detect parser: add parse regex util function

Add regex setup and free util functions. Keywords often use a regex to parse rule input. Introduce a common function to do this setup. Also create a list of registered regexes to free at engine shutdown.
9 years ago · 4a2e816bea
parent 167d94efff
commit 4a2e816bea
3 changed files with 72 additions and 0 deletions
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@ -1956,6 +1956,69 @@ error:
    return NULL;
 }

+typedef struct DetectParseRegex_ {
+    pcre *regex;
+    pcre_extra *study;
+    struct DetectParseRegex_ *next;
+} DetectParseRegex;
+
+static DetectParseRegex *g_detect_parse_regex_list = NULL;
+
+void DetectParseFreeRegexes(void)
+{
+    DetectParseRegex *r = g_detect_parse_regex_list;
+    while (r) {
+        DetectParseRegex *next = r->next;
+
+        if (r->regex) {
+            pcre_free(r->regex);
+        }
+        if (r->study) {
+            pcre_free_study(r->study);
+        }
+        SCFree(r);
+        r = next;
+    }
+    g_detect_parse_regex_list = NULL;
+}
+
+/** \brief add regex and/or study to at exit free list
+ */
+void DetectParseRegexAddToFreeList(pcre *regex, pcre_extra *study)
+{
+    DetectParseRegex *r = SCCalloc(1, sizeof(*r));
+    if (r == NULL) {
+        FatalError(SC_ERR_MEM_ALLOC, "failed to alloc memory for pcre free list");
+    }
+    r->regex = regex;
+    r->study = study;
+    r->next = g_detect_parse_regex_list;
+    g_detect_parse_regex_list = r;
+}
+
+void DetectSetupParseRegexes(const char *parse_str,
+                             pcre **parse_regex,
+                             pcre_extra **parse_regex_study)
+{
+    const char *eb;
+    int eo;
+    int opts = 0;
+
+    *parse_regex = pcre_compile(parse_str, opts, &eb, &eo, NULL);
+    if (*parse_regex == NULL) {
+        FatalError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at "
+                "offset %" PRId32 ": %s", parse_str, eo, eb);
+    }
+
+    *parse_regex_study = pcre_study(*parse_regex, 0, &eb);
+    if (eb != NULL) {
+        FatalError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
+    }
+
+    DetectParseRegexAddToFreeList(*parse_regex, *parse_regex_study);
+    return;
+}
+
 /*
 * TESTS
 */
--- a/src/detect-parse.h
+++ b/src/detect-parse.h
@ -67,5 +67,13 @@ int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s
 const char *DetectListToHumanString(int list);
 const char *DetectListToString(int list);

+/* parse regex setup and free util funcs */
+
+void DetectSetupParseRegexes(const char *parse_str,
+                             pcre **parse_regex,
+                             pcre_extra **parse_regex_study);
+void DetectParseRegexAddToFreeList(pcre *regex, pcre_extra *study);
+void DetectParseFreeRegexes(void);
+
 #endif /* __DETECT_PARSE_H__ */

--- a/src/suricata.c
+++ b/src/suricata.c
@ -2627,5 +2627,6 @@ int main(int argc, char **argv)
 #endif
    ConfDeInit();

+    DetectParseFreeRegexes();
    exit(engine_retval);
 }