aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0eeccb4b17'
${ noResults }
suricata/src/util-byte.c

570 lines
14 KiB
C
Raw Blame History

/* Copyright (C) 2007-2010 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Brian Rectanus <brectanu@gmail.com>
*
* Byte utility functions
*/
#include "suricata-common.h"
#include "util-byte.h"
#include "util-unittest.h"
#include "util-debug.h"
int ByteExtractUint64(uint64_t *res, int e, uint16_t len, const uint8_t *bytes)
{
uint64_t i64;
int ret;
/* Uint64 is limited to 8 bytes */
if (len > 8) {
/** \todo Need standard return values */
return -1;
}
ret = ByteExtract(&i64, e, len, bytes);
if (ret <= 0) {
return ret;
}
*res = (uint64_t)i64;
return ret;
}
int ByteExtractUint32(uint32_t *res, int e, uint16_t len, const uint8_t *bytes)
{
uint64_t i64;
int ret;
/* Uint32 is limited to 4 bytes */
if (len > 4) {
/** \todo Need standard return values */
return -1;
}
ret = ByteExtract(&i64, e, len, bytes);
if (ret <= 0) {
return ret;
}
*res = (uint32_t)i64;
return ret;
}
int ByteExtractUint16(uint16_t *res, int e, uint16_t len, const uint8_t *bytes)
{
uint64_t i64;
int ret;
/* Uint16 is limited to 2 bytes */
if (len > 2) {
/** \todo Need standard return values */
return -1;
}
ret = ByteExtract(&i64, e, len, bytes);
if (ret <= 0) {
return ret;
}
*res = (uint16_t)i64;
return ret;
}
int ByteExtractString(uint64_t *res, int base, uint16_t len, const char *str)
{
const char *ptr = str;
char *endptr = NULL;
/* 23 - This is the largest string (octal, with a zero prefix) that
* will not overflow uint64_t. The only way this length
* could be over 23 and still not overflow is if it were zero
* prefixed and we only support 1 byte of zero prefix for octal.
*
* "01777777777777777777777" = 0xffffffffffffffff
*/
char strbuf[24];
if (len > 23) {
SCLogError(SC_ERR_ARG_LEN_LONG, "len too large (23 max)");
return -1;
}
if (len) {
/* Extract out the string so it can be null terminated */
memcpy(strbuf, str, len);
strbuf[len] = '\0';
ptr = strbuf;
}
errno = 0;
*res = strtoull(ptr, &endptr, base);
if (errno == ERANGE) {
SCLogError(SC_ERR_NUMERIC_VALUE_ERANGE, "Numeric value out of range");
return -1;
/* If there is no numeric value in the given string then strtoull(), makes
endptr equals to ptr and return 0 as result */
} else if (endptr == ptr && *res == 0) {
SCLogDebug("No numeric value");
return -1;
} else if (endptr == ptr) {
SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "Invalid numeric value");
return -1;
}
/* This will interfere with some rules that do not know the length
* in advance and instead are just using the max.
*/
#if 0
else if (len && *endptr != '\0') {
fprintf(stderr, "ByteExtractString: Extra characters following numeric value\n");
return -1;
}
#endif
return (endptr - ptr);
}
int ByteExtractStringUint64(uint64_t *res, int base, uint16_t len, const char *str)
{
return ByteExtractString(res, base, len, str);
}
int ByteExtractStringUint32(uint32_t *res, int base, uint16_t len, const char *str)
{
uint64_t i64;
int ret;
ret = ByteExtractString(&i64, base, len, str);
if (ret <= 0) {
return ret;
}
*res = (uint32_t)i64;
if ((uint64_t)(*res) != i64) {
SCLogError(SC_ERR_NUMERIC_VALUE_ERANGE, "Numeric value out of range "
"(%" PRIu64 " > %" PRIu32 ")", i64, UINT_MAX);
return -1;
}
return ret;
}
int ByteExtractStringUint16(uint16_t *res, int base, uint16_t len, const char *str)
{
uint64_t i64;
int ret;
ret = ByteExtractString(&i64, base, len, str);
if (ret <= 0) {
return ret;
}
*res = (uint16_t)i64;
if ((uint64_t)(*res) != i64) {
SCLogError(SC_ERR_NUMERIC_VALUE_ERANGE, "Numeric value out of range "
"(%" PRIu64 " > %" PRIu16 ")", i64, USHRT_MAX);
return -1;
}
return ret;
}
int ByteExtractStringUint8(uint8_t *res, int base, uint16_t len, const char *str)
{
uint64_t i64;
int ret;
ret = ByteExtractString(&i64, base, len, str);
if (ret <= 0) {
return ret;
}
*res = (uint8_t)i64;
if ((uint64_t)(*res) != i64) {
SCLogError(SC_ERR_NUMERIC_VALUE_ERANGE, "Numeric value out of range "
"(%" PRIu64 " > %" PRIu8 ")", i64, UCHAR_MAX);
return -1;
}
return ret;
}
int ByteExtractStringSigned(int64_t *res, int base, uint16_t len, const char *str)
{
const char *ptr = str;
char *endptr;
/* 23 - This is the largest string (octal, with a zero prefix) that
* will not overflow int64_t. The only way this length
* could be over 23 and still not overflow is if it were zero
* prefixed and we only support 1 byte of zero prefix for octal.
*
* "-0777777777777777777777" = 0xffffffffffffffff
*/
char strbuf[24];
if (len > 23) {
SCLogError(SC_ERR_ARG_LEN_LONG, "len too large (23 max)");
return -1;
}
if (len) {
/* Extract out the string so it can be null terminated */
memcpy(strbuf, str, len);
strbuf[len] = '\0';
ptr = strbuf;
}
errno = 0;
*res = strtoll(ptr, &endptr, base);
if (errno == ERANGE) {
SCLogError(SC_ERR_NUMERIC_VALUE_ERANGE, "Numeric value out of range");
return -1;
} else if (endptr == str) {
SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "Invalid numeric value");
return -1;
}
/* This will interfere with some rules that do not know the length
* in advance and instead are just using the max.
*/
#if 0
else if (len && *endptr != '\0') {
fprintf(stderr, "ByteExtractStringSigned: Extra characters following numeric value\n");
return -1;
}
#endif
//fprintf(stderr, "ByteExtractStringSigned: Extracted base %d: 0x%" PRIx64 "\n", base, *res);
return (endptr - ptr);
}
int ByteExtractStringInt64(int64_t *res, int base, uint16_t len, const char *str)
{
return ByteExtractStringSigned(res, base, len, str);
}
int ByteExtractStringInt32(int32_t *res, int base, uint16_t len, const char *str)
{
int64_t i64;
int ret;
ret = ByteExtractStringSigned(&i64, base, len, str);
if (ret <= 0) {
return ret;
}
*res = (int32_t)i64;
if ((int64_t)(*res) != i64) {
SCLogError(SC_ERR_NUMERIC_VALUE_ERANGE, "Numeric value out of range "
"(%" PRIi64 " > %" PRIi32 ")\n", i64, INT_MAX);
return -1;
}
return ret;
}
int ByteExtractStringInt16(int16_t *res, int base, uint16_t len, const char *str)
{
int64_t i64;
int ret;
ret = ByteExtractStringSigned(&i64, base, len, str);
if (ret <= 0) {
return ret;
}
*res = (int16_t)i64;
if ((int64_t)(*res) != i64) {
SCLogError(SC_ERR_NUMERIC_VALUE_ERANGE, "Numeric value out of range "
"(%" PRIi64 " > %" PRIi16 ")\n", i64, SHRT_MAX);
return -1;
}
return ret;
}
int ByteExtractStringInt8(int8_t *res, int base, uint16_t len, const char *str)
{
int64_t i64;
int ret;
ret = ByteExtractStringSigned(&i64, base, len, str);
if (ret <= 0) {
return ret;
}
*res = (int8_t)i64;
if ((int64_t)(*res) != i64) {
SCLogError(SC_ERR_NUMERIC_VALUE_ERANGE, "Numeric value out of range "
"(%" PRIi64 " > %" PRIi8 ")\n", i64, CHAR_MAX);
return -1;
}
return ret;
}
/* UNITTESTS */
#ifdef UNITTESTS
static int ByteTest01 (void) {
uint16_t val = 0x0102;
uint16_t i16 = 0xbfbf;
uint8_t bytes[2] = { 0x02, 0x01 };
int ret = ByteExtractUint16(&i16, BYTE_LITTLE_ENDIAN, sizeof(bytes), bytes);
if ((ret == 2) && (i16 == val)) {
return 1;
}
return 0;
}
static int ByteTest02 (void) {
uint16_t val = 0x0102;
uint16_t i16 = 0xbfbf;
uint8_t bytes[2] = { 0x01, 0x02 };
int ret = ByteExtractUint16(&i16, BYTE_BIG_ENDIAN, sizeof(bytes), bytes);
if ((ret == 2) && (i16 == val)) {
return 1;
}
return 0;
}
static int ByteTest03 (void) {
uint32_t val = 0x01020304;
uint32_t i32 = 0xbfbfbfbf;
uint8_t bytes[4] = { 0x04, 0x03, 0x02, 0x01 };
int ret = ByteExtractUint32(&i32, BYTE_LITTLE_ENDIAN, sizeof(bytes), bytes);
if ((ret == 4) && (i32 == val)) {
return 1;
}
return 0;
}
static int ByteTest04 (void) {
uint32_t val = 0x01020304;
uint32_t i32 = 0xbfbfbfbf;
uint8_t bytes[4] = { 0x01, 0x02, 0x03, 0x04 };
int ret = ByteExtractUint32(&i32, BYTE_BIG_ENDIAN, sizeof(bytes), bytes);
if ((ret == 4) && (i32 == val)) {
return 1;
}
return 0;
}
static int ByteTest05 (void) {
uint64_t val = 0x0102030405060708ULL;
uint64_t i64 = 0xbfbfbfbfbfbfbfbfULL;
uint8_t bytes[8] = { 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01 };
int ret = ByteExtractUint64(&i64, BYTE_LITTLE_ENDIAN, sizeof(bytes), bytes);
if ((ret == 8) && (i64 == val)) {
return 1;
}
return 0;
}
static int ByteTest06 (void) {
uint64_t val = 0x0102030405060708ULL;
uint64_t i64 = 0xbfbfbfbfbfbfbfbfULL;
uint8_t bytes[8] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
int ret = ByteExtractUint64(&i64, BYTE_BIG_ENDIAN, sizeof(bytes), bytes);
if ((ret == 8) && (i64 == val)) {
return 1;
}
return 0;
}
static int ByteTest07 (void) {
const char *str = "1234567890";
uint64_t val = 1234567890;
uint64_t i64 = 0xbfbfbfbfbfbfbfbfULL;
int ret = ByteExtractStringUint64(&i64, 10, strlen(str), str);
if ((ret == 10) && (i64 == val)) {
return 1;
}
return 0;
}
static int ByteTest08 (void) {
const char *str = "1234567890";
uint32_t val = 1234567890;
uint32_t i32 = 0xbfbfbfbf;
int ret = ByteExtractStringUint32(&i32, 10, strlen(str), str);
if ((ret == 10) && (i32 == val)) {
return 1;
}
return 0;
}
static int ByteTest09 (void) {
const char *str = "12345";
uint16_t val = 12345;
uint16_t i16 = 0xbfbf;
int ret = ByteExtractStringUint16(&i16, 10, strlen(str), str);
if ((ret == 5) && (i16 == val)) {
return 1;
}
return 0;
}
static int ByteTest10 (void) {
const char *str = "123";
uint8_t val = 123;
uint8_t i8 = 0xbf;
int ret = ByteExtractStringUint8(&i8, 10, strlen(str), str);
if ((ret == 3) && (i8 == val)) {
return 1;
}
return 0;
}
static int ByteTest11 (void) {
const char *str = "-1234567890";
int64_t val = -1234567890;
int64_t i64 = 0xbfbfbfbfbfbfbfbfULL;
int ret = ByteExtractStringInt64(&i64, 10, strlen(str), str);
if ((ret == 11) && (i64 == val)) {
return 1;
}
return 0;
}
static int ByteTest12 (void) {
const char *str = "-1234567890";
int32_t val = -1234567890;
int32_t i32 = 0xbfbfbfbf;
int ret = ByteExtractStringInt32(&i32, 10, strlen(str), str);
if ((ret == 11) && (i32 == val)) {
return 1;
}
return 0;
}
static int ByteTest13 (void) {
const char *str = "-12345";
int16_t val = -12345;
int16_t i16 = 0xbfbf;
int ret = ByteExtractStringInt16(&i16, 10, strlen(str), str);
if ((ret == 6) && (i16 == val)) {
return 1;
}
return 0;
}
static int ByteTest14 (void) {
const char *str = "-123";
int8_t val = -123;
int8_t i8 = 0xbf;
int ret = ByteExtractStringInt8(&i8, 10, strlen(str), str);
if ((ret == 4) && (i8 == val)) {
return 1;
}
return 0;
}
/** \test max u32 value */
static int ByteTest15 (void) {
const char *str = "4294967295";
uint32_t val = 4294967295UL;
uint32_t u32 = 0xffffffff;
int ret = ByteExtractStringUint32(&u32, 10, strlen(str), str);
if ((ret == 10) && (u32 == val)) {
return 1;
}
return 0;
}
/** \test max u32 value + 1 */
static int ByteTest16 (void) {
const char *str = "4294967296";
uint32_t u32 = 0;
int ret = ByteExtractStringUint32(&u32, 10, strlen(str), str);
if (ret != 0) {
return 1;
}
return 0;
}
#endif /* UNITTESTS */
void ByteRegisterTests(void) {
#ifdef UNITTESTS
UtRegisterTest("ByteTest01", ByteTest01, 1);
UtRegisterTest("ByteTest02", ByteTest02, 1);
UtRegisterTest("ByteTest03", ByteTest03, 1);
UtRegisterTest("ByteTest04", ByteTest04, 1);
UtRegisterTest("ByteTest05", ByteTest05, 1);
UtRegisterTest("ByteTest06", ByteTest06, 1);
UtRegisterTest("ByteTest07", ByteTest07, 1);
UtRegisterTest("ByteTest08", ByteTest08, 1);
UtRegisterTest("ByteTest09", ByteTest09, 1);
UtRegisterTest("ByteTest10", ByteTest10, 1);
UtRegisterTest("ByteTest11", ByteTest11, 1);
UtRegisterTest("ByteTest12", ByteTest12, 1);
UtRegisterTest("ByteTest13", ByteTest13, 1);
UtRegisterTest("ByteTest14", ByteTest14, 1);
UtRegisterTest("ByteTest15", ByteTest15, 1);
UtRegisterTest("ByteTest16", ByteTest16, 1);
#endif /* UNITTESTS */
}
Reference in New Issue View Git Blame Copy Permalink