diff --git a/src/decode-gre.c b/src/decode-gre.c index 09c5c5530b..328bf695bd 100644 --- a/src/decode-gre.c +++ b/src/decode-gre.c @@ -91,7 +91,7 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u header_len += GRE_SRE_HDR_LEN; - if (gsre && (ntohs(gsre->af) == 0) && (gsre->sre_length == 0)) + if (gsre != NULL && (ntohs(gsre->af) == 0) && (gsre->sre_length == 0)) break; header_len += gsre->sre_length; diff --git a/src/detect-distance.c b/src/detect-distance.c index 7c533d7119..919f720abf 100644 --- a/src/detect-distance.c +++ b/src/detect-distance.c @@ -34,53 +34,61 @@ int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha } SigMatch *pm = m; - if (pm != NULL) { - if (pm->type == DETECT_PCRE) { - DetectPcreData *pe = (DetectPcreData *)pm->ctx; + if (pm == NULL) { + printf("DetectDistanceSetup: No previous match!\n"); + goto error; + } + + if (pm->type == DETECT_PCRE) { + DetectPcreData *pe = (DetectPcreData *)pm->ctx; - pe->distance = strtol(str, NULL, 10); - pe->flags |= DETECT_PCRE_DISTANCE; + pe->distance = strtol(str, NULL, 10); + pe->flags |= DETECT_PCRE_DISTANCE; - //printf("DetectDistanceSetup: set distance %" PRId32 " for previous pcre\n", pe->distance); - } else if (pm->type == DETECT_CONTENT) { - DetectContentData *cd = (DetectContentData *)pm->ctx; + //printf("DetectDistanceSetup: set distance %" PRId32 " for previous pcre\n", pe->distance); + } else if (pm->type == DETECT_CONTENT) { + DetectContentData *cd = (DetectContentData *)pm->ctx; - cd->distance = strtol(str, NULL, 10); - cd->flags |= DETECT_CONTENT_DISTANCE; + cd->distance = strtol(str, NULL, 10); + cd->flags |= DETECT_CONTENT_DISTANCE; - //printf("DetectDistanceSetup: set distance %" PRId32 " for previous content\n", cd->distance); - } else if (pm->type == DETECT_URICONTENT) { - DetectUricontentData *cd = (DetectUricontentData *)pm->ctx; + //printf("DetectDistanceSetup: set distance %" PRId32 " for previous content\n", cd->distance); + } else if (pm->type == DETECT_URICONTENT) { + DetectUricontentData *cd = (DetectUricontentData *)pm->ctx; - cd->distance = strtol(str, NULL, 10); - cd->flags |= DETECT_URICONTENT_DISTANCE; + cd->distance = strtol(str, NULL, 10); + cd->flags |= DETECT_URICONTENT_DISTANCE; - //printf("DetectDistanceSetup: set distance %" PRId32 " for previous content\n", cd->distance); - } else { - printf("DetectDistanceSetup: Unknown previous keyword!\n"); - } + //printf("DetectDistanceSetup: set distance %" PRId32 " for previous content\n", cd->distance); } else { - printf("DetectDistanceSetup: No previous match!\n"); + printf("DetectDistanceSetup: Unknown previous keyword!\n"); + goto error; } + pm = m->prev; - if (pm != NULL) { - if (pm->type == DETECT_PCRE) { - DetectPcreData *pe = (DetectPcreData *)pm->ctx; - pe->flags |= DETECT_PCRE_DISTANCE_NEXT; - } else if (pm->type == DETECT_CONTENT) { - DetectContentData *cd = (DetectContentData *)pm->ctx; - cd->flags |= DETECT_CONTENT_DISTANCE_NEXT; - } else if (pm->type == DETECT_URICONTENT) { - DetectUricontentData *cd = (DetectUricontentData *)pm->ctx; - cd->flags |= DETECT_URICONTENT_DISTANCE_NEXT; - } else { - printf("DetectDistanceSetup: Unknown previous-previous keyword!\n"); - } - } else { + if (pm == NULL) { printf("DetectDistanceSetup: No previous-previous match!\n"); + goto error; + } + + if (pm->type == DETECT_PCRE) { + DetectPcreData *pe = (DetectPcreData *)pm->ctx; + pe->flags |= DETECT_PCRE_DISTANCE_NEXT; + } else if (pm->type == DETECT_CONTENT) { + DetectContentData *cd = (DetectContentData *)pm->ctx; + cd->flags |= DETECT_CONTENT_DISTANCE_NEXT; + } else if (pm->type == DETECT_URICONTENT) { + DetectUricontentData *cd = (DetectUricontentData *)pm->ctx; + cd->flags |= DETECT_URICONTENT_DISTANCE_NEXT; + } else { + printf("DetectDistanceSetup: Unknown previous-previous keyword!\n"); + goto error; } if (dubbed) free(str); return 0; +error: + if (dubbed) free(str); + return -1; } diff --git a/src/detect-engine-address.c b/src/detect-engine-address.c index a4a0049c45..89de8ac918 100644 --- a/src/detect-engine-address.c +++ b/src/detect-engine-address.c @@ -35,9 +35,9 @@ void DetectAddressRegister (void) { /* prototypes */ void DetectAddressDataPrint(DetectAddressData *); -int DetectAddressCut(DetectAddressData *, DetectAddressData *, DetectAddressData **); -int DetectAddressCutNot(DetectAddressData *, DetectAddressData **); -int DetectAddressGroupCut(DetectEngineCtx *, DetectAddressGroup *, DetectAddressGroup *, DetectAddressGroup **); +static int DetectAddressCut(DetectAddressData *, DetectAddressData *, DetectAddressData **); +static int DetectAddressCutNot(DetectAddressData *, DetectAddressData **); +static int DetectAddressGroupCut(DetectEngineCtx *, DetectAddressGroup *, DetectAddressGroup *, DetectAddressGroup **); /* memory usage counters */ static uint32_t detect_address_group_memory = 0; @@ -195,7 +195,8 @@ int DetectAddressGroupAdd(DetectAddressGroup **head, DetectAddressGroup *ag) { } //printf("default append\n"); ag->prev = prev_cur; - prev_cur->next = ag; + if (prev_cur != NULL) + prev_cur->next = ag; } else { *head = ag; } @@ -330,8 +331,11 @@ int DetectAddressGroupInsert(DetectEngineCtx *de_ctx, DetectAddressGroupsHead *g #endif DetectAddressGroup *c = NULL; r = DetectAddressGroupCut(de_ctx, cur,new,&c); + if (r == -1) + goto error; + DetectAddressGroupInsert(de_ctx, gh, new); - if (c) { + if (c != NULL) { #ifdef DBG printf("DetectAddressGroupInsert: inserting C "); DetectAddressDataPrint(c->ad); printf("\n"); #endif @@ -344,9 +348,12 @@ int DetectAddressGroupInsert(DetectEngineCtx *de_ctx, DetectAddressGroupsHead *g #endif DetectAddressGroup *c = NULL; r = DetectAddressGroupCut(de_ctx, cur,new,&c); + if (r == -1) + goto error; + //printf("DetectAddressGroupCut returned %" PRId32 "\n", r); DetectAddressGroupInsert(de_ctx, gh, new); - if (c) { + if (c != NULL) { #ifdef DBG printf("DetectAddressGroupInsert: inserting C "); DetectAddressDataPrint(c->ad); printf("\n"); #endif @@ -359,8 +366,11 @@ int DetectAddressGroupInsert(DetectEngineCtx *de_ctx, DetectAddressGroupsHead *g #endif DetectAddressGroup *c = NULL; r = DetectAddressGroupCut(de_ctx, cur,new,&c); + if (r == -1) + goto error; + DetectAddressGroupInsert(de_ctx, gh, new); - if (c) { + if (c != NULL) { #ifdef DBG printf("DetectAddressGroupInsert: inserting C "); DetectAddressDataPrint(c->ad); printf("\n"); #endif @@ -373,8 +383,11 @@ int DetectAddressGroupInsert(DetectEngineCtx *de_ctx, DetectAddressGroupsHead *g #endif DetectAddressGroup *c = NULL; r = DetectAddressGroupCut(de_ctx, cur,new,&c); + if (r == -1) + goto error; + DetectAddressGroupInsert(de_ctx, gh, new); - if (c) { + if (c != NULL) { #ifdef DBG printf("DetectAddressGroupInsert: inserting C "); DetectAddressDataPrint(c->ad); printf("\n"); #endif @@ -400,6 +413,7 @@ error: return -1; } +/** \brief Join two addresses together */ int DetectAddressGroupJoin(DetectEngineCtx *de_ctx, DetectAddressGroup *target, DetectAddressGroup *source) { if (target == NULL || source == NULL) return -1; @@ -424,11 +438,10 @@ int DetectAddressGroupJoin(DetectEngineCtx *de_ctx, DetectAddressGroup *target, return -1; } -/* - * return codes: - * 1: inserted - * 0: not inserted (no error), memory is cleared - * -1: error +/** + * \retval 1 inserted + * \retval 0 not inserted (no error), memory is cleared + * \retval -1 error */ int DetectAddressInsert(DetectAddressGroupsHead *gh, DetectAddressData *new) { DetectAddressGroup *head = NULL; @@ -506,26 +519,46 @@ int DetectAddressInsert(DetectAddressGroupsHead *gh, DetectAddressData *new) { } else if (r == ADDRESS_ES) { DetectAddressData *c = NULL; r = DetectAddressCut(cur->ad,new,&c); + if (r == -1) + goto error; + DetectAddressInsert(gh, new); - if (c) DetectAddressInsert(gh, c); + if (c != NULL) + DetectAddressInsert(gh, c); + return 1; } else if (r == ADDRESS_EB) { DetectAddressData *c = NULL; r = DetectAddressCut(cur->ad,new,&c); + if (r == -1) + goto error; + DetectAddressInsert(gh, new); - if (c) DetectAddressInsert(gh, c); + if (c != NULL) + DetectAddressInsert(gh, c); + return 1; } else if (r == ADDRESS_LE) { DetectAddressData *c = NULL; r = DetectAddressCut(cur->ad,new,&c); + if (r == -1) + goto error; + DetectAddressInsert(gh, new); - if (c) DetectAddressInsert(gh, c); + if (c != NULL) + DetectAddressInsert(gh, c); + return 1; } else if (r == ADDRESS_GE) { DetectAddressData *c = NULL; r = DetectAddressCut(cur->ad,new,&c); + if (r == -1) + goto error; + DetectAddressInsert(gh, new); - if (c) DetectAddressInsert(gh, c); + if (c != NULL) + DetectAddressInsert(gh, c); + return 1; } } @@ -837,6 +870,8 @@ int DetectAddressGroupCut(DetectEngineCtx *de_ctx, DetectAddressGroup *a, Detect return -1; } +/** \retval 0 ok + * \retval -1 error */ int DetectAddressCut(DetectAddressData *a, DetectAddressData *b, DetectAddressData **c) { if (a->family == AF_INET) { return DetectAddressCutIPv4(a,b,c); @@ -847,6 +882,8 @@ int DetectAddressCut(DetectAddressData *a, DetectAddressData *b, DetectAddressDa return -1; } +/** \retval 0 ok + * \retval -1 error */ int DetectAddressCutNot(DetectAddressData *a, DetectAddressData **b) { if (a->family == AF_INET) { return DetectAddressCutNotIPv4(a,b); @@ -896,7 +933,6 @@ int AddressParse(DetectAddressData *dd, char *str) { char *ipdup = strdup(str); char *ip2 = NULL; char *mask = NULL; - char *ip6 = NULL; int r = 0; /* first handle 'any' */ @@ -916,7 +952,7 @@ int AddressParse(DetectAddressData *dd, char *str) { } /* see if the address is an ipv4 or ipv6 address */ - if ((ip6 = strchr(str,':')) == NULL) { + if ((strchr(str,':')) == NULL) { /* IPv4 Address */ struct in_addr in; @@ -929,8 +965,7 @@ int AddressParse(DetectAddressData *dd, char *str) { uint32_t ip4addr = 0; uint32_t netmask = 0; - char *t = NULL; - if ((t = strchr (mask,'.')) == NULL) { + if ((strchr (mask,'.')) == NULL) { /* 1.2.3.4/24 format */ int cidr = atoi(mask); diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index b86c4f4c6a..a0487188a9 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -274,7 +274,8 @@ uint32_t PatternStrength(uint8_t *pat, uint16_t patlen, uint16_t len) { return s; } -int PatternMatchPreprarePopulateMpm(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { +/** \brief Setup the content portion of the sig group head */ +static int PatternMatchPreprarePopulateMpm(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { uint32_t sig; HashTable *ht = HashTableInit(4096, ContentHashFunc, ContentHashCompareFunc, ContentHashFree); @@ -447,23 +448,20 @@ error: return -1; } -/* +/** \brief Prepare the pattern matcher ctx in a sig group head. * - * TODO - * - determine if a content match can set the 'single' flag - * - * - * XXX do error checking - * XXX rewrite the COPY stuff + * \todo determine if a content match can set the 'single' flag + * \todo do error checking + * \todo rewrite the COPY stuff */ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) { - Signature *s; - SigMatch *sm; + Signature *s = NULL; + SigMatch *sm = NULL; uint32_t co_cnt = 0; uint32_t ur_cnt = 0; uint32_t cnt = 0; - uint32_t sig; + uint32_t sig = 0; g_content_sigcnt++; @@ -473,7 +471,8 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) if (!(sh->flags & SIG_GROUP_HEAD_MPM_URI_COPY)) sh->mpm_uricontent_maxlen = 0; - /* see if this head has content and/or uricontent */ + /** see if this head has content and/or uricontent + * \todo we can move this to the signature init phase */ for (sig = 0; sig < sh->sig_cnt; sig++) { uint32_t num = sh->match_array[sig]; @@ -517,7 +516,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) MpmInitCtx(sh->mpm_uri_ctx, PM); } - //uint16_t mpm_content_scan_maxlen = 65535, mpm_uricontent_scan_maxlen = 65535; uint32_t mpm_content_cnt = 0, mpm_uricontent_cnt = 0; uint16_t mpm_content_maxdepth = 65535, mpm_content_minoffset = 65535; uint16_t mpm_content_maxdepth_one = 65535, mpm_content_minoffset_one = 65535; @@ -580,9 +578,9 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) for (sm = s->match; sm != NULL; sm = sm->next) { if (sm->type == DETECT_CONTENT && !(sh->flags & SIG_GROUP_HEAD_MPM_COPY)) { DetectContentData *cd = (DetectContentData *)sm->ctx; -//if (content_maxlen < 4) { -//printf("\""); PrintRawUriFp(stdout,cd->content,cd->content_len); printf("\" "); -//} + //if (content_maxlen < 4) { + //printf("\""); PrintRawUriFp(stdout,cd->content,cd->content_len); printf("\" "); + //} if (cd->content_len == content_maxlen) { if (content_maxdepth > cd->depth) content_maxdepth = cd->depth; @@ -593,10 +591,11 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) } else if (sm->type == DETECT_URICONTENT && !(sh->flags & SIG_GROUP_HEAD_MPM_URI_COPY)) { DetectUricontentData *ud = (DetectUricontentData *)sm->ctx; if (ud->uricontent_len == uricontent_maxlen) { + /** \todo we don't support offset in uricontent */ } } } -//if (content_maxlen < 4 && content_cnt) printf(" (%" PRIu32 ", min %" PRIu32 ", max %" PRIu32 ")\n", content_cnt, content_minlen, content_maxlen); + //if (content_maxlen < 4 && content_cnt) printf(" (%" PRIu32 ", min %" PRIu32 ", max %" PRIu32 ")\n", content_cnt, content_minlen, content_maxlen); int content_depth_atleastone = 0; int content_offset_atleastone = 0; @@ -674,14 +673,7 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) if (sh->mpm_content_maxlen >= 5) g_content_sigcnt5++; if (sh->mpm_content_maxlen >= 10) g_content_sigcnt10++; - /* see if we will use the scanning phase */ -// if (sh->mpm_content_maxlen == 1) { -// sh->flags |= SIG_GROUP_HEAD_MPM_NOSCAN; -// printf("(%p) noscan set (%s)\n", sh, sh->flags & SIG_GROUP_HEAD_MPM_NOSCAN ? "TRUE":"FALSE"); -// } -// if (sh->mpm_uricontent_maxlen < 4) sh->flags |= SIG_GROUP_HEAD_MPM_URI_NOSCAN; - - /* add the signatures */ + /* add the patterns for uricontent signatures */ for (sig = 0; sig < sh->sig_cnt; sig++) { uint32_t num = sh->match_array[sig]; @@ -713,21 +705,22 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) uricontent_minlen = ud->uricontent_len; } } - char content_scanadded = 0, uricontent_scanadded = 0; + char uricontent_scanadded = 0; for (sm = s->match; sm != NULL; sm = sm->next) { if (sm->type == DETECT_URICONTENT && !(sh->flags & SIG_GROUP_HEAD_MPM_URI_COPY)) { DetectUricontentData *ud = (DetectUricontentData *)sm->ctx; - /* only add the pattern if: - * noscan is not set, we didn't add a pattern already, length - * is the same as maxlen (ie we only add the longest pattern) */ - if (!(sh->flags & SIG_GROUP_HEAD_MPM_URI_NOSCAN) && !uricontent_scanadded && uricontent_maxlen == ud->uricontent_len) { + /* only add the pattern if: we didn't add a pattern already, + * length is the same as maxlen (ie we only add the longest pattern) */ + if (!uricontent_scanadded && uricontent_maxlen == ud->uricontent_len) { if (ud->flags & DETECT_URICONTENT_NOCASE) { sh->mpm_uri_ctx->AddScanPatternNocase(sh->mpm_uri_ctx, ud->uricontent, ud->uricontent_len, 0, 0, ud->id, s->num, 0); } else { sh->mpm_uri_ctx->AddScanPattern(sh->mpm_uri_ctx, ud->uricontent, ud->uricontent_len, 0, 0, ud->id, s->num, 0); } uricontent_scanadded = 1; + + /* otherwise it's a 'search' pattern */ } else { if (ud->flags & DETECT_URICONTENT_NOCASE) { sh->mpm_uri_ctx->AddPatternNocase(sh->mpm_uri_ctx, ud->uricontent, ud->uricontent_len, 0, 0, ud->id, s->num); @@ -737,13 +730,11 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) } } } - - content_scanadded = 0; - uricontent_scanadded = 0; } /* content */ if (sh->flags & SIG_GROUP_HAVECONTENT && !(sh->flags & SIG_GROUP_HEAD_MPM_COPY)) { + /* load the patterns */ PatternMatchPreprarePopulateMpm(de_ctx, sh); if (sh->mpm_ctx->Prepare != NULL) { @@ -751,18 +742,17 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) } if (mpm_content_maxdepth) { -// printf("mpm_content_maxdepth %" PRIu32 "\n", mpm_content_maxdepth); + // printf("mpm_content_maxdepth %" PRIu32 "\n", mpm_content_maxdepth); g_content_maxdepth++; } if (mpm_content_minoffset) { -// printf("mpm_content_minoffset %" PRIu32 "\n", mpm_content_minoffset); + // printf("mpm_content_minoffset %" PRIu32 "\n", mpm_content_minoffset); g_content_minoffset++; } g_content_total++; //if (mpm_content_depth_present) printf("(sh %p) at least one depth: %" PRId32 ", depth %" PRIu32 "\n", sh, mpm_content_depth_present, mpm_content_maxdepth_one); //if (mpm_content_offset_present) printf("(sh %p) at least one offset: %" PRId32 ", offset %" PRIu32 "\n", sh, mpm_content_offset_present, mpm_content_minoffset_one); - //sh->mpm_ctx->PrintCtx(sh->mpm_ctx); } @@ -772,7 +762,7 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) sh->mpm_uri_ctx->Prepare(sh->mpm_uri_ctx); } if (mpm_uricontent_cnt && sh->mpm_uricontent_maxlen > 1) { -// printf("mpm_uricontent_cnt %" PRIu32 ", mpm_uricontent_maxlen %" PRId32 "\n", mpm_uricontent_cnt, mpm_uricontent_maxlen); + // printf("mpm_uricontent_cnt %" PRIu32 ", mpm_uricontent_maxlen %" PRId32 "\n", mpm_uricontent_cnt, mpm_uricontent_maxlen); g_uricontent_scan++; } else { g_uricontent_search++; diff --git a/src/detect-engine-port.c b/src/detect-engine-port.c index e9f4d4f49e..6188224fc5 100644 --- a/src/detect-engine-port.c +++ b/src/detect-engine-port.c @@ -32,8 +32,8 @@ void DetectPortRegister (void) { } /* prototypes */ -int DetectPortCutNot(DetectPort *, DetectPort **); -int DetectPortCut(DetectEngineCtx *, DetectPort *, DetectPort *, DetectPort **); +static int DetectPortCutNot(DetectPort *, DetectPort **); +static int DetectPortCut(DetectEngineCtx *, DetectPort *, DetectPort *, DetectPort **); DetectPort *PortParse(char *str); /* memory usage counters */ @@ -161,7 +161,8 @@ int DetectPortAdd(DetectPort **head, DetectPort *dp) { } } dp->prev = prev_cur; - prev_cur->next = dp; + if (prev_cur != NULL) + prev_cur->next = dp; } else { *head = dp; } @@ -282,8 +283,11 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new #endif DetectPort *c = NULL; r = DetectPortCut(de_ctx,cur,new,&c); + if (r == -1) + goto error; + DetectPortInsert(de_ctx, head, new); - if (c) { + if (c != NULL) { #ifdef DBG printf("DetectPortInsert: inserting C (%p) ",c); DetectPortPrint(c); printf("\n"); #endif @@ -296,9 +300,11 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new #endif DetectPort *c = NULL; r = DetectPortCut(de_ctx,cur,new,&c); - //printf("DetectPortCut returned %" PRId32 "\n", r); + if (r == -1) + goto error; + DetectPortInsert(de_ctx, head, new); - if (c) { + if (c != NULL) { #ifdef DBG printf("DetectPortInsert: inserting C "); DetectPortPrint(c); printf("\n"); #endif @@ -311,8 +317,11 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new #endif DetectPort *c = NULL; r = DetectPortCut(de_ctx,cur,new,&c); + if (r == -1) + goto error; + DetectPortInsert(de_ctx, head, new); - if (c) { + if (c != NULL) { #ifdef DBG printf("DetectPortInsert: inserting C "); DetectPortPrint(c); printf("\n"); #endif @@ -325,8 +334,11 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new #endif DetectPort *c = NULL; r = DetectPortCut(de_ctx,cur,new,&c); + if (r == -1) + goto error; + DetectPortInsert(de_ctx, head, new); - if (c) { + if (c != NULL) { #ifdef DBG printf("DetectPortInsert: inserting C "); DetectPortPrint(c); printf("\n"); #endif @@ -350,7 +362,9 @@ error: return -1; } -int DetectPortCut(DetectEngineCtx *de_ctx, DetectPort *a, DetectPort *b, DetectPort **c) { +/** \retval 0 ok + * \retval -1 error */ +static int DetectPortCut(DetectEngineCtx *de_ctx, DetectPort *a, DetectPort *b, DetectPort **c) { uint32_t a_port1 = a->port; uint32_t a_port2 = a->port2; uint32_t b_port1 = b->port; @@ -635,11 +649,11 @@ error: if (tmp != NULL) DetectPortFree(tmp); return -1; - - return -1; } -int DetectPortCutNot(DetectPort *a, DetectPort **b) { +/** \retval 0 ok + * \retval -1 error */ +static int DetectPortCutNot(DetectPort *a, DetectPort **b) { uint16_t a_port1 = a->port; uint16_t a_port2 = a->port2; @@ -675,8 +689,6 @@ int DetectPortCutNot(DetectPort *a, DetectPort **b) { error: return -1; - - return -1; } int DetectPortCmp(DetectPort *a, DetectPort *b) { @@ -1277,7 +1289,7 @@ int PortTestParse06 (void) { copy = DetectPortCopy(NULL,dd); if (copy == NULL) - goto end; + goto end; if (DetectPortCmp(dd,copy) != PORT_EQ) goto end; diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c index 4d033adca5..cc96394902 100644 --- a/src/detect-flowbits.c +++ b/src/detect-flowbits.c @@ -156,6 +156,9 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char } fb_name = (char *)str_ptr; } + } else { + printf("ERROR: \"%s\" is not a valid setting for flowbits.\n", rawstr); + return -1; } if (strcmp(fb_cmd_str,"noalert") == 0) { diff --git a/src/detect-flowvar.c b/src/detect-flowvar.c index 9270d804c6..6910a556d2 100644 --- a/src/detect-flowvar.c +++ b/src/detect-flowvar.c @@ -108,6 +108,9 @@ int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char } varcontent = (char *)str_ptr; } + } else { + printf("ERROR: \"%s\" is not a valid setting for flowvar.\n", rawstr); + return -1; } printf("DetectFlowvarSetup: varname %s, varcontent %s\n", varname, varcontent); diff --git a/src/detect-msg.c b/src/detect-msg.c index 6266a1b19e..be388c46d3 100644 --- a/src/detect-msg.c +++ b/src/detect-msg.c @@ -16,7 +16,7 @@ void DetectMsgRegister (void) { int DetectMsgSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *msgstr) { - char *str = msgstr; + char *str = NULL; /* strip "'s */ if (msgstr[0] == '\"' && msgstr[strlen(msgstr)-1] == '\"') { diff --git a/src/detect-pktvar.c b/src/detect-pktvar.c index 54ea187320..8b91bbf7a6 100644 --- a/src/detect-pktvar.c +++ b/src/detect-pktvar.c @@ -102,6 +102,9 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char } varcontent = (char *)str_ptr; } + } else { + printf("ERROR: \"%s\" is not a valid setting for pktvar.\n", rawstr); + return -1; } printf("DetectPktvarSetup: varname %s, varcontent %s\n", varname, varcontent); diff --git a/src/detect-within.c b/src/detect-within.c index 7590bd3609..ea56b85d74 100644 --- a/src/detect-within.c +++ b/src/detect-within.c @@ -1,5 +1,9 @@ /* WITHIN part of the detection engine. */ +/** \file + * \author Victor Julien + * \todo within logic is not Snort compat atm: it is applied to pcre and uricontent as well */ + #include "decode.h" #include "detect.h" #include "flow-var.h" @@ -34,53 +38,63 @@ int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char } SigMatch *pm = m; - if (pm != NULL) { - if (pm->type == DETECT_PCRE) { - DetectPcreData *pe = (DetectPcreData *)pm->ctx; + if (pm == NULL) { + printf("DetectWithinSetup: No previous match!\n"); + goto error; + } - pe->within = strtol(str, NULL, 10); - pe->flags |= DETECT_PCRE_WITHIN; + /* Set the within flag on the Sigmatch */ + if (pm->type == DETECT_PCRE) { + DetectPcreData *pe = (DetectPcreData *)pm->ctx; - //printf("DetectWithinSetup: set within %" PRId32 " for previous pcre\n", pe->within); - } else if (pm->type == DETECT_CONTENT) { - DetectContentData *cd = (DetectContentData *)pm->ctx; + pe->within = strtol(str, NULL, 10); + pe->flags |= DETECT_PCRE_WITHIN; - cd->within = strtol(str, NULL, 10); - cd->flags |= DETECT_CONTENT_WITHIN; + //printf("DetectWithinSetup: set within %" PRId32 " for previous pcre\n", pe->within); + } else if (pm->type == DETECT_CONTENT) { + DetectContentData *cd = (DetectContentData *)pm->ctx; - //printf("DetectWithinSetup: set within %" PRId32 " for previous content\n", cd->within); - } else if (pm->type == DETECT_URICONTENT) { - DetectUricontentData *ud = (DetectUricontentData *)pm->ctx; + cd->within = strtol(str, NULL, 10); + cd->flags |= DETECT_CONTENT_WITHIN; - ud->within = strtol(str, NULL, 10); - ud->flags |= DETECT_URICONTENT_WITHIN; + //printf("DetectWithinSetup: set within %" PRId32 " for previous content\n", cd->within); + } else if (pm->type == DETECT_URICONTENT) { + DetectUricontentData *ud = (DetectUricontentData *)pm->ctx; - //printf("DetectWithinSetup: set within %" PRId32 " for previous content\n", cd->within); - } else { - printf("DetectWithinSetup: Unknown previous keyword!\n"); - } + ud->within = strtol(str, NULL, 10); + ud->flags |= DETECT_URICONTENT_WITHIN; + + //printf("DetectWithinSetup: set within %" PRId32 " for previous content\n", cd->within); } else { - printf("DetectWithinSetup: No previous match!\n"); + printf("DetectWithinSetup: Unknown previous keyword!\n"); + goto error; } + pm = m->prev; - if (pm != NULL) { - if (pm->type == DETECT_PCRE) { - DetectPcreData *pe = (DetectPcreData *)pm->ctx; - pe->flags |= DETECT_PCRE_WITHIN_NEXT; - } else if (pm->type == DETECT_CONTENT) { - DetectContentData *cd = (DetectContentData *)pm->ctx; - cd->flags |= DETECT_CONTENT_WITHIN_NEXT; - } else if (pm->type == DETECT_URICONTENT) { - DetectUricontentData *ud = (DetectUricontentData *)pm->ctx; - ud->flags |= DETECT_URICONTENT_WITHIN_NEXT; - } else { - printf("DetectWithinSetup: Unknown previous-previous keyword!\n"); - } - } else { + if (pm == NULL) { printf("DetectWithinSetup: No previous-previous match!\n"); + goto error; + } + + /* Set the within next flag on the prev sigmatch */ + if (pm->type == DETECT_PCRE) { + DetectPcreData *pe = (DetectPcreData *)pm->ctx; + pe->flags |= DETECT_PCRE_WITHIN_NEXT; + } else if (pm->type == DETECT_CONTENT) { + DetectContentData *cd = (DetectContentData *)pm->ctx; + cd->flags |= DETECT_CONTENT_WITHIN_NEXT; + } else if (pm->type == DETECT_URICONTENT) { + DetectUricontentData *ud = (DetectUricontentData *)pm->ctx; + ud->flags |= DETECT_URICONTENT_WITHIN_NEXT; + } else { + printf("DetectWithinSetup: Unknown previous-previous keyword!\n"); + goto error; } if (dubbed) free(str); return 0; +error: + if (dubbed) free(str); + return -1; } diff --git a/src/detect.c b/src/detect.c index a732a4d343..7f98a6258c 100644 --- a/src/detect.c +++ b/src/detect.c @@ -196,10 +196,12 @@ int SigLoadSignatures (DetectEngineCtx *de_ctx, char *sig_file) /* http_uri -- for uricontent */ sig = SigInit(de_ctx, "alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP GET URI cap\"; flow:to_server; content:\"GET \"; depth:4; pcre:\"/^GET (?P.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; noalert; sid:1;)"); - if (sig) { - prevsig = sig; - de_ctx->sig_list = sig; - } + if (sig == NULL) + return -1; + + prevsig = sig; + de_ctx->sig_list = sig; + sig = SigInit(de_ctx, "alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP POST URI cap\"; flow:to_server; content:\"POST \"; depth:5; pcre:\"/^POST (?P.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; noalert; sid:2;)"); if (sig == NULL) return -1; @@ -218,109 +220,6 @@ int SigLoadSignatures (DetectEngineCtx *de_ctx, char *sig_file) if (sig == NULL) return -1; prevsig->next = sig; - prevsig = sig; - - sig = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"ipv4 pkt too small\"; decode-event:ipv4.pkt_too_small; sid:5;)"); - if (sig == NULL) - return -1; - prevsig->next = sig; - prevsig = sig; -/* - sig = SigInit(de_ctx,"alert udp any any -> any any (msg:\"ViCtOr nocase test\"; sid:4; rev:13; content:\"ViCtOr!!\"; offset:100; depth:150; nocase; content:\"ViCtOr!!\"; nocase; offset:99; depth:150;)"); - if (sig == NULL) - return; - prevsig->next = sig; - prevsig = sig; - - - sig = SigInit(de_ctx,"alert ip any any -> 1.2.3.4 any (msg:\"ViCtOr case test\"; sid:2001; content:\"ViCtOr\"; depth:150;)"); - if (sig == NULL) - return; - prevsig->next = sig; - prevsig = sig; - - sig = SigInit(de_ctx,"alert ip any any -> 1.2.3.4 any (msg:\"IP ONLY\"; sid:2002;)"); - if (sig == NULL) - return; - prevsig->next = sig; - prevsig = sig; - - sig = SigInit(de_ctx,"alert ip ANY any -> 192.168.0.0/16 any (msg:\"offset, depth, within test\"; flow:to_client; sid:2002; content:HTTP; depth:4; content:Server:; offset:15; within:100; depth:200;)"); - if (sig == NULL) - return; - prevsig->next = sig; - prevsig = sig; - - sig = SigInit(de_ctx,"alert ip 1.2.3.4 any -> any any (msg:\"Inliniac blog within test\"; flow:to_client; sid:2003; content:inliniac; content:blog; within:9;)"); - if (sig == NULL) - return; - prevsig->next = sig; - prevsig = sig; - - sig = SigInit(de_ctx,"alert ip 2001::1 any -> 2001::3 any (msg:\"abcdefg distance 1 test\"; flow:to_server; sid:2004; content:abcd; content:efgh; within:4; distance:0; content:ijkl; within:4; distance:0;)"); - if (sig == NULL) - return; - prevsig->next = sig; - prevsig = sig; - - sig = SigInit(de_ctx,"alert ip 2001::5 any -> 2001::7 any (msg:\"abcdef distance 0 test\"; flow:to_server; sid:2005; content:abcdef; content:ghijklmnop; distance:0;)"); - if (sig == NULL) - return; - prevsig->next = sig; - prevsig = sig; - - - sig = SigInit(de_ctx,"alert ip 10.0.0.0/8 any -> 4.3.2.1 any (msg:\"abcdefg distance 1 test\"; flow:to_server; sid:2006; content:abcdef; content:ghijklmnop; distance:1;)"); - if (sig == NULL) - return; - prevsig->next = sig; - prevsig = sig; - - sig = SigInit(de_ctx,"alert tcp 172.16.1.0/24 any -> 0.0.0.0/0 any (msg:\"HTTP response code cap\"; flow:to_client; content:HTTP; depth:4; pcre:\"/^HTTP\\/\\d\\.\\d (?[0-9]+) [A-z\\s]+\\r\\n/\"; depth:50; sid:3;)"); - if (sig == NULL) - return; - prevsig->next = sig; - prevsig = sig; - - sig = SigInit(de_ctx,"alert tcp 172.16.2.0/24 any -> 10.10.10.10 any (msg:\"HTTP server code cap\"; flow:to_client; content:Server:; depth:500; pcre:\"/^Server: (?.*)\\r\\n/m\"; sid:4;)"); - if (sig == NULL) - return; - prevsig->next = sig; - prevsig = sig; - - sig = SigInit(de_ctx,"alert tcp 192.168.0.1 any -> 1.0.2.1 any (msg:\"\to_client nocase test\"; flow:to_client; content:Servere:; nocase; sid:400;)"); - if (sig == NULL) - return; - prevsig->next = sig; - prevsig = sig; - - sig = SigInit(de_ctx,"alert tcp 192.168.0.4 any -> 1.2.0.1 any (msg:\"HTTP UA code cap\"; flow:to_server; content:User-Agent:; depth:300; pcre:\"/^User-Agent: (?.*)\\r\\n/m\"; sid:5;)"); - if (sig == NULL) - return; - prevsig->next = sig; - prevsig = sig; - - sig = SigInit(de_ctx,"alert tcp 192.168.0.12 any -> 0.0.0.0/0 any (msg:\"HTTP http_host flowvar www.inliniac.net\"; flow:to_server; flowvar:http_host,\"www.inliniac.net\"; sid:7;)"); - if (sig) { - prevsig->next = sig; - prevsig = sig; - } - sig = SigInit(de_ctx,"alert tcp 192.168.0.0/16 any -> 0.0.0.0/0 any (msg:\"HTTP http_uri flowvar MattJonkman\"; flow:to_server; flowvar:http_uri,\"MattJonkman\"; sid:8;)"); - if (sig) { - prevsig->next = sig; - prevsig = sig; - } - sig = SigInit(de_ctx,"alert tcp 0.0.0.0/0 any -> 0.0.0.0/0 any (msg:\"HTTP uricontent VictorJulien\"; flow:to_server; uricontent:\"VictorJulien\"; nocase; sid:9;)"); - if (sig) { - prevsig->next = sig; - prevsig = sig; - } - sig = SigInit(de_ctx,"alert tcp 0.0.0.0/0 any -> 10.0.0.0/8 any (msg:\"HTTP uricontent VictorJulien\"; flow:to_server; uricontent:\"VictorJulien\"; nocase; sid:5;)"); - if (sig) { - prevsig->next = sig; - prevsig = sig; - } -*/ if(sig_file != NULL){ int r = DetectLoadSigFile(de_ctx, sig_file); @@ -442,21 +341,21 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh //printf("Not scanning as pkt payload is smaller than the largest content length we need to match"); } else { uint32_t cnt = 0; -//printf("scan: (%p, maxlen %" PRIu32 ", cnt %" PRIu32 ")\n", det_ctx->sgh, det_ctx->sgh->mpm_content_maxlen, det_ctx->sgh->sig_cnt); + //printf("scan: (%p, maxlen %" PRIu32 ", cnt %" PRIu32 ")\n", det_ctx->sgh, det_ctx->sgh->mpm_content_maxlen, det_ctx->sgh->sig_cnt); /* scan, but only if the noscan flag isn't set */ - if (!(det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_NOSCAN)) { - if (det_ctx->sgh->mpm_content_maxlen == 1) det_ctx->pkts_scanned1++; - else if (det_ctx->sgh->mpm_content_maxlen == 2) det_ctx->pkts_scanned2++; - else if (det_ctx->sgh->mpm_content_maxlen == 3) det_ctx->pkts_scanned3++; - else if (det_ctx->sgh->mpm_content_maxlen == 4) det_ctx->pkts_scanned4++; - else det_ctx->pkts_scanned++; - - cnt += PacketPatternScan(th_v, det_ctx, p); - } -//if (cnt != det_ctx->pmq.searchable) -//printf("post scan: cnt %" PRIu32 ", searchable %" PRIu32 "\n", cnt, det_ctx->pmq.searchable); - if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_NOSCAN || det_ctx->pmq.searchable > 0) { -//printf("now search\n"); + + if (det_ctx->sgh->mpm_content_maxlen == 1) det_ctx->pkts_scanned1++; + else if (det_ctx->sgh->mpm_content_maxlen == 2) det_ctx->pkts_scanned2++; + else if (det_ctx->sgh->mpm_content_maxlen == 3) det_ctx->pkts_scanned3++; + else if (det_ctx->sgh->mpm_content_maxlen == 4) det_ctx->pkts_scanned4++; + else det_ctx->pkts_scanned++; + + cnt += PacketPatternScan(th_v, det_ctx, p); + + //if (cnt != det_ctx->pmq.searchable) + //printf("post scan: cnt %" PRIu32 ", searchable %" PRIu32 "\n", cnt, det_ctx->pmq.searchable); + if (det_ctx->pmq.searchable > 0) { + //printf("now search\n"); if (det_ctx->sgh->mpm_content_maxlen == 1) det_ctx->pkts_searched1++; else if (det_ctx->sgh->mpm_content_maxlen == 2) det_ctx->pkts_searched2++; else if (det_ctx->sgh->mpm_content_maxlen == 3) det_ctx->pkts_searched3++; @@ -465,7 +364,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh cnt += PacketPatternMatch(th_v, det_ctx, p); -// printf("RAW: cnt %" PRIu32 ", det_ctx->pmq.sig_id_array_cnt %" PRIu32 "\n", cnt, det_ctx->pmq.sig_id_array_cnt); + // printf("RAW: cnt %" PRIu32 ", det_ctx->pmq.sig_id_array_cnt %" PRIu32 "\n", cnt, det_ctx->pmq.sig_id_array_cnt); } det_ctx->pmq.searchable = 0; } @@ -1966,8 +1865,6 @@ static int BuildDestinationAddressHeadsWithBothPorts(DetectEngineCtx *de_ctx, De } else { /* XXX write dedicated function for this */ dp->sh->mpm_ctx = mpmsh->mpm_ctx; - if (mpmsh->flags & SIG_GROUP_HEAD_MPM_NOSCAN) - dp->sh->flags |= SIG_GROUP_HEAD_MPM_NOSCAN; dp->sh->mpm_content_maxlen = mpmsh->mpm_content_maxlen; dp->sh->flags |= SIG_GROUP_HEAD_MPM_COPY; SigGroupHeadClearContent(dp->sh); diff --git a/src/detect.h b/src/detect.h index 5e5c92c983..f3f885842b 100644 --- a/src/detect.h +++ b/src/detect.h @@ -328,8 +328,6 @@ typedef struct SigTableElmt_ { #define SIG_GROUP_HEAD_MPM_COPY 0x04 #define SIG_GROUP_HEAD_MPM_URI_COPY 0x08 #define SIG_GROUP_HEAD_FREE 0x10 -#define SIG_GROUP_HEAD_MPM_NOSCAN 0x20 -#define SIG_GROUP_HEAD_MPM_URI_NOSCAN 0x40 /** \brief head of the list of containers. */ typedef struct SigGroupHead_ { diff --git a/src/respond-reject-libnet11.c b/src/respond-reject-libnet11.c index a0cc63892a..fd9690ddc9 100644 --- a/src/respond-reject-libnet11.c +++ b/src/respond-reject-libnet11.c @@ -49,10 +49,8 @@ typedef struct Libnet11Packet_ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir) { Libnet11Packet lpacket; - libnet_t *c; /* libnet context */ char ebuf[LIBNET_ERRBUF_SIZE]; - libnet_ptag_t t; int result; /* fill in struct defaults */ @@ -107,38 +105,39 @@ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir) lpacket.ttl = 64; /* build the package */ - if ((t = libnet_build_tcp (lpacket.sp, /* source port */ - lpacket.dp, /* dst port */ - lpacket.seq, /* seq number */ - lpacket.ack, /* ack number */ - TH_RST|TH_ACK, /* flags */ - lpacket.window, /* window size */ - 0, /* checksum */ - 0, /* urgent flag */ - LIBNET_TCP_H, /* header length */ - NULL, /* payload */ - 0, /* payload length */ - c, /* libnet context */ - 0)) < 0) /* libnet ptag */ + if ((libnet_build_tcp ( + lpacket.sp, /* source port */ + lpacket.dp, /* dst port */ + lpacket.seq, /* seq number */ + lpacket.ack, /* ack number */ + TH_RST|TH_ACK, /* flags */ + lpacket.window, /* window size */ + 0, /* checksum */ + 0, /* urgent flag */ + LIBNET_TCP_H, /* header length */ + NULL, /* payload */ + 0, /* payload length */ + c, /* libnet context */ + 0)) < 0) /* libnet ptag */ { printf("RejectSendLibnet11IPv4TCP libnet_build_tcp %s\n", libnet_geterror(c)); goto cleanup; } - if((t = libnet_build_ipv4( - LIBNET_TCP_H + LIBNET_IPV4_H, /* entire packet length */ - 0, /* tos */ - lpacket.id, /* ID */ - 0, /* fragmentation flags and offset */ - lpacket.ttl, /* TTL */ - IPPROTO_TCP, /* protocol */ - 0, /* checksum */ - lpacket.src4, /* source address */ - lpacket.dst4, /* destination address */ - NULL, /* pointer to packet data (or NULL) */ - 0, /* payload length */ - c, /* libnet context pointer */ - 0)) < 0) /* packet id */ + if((libnet_build_ipv4( + LIBNET_TCP_H + LIBNET_IPV4_H, /* entire packet length */ + 0, /* tos */ + lpacket.id, /* ID */ + 0, /* fragmentation flags and offset */ + lpacket.ttl, /* TTL */ + IPPROTO_TCP, /* protocol */ + 0, /* checksum */ + lpacket.src4, /* source address */ + lpacket.dst4, /* destination address */ + NULL, /* pointer to packet data (or NULL) */ + 0, /* payload length */ + c, /* libnet context pointer */ + 0)) < 0) /* packet id */ { printf("RejectSendLibnet11IPv4TCP libnet_build_ipv4 %s\n", libnet_geterror(c)); goto cleanup; @@ -158,10 +157,8 @@ cleanup: int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir) { //printf("going to send a ICMP host unreachable\n"); Libnet11Packet lpacket; - libnet_t *c; /* libnet context */ char ebuf[LIBNET_ERRBUF_SIZE]; - libnet_ptag_t t; int result; /* fill in struct defaults */ @@ -193,34 +190,34 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir) lpacket.ttl = 64; /* build the package */ - if ((t = libnet_build_icmpv4_unreach ( - ICMP_DEST_UNREACH, /* type */ - ICMP_HOST_ANO, /* code */ - 0, /* checksum */ - (uint8_t *)p->ip4h, /* payload */ - lpacket.len, /* payload length */ - c, /* libnet context */ - 0)) < 0) /* libnet ptag */ + if ((libnet_build_icmpv4_unreach ( + ICMP_DEST_UNREACH, /* type */ + ICMP_HOST_ANO, /* code */ + 0, /* checksum */ + (uint8_t *)p->ip4h, /* payload */ + lpacket.len, /* payload length */ + c, /* libnet context */ + 0)) < 0) /* libnet ptag */ { printf("RejectSendLibnet11L3IPv4ICMP libnet_build_icmpv4_unreach %s\n", libnet_geterror(c)); goto cleanup; } - if((t = libnet_build_ipv4( - LIBNET_ICMPV4_H + LIBNET_IPV4_H + - lpacket.len, /* entire packet length */ - 0, /* tos */ - lpacket.id, /* ID */ - 0, /* fragmentation flags and offset */ - lpacket.ttl, /* TTL */ - IPPROTO_ICMP, /* protocol */ - 0, /* checksum */ - lpacket.src4, /* source address */ - lpacket.dst4, /* destination address */ - NULL, /* pointer to packet data (or NULL) */ - 0, /* payload length */ - c, /* libnet context pointer */ - 0)) < 0) /* packet id */ + if((libnet_build_ipv4( + LIBNET_ICMPV4_H + LIBNET_IPV4_H + + lpacket.len, /* entire packet length */ + 0, /* tos */ + lpacket.id, /* ID */ + 0, /* fragmentation flags and offset */ + lpacket.ttl, /* TTL */ + IPPROTO_ICMP, /* protocol */ + 0, /* checksum */ + lpacket.src4, /* source address */ + lpacket.dst4, /* destination address */ + NULL, /* pointer to packet data (or NULL) */ + 0, /* payload length */ + c, /* libnet context pointer */ + 0)) < 0) /* packet id */ { printf("RejectSendLibnet11L3IPv4ICMP %s\n", libnet_geterror(c)); goto cleanup; diff --git a/src/util-mpm-b2g.c b/src/util-mpm-b2g.c index 403220d9ad..f5dcec84a5 100644 --- a/src/util-mpm-b2g.c +++ b/src/util-mpm-b2g.c @@ -150,6 +150,7 @@ static inline B2gPattern *B2gAllocPattern(MpmCtx *mpm_ctx) { B2gPattern *p = malloc(sizeof(B2gPattern)); if (p == NULL) { printf("ERROR: B2gAllocPattern: malloc failed\n"); + exit(EXIT_FAILURE); } memset(p,0,sizeof(B2gPattern)); @@ -163,6 +164,7 @@ B2gAllocHashItem(MpmCtx *mpm_ctx) { B2gHashItem *hi = malloc(sizeof(B2gHashItem)); if (hi == NULL) { printf("ERROR: B2gAllocHashItem: malloc failed\n"); + exit(EXIT_FAILURE); } memset(hi,0,sizeof(B2gHashItem)); @@ -220,13 +222,18 @@ static inline int B2gInitHashAdd(B2gCtx *ctx, B2gPattern *p) { return 0; } - B2gPattern *t = ctx->init_hash[hash], *tt = NULL; - for ( ; t != NULL; t = t->next) { + B2gPattern *tt = NULL; + B2gPattern *t = ctx->init_hash[hash]; + + /* get the list tail */ + do { tt = t; - } + t = t->next; + } while (t != NULL); + tt->next = p; - //printf("B2gInitHashAdd: hash %" PRIu32 ", head %p\n", hash, ctx->init_hash[hash]); + //printf("B2gInitHashAdd: hash %" PRIu32 ", head %p\n", hash, ctx->init_hash[hash]); return 0; } diff --git a/src/util-mpm-b3g.c b/src/util-mpm-b3g.c index 7b1102592b..0510cbf631 100644 --- a/src/util-mpm-b3g.c +++ b/src/util-mpm-b3g.c @@ -144,6 +144,7 @@ static inline B3gPattern *B3gAllocPattern(MpmCtx *mpm_ctx) { B3gPattern *p = malloc(sizeof(B3gPattern)); if (p == NULL) { printf("ERROR: B3gAllocPattern: malloc failed\n"); + exit(EXIT_FAILURE); } memset(p,0,sizeof(B3gPattern)); @@ -157,6 +158,7 @@ B3gAllocHashItem(MpmCtx *mpm_ctx) { B3gHashItem *hi = malloc(sizeof(B3gHashItem)); if (hi == NULL) { printf("ERROR: B3gAllocHashItem: malloc failed\n"); + exit(EXIT_FAILURE); } memset(hi,0,sizeof(B3gHashItem)); @@ -214,10 +216,15 @@ static inline int B3gInitHashAdd(B3gCtx *ctx, B3gPattern *p) { return 0; } - B3gPattern *t = ctx->init_hash[hash], *tt = NULL; - for ( ; t != NULL; t = t->next) { + B3gPattern *tt = NULL; + B3gPattern *t = ctx->init_hash[hash]; + + /* get the list tail */ + do { tt = t; - } + t = t->next; + } while (t != NULL); + tt->next = p; //printf("B3gInitHashAdd: hash %" PRIu32 ", head %p\n", hash, ctx->init_hash[hash]); diff --git a/src/util-mpm-wumanber.c b/src/util-mpm-wumanber.c index 973a91bd90..907141cb69 100644 --- a/src/util-mpm-wumanber.c +++ b/src/util-mpm-wumanber.c @@ -209,6 +209,7 @@ static inline WmPattern *WmAllocPattern(MpmCtx *mpm_ctx) { WmPattern *p = malloc(sizeof(WmPattern)); if (p == NULL) { printf("ERROR: WmAllocPattern: malloc failed\n"); + exit(EXIT_FAILURE); } memset(p,0,sizeof(WmPattern)); @@ -222,6 +223,7 @@ WmAllocHashItem(MpmCtx *mpm_ctx) { WmHashItem *hi = malloc(sizeof(WmHashItem)); if (hi == NULL) { printf("ERROR: WmAllocHashItem: malloc failed\n"); + exit(EXIT_FAILURE); } memset(hi,0,sizeof(WmHashItem)); @@ -279,10 +281,15 @@ static inline int WmInitHashAdd(WmCtx *ctx, WmPattern *p) { return 0; } - WmPattern *t = ctx->init_hash[hash], *tt = NULL; - for ( ; t != NULL; t = t->next) { + WmPattern *tt = NULL; + WmPattern *t = ctx->init_hash[hash]; + + /* get the list tail */ + do { tt = t; - } + t = t->next; + } while (t != NULL); + tt->next = p; //printf("WmInitHashAdd: hash %" PRIu32 ", head %p\n", hash, ctx->init_hash[hash]); diff --git a/src/util-pool.c b/src/util-pool.c index 4e138e68c2..406fc57287 100644 --- a/src/util-pool.c +++ b/src/util-pool.c @@ -183,8 +183,6 @@ static int PoolTestInit02 (void) { p->alloc_list, p->empty_list); retval = 0; goto end; - } else { - retval = 1; } if (p->Alloc != PoolTestAlloc) { @@ -192,8 +190,6 @@ static int PoolTestInit02 (void) { p->Alloc, PoolTestAlloc); retval = 0; goto end; - } else { - retval = 1; } if (p->Free != PoolTestFree) { @@ -201,9 +197,9 @@ static int PoolTestInit02 (void) { p->Free, PoolTestFree); retval = 0; goto end; - } else { - retval = 1; } + + retval = 1; end: if (p != NULL) PoolFree(p); diff --git a/src/util-print.c b/src/util-print.c index 3c1fdce9ea..cc8b0d6fa9 100644 --- a/src/util-print.c +++ b/src/util-print.c @@ -37,7 +37,6 @@ void PrintRawDataFp(FILE *fp, uint8_t *buf, uint32_t buflen) { for ( ; s < spaces; s++) fprintf(fp, " "); } - ch = 0; for (ch = 0; (i+ch) < buflen && ch < 16; ch++) { fprintf(fp, "%c", isprint((uint8_t)buf[i+ch]) ? (uint8_t)buf[i+ch] : '.');