aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

pcre2: migrate keywords parsing

Browse Source
pull/6414/head
Philippe Antoine 5 years ago
parent 2dea9a1e37
commit 3de99a214c
69 changed files with 838 additions and 710 deletions
Show Stats Download Patch File Download Diff File

20
src/detect-base64-decode.c
Unescape Escape View File

@ -105,8 +105,6 @@ int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s
static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
uint32_t *offset, uint8_t *relative)
{
static const int max = 30;
int ov[max];
int pcre_rc;
const char *bytes_str = NULL;
const char *offset_str = NULL;
@ -116,14 +114,16 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
*bytes = 0;
*offset = 0;
*relative = 0;
size_t pcre2_len;
pcre_rc = DetectParsePcreExec(&decode_pcre, str, 0, 0, ov, max);
pcre_rc = DetectParsePcreExec(&decode_pcre, str, 0, 0);
if (pcre_rc < 3) {
goto error;
}
if (pcre_rc >= 3) {
if (pcre_get_substring((char *)str, ov, max, 2, &bytes_str) > 0) {
if (pcre2_substring_get_bynumber(
decode_pcre.match, 2, (PCRE2_UCHAR8 **)&bytes_str, &pcre2_len) == 0) {
if (StringParseUint32(bytes, 10, 0, bytes_str) <= 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT,
"Bad value for bytes: \"%s\"", bytes_str);
@ -133,7 +133,8 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
}
if (pcre_rc >= 5) {
if (pcre_get_substring((char *)str, ov, max, 4, &offset_str)) {
if (pcre2_substring_get_bynumber(
decode_pcre.match, 4, (PCRE2_UCHAR8 **)&offset_str, &pcre2_len) == 0) {
if (StringParseUint32(offset, 10, 0, offset_str) <= 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT,
"Bad value for offset: \"%s\"", offset_str);
@ -143,7 +144,8 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
}
if (pcre_rc >= 6) {
if (pcre_get_substring((char *)str, ov, max, 5, &relative_str)) {
if (pcre2_substring_get_bynumber(
decode_pcre.match, 5, (PCRE2_UCHAR8 **)&relative_str, &pcre2_len) == 0) {
if (strcmp(relative_str, "relative") == 0) {
*relative = 1;
}
@ -158,13 +160,13 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
retval = 1;
error:
if (bytes_str != NULL) {
pcre_free_substring(bytes_str);
pcre2_substring_free((PCRE2_UCHAR8 *)bytes_str);
}
if (offset_str != NULL) {
pcre_free_substring(offset_str);
pcre2_substring_free((PCRE2_UCHAR8 *)offset_str);
}
if (relative_str != NULL) {
pcre_free_substring(relative_str);
pcre2_substring_free((PCRE2_UCHAR8 *)relative_str);
}
return retval;
}

60
src/detect-byte-extract.c
Unescape Escape View File

@ -214,13 +214,11 @@ int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatchData
static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ctx, const char *arg)
{
DetectByteExtractData *bed = NULL;
#undef MAX_SUBSTRINGS
#define MAX_SUBSTRINGS 100
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
int i = 0;
ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, arg, 0, 0);
if (ret < 3 || ret > 19) {
SCLogError(SC_ERR_PCRE_PARSE, "parse error, ret %" PRId32
", string \"%s\"", ret, arg);
@ -236,10 +234,11 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
/* no of bytes to extract */
char nbytes_str[64] = "";
res = pcre_copy_substring((char *)arg, ov,
MAX_SUBSTRINGS, 1, nbytes_str, sizeof(nbytes_str));
pcre2len = sizeof(nbytes_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 *)nbytes_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for arg 1 for byte_extract");
goto error;
}
@ -252,10 +251,11 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
/* offset */
char offset_str[64] = "";
res = pcre_copy_substring((char *)arg, ov,
MAX_SUBSTRINGS, 2, offset_str, sizeof(offset_str));
pcre2len = sizeof(offset_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)offset_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for arg 2 for byte_extract");
goto error;
}
@ -268,10 +268,11 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
/* var name */
char varname_str[256] = "";
res = pcre_copy_substring((char *)arg, ov,
MAX_SUBSTRINGS, 3, varname_str, sizeof(varname_str));
pcre2len = sizeof(varname_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)varname_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for arg 3 for byte_extract");
goto error;
}
@ -282,11 +283,14 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
/* check out other optional args */
for (i = 4; i < ret; i++) {
char opt_str[64] = "";
res = pcre_copy_substring((char *)arg, ov,
MAX_SUBSTRINGS, i, opt_str, sizeof(opt_str));
pcre2len = sizeof(opt_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, i, (PCRE2_UCHAR8 *)opt_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
"for arg %d for byte_extract", i);
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre2_substring_copy_bynumber failed "
"for arg %d for byte_extract",
i);
goto error;
}
@ -307,11 +311,14 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
i++;
char multiplier_str[16] = "";
res = pcre_copy_substring((char *)arg, ov,
MAX_SUBSTRINGS, i, multiplier_str, sizeof(multiplier_str));
pcre2len = sizeof(multiplier_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, i, (PCRE2_UCHAR8 *)multiplier_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
"for arg %d for byte_extract", i);
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre2_substring_copy_bynumber failed "
"for arg %d for byte_extract",
i);
goto error;
}
int32_t multiplier;
@ -410,11 +417,14 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
i++;
char align_str[16] = "";
res = pcre_copy_substring((char *)arg, ov,
MAX_SUBSTRINGS, i, align_str, sizeof(align_str));
pcre2len = sizeof(align_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, i, (PCRE2_UCHAR8 *)align_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
"for arg %d in byte_extract", i);
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre2_substring_copy_bynumber failed "
"for arg %d in byte_extract",
i);
goto error;
}
if (StringParseUint8(&bed->align_value, 10, 0,

17
src/detect-bytejump.c
Unescape Escape View File

@ -321,7 +321,7 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
DetectBytejumpData *data = NULL;
char args[10][64];
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
int numargs = 0;
int i = 0;
uint32_t nbytes;
@ -331,7 +331,7 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
memset(args, 0x00, sizeof(args));
/* Execute the regex and populate args with captures. */
ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0);
if (ret < 2 || ret > 10) {
SCLogError(SC_ERR_PCRE_PARSE,"parse error, ret %" PRId32
", string \"%s\"", ret, optstr);
@ -343,10 +343,10 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
* supports 9 substrings, sigh.
*/
char str[512] = "";
res = pcre_copy_substring((char *)optstr, ov,
MAX_SUBSTRINGS, 1, str, sizeof(str));
pcre2len = sizeof(str);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_copy_substring failed "
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for arg 1");
goto error;
}
@ -373,9 +373,12 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
/* The remaining args are directly from PCRE substrings */
for (i = 1; i < (ret - 1); i++) {
res = pcre_copy_substring((char *)optstr, ov, MAX_SUBSTRINGS, i + 1, args[i+1], sizeof(args[0]));
pcre2len = sizeof(args[0]);
res = pcre2_substring_copy_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 *)args[i + 1], &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_copy_substring failed for arg %d", i + 1);
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed for arg %d",
i + 1);
goto error;
}
numargs++;

117
src/detect-bytemath.c
Unescape Escape View File

@ -259,12 +259,10 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
{
DetectByteMathData *bmd = NULL;
int ret, res;
#undef MAX_SUBSTRINGS
#define MAX_SUBSTRINGS 100
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char tmp_str[128] = "";
ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, arg, 0, 0);
if (ret < MIN_GROUP || ret > MAX_GROUP) {
SCLogError(SC_ERR_PCRE_PARSE, "byte_math parse error; invalid value: ret %" PRId32
", string \"%s\"", ret, arg);
@ -276,11 +274,14 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
goto error;
/* no of bytes to extract */
res = pcre_copy_substring((char *)arg, ov,
MAX_SUBSTRINGS, BYTES_VAL, tmp_str, sizeof(tmp_str));
pcre2len = sizeof(tmp_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, BYTES_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
"for \"nbytes\" value: \"%s\"", tmp_str);
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre2_substring_copy_bynumber failed "
"for \"nbytes\" value: \"%s\"",
tmp_str);
goto error;
}
@ -294,11 +295,14 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
}
/* offset */
res = pcre_copy_substring((char *)arg, ov,
MAX_SUBSTRINGS, OFFSET_VAL, tmp_str, sizeof(tmp_str));
pcre2len = sizeof(tmp_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, OFFSET_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
"for \"offset\" value: \"%s\"", tmp_str);
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre2_substring_copy_bynumber failed "
"for \"offset\" value: \"%s\"",
tmp_str);
goto error;
}
@ -310,11 +314,14 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
}
/* operator */
res = pcre_copy_substring((char *)arg, ov,
MAX_SUBSTRINGS, OPER_VAL, tmp_str, sizeof(tmp_str));
pcre2len = sizeof(tmp_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, OPER_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
"for \"operator\" value of byte_math: \"%s\"", tmp_str);
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre2_substring_copy_bynumber failed "
"for \"operator\" value of byte_math: \"%s\"",
tmp_str);
goto error;
}
@ -333,11 +340,14 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
}
/* rvalue */
res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
RVALUE_VAL, tmp_str, sizeof(tmp_str));
pcre2len = sizeof(tmp_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, RVALUE_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
"for \"rvalue\" to byte_math: \"%s\"", tmp_str);
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre2_substring_copy_bynumber failed "
"for \"rvalue\" to byte_math: \"%s\"",
tmp_str);
goto error;
}
@ -361,10 +371,11 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
}
/* result */
res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
RESULT_VAL, tmp_str, sizeof(tmp_str));
pcre2len = sizeof(tmp_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, RESULT_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for \"result\" to byte_math");
goto error;
}
@ -387,11 +398,12 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
*/
if (ret > RELATIVE_KW) {
res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
RELATIVE_KW, tmp_str, sizeof(tmp_str));
pcre2len = sizeof(tmp_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, RELATIVE_KW, (PCRE2_UCHAR8 *)tmp_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for byte_math \"relative\" arg");
goto error;
}
@ -402,10 +414,11 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
}
if (ret > ENDIAN_VAL) {
res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
ENDIAN_KW, tmp_str, sizeof(tmp_str));
pcre2len = sizeof(tmp_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, ENDIAN_KW, (PCRE2_UCHAR8 *)tmp_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for byte_math \"endian\" arg");
goto error;
}
@ -414,10 +427,11 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
bmd->flags |= DETECT_BYTEMATH_FLAG_ENDIAN;
}
res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
ENDIAN_VAL, tmp_str, sizeof(tmp_str));
pcre2len = sizeof(tmp_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, ENDIAN_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for byte_math \"endian\" value");
goto error;
}
@ -430,10 +444,11 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
}
if (ret > STRING_VAL) {
res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
STRING_KW, tmp_str, sizeof(tmp_str));
pcre2len = sizeof(tmp_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, STRING_KW, (PCRE2_UCHAR8 *)tmp_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for byte_math \"string\" arg");
goto error;
}
@ -442,10 +457,11 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
bmd->flags |= DETECT_BYTEMATH_FLAG_STRING;
}
res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
STRING_VAL, tmp_str, sizeof(tmp_str));
pcre2len = sizeof(tmp_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, STRING_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for byte_math \"string\" value");
goto error;
}
@ -461,10 +477,11 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
}
if (ret > DCE_KW) {
res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
DCE_KW, tmp_str, sizeof(tmp_str));
pcre2len = sizeof(tmp_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, DCE_KW, (PCRE2_UCHAR8 *)tmp_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for byte_math \"dce\" arg");
goto error;
}
@ -476,10 +493,11 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
}
if (ret > BITMASK_VAL) {
res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
BITMASK_KW, tmp_str, sizeof(tmp_str));
pcre2len = sizeof(tmp_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, BITMASK_KW, (PCRE2_UCHAR8 *)tmp_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for byte_math \"bitmask\" arg");
goto error;
}
@ -489,11 +507,14 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
}
/* bitmask value*/
res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
BITMASK_VAL, tmp_str, sizeof(tmp_str));
pcre2len = sizeof(tmp_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, BITMASK_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
"for bitmask value: \"%s\"", tmp_str);
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre2_substring_copy_bynumber failed "
"for bitmask value: \"%s\"",
tmp_str);
goto error;
}

32
src/detect-bytetest.c
Unescape Escape View File

@ -271,13 +271,13 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
char *test_value = NULL;
char *data_offset = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
int i;
uint32_t nbytes;
const char *str_ptr = NULL;
/* Execute the regex and populate args with captures. */
ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0);
if (ret < 4 || ret > 9) {
SCLogError(SC_ERR_PCRE_PARSE, "parse error, ret %" PRId32
", string %s", ret, optstr);
@ -286,11 +286,13 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
/* Subtract two since two values are conjoined */
for (i = 0; i < (ret - 1); i++) {
res = pcre_get_substring((char *)optstr, ov, MAX_SUBSTRINGS,
i + 1, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed "
"for arg %d", i + 1);
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre2_substring_get_bynumber failed "
"for arg %d",
i + 1);
goto error;
}
/* args[2] is comma separated test value, offset */
@ -366,9 +368,9 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
if (test_value) {
/*
* test_value was created while fetching strings and contains the test value and offset, comma separated. The
* values was allocated by test_value (pcre_get_substring) and data_offset (SCStrdup), respectively; e.g.,
* test_value,offset
* test_value was created while fetching strings and contains the test value and offset,
* comma separated. The values was allocated by test_value (pcre2_substring_get_bynumber)
* and data_offset (SCStrdup), respectively; e.g., test_value,offset
*/
char *end_ptr = test_value;
while (!(isspace((unsigned char)*end_ptr) || (*end_ptr == ','))) end_ptr++;
@ -503,18 +505,22 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
}
for (i = 0; i < (ret - 1); i++){
if (args[i] != NULL) SCFree(args[i]);
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
if (data_offset) SCFree(data_offset);
if (test_value) SCFree(test_value);
if (test_value)
pcre2_substring_free((PCRE2_UCHAR8 *)test_value);
return data;
error:
for (i = 0; i < (ret - 1); i++){
if (args[i] != NULL) SCFree(args[i]);
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
if (data_offset) SCFree(data_offset);
if (test_value) SCFree(test_value);
if (test_value)
pcre2_substring_free((PCRE2_UCHAR8 *)test_value);
if (data) SCFree(data);
return NULL;
}

9
src/detect-classtype.c
Unescape Escape View File

@ -69,20 +69,21 @@ void DetectClasstypeRegister(void)
*/
static int DetectClasstypeParseRawString(const char *rawstr, char *out, size_t outsize)
{
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
const size_t esize = CLASSTYPE_NAME_MAX_LEN + 8;
char e[esize];
int ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
int ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 0) {
SCLogError(SC_ERR_PCRE_MATCH, "Invalid Classtype in Signature");
return -1;
}
ret = pcre_copy_substring((char *)rawstr, ov, 30, 1, e, esize);
pcre2len = esize;
ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)e, &pcre2len);
if (ret < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return -1;
}

35
src/detect-config.c
Unescape Escape View File

@ -167,9 +167,8 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
DetectConfigData *fd = NULL;
SigMatch *sm = NULL;
#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
#if 0
/* filestore and bypass keywords can't work together */
if (s->flags & SIG_FLAG_BYPASS) {
@ -195,14 +194,15 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
char scopeval[32];
SCLogDebug("str %s", str);
ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (ret != 7) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "config is rather picky at this time");
goto error;
}
res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 1, subsys, sizeof(subsys));
pcre2len = sizeof(subsys);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)subsys, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
@ -212,9 +212,10 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
}
SCLogDebug("subsys %s", subsys);
res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 2, state, sizeof(state));
pcre2len = sizeof(state);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)state, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
@ -224,9 +225,10 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
}
SCLogDebug("state %s", state);
res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 3, type, sizeof(type));
pcre2len = sizeof(type);
res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)type, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
@ -236,9 +238,10 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
}
SCLogDebug("type %s", type);
res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 4, typeval, sizeof(typeval));
pcre2len = sizeof(typeval);
res = pcre2_substring_copy_bynumber(parse_regex.match, 4, (PCRE2_UCHAR8 *)typeval, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
@ -248,9 +251,10 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
}
SCLogDebug("typeval %s", typeval);
res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 5, scope, sizeof(scope));
pcre2len = sizeof(scope);
res = pcre2_substring_copy_bynumber(parse_regex.match, 5, (PCRE2_UCHAR8 *)scope, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
@ -260,9 +264,10 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
}
SCLogDebug("scope %s", scope);
res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 6, scopeval, sizeof(scopeval));
pcre2len = sizeof(scopeval);
res = pcre2_substring_copy_bynumber(parse_regex.match, 6, (PCRE2_UCHAR8 *)scopeval, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}

13
src/detect-detection-filter.c
Unescape Escape View File

@ -97,7 +97,7 @@ static DetectThresholdData *DetectDetectionFilterParse (const char *rawstr)
{
DetectThresholdData *df = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
const char *str_ptr = NULL;
char *args[6] = { NULL, NULL, NULL, NULL, NULL, NULL};
char *copy_str = NULL, *df_opt = NULL;
@ -129,7 +129,7 @@ static DetectThresholdData *DetectDetectionFilterParse (const char *rawstr)
if (count_found != 1 || seconds_found != 1 || track_found != 1)
goto error;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 5) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
@ -144,9 +144,10 @@ static DetectThresholdData *DetectDetectionFilterParse (const char *rawstr)
df->type = TYPE_DETECTION;
for (i = 0; i < (ret - 1); i++) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, i + 1, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
@ -183,14 +184,14 @@ static DetectThresholdData *DetectDetectionFilterParse (const char *rawstr)
for (i = 0; i < 6; i++){
if (args[i] != NULL)
SCFree(args[i]);
pcre2_substring_free((PCRE2_UCHAR *)args[i]);
}
return df;
error:
for (i = 0; i < 6; i++){
if (args[i] != NULL)
SCFree(args[i]);
pcre2_substring_free((PCRE2_UCHAR *)args[i]);
}
if (df != NULL)
SCFree(df);

25
src/detect-dsize.c
Unescape Escape View File

@ -143,44 +143,49 @@ static DetectDsizeData *DetectDsizeParse (const char *rawstr)
{
DetectDsizeData *dd = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char mode[2] = "";
char value1[6] = "";
char value2[6] = "";
char range[3] = "";
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", rawstr);
goto error;
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, mode, sizeof(mode));
pcre2len = sizeof(mode);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("mode \"%s\"", mode);
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value1, sizeof(value1));
pcre2len = sizeof(value1);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("value1 \"%s\"", value1);
if (ret > 3) {
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, range, sizeof(range));
pcre2len = sizeof(range);
res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)range, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("range \"%s\"", range);
if (ret > 4) {
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, value2, sizeof(value2));
pcre2len = sizeof(value2);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 4, (PCRE2_UCHAR8 *)value2, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("value2 \"%s\"", value2);

10
src/detect-engine-event.c
Unescape Escape View File

@ -123,9 +123,9 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr)
int i;
DetectEngineEventData *de = NULL;
int ret = 0, res = 0, found = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32
", string %s", ret, rawstr);
@ -133,11 +133,11 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr)
}
char copy_str[128] = "";
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 0,
copy_str, sizeof(copy_str));
pcre2len = sizeof(copy_str);
res = pcre2_substring_copy_bynumber(parse_regex.match, 0, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}

40
src/detect-engine-uint.c
Unescape Escape View File

@ -96,33 +96,37 @@ DetectU32Data *DetectU32Parse (const char *u32str)
char arg3[16] = "";
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
ret = DetectParsePcreExec(&uint_pcre, u32str, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&uint_pcre, u32str, 0, 0);
if (ret < 2 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
return NULL;
}
res = pcre_copy_substring((char *) u32str, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1));
pcre2len = sizeof(arg1);
res = pcre2_substring_copy_bynumber(uint_pcre.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return NULL;
}
SCLogDebug("Arg1 \"%s\"", arg1);
if (ret >= 3) {
res = pcre_copy_substring((char *) u32str, ov, MAX_SUBSTRINGS, 2, arg2, sizeof(arg2));
pcre2len = sizeof(arg2);
res = pcre2_substring_copy_bynumber(uint_pcre.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return NULL;
}
SCLogDebug("Arg2 \"%s\"", arg2);
if (ret >= 4) {
res = pcre_copy_substring((char *) u32str, ov, MAX_SUBSTRINGS, 3, arg3, sizeof(arg3));
pcre2len = sizeof(arg3);
res = pcre2_substring_copy_bynumber(
uint_pcre.match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return NULL;
}
SCLogDebug("Arg3 \"%s\"", arg3);
@ -308,33 +312,37 @@ DetectU8Data *DetectU8Parse (const char *u8str)
char arg3[16] = "";
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
ret = DetectParsePcreExec(&uint_pcre, u8str, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&uint_pcre, u8str, 0, 0);
if (ret < 2 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
return NULL;
}
res = pcre_copy_substring((char *) u8str, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1));
pcre2len = sizeof(arg1);
res = pcre2_substring_copy_bynumber(uint_pcre.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return NULL;
}
SCLogDebug("Arg1 \"%s\"", arg1);
if (ret >= 3) {
res = pcre_copy_substring((char *) u8str, ov, MAX_SUBSTRINGS, 2, arg2, sizeof(arg2));
pcre2len = sizeof(arg2);
res = pcre2_substring_copy_bynumber(uint_pcre.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return NULL;
}
SCLogDebug("Arg2 \"%s\"", arg2);
if (ret >= 4) {
res = pcre_copy_substring((char *) u8str, ov, MAX_SUBSTRINGS, 3, arg3, sizeof(arg3));
pcre2len = sizeof(arg3);
res = pcre2_substring_copy_bynumber(
uint_pcre.match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return NULL;
}
SCLogDebug("Arg3 \"%s\"", arg3);

18
src/detect-fast-pattern.c
Unescape Escape View File

@ -172,7 +172,7 @@ void DetectFastPatternRegister(void)
static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
{
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char arg_substr[128] = "";
DetectContentData *cd = NULL;
@ -237,7 +237,7 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
}
/* Execute the regex and populate args with captures. */
ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, arg, 0, 0);
/* fast pattern only */
if (ret == 2) {
if ((cd->flags & DETECT_CONTENT_NEGATED) ||
@ -256,10 +256,11 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
/* fast pattern chop */
} else if (ret == 4) {
res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
2, arg_substr, sizeof(arg_substr));
pcre2len = sizeof(arg_substr);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)arg_substr, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed "
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for fast_pattern offset");
goto error;
}
@ -271,10 +272,11 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
goto error;
}
res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
3, arg_substr, sizeof(arg_substr));
pcre2len = sizeof(arg_substr);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)arg_substr, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed "
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for fast_pattern offset");
goto error;
}

38
src/detect-filesize.c
Unescape Escape View File

@ -147,9 +147,9 @@ static DetectFilesizeData *DetectFilesizeParse (const char *str)
char *arg3 = NULL;
char *arg4 = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_PARSE, "filesize option pcre parse error: \"%s\"", str);
goto error;
@ -158,35 +158,37 @@ static DetectFilesizeData *DetectFilesizeParse (const char *str)
SCLogDebug("ret %d", ret);
res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg1 = (char *) str_ptr;
SCLogDebug("Arg1 \"%s\"", arg1);
res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 2, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg2 = (char *) str_ptr;
SCLogDebug("Arg2 \"%s\"", arg2);
if (ret > 3) {
res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 3, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg3 = (char *) str_ptr;
SCLogDebug("Arg3 \"%s\"", arg3);
if (ret > 4) {
res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 4, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 4, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg4 = (char *) str_ptr;
@ -240,25 +242,25 @@ static DetectFilesizeData *DetectFilesizeParse (const char *str)
}
}
pcre_free_substring(arg1);
pcre_free_substring(arg2);
pcre2_substring_free((PCRE2_UCHAR *)arg1);
pcre2_substring_free((PCRE2_UCHAR *)arg2);
if (arg3 != NULL)
pcre_free_substring(arg3);
pcre2_substring_free((PCRE2_UCHAR *)arg3);
if (arg4 != NULL)
pcre_free_substring(arg4);
pcre2_substring_free((PCRE2_UCHAR *)arg4);
return fsd;
error:
if (fsd)
SCFree(fsd);
if (arg1 != NULL)
SCFree(arg1);
pcre2_substring_free((PCRE2_UCHAR *)arg1);
if (arg2 != NULL)
SCFree(arg2);
pcre2_substring_free((PCRE2_UCHAR *)arg2);
if (arg3 != NULL)
SCFree(arg3);
pcre2_substring_free((PCRE2_UCHAR *)arg3);
if (arg4 != NULL)
SCFree(arg4);
pcre2_substring_free((PCRE2_UCHAR *)arg4);
return NULL;
}

22
src/detect-filestore.c
Unescape Escape View File

@ -349,7 +349,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
SigMatch *sm = NULL;
char *args[3] = {NULL,NULL,NULL};
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
/* filestore and bypass keywords can't work together */
if (s->flags & SIG_FLAG_BYPASS) {
@ -370,32 +370,38 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
char str_2[32];
SCLogDebug("str %s", str);
ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, str);
goto error;
}
if (ret > 1) {
res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 1, str_0, sizeof(str_0));
pcre2len = sizeof(str_0);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 *)str_0, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
args[0] = (char *)str_0;
if (ret > 2) {
res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 2, str_1, sizeof(str_1));
pcre2len = sizeof(str_1);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)str_1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
args[1] = (char *)str_1;
}
if (ret > 3) {
res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 3, str_2, sizeof(str_2));
pcre2len = sizeof(str_2);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)str_2, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
args[2] = (char *)str_2;

21
src/detect-flow.c
Unescape Escape View File

@ -174,35 +174,40 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
DetectFlowData *fd = NULL;
char *args[3] = {NULL,NULL,NULL};
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char str1[16] = "", str2[16] = "", str3[16] = "";
ret = DetectParsePcreExec(&parse_regex, flowstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, flowstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, flowstr);
goto error;
}
if (ret > 1) {
res = pcre_copy_substring((char *)flowstr, ov, MAX_SUBSTRINGS, 1, str1, sizeof(str1));
pcre2len = sizeof(str1);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
args[0] = (char *)str1;
if (ret > 2) {
res = pcre_copy_substring((char *)flowstr, ov, MAX_SUBSTRINGS, 2, str2, sizeof(str2));
pcre2len = sizeof(str2);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
args[1] = (char *)str2;
}
if (ret > 3) {
res = pcre_copy_substring((char *)flowstr, ov, MAX_SUBSTRINGS, 3, str3, sizeof(str3));
pcre2len = sizeof(str3);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)str3, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
args[2] = (char *)str3;

16
src/detect-flowbits.c
Unescape Escape View File

@ -215,28 +215,28 @@ int DetectFlowbitMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
static int DetectFlowbitParse(const char *str, char *cmd, int cmd_len, char *name,
int name_len)
{
const int max_substrings = 30;
int count, rc;
int ov[max_substrings];
size_t pcre2len;
count = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, max_substrings);
count = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (count != 2 && count != 3) {
SCLogError(SC_ERR_PCRE_MATCH,
"\"%s\" is not a valid setting for flowbits.", str);
return 0;
}
rc = pcre_copy_substring((char *)str, ov, max_substrings, 1, cmd, cmd_len);
pcre2len = cmd_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len);
if (rc < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return 0;
}
if (count == 3) {
rc = pcre_copy_substring((char *)str, ov, max_substrings, 2, name,
name_len);
pcre2len = name_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len);
if (rc < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return 0;
}

29
src/detect-flowint.c
Unescape Escape View File

@ -230,28 +230,28 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
char *varval = NULL;
char *modstr = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
uint8_t modifier = FLOWINT_MODIFIER_UNKNOWN;
unsigned long long value_long = 0;
const char *str_ptr;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 3 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowint(ret = %d).", rawstr, ret);
return NULL;
}
/* Get our flowint varname */
res = pcre_get_substring((char *) rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
varname = (char *)str_ptr;
res = pcre_get_substring((char *) rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
modstr = (char *)str_ptr;
@ -295,10 +295,11 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
if (ret < 4)
goto error;
res = pcre_get_substring((char *) rawstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
varval = (char *)str_ptr;
if (res < 0 || varval == NULL || strcmp(varval, "") == 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
@ -333,18 +334,18 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
SCLogDebug("sfd->name %s id %u", sfd->name, sfd->idx);
sfd->modifier = modifier;
pcre_free_substring(varname);
pcre_free_substring(modstr);
pcre2_substring_free((PCRE2_UCHAR *)varname);
pcre2_substring_free((PCRE2_UCHAR *)modstr);
if (varval)
pcre_free_substring(varval);
pcre2_substring_free((PCRE2_UCHAR *)varval);
return sfd;
error:
if (varname)
pcre_free_substring(varname);
pcre2_substring_free((PCRE2_UCHAR *)varname);
if (varval)
pcre_free_substring(varval);
pcre2_substring_free((PCRE2_UCHAR *)varval);
if (modstr)
pcre_free_substring(modstr);
pcre2_substring_free((PCRE2_UCHAR *)modstr);
if (sfd != NULL)
SCFree(sfd);
return NULL;

16
src/detect-flowvar.c
Unescape Escape View File

@ -116,28 +116,30 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
DetectFlowvarData *fd = NULL;
SigMatch *sm = NULL;
char varname[64], varcontent[64];
#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
uint8_t *content = NULL;
uint16_t contentlen = 0;
uint32_t contentflags = s->init_data->negated ? DETECT_CONTENT_NEGATED : 0;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret != 3) {
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowvar.", rawstr);
return -1;
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, varname, sizeof(varname));
pcre2len = sizeof(varname);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)varname, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return -1;
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, varcontent, sizeof(varcontent));
pcre2len = sizeof(varcontent);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)varcontent, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return -1;
}

13
src/detect-fragbits.c
Unescape Escape View File

@ -170,22 +170,23 @@ static DetectFragBitsData *DetectFragBitsParse (const char *rawstr)
{
DetectFragBitsData *de = NULL;
int ret = 0, found = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
const char *str_ptr = NULL;
char *args[2] = { NULL, NULL};
char *ptr;
int i;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
}
for (i = 0; i < (ret - 1); i++) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, i + 1, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
@ -253,14 +254,14 @@ static DetectFragBitsData *DetectFragBitsParse (const char *rawstr)
for (i = 0; i < 2; i++) {
if (args[i] != NULL)
SCFree(args[i]);
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
return de;
error:
for (i = 0; i < 2; i++) {
if (args[i] != NULL)
SCFree(args[i]);
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
if (de != NULL)
SCFree(de);

15
src/detect-fragoffset.c
Unescape Escape View File

@ -144,21 +144,22 @@ static DetectFragOffsetData *DetectFragOffsetParse (DetectEngineCtx *de_ctx, con
DetectFragOffsetData *fragoff = NULL;
char *substr[3] = {NULL, NULL, NULL};
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
int i;
const char *str_ptr;
char *mode = NULL;
ret = DetectParsePcreExec(&parse_regex, fragoffsetstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, fragoffsetstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", fragoffsetstr);
goto error;
}
for (i = 1; i < ret; i++) {
res = pcre_get_substring((char *)fragoffsetstr, ov, MAX_SUBSTRINGS, i, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
substr[i-1] = (char *)str_ptr;
@ -195,14 +196,16 @@ static DetectFragOffsetData *DetectFragOffsetParse (DetectEngineCtx *de_ctx, con
}
for (i = 0; i < 3; i++) {
if (substr[i] != NULL) SCFree(substr[i]);
if (substr[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
}
return fragoff;
error:
for (i = 0; i < 3; i++) {
if (substr[i] != NULL) SCFree(substr[i]);
if (substr[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
}
if (fragoff != NULL) DetectFragOffsetFree(de_ctx, fragoff);
return NULL;

9
src/detect-ftpdata.c
Unescape Escape View File

@ -141,17 +141,18 @@ static DetectFtpdataData *DetectFtpdataParse(const char *ftpcommandstr)
{
DetectFtpdataData *ftpcommandd = NULL;
char arg1[5] = "";
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
int ret = DetectParsePcreExec(&parse_regex, ftpcommandstr, 0, 0, ov, MAX_SUBSTRINGS);
int ret = DetectParsePcreExec(&parse_regex, ftpcommandstr, 0, 0);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
goto error;
}
int res = pcre_copy_substring((char *) ftpcommandstr, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1));
pcre2len = sizeof(arg1);
int res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("Arg1 \"%s\"", arg1);

24
src/detect-hostbits.c
Unescape Escape View File

@ -282,36 +282,36 @@ static int DetectHostbitMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
static int DetectHostbitParse(const char *str, char *cmd, int cmd_len,
char *name, int name_len, char *dir, int dir_len)
{
const int max_substrings = 30;
int count, rc;
int ov[max_substrings];
size_t pcre2len;
count = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, max_substrings);
count = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (count != 2 && count != 3 && count != 4) {
SCLogError(SC_ERR_PCRE_MATCH,
"\"%s\" is not a valid setting for hostbits.", str);
return 0;
}
rc = pcre_copy_substring((char *)str, ov, max_substrings, 1, cmd, cmd_len);
pcre2len = cmd_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len);
if (rc < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return 0;
}
if (count >= 3) {
rc = pcre_copy_substring((char *)str, ov, max_substrings, 2, name,
name_len);
pcre2len = name_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len);
if (rc < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return 0;
}
if (count >= 4) {
rc = pcre_copy_substring((char *)str, ov, max_substrings, 3, dir,
dir_len);
pcre2len = dir_len;
rc = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)dir, &pcre2len);
if (rc < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return 0;
}
}

15
src/detect-icmp-id.c
Unescape Escape View File

@ -161,9 +161,9 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char
DetectIcmpIdData *iid = NULL;
char *substr[3] = {NULL, NULL, NULL};
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
ret = DetectParsePcreExec(&parse_regex, icmpidstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, icmpidstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", icmpidstr);
goto error;
@ -172,9 +172,10 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char
int i;
const char *str_ptr;
for (i = 1; i < ret; i++) {
res = pcre_get_substring((char *)icmpidstr, ov, MAX_SUBSTRINGS, i, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
substr[i-1] = (char *)str_ptr;
@ -206,13 +207,15 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char
iid->id = htons(id);
for (i = 0; i < 3; i++) {
if (substr[i] != NULL) SCFree(substr[i]);
if (substr[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
}
return iid;
error:
for (i = 0; i < 3; i++) {
if (substr[i] != NULL) SCFree(substr[i]);
if (substr[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
}
if (iid != NULL) DetectIcmpIdFree(de_ctx, iid);
return NULL;

15
src/detect-icmp-seq.c
Unescape Escape View File

@ -163,20 +163,21 @@ static DetectIcmpSeqData *DetectIcmpSeqParse (DetectEngineCtx *de_ctx, const cha
DetectIcmpSeqData *iseq = NULL;
char *substr[3] = {NULL, NULL, NULL};
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
int i;
const char *str_ptr;
ret = DetectParsePcreExec(&parse_regex, icmpseqstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, icmpseqstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", icmpseqstr);
goto error;
}
for (i = 1; i < ret; i++) {
res = pcre_get_substring((char *)icmpseqstr, ov, MAX_SUBSTRINGS, i, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
substr[i-1] = (char *)str_ptr;
@ -209,14 +210,16 @@ static DetectIcmpSeqData *DetectIcmpSeqParse (DetectEngineCtx *de_ctx, const cha
iseq->seq = htons(seq);
for (i = 0; i < 3; i++) {
if (substr[i] != NULL) SCFree(substr[i]);
if (substr[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
}
return iseq;
error:
for (i = 0; i < 3; i++) {
if (substr[i] != NULL) SCFree(substr[i]);
if (substr[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
}
if (iseq != NULL) DetectIcmpSeqFree(de_ctx, iseq);
return NULL;

13
src/detect-icode.c
Unescape Escape View File

@ -152,9 +152,9 @@ static DetectICodeData *DetectICodeParse(DetectEngineCtx *de_ctx, const char *ic
DetectICodeData *icd = NULL;
char *args[3] = {NULL, NULL, NULL};
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
ret = DetectParsePcreExec(&parse_regex, icodestr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, icodestr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, icodestr);
goto error;
@ -163,9 +163,10 @@ static DetectICodeData *DetectICodeParse(DetectEngineCtx *de_ctx, const char *ic
int i;
const char *str_ptr;
for (i = 1; i < ret; i++) {
res = pcre_get_substring((char *)icodestr, ov, MAX_SUBSTRINGS, i, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
args[i-1] = (char *)str_ptr;
@ -243,14 +244,14 @@ static DetectICodeData *DetectICodeParse(DetectEngineCtx *de_ctx, const char *ic
for (i = 0; i < (ret-1); i++) {
if (args[i] != NULL)
SCFree(args[i]);
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
return icd;
error:
for (i = 0; i < (ret-1) && i < 3; i++) {
if (args[i] != NULL)
SCFree(args[i]);
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
if (icd != NULL)
DetectICodeFree(de_ctx, icd);

10
src/detect-id.c
Unescape Escape View File

@ -125,9 +125,9 @@ static DetectIdData *DetectIdParse (const char *idstr)
uint32_t temp;
DetectIdData *id_d = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
ret = DetectParsePcreExec(&parse_regex, idstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, idstr, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError(SC_ERR_INVALID_VALUE, "invalid id option '%s'. The id option "
@ -138,10 +138,10 @@ static DetectIdData *DetectIdParse (const char *idstr)
char copy_str[128] = "";
char *tmp_str;
res = pcre_copy_substring((char *)idstr, ov, MAX_SUBSTRINGS, 1,
copy_str, sizeof(copy_str));
pcre2len = sizeof(copy_str);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return NULL;
}
tmp_str = copy_str;

14
src/detect-ike-chosen-sa.c
Unescape Escape View File

@ -143,11 +143,11 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr)
*/
DetectIkeChosenSaData *dd = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char attribute[100];
char value[100];
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_MATCH,
"pcre match for ike.chosen_sa_attribute failed, should be: <sa_attribute>=<type>, "
@ -156,15 +156,17 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr)
goto error;
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, attribute, sizeof(attribute));
pcre2len = sizeof(attribute);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)attribute, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value, sizeof(value));
pcre2len = sizeof(value);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}

3
src/detect-ipopts.c
Unescape Escape View File

@ -130,9 +130,8 @@ static DetectIpOptsData *DetectIpOptsParse (const char *rawstr)
int i;
DetectIpOptsData *de = NULL;
int ret = 0, found = 0;
int ov[MAX_SUBSTRINGS];
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;

14
src/detect-ipproto.c
Unescape Escape View File

@ -85,12 +85,12 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
DetectIPProtoData *data = NULL;
char *args[2] = { NULL, NULL };
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
int i;
const char *str_ptr;
/* Execute the regex and populate args with captures. */
ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0);
if (ret != 3) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret"
"%" PRId32 ", string %s", ret, optstr);
@ -98,10 +98,10 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
}
for (i = 0; i < (ret - 1); i++) {
res = pcre_get_substring((char *)optstr, ov, MAX_SUBSTRINGS,
i + 1, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
args[i] = (char *)str_ptr;
@ -139,7 +139,7 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
for (i = 0; i < (ret - 1); i++){
if (args[i] != NULL)
SCFree(args[i]);
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
return data;
@ -147,7 +147,7 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
error:
for (i = 0; i < (ret - 1) && i < 2; i++){
if (args[i] != NULL)
SCFree(args[i]);
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
if (data != NULL)
SCFree(data);

36
src/detect-iprep.c
Unescape Escape View File

@ -246,39 +246,39 @@ int DetectIPRepSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
char *cmd_str = NULL, *name = NULL, *op_str = NULL, *value = NULL;
uint8_t cmd = 0;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret != 5) {
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for iprep", rawstr);
return -1;
}
const char *str_ptr;
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
return -1;
}
cmd_str = (char *)str_ptr;
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
name = (char *)str_ptr;
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
op_str = (char *)str_ptr;
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 4, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
value = (char *)str_ptr;
@ -340,13 +340,13 @@ int DetectIPRepSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
cd->val = val;
SCLogDebug("cmd %u, cat %u, op %u, val %u", cd->cmd, cd->cat, cd->op, cd->val);
pcre_free_substring(name);
pcre2_substring_free((PCRE2_UCHAR *)name);
name = NULL;
pcre_free_substring(cmd_str);
pcre2_substring_free((PCRE2_UCHAR *)cmd_str);
cmd_str = NULL;
pcre_free_substring(op_str);
pcre2_substring_free((PCRE2_UCHAR *)op_str);
op_str = NULL;
pcre_free_substring(value);
pcre2_substring_free((PCRE2_UCHAR *)value);
value = NULL;
/* Okay so far so good, lets get this into a SigMatch
@ -364,13 +364,13 @@ int DetectIPRepSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
error:
if (name != NULL)
pcre_free_substring(name);
pcre2_substring_free((PCRE2_UCHAR *)name);
if (cmd_str != NULL)
pcre_free_substring(cmd_str);
pcre2_substring_free((PCRE2_UCHAR *)cmd_str);
if (op_str != NULL)
pcre_free_substring(op_str);
pcre2_substring_free((PCRE2_UCHAR *)op_str);
if (value != NULL)
pcre_free_substring(value);
pcre2_substring_free((PCRE2_UCHAR *)value);
if (cd != NULL)
SCFree(cd);
if (sm != NULL)

23
src/detect-isdataat.c
Unescape Escape View File

@ -99,10 +99,10 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c
DetectIsdataatData *idad = NULL;
char *args[3] = {NULL,NULL,NULL};
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
int i=0;
ret = DetectParsePcreExec(&parse_regex, isdataatstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, isdataatstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, isdataatstr);
goto error;
@ -110,26 +110,29 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c
if (ret > 1) {
const char *str_ptr;
res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
args[0] = (char *)str_ptr;
if (ret > 2) {
res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
args[1] = (char *)str_ptr;
}
if (ret > 3) {
res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
args[2] = (char *)str_ptr;
@ -175,7 +178,7 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c
for (i = 0; i < (ret -1); i++) {
if (args[i] != NULL)
SCFree(args[i]);
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
return idad;
@ -185,7 +188,7 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c
error:
for (i = 0; i < (ret -1) && i < 3; i++){
if (args[i] != NULL)
SCFree(args[i]);
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
if (idad != NULL)

13
src/detect-itype.c
Unescape Escape View File

@ -152,9 +152,9 @@ static DetectITypeData *DetectITypeParse(DetectEngineCtx *de_ctx, const char *it
DetectITypeData *itd = NULL;
char *args[3] = {NULL, NULL, NULL};
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
ret = DetectParsePcreExec(&parse_regex, itypestr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, itypestr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, itypestr);
goto error;
@ -163,9 +163,10 @@ static DetectITypeData *DetectITypeParse(DetectEngineCtx *de_ctx, const char *it
int i;
const char *str_ptr;
for (i = 1; i < ret; i++) {
res = pcre_get_substring((char *)itypestr, ov, MAX_SUBSTRINGS, i, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
args[i-1] = (char *)str_ptr;
@ -243,14 +244,14 @@ static DetectITypeData *DetectITypeParse(DetectEngineCtx *de_ctx, const char *it
for (i = 0; i < (ret-1); i++) {
if (args[i] != NULL)
SCFree(args[i]);
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
return itd;
error:
for (i = 0; i < (ret-1) && i < 3; i++) {
if (args[i] != NULL)
SCFree(args[i]);
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
if (itd != NULL)
DetectITypeFree(de_ctx, itd);

9
src/detect-krb5-errcode.c
Unescape Escape View File

@ -139,17 +139,18 @@ static DetectKrb5ErrCodeData *DetectKrb5ErrCodeParse (const char *krb5str)
DetectKrb5ErrCodeData *krb5d = NULL;
char arg1[4] = "";
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
goto error;
}
res = pcre_copy_substring((char *) krb5str, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1));
pcre2len = sizeof(arg1);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}

9
src/detect-krb5-msgtype.c
Unescape Escape View File

@ -136,17 +136,18 @@ static DetectKrb5MsgTypeData *DetectKrb5MsgTypeParse (const char *krb5str)
DetectKrb5MsgTypeData *krb5d = NULL;
char arg1[4] = "";
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
goto error;
}
res = pcre_copy_substring((char *) krb5str, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1));
pcre2len = sizeof(arg1);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}

28
src/detect-mark.c
Unescape Escape View File

@ -78,7 +78,7 @@ void DetectMarkRegister (void)
static void * DetectMarkParse (const char *rawstr)
{
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
const char *str_ptr = NULL;
char *ptr = NULL;
char *endptr = NULL;
@ -86,15 +86,15 @@ static void * DetectMarkParse (const char *rawstr)
uint32_t mask;
DetectMarkData *data;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
return NULL;
}
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
return NULL;
}
@ -107,27 +107,27 @@ static void * DetectMarkParse (const char *rawstr)
mark = strtoul(ptr, &endptr, 0);
if (errno == ERANGE) {
SCLogError(SC_ERR_NUMERIC_VALUE_ERANGE, "Numeric value out of range");
SCFree(ptr);
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
return NULL;
} /* If there is no numeric value in the given string then strtoull(), makes
endptr equals to ptr and return 0 as result */
else if (endptr == ptr && mark == 0) {
SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "No numeric value");
SCFree(ptr);
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
return NULL;
} else if (endptr == ptr) {
SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "Invalid numeric value");
SCFree(ptr);
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
return NULL;
}
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
return NULL;
}
SCFree(ptr);
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
ptr = (char *)str_ptr;
if (ptr == NULL) {
@ -144,23 +144,23 @@ static void * DetectMarkParse (const char *rawstr)
mask = strtoul(ptr, &endptr, 0);
if (errno == ERANGE) {
SCLogError(SC_ERR_NUMERIC_VALUE_ERANGE, "Numeric value out of range");
SCFree(ptr);
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
return NULL;
} /* If there is no numeric value in the given string then strtoull(), makes
endptr equals to ptr and return 0 as result */
else if (endptr == ptr && mask == 0) {
SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "No numeric value");
SCFree(ptr);
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
return NULL;
}
else if (endptr == ptr) {
SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "Invalid numeric value");
SCFree(ptr);
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
return NULL;
}
SCLogDebug("Rule will set mark 0x%x with mask 0x%x", mark, mask);
SCFree(ptr);
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
data = SCMalloc(sizeof(DetectMarkData));
if (unlikely(data == NULL)) {

3
src/detect-mqtt-connect-flags.c
Unescape Escape View File

@ -130,9 +130,8 @@ static DetectMQTTConnectFlagsData *DetectMQTTConnectFlagsParse(const char *rawst
{
DetectMQTTConnectFlagsData *de = NULL;
int ret = 0;
int ov[MAX_SUBSTRINGS];
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid flag definition: %s", rawstr);
return NULL;

3
src/detect-mqtt-flags.c
Unescape Escape View File

@ -125,9 +125,8 @@ static DetectMQTTFlagsData *DetectMQTTFlagsParse(const char *rawstr)
{
DetectMQTTFlagsData *de = NULL;
int ret = 0;
int ov[MAX_SUBSTRINGS];
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid flag definition: %s", rawstr);
return NULL;

30
src/detect-nfs-procedure.c
Unescape Escape View File

@ -205,49 +205,49 @@ static DetectNfsProcedureData *DetectNfsProcedureParse (const char *rawstr)
{
DetectNfsProcedureData *dd = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char mode[2] = "";
char value1[20] = "";
char value2[20] = "";
char range[3] = "";
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr);
goto error;
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, mode,
sizeof(mode));
pcre2len = sizeof(mode);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("mode \"%s\"", mode);
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value1,
sizeof(value1));
pcre2len = sizeof(value1);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("value1 \"%s\"", value1);
if (ret > 3) {
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3,
range, sizeof(range));
pcre2len = sizeof(range);
res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)range, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("range \"%s\"", range);
if (ret > 4) {
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4,
value2, sizeof(value2));
pcre2len = sizeof(value2);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 4, (PCRE2_UCHAR8 *)value2, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("value2 \"%s\"", value2);

30
src/detect-nfs-version.c
Unescape Escape View File

@ -196,49 +196,49 @@ static DetectNfsVersionData *DetectNfsVersionParse (const char *rawstr)
{
DetectNfsVersionData *dd = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char mode[2] = "";
char value1[20] = "";
char value2[20] = "";
char range[3] = "";
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr);
goto error;
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, mode,
sizeof(mode));
pcre2len = sizeof(mode);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("mode \"%s\"", mode);
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value1,
sizeof(value1));
pcre2len = sizeof(value1);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("value1 \"%s\"", value1);
if (ret > 3) {
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3,
range, sizeof(range));
pcre2len = sizeof(range);
res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)range, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("range \"%s\"", range);
if (ret > 4) {
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4,
value2, sizeof(value2));
pcre2len = sizeof(value2);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 4, (PCRE2_UCHAR8 *)value2, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("value2 \"%s\"", value2);

48
src/detect-parse.c
Unescape Escape View File

@ -2431,30 +2431,21 @@ error:
}
static DetectParseRegex *g_detect_parse_regex_list = NULL;
int DetectParsePcreExecLen(DetectParseRegex *parse_regex, const char *str,
int str_len,
int start_offset, int options,
int *ovector, int ovector_size)
{
return pcre_exec(parse_regex->regex, parse_regex->study, str, str_len,
start_offset, options, ovector, ovector_size);
}
int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str,
int start_offset, int options,
int *ovector, int ovector_size)
int DetectParsePcreExec(
DetectParseRegex *parse_regex, const char *str, int start_offset, int options)
{
return pcre_exec(parse_regex->regex, parse_regex->study, str, strlen(str),
start_offset, options, ovector, ovector_size);
return pcre2_match(parse_regex->regex, (PCRE2_SPTR8)str, strlen(str), options, start_offset,
parse_regex->match, NULL);
}
void DetectParseFreeRegex(DetectParseRegex *r)
{
if (r->regex) {
pcre_free(r->regex);
pcre2_code_free(r->regex);
}
if (r->study) {
pcre_free_study(r->study);
if (r->match) {
pcre2_match_data_free(r->match);
}
}
@ -2505,29 +2496,28 @@ void DetectParseRegexAddToFreeList(DetectParseRegex *detect_parse)
FatalError(SC_ERR_MEM_ALLOC, "failed to alloc memory for pcre free list");
}
r->regex = detect_parse->regex;
r->study = detect_parse->study;
r->match = detect_parse->match;
r->next = g_detect_parse_regex_list;
g_detect_parse_regex_list = r;
}
bool DetectSetupParseRegexesOpts(const char *parse_str, DetectParseRegex *detect_parse, int opts)
{
const char *eb = NULL;
int eo;
int en;
PCRE2_SIZE eo;
detect_parse->regex = pcre_compile(parse_str, opts, &eb, &eo, NULL);
detect_parse->regex =
pcre2_compile((PCRE2_SPTR8)parse_str, PCRE2_ZERO_TERMINATED, opts, &en, &eo, NULL);
if (detect_parse->regex == NULL) {
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at "
"offset %" PRId32 ": %s", parse_str, eo, eb);
return false;
}
detect_parse->study = pcre_study(detect_parse->regex, 0 , &eb);
if (eb != NULL) {
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
PCRE2_UCHAR errbuffer[256];
pcre2_get_error_message(en, errbuffer, sizeof(errbuffer));
SCLogError(SC_ERR_PCRE_COMPILE,
"pcre compile of \"%s\" failed at "
"offset %d: %s",
parse_str, en, errbuffer);
return false;
}
detect_parse->match = pcre2_match_data_create_from_pattern(detect_parse->regex, NULL);
DetectParseRegexAddToFreeList(detect_parse);

15
src/detect-parse.h
Unescape Escape View File

@ -40,8 +40,8 @@ enum {
};
typedef struct DetectParseRegex_ {
pcre *regex;
pcre_extra *study;
pcre2_code *regex;
pcre2_match_data *match;
struct DetectParseRegex_ *next;
} DetectParseRegex;
@ -103,15 +103,8 @@ void DetectParseFreeRegexes(void);
void DetectParseFreeRegex(DetectParseRegex *r);
/* parse regex exec */
int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str,
int start_offset, int options,
int *ovector, int ovector_size);
int DetectParsePcreExecLen(DetectParseRegex *parse_regex, const char *str,
int str_len, int start_offset, int options,
int *ovector, int ovector_size);
/* typical size of ovector */
#define MAX_SUBSTRINGS 30
int DetectParsePcreExec(
DetectParseRegex *parse_regex, const char *str, int start_offset, int options);
#endif /* __DETECT_PARSE_H__ */

8
src/detect-pcre.c
Unescape Escape View File

@ -410,7 +410,7 @@ static DetectPcreData *DetectPcreParse (DetectEngineCtx *de_ctx,
res = pcre2_substring_copy_bynumber(parse_regex->match, 1, (PCRE2_UCHAR8 *)re, &slen);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return NULL;
}
@ -419,7 +419,7 @@ static DetectPcreData *DetectPcreParse (DetectEngineCtx *de_ctx,
res = pcre2_substring_copy_bynumber(
parse_regex->match, 2, (PCRE2_UCHAR8 *)op_str, &copylen);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return NULL;
}
op = op_str;
@ -781,14 +781,14 @@ static int DetectPcreParseCapture(const char *regexstr, DetectEngineCtx *de_ctx,
res = pcre2_substring_copy_bynumber(
parse_capture_regex->match, 1, (PCRE2_UCHAR8 *)type_str, &copylen);
if (res != 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
cap_buffer_len = strlen(regexstr) + 1;
res = pcre2_substring_copy_bynumber(
parse_capture_regex->match, 2, (PCRE2_UCHAR8 *)capture_str, &cap_buffer_len);
if (res != 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
if (strlen(capture_str) == 0 || strlen(type_str) == 0) {

24
src/detect-pktvar.c
Unescape Escape View File

@ -89,28 +89,28 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
{
char *varname = NULL, *varcontent = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
uint8_t *content = NULL;
uint16_t len = 0;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret != 3) {
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for pktvar.", rawstr);
return -1;
}
const char *str_ptr;
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
return -1;
}
varname = (char *)str_ptr;
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
pcre_free(varname);
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
pcre2_substring_free((PCRE2_UCHAR8 *)varname);
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
return -1;
}
varcontent = (char *)str_ptr;
@ -129,15 +129,15 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
ret = DetectContentDataParse("pktvar", parse_content, &content, &len);
if (ret == -1 || content == NULL) {
pcre_free(varname);
pcre_free(varcontent);
pcre2_substring_free((PCRE2_UCHAR8 *)varname);
pcre2_substring_free((PCRE2_UCHAR8 *)varcontent);
return -1;
}
pcre_free(varcontent);
pcre2_substring_free((PCRE2_UCHAR8 *)varcontent);
DetectPktvarData *cd = SCCalloc(1, sizeof(DetectPktvarData));
if (unlikely(cd == NULL)) {
pcre_free(varname);
pcre2_substring_free((PCRE2_UCHAR8 *)varname);
SCFree(content);
return -1;
}
@ -145,7 +145,7 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
cd->content = content;
cd->content_len = len;
cd->id = VarNameStoreSetupAdd(varname, VAR_TYPE_PKT_VAR);
pcre_free(varname);
pcre2_substring_free((PCRE2_UCHAR8 *)varname);
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */

9
src/detect-priority.c
Unescape Escape View File

@ -63,18 +63,19 @@ static int DetectPrioritySetup (DetectEngineCtx *de_ctx, Signature *s, const cha
char copy_str[128] = "";
int ret = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, 30);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 0) {
SCLogError(SC_ERR_PCRE_MATCH, "Invalid Priority in Signature "
"- %s", rawstr);
return -1;
}
ret = pcre_copy_substring((char *)rawstr, ov, 30, 1, copy_str, sizeof(copy_str));
pcre2len = sizeof(copy_str);
ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (ret < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return -1;
}

14
src/detect-reference.c
Unescape Escape View File

@ -96,11 +96,11 @@ static DetectReference *DetectReferenceParse(const char *rawstr, DetectEngineCtx
SCEnter();
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char key[REFERENCE_SYSTEM_NAME_MAX] = "";
char content[REFERENCE_CONTENT_NAME_MAX] = "";
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 2) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unable to parse \"reference\" "
"keyword argument - \"%s\". Invalid argument.", rawstr);
@ -112,15 +112,17 @@ static DetectReference *DetectReferenceParse(const char *rawstr, DetectEngineCtx
return NULL;
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, key, sizeof(key));
pcre2len = sizeof(key);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)key, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, content, sizeof(content));
pcre2len = sizeof(content);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)content, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}

4
src/detect-rfb-secresult.c
Unescape Escape View File

@ -170,11 +170,9 @@ static DetectRfbSecresultData *DetectRfbSecresultParse (const char *rawstr)
{
int i;
DetectRfbSecresultData *de = NULL;
#define MAX_SUBSTRINGS 30
int ret = 0, found = 0;
int ov[MAX_SUBSTRINGS];
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;

17
src/detect-rfb-sectype.c
Unescape Escape View File

@ -162,29 +162,28 @@ static int DetectRfbSectypeMatch (DetectEngineThreadCtx *det_ctx,
static DetectRfbSectypeData *DetectRfbSectypeParse (const char *rawstr)
{
DetectRfbSectypeData *dd = NULL;
#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char mode[2] = "";
char value1[20] = "";
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr);
goto error;
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, mode,
sizeof(mode));
pcre2len = sizeof(mode);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value1,
sizeof(value1));
pcre2len = sizeof(value1);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}

23
src/detect-rpc.c
Unescape Escape View File

@ -150,9 +150,9 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst
DetectRpcData *rd = NULL;
char *args[3] = {NULL,NULL,NULL};
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
ret = DetectParsePcreExec(&parse_regex, rpcstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rpcstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, rpcstr);
goto error;
@ -160,25 +160,28 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst
if (ret > 1) {
const char *str_ptr;
res = pcre_get_substring((char *)rpcstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
args[0] = (char *)str_ptr;
if (ret > 2) {
res = pcre_get_substring((char *)rpcstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
args[1] = (char *)str_ptr;
}
if (ret > 3) {
res = pcre_get_substring((char *)rpcstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
args[2] = (char *)str_ptr;
@ -230,14 +233,14 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst
}
for (i = 0; i < (ret -1); i++){
if (args[i] != NULL)
SCFree(args[i]);
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
return rd;
error:
for (i = 0; i < (ret -1) && i < 3; i++){
if (args[i] != NULL)
SCFree(args[i]);
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
if (rd != NULL)
DetectRpcFree(de_ctx, rd);

10
src/detect-snmp-pdu_type.c
Unescape Escape View File

@ -135,20 +135,20 @@ static DetectSNMPPduTypeData *DetectSNMPPduTypeParse (const char *rawstr)
{
DetectSNMPPduTypeData *dd = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char value1[20] = "";
char *endptr = NULL;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr);
goto error;
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, value1,
sizeof(value1));
pcre2len = sizeof(value1);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)value1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}

16
src/detect-snmp-version.c
Unescape Escape View File

@ -176,28 +176,28 @@ static DetectSNMPVersionData *DetectSNMPVersionParse (const char *rawstr)
{
DetectSNMPVersionData *dd = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char mode[2] = "";
char value1[20] = "";
char *endptr = NULL;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr);
goto error;
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, mode,
sizeof(mode));
pcre2len = sizeof(mode);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value1,
sizeof(value1));
pcre2len = sizeof(value1);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}

17
src/detect-ssh-proto-version.c
Unescape Escape View File

@ -161,9 +161,9 @@ static DetectSshVersionData *DetectSshVersionParse (DetectEngineCtx *de_ctx, con
{
DetectSshVersionData *ssh = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid ssh.protoversion option");
goto error;
@ -171,16 +171,17 @@ static DetectSshVersionData *DetectSshVersionParse (DetectEngineCtx *de_ctx, con
if (ret > 1) {
const char *str_ptr;
res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
/* We have a correct id option */
ssh = SCMalloc(sizeof(DetectSshVersionData));
if (unlikely(ssh == NULL)) {
pcre_free_substring(str_ptr);
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
goto error;
}
memset(ssh, 0x00, sizeof(DetectSshVersionData));
@ -190,17 +191,17 @@ static DetectSshVersionData *DetectSshVersionParse (DetectEngineCtx *de_ctx, con
if (strcmp("2_compat", str_ptr) == 0) {
ssh->flags |= SSH_FLAG_PROTOVERSION_2_COMPAT;
SCLogDebug("will look for ssh protocol version 2 (2, 2.0, 1.99 that's considered as 2");
pcre_free_substring(str_ptr);
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
return ssh;
}
ssh->ver = (uint8_t *)SCStrdup((char*)str_ptr);
if (ssh->ver == NULL) {
pcre_free_substring(str_ptr);
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
goto error;
}
ssh->len = strlen((char *) ssh->ver);
pcre_free_substring(str_ptr);
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
SCLogDebug("will look for ssh %s", ssh->ver);
}

11
src/detect-ssh-software-version.c
Unescape Escape View File

@ -164,9 +164,9 @@ static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (DetectEngine
{
DetectSshSoftwareVersionData *ssh = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid ssh.softwareversion option");
@ -175,9 +175,10 @@ static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (DetectEngine
if (ret > 1) {
const char *str_ptr = NULL;
res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
@ -190,7 +191,7 @@ static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (DetectEngine
if (ssh->software_ver == NULL) {
goto error;
}
pcre_free_substring(str_ptr);
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
ssh->len = strlen((char *)ssh->software_ver);

37
src/detect-ssl-state.c
Unescape Escape View File

@ -154,31 +154,32 @@ static int DetectSslStateMatch(DetectEngineThreadCtx *det_ctx,
static DetectSslStateData *DetectSslStateParse(const char *arg)
{
int ret = 0, res = 0;
int ov1[MAX_SUBSTRINGS];
int ov2[MAX_SUBSTRINGS];
size_t pcre2len;
char str1[64];
char str2[64];
int negate = 0;
uint32_t flags = 0, mask = 0;
DetectSslStateData *ssd = NULL;
ret = DetectParsePcreExec(&parse_regex1, arg, 0, 0, ov1, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex1, arg, 0, 0);
if (ret < 1) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid arg \"%s\" supplied to "
"ssl_state keyword.", arg);
goto error;
}
res = pcre_copy_substring((char *)arg, ov1, MAX_SUBSTRINGS, 1, str1, sizeof(str1));
pcre2len = sizeof(str1);
res = pcre2_substring_copy_bynumber(parse_regex1.match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
negate = !strcmp("!", str1);
res = pcre_copy_substring((char *)arg, ov1, MAX_SUBSTRINGS, 2, str1, sizeof(str1));
pcre2len = sizeof(str1);
res = pcre2_substring_copy_bynumber(parse_regex1.match, 2, (PCRE2_UCHAR8 *)str1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
@ -208,29 +209,32 @@ static DetectSslStateData *DetectSslStateParse(const char *arg)
goto error;
}
res = pcre_copy_substring((char *)arg, ov1, MAX_SUBSTRINGS, 3, str1, sizeof(str1));
pcre2len = sizeof(str1);
res = pcre2_substring_copy_bynumber(parse_regex1.match, 3, (PCRE2_UCHAR8 *)str1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
while (res > 0) {
ret = DetectParsePcreExec(&parse_regex2, str1, 0, 0, ov2, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex2, str1, 0, 0);
if (ret < 1) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid arg \"%s\" supplied to "
"ssl_state keyword.", arg);
goto error;
}
res = pcre_copy_substring((char *)str1, ov2, MAX_SUBSTRINGS, 1, str2, sizeof(str2));
pcre2len = sizeof(str2);
res = pcre2_substring_copy_bynumber(parse_regex2.match, 1, (PCRE2_UCHAR8 *)str2, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
negate = !strcmp("!", str2);
res = pcre_copy_substring((char *)str1, ov2, MAX_SUBSTRINGS, 2, str2, sizeof(str2));
pcre2len = sizeof(str2);
res = pcre2_substring_copy_bynumber(parse_regex2.match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len);
if (res <= 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
if (strcmp("client_hello", str2) == 0) {
@ -259,9 +263,10 @@ static DetectSslStateData *DetectSslStateParse(const char *arg)
goto error;
}
res = pcre_copy_substring((char *)str1, ov2, MAX_SUBSTRINGS, 3, str2, sizeof(str2));
pcre2len = sizeof(str2);
res = pcre2_substring_copy_bynumber(parse_regex2.match, 3, (PCRE2_UCHAR8 *)str2, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}

28
src/detect-stream_size.c
Unescape Escape View File

@ -189,32 +189,32 @@ static DetectStreamSizeData *DetectStreamSizeParse (DetectEngineCtx *de_ctx, con
char *value = NULL;
char *mode = NULL;
int res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
int ret = DetectParsePcreExec(&parse_regex, streamstr, 0, 0, ov, MAX_SUBSTRINGS);
int ret = DetectParsePcreExec(&parse_regex, streamstr, 0, 0);
if (ret != 4) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, streamstr);
goto error;
}
const char *str_ptr;
res = pcre_get_substring((char *)streamstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg = (char *)str_ptr;
res = pcre_get_substring((char *)streamstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
mode = (char *)str_ptr;
res = pcre_get_substring((char *)streamstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
value = (char *)str_ptr;
@ -263,18 +263,18 @@ static DetectStreamSizeData *DetectStreamSizeParse (DetectEngineCtx *de_ctx, con
goto error;
}
SCFree(mode);
SCFree(arg);
SCFree(value);
pcre2_substring_free((PCRE2_UCHAR8 *)mode);
pcre2_substring_free((PCRE2_UCHAR8 *)arg);
pcre2_substring_free((PCRE2_UCHAR8 *)value);
return sd;
error:
if (mode != NULL)
SCFree(mode);
pcre2_substring_free((PCRE2_UCHAR8 *)mode);
if (arg != NULL)
SCFree(arg);
pcre2_substring_free((PCRE2_UCHAR8 *)arg);
if (value != NULL)
SCFree(value);
pcre2_substring_free((PCRE2_UCHAR8 *)value);
if (sd != NULL)
DetectStreamSizeFree(de_ctx, sd);
return NULL;

33
src/detect-tag.c
Unescape Escape View File

@ -158,18 +158,18 @@ static DetectTagData *DetectTagParse(const char *tagstr)
{
DetectTagData td;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
const char *str_ptr = NULL;
ret = DetectParsePcreExec(&parse_regex, tagstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, tagstr, 0, 0);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, tagstr);
goto error;
}
res = pcre_get_substring((char *)tagstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
@ -182,7 +182,7 @@ static DetectTagData *DetectTagParse(const char *tagstr)
SCLogError(SC_ERR_INVALID_VALUE, "Invalid argument type. Must be session or host (%s)", tagstr);
goto error;
}
pcre_free_substring(str_ptr);
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
str_ptr = NULL;
/* default tag is 256 packets from session or dst host */
@ -191,9 +191,10 @@ static DetectTagData *DetectTagParse(const char *tagstr)
td.direction = DETECT_TAG_DIR_DST;
if (ret > 4) {
res = pcre_get_substring((char *)tagstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
@ -204,12 +205,13 @@ static DetectTagData *DetectTagParse(const char *tagstr)
goto error;
}
pcre_free_substring(str_ptr);
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
str_ptr = NULL;
res = pcre_get_substring((char *)tagstr, ov, MAX_SUBSTRINGS, 4, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 4, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
@ -228,14 +230,15 @@ static DetectTagData *DetectTagParse(const char *tagstr)
goto error;
}
pcre_free_substring(str_ptr);
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
str_ptr = NULL;
/* if specified, overwrite it */
if (ret == 7) {
res = pcre_get_substring((char *)tagstr, ov, MAX_SUBSTRINGS, 6, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 6, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
@ -253,7 +256,7 @@ static DetectTagData *DetectTagParse(const char *tagstr)
SCLogWarning(SC_ERR_INVALID_VALUE, "Argument direction doesn't make sense for type \"session\" (%s [%"PRIu8"])", tagstr, td.type);
}
pcre_free_substring(str_ptr);
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
str_ptr = NULL;
}
}
@ -269,7 +272,7 @@ static DetectTagData *DetectTagParse(const char *tagstr)
error:
if (str_ptr != NULL)
pcre_free_substring(str_ptr);
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
return NULL;
}

10
src/detect-target.c
Unescape Escape View File

@ -82,19 +82,19 @@ void DetectTargetRegister(void) {
static int DetectTargetParse(Signature *s, const char *targetstr)
{
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char value[10];
ret = DetectParsePcreExec(&parse_regex, targetstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, targetstr, 0, 0);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, targetstr);
return -1;
}
res = pcre_copy_substring(targetstr, ov, MAX_SUBSTRINGS, 1,
value, sizeof(value));
pcre2len = sizeof(value);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)value, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return -1;
}

19
src/detect-tcp-flags.c
Unescape Escape View File

@ -174,36 +174,39 @@ static DetectFlagsData *DetectFlagsParse (const char *rawstr)
SCEnter();
int ret = 0, found = 0, ignore = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char *ptr;
char arg1[16] = "";
char arg2[16] = "";
char arg3[16] = "";
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
SCLogDebug("input '%s', pcre said %d", rawstr, ret);
if (ret < 3) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre match failed");
SCReturnPtr(NULL, "DetectFlagsData");
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1));
pcre2len = sizeof(arg1);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCReturnPtr(NULL, "DetectFlagsData");
}
if (ret >= 2) {
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, arg2, sizeof(arg2));
pcre2len = sizeof(arg2);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCReturnPtr(NULL, "DetectFlagsData");
}
}
if (ret >= 3) {
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, arg3, sizeof(arg3));
pcre2len = sizeof(arg3);
res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCReturnPtr(NULL, "DetectFlagsData");
}
}

18
src/detect-tcp-window.c
Unescape Escape View File

@ -112,9 +112,9 @@ static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char *
{
DetectWindowData *wd = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
ret = DetectParsePcreExec(&parse_regex, windowstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, windowstr, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, windowstr);
goto error;
@ -126,10 +126,11 @@ static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char *
if (ret > 1) {
char copy_str[128] = "";
res = pcre_copy_substring((char *)windowstr, ov, MAX_SUBSTRINGS, 1,
copy_str, sizeof(copy_str));
pcre2len = sizeof(copy_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
@ -140,10 +141,11 @@ static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char *
wd->negated = 0;
if (ret > 2) {
res = pcre_copy_substring((char *)windowstr, ov, MAX_SUBSTRINGS, 2,
copy_str, sizeof(copy_str));
pcre2len = sizeof(copy_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}

30
src/detect-tcpmss.c
Unescape Escape View File

@ -128,36 +128,38 @@ static DetectTcpmssData *DetectTcpmssParse (const char *tcpmssstr)
char *arg2 = NULL;
char *arg3 = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
ret = DetectParsePcreExec(&parse_regex, tcpmssstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, tcpmssstr, 0, 0);
if (ret < 2 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
goto error;
}
const char *str_ptr;
res = pcre_get_substring((char *) tcpmssstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg1 = (char *) str_ptr;
SCLogDebug("Arg1 \"%s\"", arg1);
if (ret >= 3) {
res = pcre_get_substring((char *) tcpmssstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg2 = (char *) str_ptr;
SCLogDebug("Arg2 \"%s\"", arg2);
if (ret >= 4) {
res = pcre_get_substring((char *) tcpmssstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg3 = (char *) str_ptr;
@ -250,20 +252,20 @@ static DetectTcpmssData *DetectTcpmssParse (const char *tcpmssstr)
}
}
SCFree(arg1);
SCFree(arg2);
SCFree(arg3);
pcre2_substring_free((PCRE2_UCHAR8 *)arg1);
pcre2_substring_free((PCRE2_UCHAR8 *)arg2);
pcre2_substring_free((PCRE2_UCHAR8 *)arg3);
return tcpmssd;
error:
if (tcpmssd)
SCFree(tcpmssd);
if (arg1)
SCFree(arg1);
pcre2_substring_free((PCRE2_UCHAR8 *)arg1);
if (arg2)
SCFree(arg2);
pcre2_substring_free((PCRE2_UCHAR8 *)arg2);
if (arg3)
SCFree(arg3);
pcre2_substring_free((PCRE2_UCHAR8 *)arg3);
return NULL;
}

14
src/detect-template.c
Unescape Escape View File

@ -129,24 +129,26 @@ static DetectTemplateData *DetectTemplateParse (const char *templatestr)
{
char arg1[4] = "";
char arg2[4] = "";
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
int ret = DetectParsePcreExec(&parse_regex, templatestr, 0, 0, ov, MAX_SUBSTRINGS);
int ret = DetectParsePcreExec(&parse_regex, templatestr, 0, 0);
if (ret != 3) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
return NULL;
}
ret = pcre_copy_substring((char *) templatestr, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1));
pcre2len = sizeof(arg1);
ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (ret < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return NULL;
}
SCLogDebug("Arg1 \"%s\"", arg1);
ret = pcre_copy_substring((char *) templatestr, ov, MAX_SUBSTRINGS, 2, arg2, sizeof(arg2));
pcre2len = sizeof(arg2);
ret = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len);
if (ret < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return NULL;
}
SCLogDebug("Arg2 \"%s\"", arg2);

30
src/detect-template2.c
Unescape Escape View File

@ -135,36 +135,38 @@ static DetectTemplate2Data *DetectTemplate2Parse (const char *template2str)
char *arg2 = NULL;
char *arg3 = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
ret = DetectParsePcreExec(&parse_regex, template2str, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, template2str, 0, 0);
if (ret < 2 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
goto error;
}
const char *str_ptr;
res = pcre_get_substring((char *) template2str, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg1 = (char *) str_ptr;
SCLogDebug("Arg1 \"%s\"", arg1);
if (ret >= 3) {
res = pcre_get_substring((char *) template2str, ov, MAX_SUBSTRINGS, 2, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg2 = (char *) str_ptr;
SCLogDebug("Arg2 \"%s\"", arg2);
if (ret >= 4) {
res = pcre_get_substring((char *) template2str, ov, MAX_SUBSTRINGS, 3, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg3 = (char *) str_ptr;
@ -263,20 +265,20 @@ static DetectTemplate2Data *DetectTemplate2Parse (const char *template2str)
}
}
SCFree(arg1);
SCFree(arg2);
SCFree(arg3);
pcre2_substring_free((PCRE2_UCHAR8 *)arg1);
pcre2_substring_free((PCRE2_UCHAR8 *)arg2);
pcre2_substring_free((PCRE2_UCHAR8 *)arg3);
return template2d;
error:
if (template2d)
SCFree(template2d);
if (arg1)
SCFree(arg1);
pcre2_substring_free((PCRE2_UCHAR8 *)arg1);
if (arg2)
SCFree(arg2);
pcre2_substring_free((PCRE2_UCHAR8 *)arg2);
if (arg3)
SCFree(arg3);
pcre2_substring_free((PCRE2_UCHAR8 *)arg3);
return NULL;
}

15
src/detect-threshold.c
Unescape Escape View File

@ -111,7 +111,7 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr)
{
DetectThresholdData *de = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
const char *str_ptr = NULL;
char *args[9] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL };
char *copy_str = NULL, *threshold_opt = NULL;
@ -146,7 +146,7 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr)
if(count_found != 1 || second_found != 1 || type_found != 1 || track_found != 1)
goto error;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 5) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
@ -160,10 +160,11 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr)
for (i = 0; i < (ret - 1); i++) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS,i + 1, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
@ -204,13 +205,15 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr)
}
for (i = 0; i < (ret - 1); i++){
if (args[i] != NULL) SCFree(args[i]);
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
return de;
error:
for (i = 0; i < (ret - 1); i++){
if (args[i] != NULL) SCFree(args[i]);
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
if (de != NULL)
SCFree(de);

30
src/detect-tls-cert-validity.c
Unescape Escape View File

@ -306,49 +306,49 @@ static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr)
{
DetectTlsValidityData *dd = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char mode[2] = "";
char value1[20] = "";
char value2[20] = "";
char range[3] = "";
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr);
goto error;
}
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, mode,
sizeof(mode));
pcre2len = sizeof(mode);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("mode \"%s\"", mode);
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value1,
sizeof(value1));
pcre2len = sizeof(value1);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("value1 \"%s\"", value1);
if (ret > 3) {
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3,
range, sizeof(range));
pcre2len = sizeof(range);
res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)range, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("range \"%s\"", range);
if (ret > 4) {
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4,
value2, sizeof(value2));
pcre2len = sizeof(value2);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 4, (PCRE2_UCHAR8 *)value2, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("value2 \"%s\"", value2);

10
src/detect-tls-version.c
Unescape Escape View File

@ -152,9 +152,9 @@ static DetectTlsVersionData *DetectTlsVersionParse (DetectEngineCtx *de_ctx, con
uint16_t temp;
DetectTlsVersionData *tls = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.version option");
goto error;
@ -163,9 +163,11 @@ static DetectTlsVersionData *DetectTlsVersionParse (DetectEngineCtx *de_ctx, con
if (ret > 1) {
char ver_ptr[64];
char *tmp_str;
res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 1, ver_ptr, sizeof(ver_ptr));
pcre2len = sizeof(ver_ptr);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 *)ver_ptr, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}

33
src/detect-tls.c
Unescape Escape View File

@ -223,13 +223,13 @@ static DetectTlsData *DetectTlsSubjectParse (DetectEngineCtx *de_ctx, const char
{
DetectTlsData *tls = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
const char *str_ptr;
char *orig = NULL;
char *tmp_str;
uint32_t flag = 0;
ret = DetectParsePcreExec(&subject_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&subject_parse_regex, str, 0, 0);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.subject option");
goto error;
@ -238,9 +238,10 @@ static DetectTlsData *DetectTlsSubjectParse (DetectEngineCtx *de_ctx, const char
if (negate)
flag = DETECT_CONTENT_NEGATED;
res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(
subject_parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
@ -255,7 +256,7 @@ static DetectTlsData *DetectTlsSubjectParse (DetectEngineCtx *de_ctx, const char
if (unlikely(orig == NULL)) {
goto error;
}
pcre_free_substring(str_ptr);
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
tmp_str=orig;
@ -414,13 +415,13 @@ static DetectTlsData *DetectTlsIssuerDNParse(DetectEngineCtx *de_ctx, const char
{
DetectTlsData *tls = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
const char *str_ptr;
char *orig = NULL;
char *tmp_str;
uint32_t flag = 0;
ret = DetectParsePcreExec(&issuerdn_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&issuerdn_parse_regex, str, 0, 0);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.issuerdn option");
goto error;
@ -429,9 +430,10 @@ static DetectTlsData *DetectTlsIssuerDNParse(DetectEngineCtx *de_ctx, const char
if (negate)
flag = DETECT_CONTENT_NEGATED;
res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(
issuerdn_parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
@ -446,7 +448,7 @@ static DetectTlsData *DetectTlsIssuerDNParse(DetectEngineCtx *de_ctx, const char
if (unlikely(orig == NULL)) {
goto error;
}
pcre_free_substring(str_ptr);
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
tmp_str=orig;
@ -546,13 +548,13 @@ static DetectTlsData *DetectTlsFingerprintParse (DetectEngineCtx *de_ctx, const
{
DetectTlsData *tls = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
const char *str_ptr;
char *orig;
char *tmp_str;
uint32_t flag = 0;
ret = DetectParsePcreExec(&fingerprint_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&fingerprint_parse_regex, str, 0, 0);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.fingerprint option");
goto error;
@ -561,9 +563,10 @@ static DetectTlsData *DetectTlsFingerprintParse (DetectEngineCtx *de_ctx, const
if (negate)
flag = DETECT_CONTENT_NEGATED;
res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(
fingerprint_parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
@ -578,7 +581,7 @@ static DetectTlsData *DetectTlsFingerprintParse (DetectEngineCtx *de_ctx, const
if (unlikely(orig == NULL)) {
goto error;
}
pcre_free_substring(str_ptr);
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
tmp_str=orig;

11
src/detect-tos.c
Unescape Escape View File

@ -112,9 +112,9 @@ static DetectTosData *DetectTosParse(const char *arg, bool negate)
{
DetectTosData *tosd = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, arg, 0, 0);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid tos option - %s. "
"The tos option value must be in the range "
@ -124,10 +124,11 @@ static DetectTosData *DetectTosParse(const char *arg, bool negate)
/* For TOS value */
char tosbytes_str[64] = "";
res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, 1,
tosbytes_str, sizeof(tosbytes_str));
pcre2len = sizeof(tosbytes_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 *)tosbytes_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
goto error;
}

20
src/detect-ttl.c
Unescape Escape View File

@ -133,36 +133,40 @@ static int DetectTtlMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
static DetectTtlData *DetectTtlParse (const char *ttlstr)
{
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char arg1[6] = "";
char arg2[6] = "";
char arg3[6] = "";
int ret = DetectParsePcreExec(&parse_regex, ttlstr, 0, 0, ov, MAX_SUBSTRINGS);
int ret = DetectParsePcreExec(&parse_regex, ttlstr, 0, 0);
if (ret < 2 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
return NULL;
}
int res = pcre_copy_substring((char *) ttlstr, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1));
pcre2len = sizeof(arg1);
int res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return NULL;
}
SCLogDebug("arg1 \"%s\"", arg1);
if (ret >= 3) {
res = pcre_copy_substring((char *) ttlstr, ov, MAX_SUBSTRINGS, 2, arg2, sizeof(arg2));
pcre2len = sizeof(arg2);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return NULL;
}
SCLogDebug("arg2 \"%s\"", arg2);
if (ret >= 4) {
res = pcre_copy_substring((char *) ttlstr, ov, MAX_SUBSTRINGS, 3, arg3, sizeof(arg3));
pcre2len = sizeof(arg3);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return NULL;
}
SCLogDebug("arg3 \"%s\"", arg3);

47
src/detect-urilen.c
Unescape Escape View File

@ -97,9 +97,9 @@ static DetectUrilenData *DetectUrilenParse (const char *urilenstr)
char *arg4 = NULL;
char *arg5 = NULL;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2_len;
ret = DetectParsePcreExec(&parse_regex, urilenstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, urilenstr, 0, 0);
if (ret < 3 || ret > 6) {
SCLogError(SC_ERR_PCRE_PARSE, "urilen option pcre parse error: \"%s\"", urilenstr);
goto error;
@ -108,44 +108,47 @@ static DetectUrilenData *DetectUrilenParse (const char *urilenstr)
SCLogDebug("ret %d", ret);
res = pcre_get_substring((char *)urilenstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg1 = (char *) str_ptr;
SCLogDebug("Arg1 \"%s\"", arg1);
res = pcre_get_substring((char *)urilenstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg2 = (char *) str_ptr;
SCLogDebug("Arg2 \"%s\"", arg2);
if (ret > 3) {
res = pcre_get_substring((char *)urilenstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg3 = (char *) str_ptr;
SCLogDebug("Arg3 \"%s\"", arg3);
if (ret > 4) {
res = pcre_get_substring((char *)urilenstr, ov, MAX_SUBSTRINGS, 4, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 4, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg4 = (char *) str_ptr;
SCLogDebug("Arg4 \"%s\"", arg4);
}
if (ret > 5) {
res = pcre_get_substring((char *)urilenstr, ov, MAX_SUBSTRINGS, 5, &str_ptr);
res = pcre2_substring_get_bynumber(
parse_regex.match, 5, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
goto error;
}
arg5 = (char *) str_ptr;
@ -206,29 +209,29 @@ static DetectUrilenData *DetectUrilenParse (const char *urilenstr)
}
}
pcre_free_substring(arg1);
pcre_free_substring(arg2);
pcre2_substring_free((PCRE2_UCHAR *)arg1);
pcre2_substring_free((PCRE2_UCHAR *)arg2);
if (arg3 != NULL)
pcre_free_substring(arg3);
pcre2_substring_free((PCRE2_UCHAR *)arg3);
if (arg4 != NULL)
pcre_free_substring(arg4);
pcre2_substring_free((PCRE2_UCHAR *)arg4);
if (arg5 != NULL)
pcre_free_substring(arg5);
pcre2_substring_free((PCRE2_UCHAR *)arg5);
return urilend;
error:
if (urilend)
SCFree(urilend);
if (arg1 != NULL)
pcre_free_substring(arg1);
pcre2_substring_free((PCRE2_UCHAR *)arg1);
if (arg2 != NULL)
pcre_free_substring(arg2);
pcre2_substring_free((PCRE2_UCHAR *)arg2);
if (arg3 != NULL)
pcre_free_substring(arg3);
pcre2_substring_free((PCRE2_UCHAR *)arg3);
if (arg4 != NULL)
pcre_free_substring(arg4);
pcre2_substring_free((PCRE2_UCHAR *)arg4);
if (arg5 != NULL)
pcre_free_substring(arg5);
pcre2_substring_free((PCRE2_UCHAR *)arg5);
return NULL;
}

28
src/detect-xbits.c
Unescape Escape View File

@ -197,34 +197,40 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx,
uint8_t fb_cmd = 0;
uint8_t hb_dir = 0;
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
size_t pcre2len;
char fb_cmd_str[16] = "", fb_name[256] = "";
char hb_dir_str[16] = "";
enum VarTypes var_type = VAR_TYPE_NOT_SET;
uint32_t expire = DETECT_XBITS_EXPIRE_DEFAULT;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret != 2 && ret != 3 && ret != 4 && ret != 5) {
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for xbits.", rawstr);
return -1;
}
SCLogDebug("ret %d, %s", ret, rawstr);
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, fb_cmd_str, sizeof(fb_cmd_str));
pcre2len = sizeof(fb_cmd_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 *)fb_cmd_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return -1;
}
if (ret >= 3) {
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, fb_name, sizeof(fb_name));
pcre2len = sizeof(fb_name);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)fb_name, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return -1;
}
if (ret >= 4) {
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, hb_dir_str, sizeof(hb_dir_str));
pcre2len = sizeof(hb_dir_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)hb_dir_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return -1;
}
SCLogDebug("hb_dir_str %s", hb_dir_str);
@ -246,9 +252,11 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx,
if (ret >= 5) {
char expire_str[16] = "";
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, expire_str, sizeof(expire_str));
pcre2len = sizeof(expire_str);
res = pcre2_substring_copy_bynumber(
parse_regex.match, 4, (PCRE2_UCHAR8 *)expire_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
return -1;
}
SCLogDebug("expire_str %s", expire_str);

Write Preview
Loading…
Cancel
Save