sgh->mpm_huad_ctx_ts, &det_ctx->mtcu, + &det_ctx->pmq, ua, ua_len); + } SCReturnUInt(ret); } @@ -101,9 +104,8 @@ int DetectEngineRunHttpUAMpm(DetectEngineThreadCtx *det_ctx, Flow *f, goto end; } cnt = HttpUAPatternSearch(det_ctx, - (uint8_t *)bstr_ptr(h->value), + (const uint8_t *)bstr_ptr(h->value), bstr_len(h->value), flags); - end: return cnt; } diff --git a/src/detect-engine-payload.c b/src/detect-engine-payload.c index f952deafd0..ab63d16f86 100644 --- a/src/detect-engine-payload.c +++ b/src/detect-engine-payload.c @@ -66,9 +66,11 @@ uint32_t PacketPatternSearchWithStreamCtx(DetectEngineThreadCtx *det_ctx, SCReturnInt(0); } - ret = mpm_table[mpm_ctx->mpm_type]. - Search(mpm_ctx, &det_ctx->mtc, &det_ctx->pmq, - p->payload, p->payload_len); + if (p->payload_len >= mpm_ctx->minlen) { + ret = mpm_table[mpm_ctx->mpm_type]. + Search(mpm_ctx, &det_ctx->mtc, &det_ctx->pmq, + p->payload, p->payload_len); + } SCReturnInt(ret); } @@ -88,32 +90,31 @@ uint32_t StreamPatternSearch(DetectEngineThreadCtx *det_ctx, Packet *p, SCEnter(); uint32_t ret = 0; - uint8_t cnt = 0; //PrintRawDataFp(stdout, smsg->data.data, smsg->data.data_len); uint32_t r; if (flags & STREAM_TOSERVER) { for ( ; smsg != NULL; smsg = smsg->next) { - r = mpm_table[det_ctx->sgh->mpm_stream_ctx_ts->mpm_type]. - Search(det_ctx->sgh->mpm_stream_ctx_ts, &det_ctx->mtcs, - &det_ctx->pmq, smsg->data, smsg->data_len); - if (r > 0) { - ret += r; + if (smsg->data_len >= det_ctx->sgh->mpm_stream_ctx_ts->minlen) { + r = mpm_table[det_ctx->sgh->mpm_stream_ctx_ts->mpm_type]. + Search(det_ctx->sgh->mpm_stream_ctx_ts, &det_ctx->mtcs, + &det_ctx->pmq, smsg->data, smsg->data_len); + if (r > 0) { + ret += r; + } } - - cnt++; } } else if (flags & STREAM_TOCLIENT) { for ( ; smsg != NULL; smsg = smsg->next) { - r = mpm_table[det_ctx->sgh->mpm_stream_ctx_tc->mpm_type]. - Search(det_ctx->sgh->mpm_stream_ctx_tc, &det_ctx->mtcs, - &det_ctx->pmq, smsg->data, smsg->data_len); - if (r > 0) { - ret += r; + if (smsg->data_len >= det_ctx->sgh->mpm_stream_ctx_tc->minlen) { + r = mpm_table[det_ctx->sgh->mpm_stream_ctx_tc->mpm_type]. + Search(det_ctx->sgh->mpm_stream_ctx_tc, &det_ctx->mtcs, + &det_ctx->pmq, smsg->data, smsg->data_len); + if (r > 0) { + ret += r; + } } - - cnt++; } } @@ -131,7 +132,7 @@ uint32_t PacketPatternSearch(DetectEngineThreadCtx *det_ctx, Packet *p) { SCEnter(); - uint32_t ret; + uint32_t ret = 0; const MpmCtx *mpm_ctx = NULL; if (p->proto == IPPROTO_TCP) { @@ -151,6 +152,8 @@ uint32_t PacketPatternSearch(DetectEngineThreadCtx *det_ctx, Packet *p) } if (unlikely(mpm_ctx == NULL)) SCReturnInt(0); + if (p->payload_len < mpm_ctx->minlen) + SCReturnInt(0); #ifdef __SC_CUDA_SUPPORT__ if (p->cuda_pkt_vars.cuda_mpm_enabled && p->pkt_src == PKT_SRC_WIRE) { diff --git a/src/detect-engine-uri.c b/src/detect-engine-uri.c index 72a9a037bf..e88b8d7e23 100644 --- a/src/detect-engine-uri.c +++ b/src/detect-engine-uri.c @@ -56,9 +56,9 @@ * * \retval ret number of matches */ -static uint32_t UriPatternSearch(DetectEngineThreadCtx *det_ctx, - const uint8_t *uri, const uint16_t uri_len, - const uint8_t flags) +static inline uint32_t UriPatternSearch(DetectEngineThreadCtx *det_ctx, + const uint8_t *uri, const uint16_t uri_len, + const uint8_t flags) { SCEnter();