From 4a2e816bea7b58765742012a925cb96a77063a6b Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Mon, 29 Feb 2016 12:46:22 +0100
Subject: [PATCH] detect parser: add parse regex util function

Add regex setup and free util functions. Keywords often use a regex
to parse rule input. Introduce a common function to do this setup.

Also create a list of registered regexes to free at engine shutdown.
---
 src/detect-parse.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++
 src/detect-parse.h |  8 ++++++
 src/suricata.c     |  1 +
 3 files changed, 72 insertions(+)

diff --git a/src/detect-parse.c b/src/detect-parse.c
index 62e1f49a51..ca08ceaf76 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1956,6 +1956,69 @@ error:
     return NULL;
 }
 
+typedef struct DetectParseRegex_ {
+    pcre *regex;
+    pcre_extra *study;
+    struct DetectParseRegex_ *next;
+} DetectParseRegex;
+
+static DetectParseRegex *g_detect_parse_regex_list = NULL;
+
+void DetectParseFreeRegexes(void)
+{
+    DetectParseRegex *r = g_detect_parse_regex_list;
+    while (r) {
+        DetectParseRegex *next = r->next;
+
+        if (r->regex) {
+            pcre_free(r->regex);
+        }
+        if (r->study) {
+            pcre_free_study(r->study);
+        }
+        SCFree(r);
+        r = next;
+    }
+    g_detect_parse_regex_list = NULL;
+}
+
+/** \brief add regex and/or study to at exit free list
+ */
+void DetectParseRegexAddToFreeList(pcre *regex, pcre_extra *study)
+{
+    DetectParseRegex *r = SCCalloc(1, sizeof(*r));
+    if (r == NULL) {
+        FatalError(SC_ERR_MEM_ALLOC, "failed to alloc memory for pcre free list");
+    }
+    r->regex = regex;
+    r->study = study;
+    r->next = g_detect_parse_regex_list;
+    g_detect_parse_regex_list = r;
+}
+
+void DetectSetupParseRegexes(const char *parse_str,
+                             pcre **parse_regex,
+                             pcre_extra **parse_regex_study)
+{
+    const char *eb;
+    int eo;
+    int opts = 0;
+
+    *parse_regex = pcre_compile(parse_str, opts, &eb, &eo, NULL);
+    if (*parse_regex == NULL) {
+        FatalError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at "
+                "offset %" PRId32 ": %s", parse_str, eo, eb);
+    }
+
+    *parse_regex_study = pcre_study(*parse_regex, 0, &eb);
+    if (eb != NULL) {
+        FatalError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
+    }
+
+    DetectParseRegexAddToFreeList(*parse_regex, *parse_regex_study);
+    return;
+}
+
 /*
  * TESTS
  */
diff --git a/src/detect-parse.h b/src/detect-parse.h
index cb2ae0f3b3..bdc82ef15c 100644
--- a/src/detect-parse.h
+++ b/src/detect-parse.h
@@ -67,5 +67,13 @@ int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s
 const char *DetectListToHumanString(int list);
 const char *DetectListToString(int list);
 
+/* parse regex setup and free util funcs */
+
+void DetectSetupParseRegexes(const char *parse_str,
+                             pcre **parse_regex,
+                             pcre_extra **parse_regex_study);
+void DetectParseRegexAddToFreeList(pcre *regex, pcre_extra *study);
+void DetectParseFreeRegexes(void);
+
 #endif /* __DETECT_PARSE_H__ */
 
diff --git a/src/suricata.c b/src/suricata.c
index 280181b13e..13eb250124 100644
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -2627,5 +2627,6 @@ int main(int argc, char **argv)
 #endif
     ConfDeInit();
 
+    DetectParseFreeRegexes();
     exit(engine_retval);
 }