aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix port parsing in config file, added one more corresponding test.

Browse Source 
Some examples from wiki caused parsing errors.
For example, "[1:80,![2,4]]" was treated as a mistake.

Also fixed loop detection in variables declaration. For example,
'A: "HOME_NET, !$HOME_NET"' resulted in parsing error.
pull/2440/head
Alexander Gozman 9 years ago committed by Victor Julien
parent 8b8426934f
commit e492f0dc89
3 changed files with 49 additions and 14 deletions
Show Stats Download Patch File Download Diff File

14
src/detect-engine-address.c
Unescape Escape View File

@ -826,12 +826,6 @@ static int DetectAddressParse2(const DetectEngineCtx *de_ctx,
char *rule_var_address = NULL; char *rule_var_address = NULL;
char *temp_rule_var_address = NULL; char *temp_rule_var_address = NULL;
if (AddVariableToResolveList(var_list, s) == -1) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a address "
"groups declaration. This is likely a misconfiguration.");
goto error;
}
SCLogDebug("s %s negate %s", s, negate ? "true" : "false"); SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
for (u = 0, x = 0; u < size && x < sizeof(address); u++) { for (u = 0, x = 0; u < size && x < sizeof(address); u++) {
@ -996,6 +990,12 @@ static int DetectAddressParse2(const DetectEngineCtx *de_ctx,
} }
x = 0; x = 0;
if (AddVariableToResolveList(var_list, address) == -1) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a address "
"groups declaration. This is likely a misconfiguration.");
goto error;
}
if (d_set == 1) { if (d_set == 1) {
rule_var_address = SCRuleVarsGetConfVar(de_ctx, address, rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
SC_RULE_VARS_ADDRESS_GROUPS); SC_RULE_VARS_ADDRESS_GROUPS);
@ -1324,8 +1324,6 @@ int DetectAddressTestConfVars(void)
goto error; goto error;
} }
CleanVariableResolveList(&var_list);
if (DetectAddressIsCompleteIPSpace(ghn)) { if (DetectAddressIsCompleteIPSpace(ghn)) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
"address var - \"%s\" has the complete IP space negated " "address var - \"%s\" has the complete IP space negated "

45
src/detect-engine-port.c
Unescape Escape View File

@ -972,12 +972,6 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
char *rule_var_port = NULL; char *rule_var_port = NULL;
int r = 0; int r = 0;
if (AddVariableToResolveList(var_list, s) == -1) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a port "
"groups declaration. This is likely a misconfiguration.");
goto error;
}
SCLogDebug("head %p, *head %p, negate %d", head, *head, negate); SCLogDebug("head %p, *head %p, negate %d", head, *head, negate);
for (u = 0, x = 0; u < size && x < sizeof(address); u++) { for (u = 0, x = 0; u < size && x < sizeof(address); u++) {
@ -1078,6 +1072,13 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
address[x] = '\0'; address[x] = '\0';
} }
SCLogDebug("%s", address); SCLogDebug("%s", address);
if (AddVariableToResolveList(var_list, address) == -1) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a port "
"groups declaration. This is likely a misconfiguration.");
goto error;
}
x = 0; x = 0;
if (d_set == 1) { if (d_set == 1) {
char *temp_rule_var_port = NULL, char *temp_rule_var_port = NULL,
@ -1121,6 +1122,8 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
goto error; goto error;
} }
n_set = 0; n_set = 0;
} else if (depth == 1 && s[u] == ',') {
range = 0;
} }
} }
@ -2018,6 +2021,7 @@ end:
DetectPortCleanupList(dd); DetectPortCleanupList(dd);
return result; return result;
} }
/** /**
* \test Test general functions * \test Test general functions
*/ */
@ -2390,6 +2394,34 @@ end:
return result; return result;
} }
/**
* \test Test general functions
*/
static int PortTestFunctions07(void)
{
DetectPort *dd = NULL;
// This one should fail due to negation in a range
FAIL_IF(DetectPortParse(NULL, &dd, "[80:!99]") == 0);
// Correct: from 80 till 100 but 99 excluded
FAIL_IF_NOT(DetectPortParse(NULL, &dd, "[80:100,!99]") == 0);
FAIL_IF_NULL(dd->next);
FAIL_IF_NOT(dd->port == 80);
FAIL_IF_NOT(dd->port2 == 98);
FAIL_IF_NOT(dd->next->port == 100);
// Also good: from 1 till 80 except of 2 and 4
FAIL_IF_NOT(DetectPortParse(NULL, &dd, "[1:80,![2,4]]") == 0);
FAIL_IF_NOT(dd->port == 1);
FAIL_IF_NULL(DetectPortLookupGroup(dd, 3));
FAIL_IF_NOT_NULL(DetectPortLookupGroup(dd, 2));
FAIL_IF_NULL(DetectPortLookupGroup(dd, 80));
DetectPortCleanupList(dd);
PASS;
}
/** /**
* \test Test packet Matches * \test Test packet Matches
* \param raw_eth_pkt pointer to the ethernet packet * \param raw_eth_pkt pointer to the ethernet packet
@ -2713,6 +2745,7 @@ void DetectPortTests(void)
UtRegisterTest("PortTestFunctions04", PortTestFunctions04); UtRegisterTest("PortTestFunctions04", PortTestFunctions04);
UtRegisterTest("PortTestFunctions05", PortTestFunctions05); UtRegisterTest("PortTestFunctions05", PortTestFunctions05);
UtRegisterTest("PortTestFunctions06", PortTestFunctions06); UtRegisterTest("PortTestFunctions06", PortTestFunctions06);
UtRegisterTest("PortTestFunctions07", PortTestFunctions07);
UtRegisterTest("PortTestMatchReal01", PortTestMatchReal01); UtRegisterTest("PortTestMatchReal01", PortTestMatchReal01);
UtRegisterTest("PortTestMatchReal02", PortTestMatchReal02); UtRegisterTest("PortTestMatchReal02", PortTestMatchReal02);
UtRegisterTest("PortTestMatchReal03", PortTestMatchReal03); UtRegisterTest("PortTestMatchReal03", PortTestMatchReal03);

4
src/util-var.c
Unescape Escape View File

@ -137,6 +137,10 @@ int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
if (list == NULL || var == NULL) if (list == NULL || var == NULL)
return 0; return 0;
if (var[0] != '$') {
return 0;
}
TAILQ_FOREACH(p_item, list, next) { TAILQ_FOREACH(p_item, list, next) {
if (!strcmp(p_item->var_name, var)) { if (!strcmp(p_item->var_name, var)) {
return -1; return -1;

Write Preview
Loading…
Cancel
Save