aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/pcre: Use local match variables

Browse Source 
pcre2 is not thread-safe wrt match objects so use locally scoped
objects.

Issue: 4797
pull/9243/head
Jeff Lucovsky 3 years ago committed by Victor Julien
parent 27aa35cd5b
commit 3286c3b912
52 changed files with 576 additions and 319 deletions
Show Stats Download Patch File Download Diff File

14
src/detect-base64-decode.c
Unescape Escape View File

@ -123,12 +123,9 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
*offset = 0;
*relative = 0;
size_t pcre2_len;
pcre2_match_data *match = NULL;
pcre2_match_data *match = pcre2_match_data_create_from_pattern(decode_pcre.regex, NULL);
if (match == NULL)
goto error;
int pcre_rc = pcre2_match(decode_pcre.regex, (PCRE2_SPTR8)str, strlen(str), 0, 0, match, NULL);
int pcre_rc = DetectParsePcreExec(&decode_pcre, &match, str, 0, 0);
if (pcre_rc < 3) {
goto error;
}
@ -164,10 +161,13 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
}
}
retval = 1;
pcre2_match_data_free(match);
match = NULL;
retval = 1;
error:
if (bytes_str != NULL) {
pcre2_substring_free((PCRE2_UCHAR8 *)bytes_str);
}
@ -177,7 +177,7 @@ error:
if (relative_str != NULL) {
pcre2_substring_free((PCRE2_UCHAR8 *)relative_str);
}
if (match != NULL) {
if (match) {
pcre2_match_data_free(match);
}
return retval;

26
src/detect-byte-extract.c
Unescape Escape View File

@ -214,11 +214,12 @@ int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatchData
static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ctx, const char *arg)
{
DetectByteExtractData *bed = NULL;
int ret = 0, res = 0;
int res = 0;
size_t pcre2len;
int i = 0;
pcre2_match_data *match = NULL;
ret = DetectParsePcreExec(&parse_regex, arg, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, arg, 0, 0);
if (ret < 3 || ret > 19) {
SCLogError("parse error, ret %" PRId32 ", string \"%s\"", ret, arg);
SCLogError("Invalid arg to byte_extract : %s "
@ -235,8 +236,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
/* no of bytes to extract */
char nbytes_str[64] = "";
pcre2len = sizeof(nbytes_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 *)nbytes_str, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)nbytes_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 1 for byte_extract");
@ -253,8 +253,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
/* offset */
char offset_str[64] = "";
pcre2len = sizeof(offset_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)offset_str, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)offset_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 2 for byte_extract");
@ -270,8 +269,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
/* var name */
char varname_str[256] = "";
pcre2len = sizeof(varname_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)varname_str, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)varname_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 3 for byte_extract");
@ -285,7 +283,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
for (i = 4; i < ret; i++) {
char opt_str[64] = "";
pcre2len = sizeof(opt_str);
res = SC_Pcre2SubstringCopy(parse_regex.match, i, (PCRE2_UCHAR8 *)opt_str, &pcre2len);
res = SC_Pcre2SubstringCopy(match, i, (PCRE2_UCHAR8 *)opt_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg %d for byte_extract with %d",
@ -312,7 +310,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
char multiplier_str[16] = "";
pcre2len = sizeof(multiplier_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, i, (PCRE2_UCHAR8 *)multiplier_str, &pcre2len);
match, i, (PCRE2_UCHAR8 *)multiplier_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg %d for byte_extract",
@ -416,8 +414,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
char align_str[16] = "";
pcre2len = sizeof(align_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, i, (PCRE2_UCHAR8 *)align_str, &pcre2len);
res = pcre2_substring_copy_bynumber(match, i, (PCRE2_UCHAR8 *)align_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg %d in byte_extract",
@ -507,10 +504,15 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_DEFAULT;
}
pcre2_match_data_free(match);
return bed;
error:
if (bed != NULL)
DetectByteExtractFree(de_ctx, bed);
if (match) {
pcre2_match_data_free(match);
}
return NULL;
}

14
src/detect-bytejump.c
Unescape Escape View File

@ -372,18 +372,19 @@ static DetectBytejumpData *DetectBytejumpParse(
{
DetectBytejumpData *data = NULL;
char args[10][64];
int ret = 0, res = 0;
int res = 0;
size_t pcre2len;
int numargs = 0;
int i = 0;
uint32_t nbytes = 0;
char *str_ptr;
char *end_ptr;
pcre2_match_data *match = NULL;
memset(args, 0x00, sizeof(args));
/* Execute the regex and populate args with captures. */
ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, optstr, 0, 0);
if (ret < 2 || ret > 10) {
SCLogError("parse error, ret %" PRId32 ", string \"%s\"", ret, optstr);
goto error;
@ -395,7 +396,7 @@ static DetectBytejumpData *DetectBytejumpParse(
*/
char str[512] = "";
pcre2len = sizeof(str);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)str, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 1");
@ -425,8 +426,7 @@ static DetectBytejumpData *DetectBytejumpParse(
/* The remaining args are directly from PCRE substrings */
for (i = 1; i < (ret - 1); i++) {
pcre2len = sizeof(args[0]);
res = pcre2_substring_copy_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 *)args[i + 1], &pcre2len);
res = pcre2_substring_copy_bynumber(match, i + 1, (PCRE2_UCHAR8 *)args[i + 1], &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed for arg %d", i + 1);
goto error;
@ -554,6 +554,7 @@ static DetectBytejumpData *DetectBytejumpParse(
}
}
pcre2_match_data_free(match);
return data;
error:
@ -567,6 +568,9 @@ error:
}
if (data != NULL)
DetectBytejumpFree(de_ctx, data);
if (match) {
pcre2_match_data_free(match);
}
return NULL;
}

12
src/detect-bytetest.c
Unescape Escape View File

@ -330,14 +330,15 @@ static DetectBytetestData *DetectBytetestParse(
};
char *test_value = NULL;
char *data_offset = NULL;
int ret = 0, res = 0;
int res = 0;
size_t pcre2_len;
int i;
uint32_t nbytes;
const char *str_ptr = NULL;
pcre2_match_data *match = NULL;
/* Execute the regex and populate args with captures. */
ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, optstr, 0, 0);
if (ret < 4 || ret > 9) {
SCLogError("parse error, ret %" PRId32 ", string %s", ret, optstr);
goto error;
@ -345,8 +346,7 @@ static DetectBytetestData *DetectBytetestParse(
/* Subtract two since two values are conjoined */
for (i = 0; i < (ret - 1); i++) {
res = pcre2_substring_get_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed "
"for arg %d",
@ -562,6 +562,7 @@ static DetectBytetestData *DetectBytetestParse(
if (data_offset) SCFree(data_offset);
if (test_value)
pcre2_substring_free((PCRE2_UCHAR8 *)test_value);
pcre2_match_data_free(match);
return data;
error:
@ -573,6 +574,9 @@ error:
if (test_value)
pcre2_substring_free((PCRE2_UCHAR8 *)test_value);
if (data) SCFree(data);
if (match) {
pcre2_match_data_free(match);
}
return NULL;
}

18
src/detect-classtype.c
Unescape Escape View File

@ -73,27 +73,35 @@ static int DetectClasstypeParseRawString(const char *rawstr, char *out, size_t o
const size_t esize = CLASSTYPE_NAME_MAX_LEN + 8;
char e[esize];
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 0) {
SCLogError("Invalid Classtype in Signature");
return -1;
goto error;
}
pcre2len = esize;
ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)e, &pcre2len);
ret = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)e, &pcre2len);
if (ret < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
return -1;
goto error;
}
if (strlen(e) >= CLASSTYPE_NAME_MAX_LEN) {
SCLogError("classtype '%s' is too big: max %d", rawstr, CLASSTYPE_NAME_MAX_LEN - 1);
return -1;
goto error;
}
(void)strlcpy(out, e, outsize);
pcre2_match_data_free(match);
return 0;
error:
if (match) {
pcre2_match_data_free(match);
}
return -1;
}
/**

21
src/detect-config.c
Unescape Escape View File

@ -171,7 +171,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
DetectConfigData *fd = NULL;
SigMatch *sm = NULL;
int ret = 0, res = 0;
int res = 0;
size_t pcre2len;
#if 0
/* filestore and bypass keywords can't work together */
@ -181,6 +181,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
return -1;
}
#endif
pcre2_match_data *match = NULL;
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
@ -198,13 +199,13 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
char scopeval[32];
SCLogDebug("str %s", str);
ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, str, 0, 0);
if (ret != 7) {
SCLogError("config is rather picky at this time");
goto error;
}
pcre2len = sizeof(subsys);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)subsys, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)subsys, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -217,7 +218,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
SCLogDebug("subsys %s", subsys);
pcre2len = sizeof(state);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)state, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)state, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -230,7 +231,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
SCLogDebug("state %s", state);
pcre2len = sizeof(type);
res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)type, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)type, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -243,7 +244,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
SCLogDebug("type %s", type);
pcre2len = sizeof(typeval);
res = pcre2_substring_copy_bynumber(parse_regex.match, 4, (PCRE2_UCHAR8 *)typeval, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 4, (PCRE2_UCHAR8 *)typeval, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -256,7 +257,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
SCLogDebug("typeval %s", typeval);
pcre2len = sizeof(scope);
res = pcre2_substring_copy_bynumber(parse_regex.match, 5, (PCRE2_UCHAR8 *)scope, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 5, (PCRE2_UCHAR8 *)scope, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -269,7 +270,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
SCLogDebug("scope %s", scope);
pcre2len = sizeof(scopeval);
res = pcre2_substring_copy_bynumber(parse_regex.match, 6, (PCRE2_UCHAR8 *)scopeval, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 6, (PCRE2_UCHAR8 *)scopeval, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -299,9 +300,13 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
sm->ctx = (SigMatchCtx*)fd;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
pcre2_match_data_free(match);
return 0;
error:
if (match) {
pcre2_match_data_free(match);
}
if (sm != NULL)
SCFree(sm);
return -1;

13
src/detect-detection-filter.c
Unescape Escape View File

@ -100,7 +100,7 @@ static int DetectDetectionFilterMatch(
static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr)
{
DetectThresholdData *df = NULL;
int ret = 0, res = 0;
int res = 0;
size_t pcre2_len;
const char *str_ptr = NULL;
char *args[6] = { NULL, NULL, NULL, NULL, NULL, NULL };
@ -110,6 +110,7 @@ static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr)
size_t pos = 0;
int i = 0;
char *saveptr = NULL;
pcre2_match_data *match = NULL;
copy_str = SCStrdup(rawstr);
if (unlikely(copy_str == NULL)) {
@ -132,7 +133,7 @@ static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr)
if (count_found != 1 || seconds_found != 1 || track_found != 1)
goto error;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 5) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
@ -147,8 +148,7 @@ static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr)
df->type = TYPE_DETECTION;
for (i = 0; i < (ret - 1); i++) {
res = pcre2_substring_get_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -187,6 +187,8 @@ static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr)
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR *)args[i]);
}
pcre2_match_data_free(match);
return df;
error:
@ -196,6 +198,9 @@ error:
}
if (df != NULL)
SCFree(df);
if (match) {
pcre2_match_data_free(match);
}
return NULL;
}

11
src/detect-engine-event.c
Unescape Escape View File

@ -130,10 +130,11 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr)
{
int i;
DetectEngineEventData *de = NULL;
int ret = 0, res = 0, found = 0;
int res = 0, found = 0;
size_t pcre2len;
pcre2_match_data *match = NULL;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 1) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
@ -141,7 +142,7 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr)
char copy_str[128] = "";
pcre2len = sizeof(copy_str);
res = pcre2_substring_copy_bynumber(parse_regex.match, 0, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 0, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
@ -179,11 +180,15 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr)
}
}
pcre2_match_data_free(match);
return de;
error:
if (de)
SCFree(de);
if (match) {
pcre2_match_data_free(match);
}
return NULL;
}

15
src/detect-fast-pattern.c
Unescape Escape View File

@ -213,10 +213,11 @@ void DetectFastPatternRegister(void)
*/
static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
{
int ret = 0, res = 0;
int res = 0;
size_t pcre2len;
char arg_substr[128] = "";
DetectContentData *cd = NULL;
pcre2_match_data *match = NULL;
SigMatch *pm1 = DetectGetLastSMFromMpmLists(de_ctx, s);
SigMatch *pm2 = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
@ -278,7 +279,7 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
}
/* Execute the regex and populate args with captures. */
ret = DetectParsePcreExec(&parse_regex, arg, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, arg, 0, 0);
/* fast pattern only */
if (ret == 2) {
if ((cd->flags & DETECT_CONTENT_NEGATED) ||
@ -298,8 +299,7 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
/* fast pattern chop */
} else if (ret == 4) {
pcre2len = sizeof(arg_substr);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)arg_substr, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)arg_substr, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for fast_pattern offset");
@ -315,8 +315,7 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
}
pcre2len = sizeof(arg_substr);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)arg_substr, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)arg_substr, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for fast_pattern offset");
@ -356,9 +355,13 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
cd->flags |= DETECT_CONTENT_FAST_PATTERN;
pcre2_match_data_free(match);
return 0;
error:
if (match) {
pcre2_match_data_free(match);
}
return -1;
}

22
src/detect-filestore.c
Unescape Escape View File

@ -351,8 +351,9 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
DetectFilestoreData *fd = NULL;
SigMatch *sm = NULL;
char *args[3] = {NULL,NULL,NULL};
int ret = 0, res = 0;
int res = 0;
size_t pcre2len;
pcre2_match_data *match = NULL;
/* filestore and bypass keywords can't work together */
if (s->flags & SIG_FLAG_BYPASS) {
@ -372,7 +373,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
char str_2[32];
SCLogDebug("str %s", str);
ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, str, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError("parse error, ret %" PRId32 ", string %s", ret, str);
goto error;
@ -380,8 +381,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
if (ret > 1) {
pcre2len = sizeof(str_0);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 *)str_0, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)str_0, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -390,8 +390,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
if (ret > 2) {
pcre2len = sizeof(str_1);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)str_1, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)str_1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -400,8 +399,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
}
if (ret > 3) {
pcre2len = sizeof(str_2);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)str_2, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)str_2, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -477,11 +475,17 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
sm->ctx = NULL;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
s->flags |= SIG_FLAG_FILESTORE;
if (match)
pcre2_match_data_free(match);
return 0;
error:
if (match) {
pcre2_match_data_free(match);
}
if (sm != NULL)
SCFree(sm);
return -1;

17
src/detect-flow.c
Unescape Escape View File

@ -173,11 +173,12 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
{
DetectFlowData *fd = NULL;
char *args[3] = {NULL,NULL,NULL};
int ret = 0, res = 0;
int res = 0;
size_t pcre2len;
char str1[16] = "", str2[16] = "", str3[16] = "";
pcre2_match_data *match = NULL;
ret = DetectParsePcreExec(&parse_regex, flowstr, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, flowstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError("parse error, ret %" PRId32 ", string %s", ret, flowstr);
goto error;
@ -185,7 +186,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
if (ret > 1) {
pcre2len = sizeof(str1);
res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len);
res = SC_Pcre2SubstringCopy(match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -194,8 +195,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
if (ret > 2) {
pcre2len = sizeof(str2);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -204,8 +204,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
}
if (ret > 3) {
pcre2len = sizeof(str3);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)str3, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)str3, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -318,9 +317,13 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
//printf("args[%" PRId32 "]: %s match_cnt: %" PRId32 " flags: 0x%02X\n", i, args[i], fd->match_cnt, fd->flags);
}
}
pcre2_match_data_free(match);
return fd;
error:
if (match) {
pcre2_match_data_free(match);
}
if (fd != NULL)
DetectFlowFree(de_ctx, fd);
return NULL;

24
src/detect-flowbits.c
Unescape Escape View File

@ -222,28 +222,29 @@ int DetectFlowbitMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
static int DetectFlowbitParse(const char *str, char *cmd, int cmd_len, char *name,
int name_len)
{
int count, rc;
int rc;
size_t pcre2len;
pcre2_match_data *match = NULL;
count = DetectParsePcreExec(&parse_regex, str, 0, 0);
int count = DetectParsePcreExec(&parse_regex, &match, str, 0, 0);
if (count != 2 && count != 3) {
SCLogError("\"%s\" is not a valid setting for flowbits.", str);
return 0;
goto error;
}
pcre2len = cmd_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len);
rc = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len);
if (rc < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
return 0;
goto error;
}
if (count == 3) {
pcre2len = name_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len);
rc = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)name, &pcre2len);
if (rc < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
return 0;
goto error;
}
/* Trim trailing whitespace. */
@ -256,13 +257,20 @@ static int DetectFlowbitParse(const char *str, char *cmd, int cmd_len, char *nam
for (size_t i = 0; i < strlen(name); i++) {
if (isblank(name[i])) {
SCLogError("spaces not allowed in flowbit names");
return 0;
goto error;
}
}
}
}
pcre2_match_data_free(match);
return 1;
error:
if (match) {
pcre2_match_data_free(match);
}
return 0;
}
int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)

18
src/detect-flowint.c
Unescape Escape View File

@ -230,27 +230,28 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
char *varname = NULL;
char *varval = NULL;
char *modstr = NULL;
int ret = 0, res = 0;
int res = 0;
size_t pcre2_len;
uint8_t modifier = FLOWINT_MODIFIER_UNKNOWN;
unsigned long long value_long = 0;
const char *str_ptr;
pcre2_match_data *match = NULL;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 3 || ret > 4) {
SCLogError("\"%s\" is not a valid setting for flowint(ret = %d).", rawstr, ret);
return NULL;
goto error;
}
/* Get our flowint varname */
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
}
varname = (char *)str_ptr;
res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -296,8 +297,7 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
if (ret < 4)
goto error;
res = pcre2_substring_get_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
varval = (char *)str_ptr;
if (res < 0 || varval == NULL || strcmp(varval, "") == 0) {
SCLogError("pcre2_substring_get_bynumber failed");
@ -339,8 +339,12 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
pcre2_substring_free((PCRE2_UCHAR *)modstr);
if (varval)
pcre2_substring_free((PCRE2_UCHAR *)varval);
pcre2_match_data_free(match);
return sfd;
error:
if (match) {
pcre2_match_data_free(match);
}
if (varname)
pcre2_substring_free((PCRE2_UCHAR *)varname);
if (varval)

15
src/detect-flowvar.c
Unescape Escape View File

@ -116,28 +116,33 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
DetectFlowvarData *fd = NULL;
SigMatch *sm = NULL;
char varname[64], varcontent[64];
int ret = 0, res = 0;
int res = 0;
size_t pcre2len;
uint8_t *content = NULL;
uint16_t contentlen = 0;
uint32_t contentflags = s->init_data->negated ? DETECT_CONTENT_NEGATED : 0;
pcre2_match_data *match = NULL;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret != 3) {
SCLogError("\"%s\" is not a valid setting for flowvar.", rawstr);
if (match) {
pcre2_match_data_free(match);
}
return -1;
}
pcre2len = sizeof(varname);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)varname, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)varname, &pcre2len);
if (res < 0) {
pcre2_match_data_free(match);
SCLogError("pcre2_substring_copy_bynumber failed");
return -1;
}
pcre2len = sizeof(varcontent);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)varcontent, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)varcontent, &pcre2len);
pcre2_match_data_free(match);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
return -1;

11
src/detect-fragbits.c
Unescape Escape View File

@ -169,21 +169,22 @@ static int DetectFragBitsMatch (DetectEngineThreadCtx *det_ctx,
static DetectFragBitsData *DetectFragBitsParse (const char *rawstr)
{
DetectFragBitsData *de = NULL;
int ret = 0, found = 0, res = 0;
int found = 0, res = 0;
size_t pcre2_len;
const char *str_ptr = NULL;
char *args[2] = { NULL, NULL};
char *ptr;
int i;
pcre2_match_data *match = NULL;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 1) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
}
for (i = 0; i < (ret - 1); i++) {
res = SC_Pcre2SubstringGet(parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = SC_Pcre2SubstringGet(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed %d", res);
goto error;
@ -255,9 +256,13 @@ static DetectFragBitsData *DetectFragBitsParse (const char *rawstr)
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
pcre2_match_data_free(match);
return de;
error:
if (match) {
pcre2_match_data_free(match);
}
for (i = 0; i < 2; i++) {
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);

11
src/detect-fragoffset.c
Unescape Escape View File

@ -143,20 +143,21 @@ static DetectFragOffsetData *DetectFragOffsetParse (DetectEngineCtx *de_ctx, con
{
DetectFragOffsetData *fragoff = NULL;
char *substr[3] = {NULL, NULL, NULL};
int ret = 0, res = 0;
int res = 0;
size_t pcre2_len;
int i;
const char *str_ptr;
char *mode = NULL;
pcre2_match_data *match = NULL;
ret = DetectParsePcreExec(&parse_regex, fragoffsetstr, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, fragoffsetstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError("Parse error %s", fragoffsetstr);
goto error;
}
for (i = 1; i < ret; i++) {
res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = SC_Pcre2SubstringGet(match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -200,9 +201,13 @@ static DetectFragOffsetData *DetectFragOffsetParse (DetectEngineCtx *de_ctx, con
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
}
pcre2_match_data_free(match);
return fragoff;
error:
if (match) {
pcre2_match_data_free(match);
}
for (i = 0; i < 3; i++) {
if (substr[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);

9
src/detect-ftpdata.c
Unescape Escape View File

@ -131,15 +131,16 @@ static DetectFtpdataData *DetectFtpdataParse(const char *ftpcommandstr)
DetectFtpdataData *ftpcommandd = NULL;
char arg1[5] = "";
size_t pcre2len;
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, ftpcommandstr, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, ftpcommandstr, 0, 0);
if (ret != 2) {
SCLogError("parse error, ret %" PRId32 "", ret);
goto error;
}
pcre2len = sizeof(arg1);
int res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -158,9 +159,13 @@ static DetectFtpdataData *DetectFtpdataParse(const char *ftpcommandstr)
goto error;
}
pcre2_match_data_free(match);
return ftpcommandd;
error:
if (match) {
pcre2_match_data_free(match);
}
if (ftpcommandd)
SCFree(ftpcommandd);
return NULL;

27
src/detect-hostbits.c
Unescape Escape View File

@ -284,41 +284,48 @@ static int DetectHostbitMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
static int DetectHostbitParse(const char *str, char *cmd, int cmd_len,
char *name, int name_len, char *dir, int dir_len)
{
int count, rc;
int rc;
size_t pcre2len;
count = DetectParsePcreExec(&parse_regex, str, 0, 0);
pcre2_match_data *match = NULL;
int count = DetectParsePcreExec(&parse_regex, &match, str, 0, 0);
if (count != 2 && count != 3 && count != 4) {
SCLogError("\"%s\" is not a valid setting for hostbits.", str);
return 0;
goto error;
}
pcre2len = cmd_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len);
rc = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len);
if (rc < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
return 0;
goto error;
}
if (count >= 3) {
pcre2len = name_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len);
rc = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)name, &pcre2len);
if (rc < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
return 0;
goto error;
}
if (count >= 4) {
pcre2len = dir_len;
rc = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)dir, &pcre2len);
rc = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)dir, &pcre2len);
if (rc < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
return 0;
goto error;
}
}
}
pcre2_match_data_free(match);
return 1;
error:
if (match) {
pcre2_match_data_free(match);
}
return 0;
}
int DetectHostbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)

11
src/detect-icmp-id.c
Unescape Escape View File

@ -161,10 +161,11 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char
{
DetectIcmpIdData *iid = NULL;
char *substr[3] = {NULL, NULL, NULL};
int ret = 0, res = 0;
int res = 0;
size_t pcre2_len;
ret = DetectParsePcreExec(&parse_regex, icmpidstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, icmpidstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError("Parse error %s", icmpidstr);
goto error;
@ -173,7 +174,7 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char
int i;
const char *str_ptr;
for (i = 1; i < ret; i++) {
res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = SC_Pcre2SubstringGet(match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -211,9 +212,13 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char
if (substr[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
}
pcre2_match_data_free(match);
return iid;
error:
if (match) {
pcre2_match_data_free(match);
}
for (i = 0; i < 3; i++) {
if (substr[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);

11
src/detect-icmp-seq.c
Unescape Escape View File

@ -162,19 +162,20 @@ static DetectIcmpSeqData *DetectIcmpSeqParse (DetectEngineCtx *de_ctx, const cha
{
DetectIcmpSeqData *iseq = NULL;
char *substr[3] = {NULL, NULL, NULL};
int ret = 0, res = 0;
int res = 0;
size_t pcre2_len;
int i;
const char *str_ptr;
ret = DetectParsePcreExec(&parse_regex, icmpseqstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, icmpseqstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError("Parse error %s", icmpseqstr);
goto error;
}
for (i = 1; i < ret; i++) {
res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = SC_Pcre2SubstringGet(match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -214,9 +215,13 @@ static DetectIcmpSeqData *DetectIcmpSeqParse (DetectEngineCtx *de_ctx, const cha
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
}
pcre2_match_data_free(match);
return iseq;
error:
if (match) {
pcre2_match_data_free(match);
}
for (i = 0; i < 3; i++) {
if (substr[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);

22
src/detect-id.c
Unescape Escape View File

@ -123,25 +123,26 @@ static DetectIdData *DetectIdParse (const char *idstr)
{
uint16_t temp;
DetectIdData *id_d = NULL;
int ret = 0, res = 0;
int res = 0;
size_t pcre2len;
pcre2_match_data *match = NULL;
ret = DetectParsePcreExec(&parse_regex, idstr, 0, 0);
int ret = DetectParsePcreExec(&parse_regex, &match, idstr, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError("invalid id option '%s'. The id option "
"value must be in the range %u - %u",
idstr, DETECT_IPID_MIN, DETECT_IPID_MAX);
return NULL;
goto error;
}
char copy_str[128] = "";
char *tmp_str;
pcre2len = sizeof(copy_str);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
return NULL;
goto error;
}
tmp_str = copy_str;
@ -155,18 +156,25 @@ static DetectIdData *DetectIdParse (const char *idstr)
/* ok, fill the id data */
if (StringParseUint16(&temp, 10, 0, (const char *)tmp_str) < 0) {
SCLogError("invalid id option '%s'", tmp_str);
return NULL;
goto error;
}
/* We have a correct id option */
id_d = SCMalloc(sizeof(DetectIdData));
if (unlikely(id_d == NULL))
return NULL;
goto error;
id_d->id = temp;
SCLogDebug("detect-id: will look for ip_id: %u\n", id_d->id);
pcre2_match_data_free(match);
return id_d;
error:
if (match) {
pcre2_match_data_free(match);
}
return NULL;
}
/**

13
src/detect-ike-chosen-sa.c
Unescape Escape View File

@ -130,12 +130,13 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr)
* ike.chosen_sa_attribute:"hash_algorithm=8"
*/
DetectIkeChosenSaData *dd = NULL;
int ret = 0, res = 0;
int res = 0;
size_t pcre2len;
char attribute[100];
char value[100];
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 3 || ret > 5) {
SCLogError(
"pcre match for ike.chosen_sa_attribute failed, should be: <sa_attribute>=<type>, "
@ -145,14 +146,14 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr)
}
pcre2len = sizeof(attribute);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)attribute, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)attribute, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
pcre2len = sizeof(value);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)value, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -172,9 +173,13 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr)
goto error;
}
pcre2_match_data_free(match);
return dd;
error:
if (match) {
pcre2_match_data_free(match);
}
if (dd) {
if (dd->sa_type != NULL)
SCFree(dd->sa_type);

9
src/detect-ipopts.c
Unescape Escape View File

@ -160,9 +160,10 @@ static DetectIpOptsData *DetectIpOptsParse (const char *rawstr)
{
int i;
DetectIpOptsData *de = NULL;
int ret = 0, found = 0;
int found = 0;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 1) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
@ -184,9 +185,13 @@ static DetectIpOptsData *DetectIpOptsParse (const char *rawstr)
de->ipopt = ipopts[i].code;
pcre2_match_data_free(match);
return de;
error:
if (match) {
pcre2_match_data_free(match);
}
if (de) SCFree(de);
return NULL;
}

12
src/detect-ipproto.c
Unescape Escape View File

@ -85,13 +85,14 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
{
DetectIPProtoData *data = NULL;
char *args[2] = { NULL, NULL };
int ret = 0, res = 0;
int res = 0;
size_t pcre2_len;
int i;
const char *str_ptr;
/* Execute the regex and populate args with captures. */
ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, optstr, 0, 0);
if (ret != 3) {
SCLogError("pcre_exec parse error, ret"
"%" PRId32 ", string %s",
@ -100,8 +101,7 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
}
for (i = 0; i < (ret - 1); i++) {
res = pcre2_substring_get_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -142,9 +142,13 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
pcre2_match_data_free(match);
return data;
error:
if (match) {
pcre2_match_data_free(match);
}
for (i = 0; i < (ret - 1) && i < 2; i++){
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);

18
src/detect-isdataat.c
Unescape Escape View File

@ -98,11 +98,12 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c
{
DetectIsdataatData *idad = NULL;
char *args[3] = {NULL,NULL,NULL};
int ret = 0, res = 0;
int res = 0;
size_t pcre2_len;
int i=0;
ret = DetectParsePcreExec(&parse_regex, isdataatstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, isdataatstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, isdataatstr);
goto error;
@ -110,8 +111,7 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c
if (ret > 1) {
const char *str_ptr;
res = pcre2_substring_get_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -120,8 +120,7 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c
if (ret > 2) {
res = pcre2_substring_get_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -129,8 +128,7 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c
args[1] = (char *)str_ptr;
}
if (ret > 3) {
res = pcre2_substring_get_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -181,11 +179,15 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
pcre2_match_data_free(match);
return idad;
}
error:
if (match) {
pcre2_match_data_free(match);
}
for (i = 0; i < (ret -1) && i < 3; i++){
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);

11
src/detect-krb5-errcode.c
Unescape Escape View File

@ -126,17 +126,18 @@ static DetectKrb5ErrCodeData *DetectKrb5ErrCodeParse (const char *krb5str)
{
DetectKrb5ErrCodeData *krb5d = NULL;
char arg1[4] = "";
int ret = 0, res = 0;
int res = 0;
size_t pcre2len;
ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, krb5str, 0, 0);
if (ret != 2) {
SCLogError("parse error, ret %" PRId32 "", ret);
goto error;
}
pcre2len = sizeof(arg1);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -149,9 +150,13 @@ static DetectKrb5ErrCodeData *DetectKrb5ErrCodeParse (const char *krb5str)
(const char *)arg1) < 0) {
goto error;
}
pcre2_match_data_free(match);
return krb5d;
error:
if (match) {
pcre2_match_data_free(match);
}
if (krb5d)
SCFree(krb5d);
return NULL;

11
src/detect-krb5-msgtype.c
Unescape Escape View File

@ -123,17 +123,18 @@ static DetectKrb5MsgTypeData *DetectKrb5MsgTypeParse (const char *krb5str)
{
DetectKrb5MsgTypeData *krb5d = NULL;
char arg1[4] = "";
int ret = 0, res = 0;
int res = 0;
size_t pcre2len;
ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, krb5str, 0, 0);
if (ret != 2) {
SCLogError("parse error, ret %" PRId32 "", ret);
goto error;
}
pcre2len = sizeof(arg1);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -146,9 +147,13 @@ static DetectKrb5MsgTypeData *DetectKrb5MsgTypeParse (const char *krb5str)
(const char *)arg1) < 0) {
goto error;
}
pcre2_match_data_free(match);
return krb5d;
error:
if (match) {
pcre2_match_data_free(match);
}
if (krb5d)
SCFree(krb5d);
return NULL;

40
src/detect-mark.c
Unescape Escape View File

@ -77,7 +77,7 @@ void DetectMarkRegister (void)
*/
static void * DetectMarkParse (const char *rawstr)
{
int ret = 0, res = 0;
int res = 0;
size_t pcre2_len;
const char *str_ptr = NULL;
char *ptr = NULL;
@ -86,45 +86,47 @@ static void * DetectMarkParse (const char *rawstr)
uint32_t mask;
DetectMarkData *data;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 1) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
pcre2_match_data_free(match);
return NULL;
}
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
return NULL;
goto error;
}
ptr = (char *)str_ptr;
if (ptr == NULL)
return NULL;
goto error;
errno = 0;
mark = strtoul(ptr, &endptr, 0);
if (errno == ERANGE) {
SCLogError("Numeric value out of range");
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
return NULL;
goto error;
} /* If there is no numeric value in the given string then strtoull(), makes
endptr equals to ptr and return 0 as result */
else if (endptr == ptr && mark == 0) {
SCLogError("No numeric value");
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
return NULL;
goto error;
} else if (endptr == ptr) {
SCLogError("Invalid numeric value");
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
return NULL;
goto error;
}
res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
return NULL;
goto error;
}
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
@ -133,10 +135,11 @@ static void * DetectMarkParse (const char *rawstr)
if (ptr == NULL) {
data = SCMalloc(sizeof(DetectMarkData));
if (unlikely(data == NULL)) {
return NULL;
goto error;
}
data->mark = mark;
data->mask = 0xffff;
pcre2_match_data_free(match);
return data;
}
@ -145,18 +148,18 @@ static void * DetectMarkParse (const char *rawstr)
if (errno == ERANGE) {
SCLogError("Numeric value out of range");
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
return NULL;
goto error;
} /* If there is no numeric value in the given string then strtoull(), makes
endptr equals to ptr and return 0 as result */
else if (endptr == ptr && mask == 0) {
SCLogError("No numeric value");
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
return NULL;
goto error;
}
else if (endptr == ptr) {
SCLogError("Invalid numeric value");
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
return NULL;
goto error;
}
SCLogDebug("Rule will set mark 0x%x with mask 0x%x", mark, mask);
@ -164,11 +167,18 @@ static void * DetectMarkParse (const char *rawstr)
data = SCMalloc(sizeof(DetectMarkData));
if (unlikely(data == NULL)) {
return NULL;
goto error;
}
data->mark = mark;
data->mask = mask;
pcre2_match_data_free(match);
return data;
error:
if (match) {
pcre2_match_data_free(match);
}
return NULL;
}
#endif /* NFQ */

24
src/detect-mqtt-connect-flags.c
Unescape Escape View File

@ -116,22 +116,22 @@ static int DetectMQTTConnectFlagsMatch(DetectEngineThreadCtx *det_ctx,
*/
static DetectMQTTConnectFlagsData *DetectMQTTConnectFlagsParse(const char *rawstr)
{
DetectMQTTConnectFlagsData *de = NULL;
int ret = 0;
char copy[strlen(rawstr) + 1];
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
DetectMQTTConnectFlagsData *de = SCCalloc(1, sizeof(DetectMQTTConnectFlagsData));
if (unlikely(de == NULL))
return NULL;
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 1) {
SCLogError("invalid flag definition: %s", rawstr);
return NULL;
goto error;
}
de = SCCalloc(1, sizeof(DetectMQTTConnectFlagsData));
if (unlikely(de == NULL))
return NULL;
de->username = de->password = de->will = MQTT_DONT_CARE;
de->will_retain = de->clean_session = MQTT_DONT_CARE;
char copy[strlen(rawstr)+1];
strlcpy(copy, rawstr, sizeof(copy));
char *xsaveptr = NULL;
char *flagv = strtok_r(copy, ",", &xsaveptr);
@ -188,11 +188,15 @@ static DetectMQTTConnectFlagsData *DetectMQTTConnectFlagsParse(const char *rawst
flagv = strtok_r(NULL, ",", &xsaveptr);
}
pcre2_match_data_free(match);
return de;
error:
/* de can't be NULL here */
SCFree(de);
if (match) {
pcre2_match_data_free(match);
}
if (de)
SCFree(de);
return NULL;
}

24
src/detect-mqtt-flags.c
Unescape Escape View File

@ -111,18 +111,22 @@ static int DetectMQTTFlagsMatch(DetectEngineThreadCtx *det_ctx,
*/
static DetectMQTTFlagsData *DetectMQTTFlagsParse(const char *rawstr)
{
DetectMQTTFlagsData *de = NULL;
int ret = 0;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
DetectMQTTFlagsData *de = SCCalloc(1, sizeof(DetectMQTTFlagsData));
if (unlikely(de == NULL))
return NULL;
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 1) {
SCLogError("invalid flag definition: %s", rawstr);
if (match) {
pcre2_match_data_free(match);
}
SCFree(de);
return NULL;
}
de = SCCalloc(1, sizeof(DetectMQTTFlagsData));
if (unlikely(de == NULL))
return NULL;
de->retain = de->dup = MQTT_DONT_CARE;
char copy[strlen(rawstr)+1];
@ -168,11 +172,15 @@ static DetectMQTTFlagsData *DetectMQTTFlagsParse(const char *rawstr)
flagv = strtok_r(NULL, ",", &xsaveptr);
}
pcre2_match_data_free(match);
return de;
error:
/* de can't be NULL here */
SCFree(de);
if (match) {
pcre2_match_data_free(match);
}
if (de)
SCFree(de);
return NULL;
}

11
src/detect-parse.c
Unescape Escape View File

@ -2620,11 +2620,14 @@ error:
static DetectParseRegex *g_detect_parse_regex_list = NULL;
int DetectParsePcreExec(
DetectParseRegex *parse_regex, const char *str, int start_offset, int options)
int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str,
int start_offset, int options)
{
return pcre2_match(parse_regex->regex, (PCRE2_SPTR8)str, strlen(str), options, start_offset,
parse_regex->match, NULL);
*match = pcre2_match_data_create_from_pattern(parse_regex->regex, NULL);
if (*match)
return pcre2_match(parse_regex->regex, (PCRE2_SPTR8)str, strlen(str), options, start_offset,
*match, NULL);
return -1;
}
void DetectParseFreeRegex(DetectParseRegex *r)

4
src/detect-parse.h
Unescape Escape View File

@ -114,8 +114,8 @@ void DetectParseFreeRegexes(void);
void DetectParseFreeRegex(DetectParseRegex *r);
/* parse regex exec */
int DetectParsePcreExec(
DetectParseRegex *parse_regex, const char *str, int start_offset, int options);
int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str,
int start_offset, int options);
int SC_Pcre2SubstringCopy(
pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR *buffer, PCRE2_SIZE *bufflen);
int SC_Pcre2SubstringGet(pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR **bufferptr,

29
src/detect-pktvar.c
Unescape Escape View File

@ -89,30 +89,31 @@ static void DetectPktvarFree(DetectEngineCtx *de_ctx, void *ptr)
static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
char *varname = NULL, *varcontent = NULL;
int ret = 0, res = 0;
int res = 0;
size_t pcre2_len;
uint8_t *content = NULL;
uint16_t len = 0;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret != 3) {
SCLogError("\"%s\" is not a valid setting for pktvar.", rawstr);
return -1;
goto error;
}
const char *str_ptr;
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
return -1;
goto error;
}
varname = (char *)str_ptr;
res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
pcre2_substring_free((PCRE2_UCHAR8 *)varname);
SCLogError("pcre2_substring_get_bynumber failed");
return -1;
goto error;
}
varcontent = (char *)str_ptr;
@ -132,7 +133,7 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
if (ret == -1 || content == NULL) {
pcre2_substring_free((PCRE2_UCHAR8 *)varname);
pcre2_substring_free((PCRE2_UCHAR8 *)varcontent);
return -1;
goto error;
}
pcre2_substring_free((PCRE2_UCHAR8 *)varcontent);
@ -140,7 +141,7 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
if (unlikely(cd == NULL)) {
pcre2_substring_free((PCRE2_UCHAR8 *)varname);
SCFree(content);
return -1;
goto error;
}
cd->content = content;
@ -153,11 +154,19 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
SigMatch *sm = SigMatchAlloc();
if (unlikely(sm == NULL)) {
DetectPktvarFree(de_ctx, cd);
return -1;
goto error;
}
sm->type = DETECT_PKTVAR;
sm->ctx = (SigMatchCtx *)cd;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
pcre2_match_data_free(match);
return 0;
error:
if (match) {
pcre2_match_data_free(match);
}
return -1;
}

14
src/detect-priority.c
Unescape Escape View File

@ -61,28 +61,30 @@ void DetectPriorityRegister (void)
static int DetectPrioritySetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
char copy_str[128] = "";
int ret = 0;
size_t pcre2len;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 0) {
SCLogError("Invalid Priority in Signature "
"- %s",
rawstr);
if (match)
pcre2_match_data_free(match);
return -1;
}
pcre2len = sizeof(copy_str);
ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
ret = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (ret < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
pcre2_match_data_free(match);
return -1;
}
long prio = 0;
pcre2_match_data_free(match);
char *endptr = NULL;
prio = strtol(copy_str, &endptr, 10);
long prio = strtol(copy_str, &endptr, 10);
if (endptr == NULL || *endptr != '\0') {
SCLogError("Saw an invalid character as arg "
"to priority keyword");

17
src/detect-reference.c
Unescape Escape View File

@ -95,33 +95,38 @@ static DetectReference *DetectReferenceParse(const char *rawstr, DetectEngineCtx
{
SCEnter();
int ret = 0, res = 0;
int res = 0;
size_t pcre2len;
char key[REFERENCE_SYSTEM_NAME_MAX] = "";
char content[REFERENCE_CONTENT_NAME_MAX] = "";
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 2) {
SCLogError("Unable to parse \"reference\" "
"keyword argument - \"%s\". Invalid argument.",
rawstr);
if (match) {
pcre2_match_data_free(match);
}
return NULL;
}
DetectReference *ref = SCCalloc(1, sizeof(DetectReference));
if (unlikely(ref == NULL)) {
pcre2_match_data_free(match);
return NULL;
}
pcre2len = sizeof(key);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)key, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)key, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
pcre2len = sizeof(content);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)content, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)content, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -158,10 +163,14 @@ static DetectReference *DetectReferenceParse(const char *rawstr, DetectEngineCtx
goto error;
}
pcre2_match_data_free(match);
/* free the substrings */
SCReturnPtr(ref, "Reference");
error:
if (match) {
pcre2_match_data_free(match);
}
DetectReferenceFree(ref);
SCReturnPtr(NULL, "Reference");
}

9
src/detect-rfb-secresult.c
Unescape Escape View File

@ -158,9 +158,10 @@ static DetectRfbSecresultData *DetectRfbSecresultParse (const char *rawstr)
{
int i;
DetectRfbSecresultData *de = NULL;
int ret = 0, found = 0;
int found = 0;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 1) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
@ -184,9 +185,13 @@ static DetectRfbSecresultData *DetectRfbSecresultParse (const char *rawstr)
de->result = results[i].code;
pcre2_match_data_free(match);
return de;
error:
if (match) {
pcre2_match_data_free(match);
}
if (de) SCFree(de);
return NULL;
}

18
src/detect-rpc.c
Unescape Escape View File

@ -149,10 +149,11 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst
{
DetectRpcData *rd = NULL;
char *args[3] = {NULL,NULL,NULL};
int ret = 0, res = 0;
int res = 0;
size_t pcre2_len;
ret = DetectParsePcreExec(&parse_regex, rpcstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, rpcstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError("parse error, ret %" PRId32 ", string %s", ret, rpcstr);
goto error;
@ -160,8 +161,7 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst
if (ret > 1) {
const char *str_ptr;
res = pcre2_substring_get_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -169,8 +169,7 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst
args[0] = (char *)str_ptr;
if (ret > 2) {
res = pcre2_substring_get_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -178,8 +177,7 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst
args[1] = (char *)str_ptr;
}
if (ret > 3) {
res = pcre2_substring_get_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -237,9 +235,13 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
pcre2_match_data_free(match);
return rd;
error:
if (match) {
pcre2_match_data_free(match);
}
for (i = 0; i < (ret -1) && i < 3; i++){
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);

11
src/detect-snmp-pdu_type.c
Unescape Escape View File

@ -122,19 +122,20 @@ static int DetectSNMPPduTypeMatch (DetectEngineThreadCtx *det_ctx,
static DetectSNMPPduTypeData *DetectSNMPPduTypeParse (const char *rawstr)
{
DetectSNMPPduTypeData *dd = NULL;
int ret = 0, res = 0;
int res = 0;
size_t pcre2len;
char value1[20] = "";
char *endptr = NULL;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret != 2) {
SCLogError("Parse error %s", rawstr);
goto error;
}
pcre2len = sizeof(value1);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)value1, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)value1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -152,9 +153,13 @@ static DetectSNMPPduTypeData *DetectSNMPPduTypeParse (const char *rawstr)
goto error;
}
pcre2_match_data_free(match);
return dd;
error:
if (match) {
pcre2_match_data_free(match);
}
if (dd)
SCFree(dd);
return NULL;

12
src/detect-ssh-proto-version.c
Unescape Escape View File

@ -160,10 +160,11 @@ static int DetectSshVersionMatch (DetectEngineThreadCtx *det_ctx,
static DetectSshVersionData *DetectSshVersionParse (DetectEngineCtx *de_ctx, const char *str)
{
DetectSshVersionData *ssh = NULL;
int ret = 0, res = 0;
int res = 0;
size_t pcre2_len;
ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, str, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError("invalid ssh.protoversion option");
goto error;
@ -171,8 +172,7 @@ static DetectSshVersionData *DetectSshVersionParse (DetectEngineCtx *de_ctx, con
if (ret > 1) {
const char *str_ptr;
res = pcre2_substring_get_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -206,9 +206,13 @@ static DetectSshVersionData *DetectSshVersionParse (DetectEngineCtx *de_ctx, con
SCLogDebug("will look for ssh %s", ssh->ver);
}
pcre2_match_data_free(match);
return ssh;
error:
if (match) {
pcre2_match_data_free(match);
}
if (ssh != NULL)
DetectSshVersionFree(de_ctx, ssh);
return NULL;

18
src/detect-ssh-software-version.c
Unescape Escape View File

@ -156,10 +156,11 @@ static int DetectSshSoftwareVersionMatch (DetectEngineThreadCtx *det_ctx,
static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (DetectEngineCtx *de_ctx, const char *str)
{
DetectSshSoftwareVersionData *ssh = NULL;
int ret = 0, res = 0;
int res = 0;
size_t pcre2_len;
ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, str, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError("invalid ssh.softwareversion option");
@ -168,8 +169,7 @@ static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (DetectEngine
if (ret > 1) {
const char *str_ptr = NULL;
res = pcre2_substring_get_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -177,11 +177,13 @@ static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (DetectEngine
/* We have a correct id option */
ssh = SCMalloc(sizeof(DetectSshSoftwareVersionData));
if (unlikely(ssh == NULL))
if (unlikely(ssh == NULL)) {
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
goto error;
}
ssh->software_ver = (uint8_t *)SCStrdup((char *)str_ptr);
if (ssh->software_ver == NULL) {
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
goto error;
}
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
@ -191,9 +193,13 @@ static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (DetectEngine
SCLogDebug("will look for ssh %s", ssh->software_ver);
}
pcre2_match_data_free(match);
return ssh;
error:
if (match) {
pcre2_match_data_free(match);
}
if (ssh != NULL)
DetectSshSoftwareVersionFree(de_ctx, ssh);
return NULL;

31
src/detect-ssl-state.c
Unescape Escape View File

@ -140,7 +140,6 @@ static int DetectSslStateMatch(DetectEngineThreadCtx *det_ctx,
*/
static DetectSslStateData *DetectSslStateParse(const char *arg)
{
int ret = 0, res = 0;
size_t pcre2len;
char str1[64];
char str2[64];
@ -148,7 +147,8 @@ static DetectSslStateData *DetectSslStateParse(const char *arg)
uint32_t flags = 0, mask = 0;
DetectSslStateData *ssd = NULL;
ret = DetectParsePcreExec(&parse_regex1, arg, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex1, &match, arg, 0, 0);
if (ret < 1) {
SCLogError("Invalid arg \"%s\" supplied to "
"ssl_state keyword.",
@ -157,7 +157,7 @@ static DetectSslStateData *DetectSslStateParse(const char *arg)
}
pcre2len = sizeof(str1);
res = pcre2_substring_copy_bynumber(parse_regex1.match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len);
int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -165,7 +165,7 @@ static DetectSslStateData *DetectSslStateParse(const char *arg)
negate = !strcmp("!", str1);
pcre2len = sizeof(str1);
res = pcre2_substring_copy_bynumber(parse_regex1.match, 2, (PCRE2_UCHAR8 *)str1, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)str1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -199,32 +199,38 @@ static DetectSslStateData *DetectSslStateParse(const char *arg)
}
pcre2len = sizeof(str1);
res = pcre2_substring_copy_bynumber(parse_regex1.match, 3, (PCRE2_UCHAR8 *)str1, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)str1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
while (res >= 0 && strlen(str1) > 0) {
ret = DetectParsePcreExec(&parse_regex2, str1, 0, 0);
pcre2_match_data *match2 = NULL;
ret = DetectParsePcreExec(&parse_regex2, &match2, str1, 0, 0);
if (ret < 1) {
SCLogError("Invalid arg \"%s\" supplied to "
"ssl_state keyword.",
arg);
if (match2) {
pcre2_match_data_free(match2);
}
goto error;
}
pcre2len = sizeof(str2);
res = pcre2_substring_copy_bynumber(parse_regex2.match, 1, (PCRE2_UCHAR8 *)str2, &pcre2len);
res = pcre2_substring_copy_bynumber(match2, 1, (PCRE2_UCHAR8 *)str2, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
pcre2_match_data_free(match2);
goto error;
}
negate = !strcmp("!", str2);
pcre2len = sizeof(str2);
res = pcre2_substring_copy_bynumber(parse_regex2.match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len);
res = pcre2_substring_copy_bynumber(match2, 2, (PCRE2_UCHAR8 *)str2, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
pcre2_match_data_free(match2);
goto error;
}
if (strcmp("client_hello", str2) == 0) {
@ -251,17 +257,20 @@ static DetectSslStateData *DetectSslStateParse(const char *arg)
SCLogError("Found invalid option \"%s\" "
"in ssl_state keyword.",
str2);
pcre2_match_data_free(match2);
goto error;
}
pcre2len = sizeof(str2);
res = pcre2_substring_copy_bynumber(parse_regex2.match, 3, (PCRE2_UCHAR8 *)str2, &pcre2len);
res = pcre2_substring_copy_bynumber(match2, 3, (PCRE2_UCHAR8 *)str2, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
pcre2_match_data_free(match2);
goto error;
}
memcpy(str1, str2, sizeof(str1));
pcre2_match_data_free(match2);
}
if ( (ssd = SCMalloc(sizeof(DetectSslStateData))) == NULL) {
@ -270,9 +279,13 @@ static DetectSslStateData *DetectSslStateParse(const char *arg)
ssd->flags = flags;
ssd->mask = mask;
pcre2_match_data_free(match);
return ssd;
error:
if (match) {
pcre2_match_data_free(match);
}
return NULL;
}

19
src/detect-tag.c
Unescape Escape View File

@ -156,17 +156,17 @@ static int DetectTagMatch(DetectEngineThreadCtx *det_ctx, Packet *p,
static DetectTagData *DetectTagParse(const char *tagstr)
{
DetectTagData td;
int ret = 0, res = 0;
size_t pcre2_len;
const char *str_ptr = NULL;
ret = DetectParsePcreExec(&parse_regex, tagstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, tagstr, 0, 0);
if (ret < 1) {
SCLogError("parse error, ret %" PRId32 ", string %s", ret, tagstr);
goto error;
}
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
int res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -190,8 +190,7 @@ static DetectTagData *DetectTagParse(const char *tagstr)
td.direction = DETECT_TAG_DIR_DST;
if (ret > 4) {
res = pcre2_substring_get_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -209,8 +208,7 @@ static DetectTagData *DetectTagParse(const char *tagstr)
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
str_ptr = NULL;
res = pcre2_substring_get_bynumber(
parse_regex.match, 4, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 4, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -239,8 +237,7 @@ static DetectTagData *DetectTagParse(const char *tagstr)
/* if specified, overwrite it */
if (ret == 7) {
res = pcre2_substring_get_bynumber(
parse_regex.match, 6, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, 6, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -278,9 +275,13 @@ static DetectTagData *DetectTagParse(const char *tagstr)
}
memcpy(real_td, &td, sizeof(DetectTagData));
pcre2_match_data_free(match);
return real_td;
error:
if (match) {
pcre2_match_data_free(match);
}
if (str_ptr != NULL)
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
return NULL;

23
src/detect-target.c
Unescape Escape View File

@ -81,41 +81,48 @@ void DetectTargetRegister(void) {
*/
static int DetectTargetParse(Signature *s, const char *targetstr)
{
int ret = 0, res = 0;
size_t pcre2len;
char value[10];
ret = DetectParsePcreExec(&parse_regex, targetstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, targetstr, 0, 0);
if (ret < 1) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, targetstr);
return -1;
goto error;
}
pcre2len = sizeof(value);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)value, &pcre2len);
int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)value, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
return -1;
goto error;
}
/* now check key value */
if (!strcmp(value, "src_ip")) {
if (s->flags & SIG_FLAG_DEST_IS_TARGET) {
SCLogError("Conflicting values of target keyword");
return -1;
goto error;
}
s->flags |= SIG_FLAG_SRC_IS_TARGET;
} else if (!strcmp(value, "dest_ip")) {
if (s->flags & SIG_FLAG_SRC_IS_TARGET) {
SCLogError("Conflicting values of target keyword");
return -1;
goto error;
}
s->flags |= SIG_FLAG_DEST_IS_TARGET;
} else {
SCLogError("only 'src_ip' and 'dest_ip' are supported as target value");
return -1;
goto error;
}
pcre2_match_data_free(match);
return 0;
error:
if (match) {
pcre2_match_data_free(match);
}
return -1;
}
/**

31
src/detect-tcp-flags.c
Unescape Escape View File

@ -173,51 +173,52 @@ static DetectFlagsData *DetectFlagsParse (const char *rawstr)
{
SCEnter();
int ret = 0, found = 0, ignore = 0, res = 0;
size_t pcre2len;
int found = 0, ignore = 0;
char *ptr;
DetectFlagsData *de = NULL;
char arg1[16] = "";
char arg2[16] = "";
char arg3[16] = "";
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
SCLogDebug("input '%s', pcre said %d", rawstr, ret);
if (ret < 3) {
SCLogError("pcre match failed");
SCReturnPtr(NULL, "DetectFlagsData");
goto error;
}
pcre2len = sizeof(arg1);
res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
size_t pcre2len = sizeof(arg1);
int res = SC_Pcre2SubstringCopy(match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
SCReturnPtr(NULL, "DetectFlagsData");
goto error;
}
if (ret >= 2) {
pcre2len = sizeof(arg2);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
SCReturnPtr(NULL, "DetectFlagsData");
goto error;
}
}
if (ret >= 3) {
pcre2len = sizeof(arg3);
res = SC_Pcre2SubstringCopy(parse_regex.match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len);
res = SC_Pcre2SubstringCopy(match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
SCReturnPtr(NULL, "DetectFlagsData");
goto error;
}
}
SCLogDebug("args '%s', '%s', '%s'", arg1, arg2, arg3);
if (strlen(arg2) == 0) {
SCLogDebug("empty argument");
SCReturnPtr(NULL, "DetectFlagsData");
goto error;
}
DetectFlagsData *de = SCMalloc(sizeof(DetectFlagsData));
de = SCMalloc(sizeof(DetectFlagsData));
if (unlikely(de == NULL))
goto error;
memset(de, 0, sizeof(DetectFlagsData));
@ -450,6 +451,7 @@ static DetectFlagsData *DetectFlagsParse (const char *rawstr)
}
}
pcre2_match_data_free(match);
SCLogDebug("found %"PRId32" ignore %"PRId32"", found, ignore);
SCReturnPtr(de, "DetectFlagsData");
@ -457,6 +459,9 @@ error:
if (de) {
SCFree(de);
}
if (match) {
pcre2_match_data_free(match);
}
SCReturnPtr(NULL, "DetectFlagsData");
}

14
src/detect-tcp-window.c
Unescape Escape View File

@ -110,10 +110,11 @@ static int DetectWindowMatch(DetectEngineThreadCtx *det_ctx, Packet *p,
static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char *windowstr)
{
DetectWindowData *wd = NULL;
int ret = 0, res = 0;
int res = 0;
size_t pcre2len;
ret = DetectParsePcreExec(&parse_regex, windowstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, windowstr, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, windowstr);
goto error;
@ -126,7 +127,7 @@ static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char *
if (ret > 1) {
char copy_str[128] = "";
pcre2len = sizeof(copy_str);
res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
res = SC_Pcre2SubstringCopy(match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -140,8 +141,7 @@ static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char *
if (ret > 2) {
pcre2len = sizeof(copy_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -155,9 +155,13 @@ static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char *
}
}
pcre2_match_data_free(match);
return wd;
error:
if (match) {
pcre2_match_data_free(match);
}
if (wd != NULL)
DetectWindowFree(de_ctx, wd);
return NULL;

29
src/detect-template.c
Unescape Escape View File

@ -129,43 +129,50 @@ static DetectTemplateData *DetectTemplateParse (const char *templatestr)
{
char arg1[4] = "";
char arg2[4] = "";
size_t pcre2len;
int ret = DetectParsePcreExec(&parse_regex, templatestr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, templatestr, 0, 0);
if (ret != 3) {
SCLogError("parse error, ret %" PRId32 "", ret);
return NULL;
goto error;
}
pcre2len = sizeof(arg1);
ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
size_t pcre2len = sizeof(arg1);
ret = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (ret < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
return NULL;
goto error;
}
SCLogDebug("Arg1 \"%s\"", arg1);
pcre2len = sizeof(arg2);
ret = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len);
ret = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len);
if (ret < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
return NULL;
goto error;
}
SCLogDebug("Arg2 \"%s\"", arg2);
DetectTemplateData *templated = SCMalloc(sizeof (DetectTemplateData));
if (unlikely(templated == NULL))
return NULL;
goto error;
if (ByteExtractStringUint8(&templated->arg1, 10, 0, (const char *)arg1) < 0) {
SCFree(templated);
return NULL;
goto error;
}
if (ByteExtractStringUint8(&templated->arg2, 10, 0, (const char *)arg2) < 0) {
SCFree(templated);
return NULL;
goto error;
}
pcre2_match_data_free(match);
return templated;
error:
if (match) {
pcre2_match_data_free(match);
}
return NULL;
}
/**

10
src/detect-threshold.c
Unescape Escape View File

@ -121,6 +121,7 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr)
int second_pos = 0, count_pos = 0;
size_t pos = 0;
int i = 0;
pcre2_match_data *match = NULL;
copy_str = SCStrdup(rawstr);
if (unlikely(copy_str == NULL)) {
@ -147,7 +148,7 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr)
if(count_found != 1 || second_found != 1 || type_found != 1 || track_found != 1)
goto error;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 5) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
@ -161,8 +162,7 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr)
for (i = 0; i < (ret - 1); i++) {
res = pcre2_substring_get_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
@ -209,9 +209,13 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr)
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
pcre2_match_data_free(match);
return de;
error:
if (match) {
pcre2_match_data_free(match);
}
for (i = 0; i < (ret - 1); i++){
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);

20
src/detect-tls-cert-validity.c
Unescape Escape View File

@ -290,21 +290,20 @@ static time_t DateStringToEpoch (char *string)
static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr)
{
DetectTlsValidityData *dd = NULL;
int ret = 0, res = 0;
size_t pcre2len;
char mode[2] = "";
char value1[20] = "";
char value2[20] = "";
char range[3] = "";
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 3 || ret > 5) {
SCLogError("Parse error %s", rawstr);
goto error;
}
pcre2len = sizeof(mode);
res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len);
size_t pcre2len = sizeof(mode);
int res = SC_Pcre2SubstringCopy(match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -312,7 +311,7 @@ static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr)
SCLogDebug("mode \"%s\"", mode);
pcre2len = sizeof(value1);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -321,7 +320,7 @@ static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr)
if (ret > 3) {
pcre2len = sizeof(range);
res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)range, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)range, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -330,8 +329,7 @@ static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr)
if (ret > 4) {
pcre2len = sizeof(value2);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 4, (PCRE2_UCHAR8 *)value2, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 4, (PCRE2_UCHAR8 *)value2, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -390,9 +388,13 @@ static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr)
goto error;
}
}
pcre2_match_data_free(match);
return dd;
error:
if (match) {
pcre2_match_data_free(match);
}
if (dd)
SCFree(dd);
return NULL;

12
src/detect-tls-version.c
Unescape Escape View File

@ -150,10 +150,11 @@ static DetectTlsVersionData *DetectTlsVersionParse (DetectEngineCtx *de_ctx, con
{
uint16_t temp;
DetectTlsVersionData *tls = NULL;
int ret = 0, res = 0;
int res = 0;
size_t pcre2len;
ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, str, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError("invalid tls.version option");
goto error;
@ -163,8 +164,7 @@ static DetectTlsVersionData *DetectTlsVersionParse (DetectEngineCtx *de_ctx, con
char ver_ptr[64];
char *tmp_str;
pcre2len = sizeof(ver_ptr);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 *)ver_ptr, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)ver_ptr, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -205,9 +205,13 @@ static DetectTlsVersionData *DetectTlsVersionParse (DetectEngineCtx *de_ctx, con
SCLogDebug("will look for tls %"PRIu16"", tls->ver);
}
pcre2_match_data_free(match);
return tls;
error:
if (match) {
pcre2_match_data_free(match);
}
if (tls != NULL)
DetectTlsVersionFree(de_ctx, tls);
return NULL;

22
src/detect-tls.c
Unescape Escape View File

@ -217,14 +217,14 @@ static int DetectTlsSubjectMatch (DetectEngineThreadCtx *det_ctx,
static DetectTlsData *DetectTlsSubjectParse (DetectEngineCtx *de_ctx, const char *str, bool negate)
{
DetectTlsData *tls = NULL;
int ret = 0, res = 0;
size_t pcre2_len;
const char *str_ptr;
char *orig = NULL;
char *tmp_str;
uint32_t flag = 0;
ret = DetectParsePcreExec(&subject_parse_regex, str, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&subject_parse_regex, &match, str, 0, 0);
if (ret != 2) {
SCLogError("invalid tls.subject option");
goto error;
@ -233,8 +233,7 @@ static DetectTlsData *DetectTlsSubjectParse (DetectEngineCtx *de_ctx, const char
if (negate)
flag = DETECT_CONTENT_NEGATED;
res = pcre2_substring_get_bynumber(
subject_parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
int res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -266,6 +265,7 @@ static DetectTlsData *DetectTlsSubjectParse (DetectEngineCtx *de_ctx, const char
goto error;
}
pcre2_match_data_free(match);
SCFree(orig);
SCLogDebug("will look for TLS subject %s", tls->subject);
@ -273,6 +273,9 @@ static DetectTlsData *DetectTlsSubjectParse (DetectEngineCtx *de_ctx, const char
return tls;
error:
if (match) {
pcre2_match_data_free(match);
}
if (orig != NULL)
SCFree(orig);
if (tls != NULL)
@ -409,14 +412,14 @@ static int DetectTlsIssuerDNMatch (DetectEngineThreadCtx *det_ctx,
static DetectTlsData *DetectTlsIssuerDNParse(DetectEngineCtx *de_ctx, const char *str, bool negate)
{
DetectTlsData *tls = NULL;
int ret = 0, res = 0;
size_t pcre2_len;
const char *str_ptr;
char *orig = NULL;
char *tmp_str;
uint32_t flag = 0;
ret = DetectParsePcreExec(&issuerdn_parse_regex, str, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&issuerdn_parse_regex, &match, str, 0, 0);
if (ret != 2) {
SCLogError("invalid tls.issuerdn option");
goto error;
@ -425,8 +428,7 @@ static DetectTlsData *DetectTlsIssuerDNParse(DetectEngineCtx *de_ctx, const char
if (negate)
flag = DETECT_CONTENT_NEGATED;
res = pcre2_substring_get_bynumber(
issuerdn_parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
int res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
@ -461,11 +463,15 @@ static DetectTlsData *DetectTlsIssuerDNParse(DetectEngineCtx *de_ctx, const char
SCFree(orig);
pcre2_match_data_free(match);
SCLogDebug("Will look for TLS issuerdn %s", tls->issuerdn);
return tls;
error:
if (match) {
pcre2_match_data_free(match);
}
if (orig != NULL)
SCFree(orig);
if (tls != NULL)

11
src/detect-tos.c
Unescape Escape View File

@ -111,10 +111,10 @@ static int DetectTosMatch(DetectEngineThreadCtx *det_ctx, Packet *p,
static DetectTosData *DetectTosParse(const char *arg, bool negate)
{
DetectTosData *tosd = NULL;
int ret = 0, res = 0;
size_t pcre2len;
ret = DetectParsePcreExec(&parse_regex, arg, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, arg, 0, 0);
if (ret != 2) {
SCLogError("invalid tos option - %s. "
"The tos option value must be in the range "
@ -126,8 +126,7 @@ static DetectTosData *DetectTosParse(const char *arg, bool negate)
/* For TOS value */
char tosbytes_str[64] = "";
pcre2len = sizeof(tosbytes_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 *)tosbytes_str, &pcre2len);
int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)tosbytes_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
@ -159,9 +158,13 @@ static DetectTosData *DetectTosParse(const char *arg, bool negate)
tosd->tos = (uint8_t)tos;
tosd->negated = negate;
pcre2_match_data_free(match);
return tosd;
error:
if (match) {
pcre2_match_data_free(match);
}
return NULL;
}

26
src/detect-xbits.c
Unescape Escape View File

@ -194,41 +194,44 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx,
DetectXbitsData *cd = NULL;
uint8_t fb_cmd = 0;
uint8_t hb_dir = 0;
int ret = 0, res = 0;
size_t pcre2len;
char fb_cmd_str[16] = "", fb_name[256] = "";
char hb_dir_str[16] = "";
enum VarTypes var_type = VAR_TYPE_NOT_SET;
uint32_t expire = DETECT_XBITS_EXPIRE_DEFAULT;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
pcre2_match_data *match = NULL;
int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret != 2 && ret != 3 && ret != 4 && ret != 5) {
SCLogError("\"%s\" is not a valid setting for xbits.", rawstr);
if (match) {
pcre2_match_data_free(match);
}
return -1;
}
SCLogDebug("ret %d, %s", ret, rawstr);
pcre2len = sizeof(fb_cmd_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 *)fb_cmd_str, &pcre2len);
int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)fb_cmd_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
pcre2_match_data_free(match);
return -1;
}
if (ret >= 3) {
pcre2len = sizeof(fb_name);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)fb_name, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)fb_name, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
pcre2_match_data_free(match);
return -1;
}
if (ret >= 4) {
pcre2len = sizeof(hb_dir_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)hb_dir_str, &pcre2len);
res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)hb_dir_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
pcre2_match_data_free(match);
return -1;
}
SCLogDebug("hb_dir_str %s", hb_dir_str);
@ -244,6 +247,7 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx,
var_type = VAR_TYPE_IPPAIR_BIT;
} else {
// TODO
pcre2_match_data_free(match);
return -1;
}
}
@ -252,9 +256,10 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx,
char expire_str[16] = "";
pcre2len = sizeof(expire_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 4, (PCRE2_UCHAR8 *)expire_str, &pcre2len);
match, 4, (PCRE2_UCHAR8 *)expire_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
pcre2_match_data_free(match);
return -1;
}
SCLogDebug("expire_str %s", expire_str);
@ -262,10 +267,12 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx,
SCLogError("Invalid value for "
"expire: \"%s\"",
expire_str);
pcre2_match_data_free(match);
return -1;
}
if (expire == 0) {
SCLogError("expire must be bigger than 0");
pcre2_match_data_free(match);
return -1;
}
SCLogDebug("expire %d", expire);
@ -273,6 +280,7 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx,
}
}
pcre2_match_data_free(match);
if (strcmp(fb_cmd_str,"noalert") == 0) {
fb_cmd = DETECT_XBITS_CMD_NOALERT;
} else if (strcmp(fb_cmd_str,"isset") == 0) {

Write Preview
Loading…
Cancel
Save