aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

src: remove multiple uses of atoi

Browse Source 
atoi() and related functions lack a mechanism for reporting errors for
invalid values. Replace them with calls to the appropriate
ByteExtractString* functions.

Closes redmine ticket 3053.
pull/5144/head
Shivani Bhardwaj 5 years ago
parent a98a209732
commit 0dac699197
9 changed files with 134 additions and 71 deletions
Show Stats Download Patch File Download Diff File

36
src/detect-byte-extract.c
Unescape Escape View File

@ -240,7 +240,12 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
"for arg 1 for byte_extract"); "for arg 1 for byte_extract");
goto error; goto error;
} }
bed->nbytes = atoi(nbytes_str); if (StringParseUint8(&bed->nbytes, 10, 0,
(const char *)nbytes_str) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid value for number of bytes"
" to be extracted: \"%s\".", nbytes_str);
goto error;
}
/* offset */ /* offset */
char offset_str[64] = ""; char offset_str[64] = "";
@ -251,10 +256,9 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
"for arg 2 for byte_extract"); "for arg 2 for byte_extract");
goto error; goto error;
} }
int offset = atoi(offset_str); int32_t offset;
if (offset < -65535 || offset > 65535) { if (StringParseI32RangeCheck(&offset, 10, 0, (const char *)offset_str, -65535, 65535) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "byte_extract offset invalid - %d. " SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid value for offset: \"%s\".", offset_str);
"The right offset range is -65535 to 65535", offset);
goto error; goto error;
} }
bed->offset = offset; bed->offset = offset;
@ -307,14 +311,13 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
"for arg %d for byte_extract", i); "for arg %d for byte_extract", i);
goto error; goto error;
} }
int multiplier = atoi(multiplier_str); int32_t multiplier;
if (multiplier < DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT || if (StringParseI32RangeCheck(&multiplier, 10, 0,
multiplier > DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT) { (const char *)multiplier_str,
SCLogError(SC_ERR_INVALID_SIGNATURE, "multipiler_value invalid " DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT,
"- %d. The range is %d-%d", DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT) < 0) {
multiplier, SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid value for"
DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT, "multiplier: \"%s\".", multiplier_str);
DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT);
goto error; goto error;
} }
bed->multiplier_value = multiplier; bed->multiplier_value = multiplier;
@ -411,7 +414,12 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
"for arg %d in byte_extract", i); "for arg %d in byte_extract", i);
goto error; goto error;
} }
bed->align_value = atoi(align_str); if (StringParseUint8(&bed->align_value, 10, 0,
(const char *)align_str) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid align_value: "
"\"%s\".", align_str);
goto error;
}
if (!(bed->align_value == 2 || bed->align_value == 4)) { if (!(bed->align_value == 2 || bed->align_value == 4)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid align_value for " SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid align_value for "
"byte_extract - \"%d\"", bed->align_value); "byte_extract - \"%d\"", bed->align_value);

10
src/detect-cipservice.c
Unescape Escape View File

@ -346,14 +346,14 @@ static DetectEnipCommandData *DetectEnipCommandParse(const char *rulestr)
goto error; goto error;
} }
unsigned long cmd = atol(rulestr); uint16_t cmd;
if (cmd > MAX_ENIP_CMD) //if command greater than 16 bit if (StringParseUint16(&cmd, 10, 0, rulestr) < 0) {
{ SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid ENIP command"
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid ENIP command %lu", cmd); ": \"%s\"", rulestr);
goto error; goto error;
} }
enipcmdd->enipcommand = (uint16_t) atoi(rulestr); enipcmdd->enipcommand = cmd;
return enipcmdd; return enipcmdd;

41
src/detect-engine-port.c
Unescape Escape View File

@ -51,12 +51,13 @@
#include "host.h" #include "host.h"
#include "util-profiling.h" #include "util-profiling.h"
#include "util-var.h" #include "util-var.h"
#include "util-byte.h"
static int DetectPortCutNot(DetectPort *, DetectPort **); static int DetectPortCutNot(DetectPort *, DetectPort **);
static int DetectPortCut(DetectEngineCtx *, DetectPort *, DetectPort *, static int DetectPortCut(DetectEngineCtx *, DetectPort *, DetectPort *,
DetectPort **); DetectPort **);
DetectPort *PortParse(const char *str); DetectPort *PortParse(const char *str);
int DetectPortIsValidRange(char *); static bool DetectPortIsValidRange(char *, uint16_t *);
/** /**
* \brief Alloc a DetectPort structure and update counters * \brief Alloc a DetectPort structure and update counters
@ -1295,20 +1296,20 @@ DetectPort *PortParse(const char *str)
} }
/* see if the address is an ipv4 or ipv6 address */ /* see if the address is an ipv4 or ipv6 address */
if ((port2 = strchr(port, ':')) != NULL) { if ((port2 = strchr(port, ':')) != NULL) {
/* 80:81 range format */ /* 80:81 range format */
port2[0] = '\0'; port2[0] = '\0';
port2++; port2++;
if (DetectPortIsValidRange(port)) if (strcmp(port, "") != 0) {
dp->port = atoi(port); if (!DetectPortIsValidRange(port, &dp->port))
else goto error;
goto error; } else {
dp->port = 0;
}
if (strcmp(port2, "") != 0) { if (strcmp(port2, "") != 0) {
if (DetectPortIsValidRange(port2)) if (!DetectPortIsValidRange(port2, &dp->port2))
dp->port2 = atoi(port2);
else
goto error; goto error;
} else { } else {
dp->port2 = 65535; dp->port2 = 65535;
@ -1321,10 +1322,10 @@ DetectPort *PortParse(const char *str)
if (strcasecmp(port,"any") == 0) { if (strcasecmp(port,"any") == 0) {
dp->port = 0; dp->port = 0;
dp->port2 = 65535; dp->port2 = 65535;
} else if(DetectPortIsValidRange(port)){
dp->port = dp->port2 = atoi(port);
} else { } else {
goto error; if (!DetectPortIsValidRange(port, &dp->port))
goto error;
dp->port2 = dp->port;
} }
} }
@ -1342,18 +1343,16 @@ error:
* *
* \param str Pointer to the port string * \param str Pointer to the port string
* *
* \retval 1 if port is in the valid range *
* \retval 0 if invalid * \retval true if port is in the valid range
* \retval false if invalid
*/ */
int DetectPortIsValidRange(char *port) static bool DetectPortIsValidRange(char *port, uint16_t *port_val)
{ {
char *end; if (StringParseUint16(port_val, 10, 0, (const char *)port) < 0)
long r = strtol(port, &end, 10); return false;
if(*end == 0 && r >= 0 && r <= 65535) return true;
return 1;
else
return 0;
} }
/********************** End parsing routines ********************/ /********************** End parsing routines ********************/

22
src/detect-fast-pattern.c
Unescape Escape View File

@ -33,6 +33,7 @@
#include "detect-fast-pattern.h" #include "detect-fast-pattern.h"
#include "util-error.h" #include "util-error.h"
#include "util-byte.h"
#include "util-debug.h" #include "util-debug.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-unittest-helper.h" #include "util-unittest-helper.h"
@ -283,10 +284,11 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
"for fast_pattern offset"); "for fast_pattern offset");
goto error; goto error;
} }
int offset = atoi(arg_substr); uint16_t offset;
if (offset > 65535) { if (StringParseUint16(&offset, 10, 0,
SCLogError(SC_ERR_INVALID_SIGNATURE, "Fast pattern offset exceeds " (const char *)arg_substr) < 0) {
"limit"); SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid fast pattern offset:"
" \"%s\"", arg_substr);
goto error; goto error;
} }
@ -297,14 +299,16 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
"for fast_pattern offset"); "for fast_pattern offset");
goto error; goto error;
} }
int length = atoi(arg_substr); uint16_t length;
if (length > 65535) { if (StringParseUint16(&length, 10, 0,
SCLogError(SC_ERR_INVALID_SIGNATURE, "Fast pattern length exceeds " (const char *)arg_substr) < 0) {
"limit"); SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid value for fast "
"pattern: \"%s\"", arg_substr);
goto error; goto error;
} }
if (offset + length > 65535) { // Avoiding integer overflow
if (offset > (65535 - length)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Fast pattern (length + offset) " SCLogError(SC_ERR_INVALID_SIGNATURE, "Fast pattern (length + offset) "
"exceeds limit pattern length limit"); "exceeds limit pattern length limit");
goto error; goto error;

3
src/detect-ipproto.c
Unescape Escape View File

@ -478,7 +478,8 @@ static int DetectIPProtoTestParse02(void)
static int DetectIPProtoTestSetup01(void) static int DetectIPProtoTestSetup01(void)
{ {
const char *value_str = "14"; const char *value_str = "14";
int value = atoi(value_str); int value;
FAIL_IF(StringParseInt32(&value, 10, 0, (const char *)value_str) < 0);
int i; int i;
Signature *sig = SigAlloc(); Signature *sig = SigAlloc();

5
src/detect-iprep.c
Unescape Escape View File

@ -41,6 +41,7 @@
#include "detect-engine-state.h" #include "detect-engine-state.h"
#include "util-debug.h" #include "util-debug.h"
#include "util-byte.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-unittest-helper.h" #include "util-unittest-helper.h"
#include "util-fmemopen.h" #include "util-fmemopen.h"
@ -321,10 +322,8 @@ int DetectIPRepSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
} }
if (value != NULL && strlen(value) > 0) { if (value != NULL && strlen(value) > 0) {
int ival = atoi(value); if (StringParseU8RangeCheck(&val, 10, 0, (const char *)value, 0, 127) < 0)
if (ival < 0 || ival > 127)
goto error; goto error;
val = (uint8_t)ival;
} }
cd = SCMalloc(sizeof(DetectIPRepData)); cd = SCMalloc(sizeof(DetectIPRepData));

7
src/detect-krb5-errcode.c
Unescape Escape View File

@ -23,6 +23,7 @@
#include "suricata-common.h" #include "suricata-common.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-byte.h"
#include "detect-parse.h" #include "detect-parse.h"
#include "detect-engine.h" #include "detect-engine.h"
@ -156,8 +157,10 @@ static DetectKrb5ErrCodeData *DetectKrb5ErrCodeParse (const char *krb5str)
krb5d = SCMalloc(sizeof (DetectKrb5ErrCodeData)); krb5d = SCMalloc(sizeof (DetectKrb5ErrCodeData));
if (unlikely(krb5d == NULL)) if (unlikely(krb5d == NULL))
goto error; goto error;
krb5d->err_code = (int32_t)atoi(arg1); if (StringParseInt32(&krb5d->err_code, 10, 0,
(const char *)arg1) < 0) {
goto error;
}
return krb5d; return krb5d;
error: error:

7
src/detect-krb5-msgtype.c
Unescape Escape View File

@ -23,6 +23,7 @@
#include "suricata-common.h" #include "suricata-common.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-byte.h"
#include "detect-parse.h" #include "detect-parse.h"
#include "detect-engine.h" #include "detect-engine.h"
@ -153,8 +154,10 @@ static DetectKrb5MsgTypeData *DetectKrb5MsgTypeParse (const char *krb5str)
krb5d = SCMalloc(sizeof (DetectKrb5MsgTypeData)); krb5d = SCMalloc(sizeof (DetectKrb5MsgTypeData));
if (unlikely(krb5d == NULL)) if (unlikely(krb5d == NULL))
goto error; goto error;
krb5d->msg_type = (uint8_t)atoi(arg1); if (StringParseUint8(&krb5d->msg_type, 10, 0,
(const char *)arg1) < 0) {
goto error;
}
return krb5d; return krb5d;
error: error:

74
src/detect-modbus.c
Unescape Escape View File

@ -51,6 +51,7 @@
#include "detect-engine-modbus.h" #include "detect-engine-modbus.h"
#include "util-debug.h" #include "util-debug.h"
#include "util-byte.h"
#include "app-layer-modbus.h" #include "app-layer-modbus.h"
@ -190,14 +191,21 @@ static DetectModbus *DetectModbusAccessParse(DetectEngineCtx *de_ctx, const char
if (unlikely(modbus->address == NULL)) if (unlikely(modbus->address == NULL))
goto error; goto error;
uint8_t idx;
if (arg[0] == '>') { if (arg[0] == '>') {
modbus->address->min = atoi((const char*) (arg+1)); idx = 1;
modbus->address->mode = DETECT_MODBUS_GT; modbus->address->mode = DETECT_MODBUS_GT;
} else if (arg[0] == '<') { } else if (arg[0] == '<') {
modbus->address->min = atoi((const char*) (arg+1)); idx = 1;
modbus->address->mode = DETECT_MODBUS_LT; modbus->address->mode = DETECT_MODBUS_LT;
} else { } else {
modbus->address->min = atoi((const char*) arg); idx = 0;
}
if (StringParseUint16(&modbus->address->min, 10, 0,
(const char *) (arg + idx)) < 0) {
SCLogError(SC_ERR_INVALID_VALUE, "Invalid value for min "
"address: %s", (const char *)(arg + idx));
goto error;
} }
SCLogDebug("and min/equal address %d", modbus->address->min); SCLogDebug("and min/equal address %d", modbus->address->min);
@ -209,7 +217,12 @@ static DetectModbus *DetectModbusAccessParse(DetectEngineCtx *de_ctx, const char
} }
if (*arg != '\0') { if (*arg != '\0') {
modbus->address->max = atoi((const char*) (arg+2)); if (StringParseUint16(&modbus->address->max, 10, 0,
(const char*) (arg + 2)) < 0) {
SCLogError(SC_ERR_INVALID_VALUE, "Invalid value for max "
"address: %s", (const char*)(arg + 2));
goto error;
}
modbus->address->mode = DETECT_MODBUS_RA; modbus->address->mode = DETECT_MODBUS_RA;
SCLogDebug("and max address %d", modbus->address->max); SCLogDebug("and max address %d", modbus->address->max);
} }
@ -235,14 +248,22 @@ static DetectModbus *DetectModbusAccessParse(DetectEngineCtx *de_ctx, const char
if (unlikely(modbus->data == NULL)) if (unlikely(modbus->data == NULL))
goto error; goto error;
uint8_t idx_mode;
if (arg[0] == '>') { if (arg[0] == '>') {
modbus->data->min = atoi((const char*) (arg+1)); idx_mode = 1;
modbus->data->mode = DETECT_MODBUS_GT; modbus->data->mode = DETECT_MODBUS_GT;
} else if (arg[0] == '<') { } else if (arg[0] == '<') {
modbus->data->min = atoi((const char*) (arg+1)); idx_mode = 1;
modbus->data->mode = DETECT_MODBUS_LT; modbus->data->mode = DETECT_MODBUS_LT;
} else { } else {
modbus->data->min = atoi((const char*) arg); idx_mode = 0;
}
if (StringParseUint16(&modbus->data->min, 10, 0,
(const char*) (arg + idx_mode)) < 0) {
SCLogError(SC_ERR_INVALID_VALUE, "Invalid value for "
"min data: %s", (const char*)(arg + idx_mode));
goto error;
} }
SCLogDebug("and min/equal value %d", modbus->data->min); SCLogDebug("and min/equal value %d", modbus->data->min);
@ -254,7 +275,13 @@ static DetectModbus *DetectModbusAccessParse(DetectEngineCtx *de_ctx, const char
} }
if (*arg != '\0') { if (*arg != '\0') {
modbus->data->max = atoi((const char*) (arg+2)); if (StringParseUint16(&modbus->data->max,
10, 0, (const char*) (arg + 2)) < 0) {
SCLogError(SC_ERR_INVALID_VALUE,
"Invalid value for max data: %s",
(const char*)(arg + 2));
goto error;
}
modbus->data->mode = DETECT_MODBUS_RA; modbus->data->mode = DETECT_MODBUS_RA;
SCLogDebug("and max value %d", modbus->data->max); SCLogDebug("and max value %d", modbus->data->max);
} }
@ -306,7 +333,11 @@ static DetectModbus *DetectModbusFunctionParse(DetectEngineCtx *de_ctx, const ch
goto error; goto error;
if (isdigit((unsigned char)ptr[0])) { if (isdigit((unsigned char)ptr[0])) {
modbus->function = atoi((const char*) ptr); if (StringParseUint8(&modbus->function, 10, 0, (const char *)ptr) < 0) {
SCLogError(SC_ERR_INVALID_VALUE, "Invalid value for "
"modbus function: %s", (const char *)ptr);
goto error;
}
/* Function code 0 is managed by decoder_event INVALID_FUNCTION_CODE */ /* Function code 0 is managed by decoder_event INVALID_FUNCTION_CODE */
if (modbus->function == MODBUS_FUNC_NONE) { if (modbus->function == MODBUS_FUNC_NONE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError(SC_ERR_INVALID_SIGNATURE,
@ -329,7 +360,12 @@ static DetectModbus *DetectModbusFunctionParse(DetectEngineCtx *de_ctx, const ch
if (modbus->subfunction == NULL) if (modbus->subfunction == NULL)
goto error; goto error;
*(modbus->subfunction) = atoi((const char*) arg); if (StringParseUint16(&(*modbus->subfunction), 10, 0, (const char *)arg) < 0) {
SCLogError(SC_ERR_INVALID_VALUE, "Invalid value for "
"modbus subfunction: %s", (const char*)arg);
goto error;
}
SCLogDebug("and subfunction %d", *(modbus->subfunction)); SCLogDebug("and subfunction %d", *(modbus->subfunction));
} }
} else { } else {
@ -421,14 +457,20 @@ static DetectModbus *DetectModbusUnitIdParse(DetectEngineCtx *de_ctx, const char
if (unlikely(modbus->unit_id == NULL)) if (unlikely(modbus->unit_id == NULL))
goto error; goto error;
uint8_t idx;
if (arg[0] == '>') { if (arg[0] == '>') {
modbus->unit_id->min = atoi((const char*) (arg+1)); idx = 1;
modbus->unit_id->mode = DETECT_MODBUS_GT; modbus->unit_id->mode = DETECT_MODBUS_GT;
} else if (arg[0] == '<') { } else if (arg[0] == '<') {
modbus->unit_id->min = atoi((const char*) (arg+1)); idx = 1;
modbus->unit_id->mode = DETECT_MODBUS_LT; modbus->unit_id->mode = DETECT_MODBUS_LT;
} else { } else {
modbus->unit_id->min = atoi((const char*) arg); idx = 0;
}
if (StringParseUint16(&modbus->unit_id->min, 10, 0, (const char *) (arg + idx)) < 0) {
SCLogError(SC_ERR_INVALID_VALUE, "Invalid value for "
"modbus min unit id: %s", (const char*)(arg + idx));
goto error;
} }
SCLogDebug("and min/equal unit id %d", modbus->unit_id->min); SCLogDebug("and min/equal unit id %d", modbus->unit_id->min);
@ -440,7 +482,11 @@ static DetectModbus *DetectModbusUnitIdParse(DetectEngineCtx *de_ctx, const char
} }
if (*arg != '\0') { if (*arg != '\0') {
modbus->unit_id->max = atoi((const char*) (arg+2)); if (StringParseUint16(&modbus->unit_id->max, 10, 0, (const char *) (arg + 2)) < 0) {
SCLogError(SC_ERR_INVALID_VALUE, "Invalid value for "
"modbus max unit id: %s", (const char*)(arg + 2));
goto error;
}
modbus->unit_id->mode = DETECT_MODBUS_RA; modbus->unit_id->mode = DETECT_MODBUS_RA;
SCLogDebug("and max unit id %d", modbus->unit_id->max); SCLogDebug("and max unit id %d", modbus->unit_id->max);
} }

Write Preview
Loading…
Cancel
Save