diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c index a5a0cb329d..49f2c4bae8 100644 --- a/src/detect-byte-extract.c +++ b/src/detect-byte-extract.c @@ -284,13 +284,12 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ for (i = 4; i < ret; i++) { char opt_str[64] = ""; pcre2len = sizeof(opt_str); - res = pcre2_substring_copy_bynumber( - parse_regex.match, i, (PCRE2_UCHAR8 *)opt_str, &pcre2len); + res = SC_pcre2_substring_copy(parse_regex.match, i, (PCRE2_UCHAR8 *)opt_str, &pcre2len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " - "for arg %d for byte_extract", - i); + "for arg %d for byte_extract with %d", + i, res); goto error; } diff --git a/src/detect-bytemath.c b/src/detect-bytemath.c index b7f1e28c33..7a46f5ebd0 100644 --- a/src/detect-bytemath.c +++ b/src/detect-bytemath.c @@ -399,7 +399,7 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch if (ret > RELATIVE_KW) { pcre2len = sizeof(tmp_str); - res = pcre2_substring_copy_bynumber( + res = SC_pcre2_substring_copy( parse_regex.match, RELATIVE_KW, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { @@ -415,7 +415,7 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch if (ret > ENDIAN_VAL) { pcre2len = sizeof(tmp_str); - res = pcre2_substring_copy_bynumber( + res = SC_pcre2_substring_copy( parse_regex.match, ENDIAN_KW, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " @@ -428,7 +428,7 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch } pcre2len = sizeof(tmp_str); - res = pcre2_substring_copy_bynumber( + res = SC_pcre2_substring_copy( parse_regex.match, ENDIAN_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " @@ -445,7 +445,7 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch if (ret > STRING_VAL) { pcre2len = sizeof(tmp_str); - res = pcre2_substring_copy_bynumber( + res = SC_pcre2_substring_copy( parse_regex.match, STRING_KW, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " @@ -458,7 +458,7 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch } pcre2len = sizeof(tmp_str); - res = pcre2_substring_copy_bynumber( + res = SC_pcre2_substring_copy( parse_regex.match, STRING_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " @@ -478,7 +478,7 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch if (ret > DCE_KW) { pcre2len = sizeof(tmp_str); - res = pcre2_substring_copy_bynumber( + res = SC_pcre2_substring_copy( parse_regex.match, DCE_KW, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " diff --git a/src/detect-dsize.c b/src/detect-dsize.c index 5278d68f41..962b98404f 100644 --- a/src/detect-dsize.c +++ b/src/detect-dsize.c @@ -156,9 +156,9 @@ static DetectDsizeData *DetectDsizeParse (const char *rawstr) } pcre2len = sizeof(mode); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); + res = SC_pcre2_substring_copy(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed with %d", res); goto error; } SCLogDebug("mode \"%s\"", mode); diff --git a/src/detect-filesize.c b/src/detect-filesize.c index b33ae67a0f..87cf12793d 100644 --- a/src/detect-filesize.c +++ b/src/detect-filesize.c @@ -158,7 +158,7 @@ static DetectFilesizeData *DetectFilesizeParse (const char *str) SCLogDebug("ret %d", ret); - res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = SC_pcre2_substring_get(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; @@ -201,15 +201,15 @@ static DetectFilesizeData *DetectFilesizeParse (const char *str) goto error; memset(fsd, 0, sizeof(DetectFilesizeData)); - if (arg1[0] == '<') + if (arg1 != NULL && arg1[0] == '<') fsd->mode = DETECT_FILESIZE_LT; - else if (arg1[0] == '>') + else if (arg1 != NULL && arg1[0] == '>') fsd->mode = DETECT_FILESIZE_GT; else fsd->mode = DETECT_FILESIZE_EQ; if (arg3 != NULL && strcmp("<>", arg3) == 0) { - if (strlen(arg1) != 0) { + if (arg1 != NULL && strlen(arg1) != 0) { SCLogError(SC_ERR_INVALID_ARGUMENT,"Range specified but mode also set"); goto error; } diff --git a/src/detect-flow.c b/src/detect-flow.c index 0392f53b6c..d2edbe2704 100644 --- a/src/detect-flow.c +++ b/src/detect-flow.c @@ -185,7 +185,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo if (ret > 1) { pcre2len = sizeof(str1); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len); + res = SC_pcre2_substring_copy(parse_regex.match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c index a2241f796b..f5866815a7 100644 --- a/src/detect-fragbits.c +++ b/src/detect-fragbits.c @@ -183,10 +183,10 @@ static DetectFragBitsData *DetectFragBitsParse (const char *rawstr) } for (i = 0; i < (ret - 1); i++) { - res = pcre2_substring_get_bynumber( + res = SC_pcre2_substring_get( parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed %d", res); goto error; } diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c index 2e54103a54..d8647f3774 100644 --- a/src/detect-fragoffset.c +++ b/src/detect-fragoffset.c @@ -156,8 +156,7 @@ static DetectFragOffsetData *DetectFragOffsetParse (DetectEngineCtx *de_ctx, con } for (i = 1; i < ret; i++) { - res = pcre2_substring_get_bynumber( - parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = SC_pcre2_substring_get(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; diff --git a/src/detect-icmp-id.c b/src/detect-icmp-id.c index 0a091e9787..3dea8ad4fa 100644 --- a/src/detect-icmp-id.c +++ b/src/detect-icmp-id.c @@ -172,8 +172,7 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char int i; const char *str_ptr; for (i = 1; i < ret; i++) { - res = pcre2_substring_get_bynumber( - parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = SC_pcre2_substring_get(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; diff --git a/src/detect-icmp-seq.c b/src/detect-icmp-seq.c index bc7dec06d9..707eab7e03 100644 --- a/src/detect-icmp-seq.c +++ b/src/detect-icmp-seq.c @@ -174,8 +174,7 @@ static DetectIcmpSeqData *DetectIcmpSeqParse (DetectEngineCtx *de_ctx, const cha } for (i = 1; i < ret; i++) { - res = pcre2_substring_get_bynumber( - parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = SC_pcre2_substring_get(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; diff --git a/src/detect-icode.c b/src/detect-icode.c index 102a65a8f9..e106ea2c1f 100644 --- a/src/detect-icode.c +++ b/src/detect-icode.c @@ -163,8 +163,7 @@ static DetectICodeData *DetectICodeParse(DetectEngineCtx *de_ctx, const char *ic int i; const char *str_ptr; for (i = 1; i < ret; i++) { - res = pcre2_substring_get_bynumber( - parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = SC_pcre2_substring_get(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; diff --git a/src/detect-itype.c b/src/detect-itype.c index 30a54c45d3..9663f194a5 100644 --- a/src/detect-itype.c +++ b/src/detect-itype.c @@ -163,8 +163,7 @@ static DetectITypeData *DetectITypeParse(DetectEngineCtx *de_ctx, const char *it int i; const char *str_ptr; for (i = 1; i < ret; i++) { - res = pcre2_substring_get_bynumber( - parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = SC_pcre2_substring_get(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; diff --git a/src/detect-nfs-procedure.c b/src/detect-nfs-procedure.c index 2f0a3005d7..22d0097f73 100644 --- a/src/detect-nfs-procedure.c +++ b/src/detect-nfs-procedure.c @@ -218,7 +218,7 @@ static DetectNfsProcedureData *DetectNfsProcedureParse (const char *rawstr) } pcre2len = sizeof(mode); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); + res = SC_pcre2_substring_copy(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; diff --git a/src/detect-nfs-version.c b/src/detect-nfs-version.c index 1f0bee7dcb..63b4345eb8 100644 --- a/src/detect-nfs-version.c +++ b/src/detect-nfs-version.c @@ -209,7 +209,7 @@ static DetectNfsVersionData *DetectNfsVersionParse (const char *rawstr) } pcre2len = sizeof(mode); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); + res = SC_pcre2_substring_copy(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; diff --git a/src/detect-parse.c b/src/detect-parse.c index 3ae1011258..1d2b963d91 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -2560,6 +2560,30 @@ DetectParseRegex2 *DetectSetupPCRE2(const char *parse_str, int opts) return detect_parse; } +int SC_pcre2_substring_copy( + pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR *buffer, PCRE2_SIZE *bufflen) +{ + int r = pcre2_substring_copy_bynumber(match_data, number, buffer, bufflen); + if (r == PCRE2_ERROR_UNSET) { + buffer[0] = 0; + *bufflen = 0; + return 0; + } + return r; +} + +int SC_pcre2_substring_get( + pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR **bufferptr, PCRE2_SIZE *bufflen) +{ + int r = pcre2_substring_get_bynumber(match_data, number, bufferptr, bufflen); + if (r == PCRE2_ERROR_UNSET) { + *bufferptr = NULL; + *bufflen = 0; + return 0; + } + return r; +} + void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse) { if (!DetectSetupParseRegexesOpts(parse_str, detect_parse, 0)) { diff --git a/src/detect-parse.h b/src/detect-parse.h index fe4fc3e648..bc5bf163f4 100644 --- a/src/detect-parse.h +++ b/src/detect-parse.h @@ -105,6 +105,10 @@ void DetectParseFreeRegex(DetectParseRegex *r); /* parse regex exec */ int DetectParsePcreExec( DetectParseRegex *parse_regex, const char *str, int start_offset, int options); +int SC_pcre2_substring_copy( + pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR *buffer, PCRE2_SIZE *bufflen); +int SC_pcre2_substring_get(pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR **bufferptr, + PCRE2_SIZE *bufflen); #endif /* __DETECT_PARSE_H__ */ diff --git a/src/detect-rfb-sectype.c b/src/detect-rfb-sectype.c index 28fc1c31ad..d55965e78b 100644 --- a/src/detect-rfb-sectype.c +++ b/src/detect-rfb-sectype.c @@ -174,7 +174,7 @@ static DetectRfbSectypeData *DetectRfbSectypeParse (const char *rawstr) } pcre2len = sizeof(mode); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); + res = SC_pcre2_substring_copy(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; diff --git a/src/detect-snmp-version.c b/src/detect-snmp-version.c index 342430ff8f..56e12cf455 100644 --- a/src/detect-snmp-version.c +++ b/src/detect-snmp-version.c @@ -188,7 +188,7 @@ static DetectSNMPVersionData *DetectSNMPVersionParse (const char *rawstr) } pcre2len = sizeof(mode); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); + res = SC_pcre2_substring_copy(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; diff --git a/src/detect-ssl-state.c b/src/detect-ssl-state.c index ec267206bb..b9cbc3d631 100644 --- a/src/detect-ssl-state.c +++ b/src/detect-ssl-state.c @@ -215,7 +215,7 @@ static DetectSslStateData *DetectSslStateParse(const char *arg) SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } - while (res > 0) { + while (res >= 0 && strlen(str1) > 0) { ret = DetectParsePcreExec(&parse_regex2, str1, 0, 0); if (ret < 1) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid arg \"%s\" supplied to " @@ -233,7 +233,7 @@ static DetectSslStateData *DetectSslStateParse(const char *arg) pcre2len = sizeof(str2); res = pcre2_substring_copy_bynumber(parse_regex2.match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len); - if (res <= 0) { + if (res < 0) { SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } diff --git a/src/detect-tcp-flags.c b/src/detect-tcp-flags.c index ea4bdca2ea..9a1b67392d 100644 --- a/src/detect-tcp-flags.c +++ b/src/detect-tcp-flags.c @@ -189,7 +189,7 @@ static DetectFlagsData *DetectFlagsParse (const char *rawstr) } pcre2len = sizeof(arg1); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); + res = SC_pcre2_substring_copy(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCReturnPtr(NULL, "DetectFlagsData"); @@ -204,7 +204,7 @@ static DetectFlagsData *DetectFlagsParse (const char *rawstr) } if (ret >= 3) { pcre2len = sizeof(arg3); - res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len); + res = SC_pcre2_substring_copy(parse_regex.match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCReturnPtr(NULL, "DetectFlagsData"); diff --git a/src/detect-tcp-window.c b/src/detect-tcp-window.c index 43de305ff6..97d1c9a6f3 100644 --- a/src/detect-tcp-window.c +++ b/src/detect-tcp-window.c @@ -127,8 +127,7 @@ static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char * if (ret > 1) { char copy_str[128] = ""; pcre2len = sizeof(copy_str); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len); + res = SC_pcre2_substring_copy(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; diff --git a/src/detect-tls-cert-validity.c b/src/detect-tls-cert-validity.c index e0bd4cf44c..d89cf09ab4 100644 --- a/src/detect-tls-cert-validity.c +++ b/src/detect-tls-cert-validity.c @@ -319,7 +319,7 @@ static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr) } pcre2len = sizeof(mode); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); + res = SC_pcre2_substring_copy(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; diff --git a/src/detect-urilen.c b/src/detect-urilen.c index e407e0f71b..e9127ee854 100644 --- a/src/detect-urilen.c +++ b/src/detect-urilen.c @@ -108,7 +108,7 @@ static DetectUrilenData *DetectUrilenParse (const char *urilenstr) SCLogDebug("ret %d", ret); - res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = SC_pcre2_substring_get(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; @@ -125,8 +125,7 @@ static DetectUrilenData *DetectUrilenParse (const char *urilenstr) SCLogDebug("Arg2 \"%s\"", arg2); if (ret > 3) { - res = pcre2_substring_get_bynumber( - parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = SC_pcre2_substring_get(parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; @@ -135,7 +134,7 @@ static DetectUrilenData *DetectUrilenParse (const char *urilenstr) SCLogDebug("Arg3 \"%s\"", arg3); if (ret > 4) { - res = pcre2_substring_get_bynumber( + res = SC_pcre2_substring_get( parse_regex.match, 4, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); @@ -161,15 +160,15 @@ static DetectUrilenData *DetectUrilenParse (const char *urilenstr) goto error; memset(urilend, 0, sizeof(DetectUrilenData)); - if (arg1[0] == '<') + if (arg1 != NULL && arg1[0] == '<') urilend->mode = DETECT_URILEN_LT; - else if (arg1[0] == '>') + else if (arg1 != NULL && arg1[0] == '>') urilend->mode = DETECT_URILEN_GT; else urilend->mode = DETECT_URILEN_EQ; if (arg3 != NULL && strcmp("<>", arg3) == 0) { - if (strlen(arg1) != 0) { + if (arg1 != NULL && strlen(arg1) != 0) { SCLogError(SC_ERR_INVALID_ARGUMENT,"Range specified but mode also set"); goto error; }