diff --git a/rust/src/detect.rs b/rust/src/detect.rs index 7f2e04b72f..4d863f44e3 100644 --- a/rust/src/detect.rs +++ b/rust/src/detect.rs @@ -87,6 +87,28 @@ fn detect_parse_uint_start_interval(i: &str) -> IResult<&str, )) } +fn detect_parse_uint_start_interval_inclusive( + i: &str, +) -> IResult<&str, DetectUintData> { + let (i, arg1) = verify(map_opt(digit1, |s: &str| s.parse::().ok()), |x| { + *x > T::min_value() + })(i)?; + let (i, _) = opt(is_a(" "))(i)?; + let (i, _) = alt((tag("-"), tag("<>")))(i)?; + let (i, _) = opt(is_a(" "))(i)?; + let (i, arg2) = verify(map_opt(digit1, |s: &str| s.parse::().ok()), |x| { + *x > arg1 && *x < T::max_value() + })(i)?; + Ok(( + i, + DetectUintData { + arg1: arg1 - T::one(), + arg2: arg2 + T::one(), + mode: DetectUintMode::DetectUintModeRange, + }, + )) +} + fn detect_parse_uint_mode(i: &str) -> IResult<&str, DetectUintMode> { let (i, mode) = alt(( value(DetectUintMode::DetectUintModeGte, tag(">=")), @@ -199,6 +221,17 @@ pub fn detect_parse_uint(i: &str) -> IResult<&str, DetectUintD Ok((i, uint)) } +pub fn detect_parse_uint_inclusive(i: &str) -> IResult<&str, DetectUintData> { + let (i, _) = opt(is_a(" "))(i)?; + let (i, uint) = alt(( + detect_parse_uint_start_interval_inclusive, + detect_parse_uint_start_equal, + detect_parse_uint_start_symbol, + ))(i)?; + let (i, _) = all_consuming(take_while(|c| c == ' '))(i)?; + Ok((i, uint)) +} + #[no_mangle] pub unsafe extern "C" fn rs_detect_u64_parse( ustr: *const std::os::raw::c_char, @@ -243,6 +276,20 @@ pub unsafe extern "C" fn rs_detect_u32_parse( return std::ptr::null_mut(); } +#[no_mangle] +pub unsafe extern "C" fn rs_detect_u32_parse_inclusive( + ustr: *const std::os::raw::c_char, +) -> *mut DetectUintData { + let ft_name: &CStr = CStr::from_ptr(ustr); //unsafe + if let Ok(s) = ft_name.to_str() { + if let Ok((_, ctx)) = detect_parse_uint_inclusive::(s) { + let boxed = Box::new(ctx); + return Box::into_raw(boxed) as *mut _; + } + } + return std::ptr::null_mut(); +} + #[no_mangle] pub unsafe extern "C" fn rs_detect_u32_match( arg: u32, ctx: &DetectUintData, diff --git a/src/detect-nfs-procedure.c b/src/detect-nfs-procedure.c index f6600024a7..2eba1794cf 100644 --- a/src/detect-nfs-procedure.c +++ b/src/detect-nfs-procedure.c @@ -146,7 +146,7 @@ static int DetectNfsProcedureMatch (DetectEngineThreadCtx *det_ctx, */ static DetectU32Data *DetectNfsProcedureParse(const char *rawstr) { - return DetectU32Parse(rawstr); + return rs_detect_u32_parse_inclusive(rawstr); } @@ -267,9 +267,9 @@ static int ValidityTestParse03 (void) static int ValidityTestParse04 (void) { DetectU32Data *dd = NULL; - dd = DetectNfsProcedureParse("1430000000<>1470000000"); + dd = DetectNfsProcedureParse("1430000001<>1470000000"); FAIL_IF_NULL(dd); - FAIL_IF_NOT(dd->arg1 == 1430000000 && dd->arg2 == 1470000000 && dd->mode == DETECT_UINT_RA); + FAIL_IF_NOT(dd->arg1 == 1430000000 && dd->arg2 == 1470000001 && dd->mode == DETECT_UINT_RA); DetectNfsProcedureFree(NULL, dd); PASS; } @@ -381,9 +381,9 @@ static int ValidityTestParse11 (void) static int ValidityTestParse12 (void) { DetectU32Data *dd = NULL; - dd = DetectNfsProcedureParse("1430000000 <> 1490000000"); + dd = DetectNfsProcedureParse("1430000001 <> 1490000000"); FAIL_IF_NULL(dd); - FAIL_IF_NOT(dd->arg1 == 1430000000 && dd->arg2 == 1490000000 && dd->mode == DETECT_UINT_RA); + FAIL_IF_NOT(dd->arg1 == 1430000000 && dd->arg2 == 1490000001 && dd->mode == DETECT_UINT_RA); DetectNfsProcedureFree(NULL, dd); PASS; } diff --git a/src/detect-nfs-version.c b/src/detect-nfs-version.c index ccd479848b..d90fd3e17c 100644 --- a/src/detect-nfs-version.c +++ b/src/detect-nfs-version.c @@ -133,7 +133,7 @@ static int DetectNfsVersionMatch (DetectEngineThreadCtx *det_ctx, */ static DetectU32Data *DetectNfsVersionParse(const char *rawstr) { - return DetectU32Parse(rawstr); + return rs_detect_u32_parse_inclusive(rawstr); }