diff --git a/src/alert-unified2-alert.c b/src/alert-unified2-alert.c index f570e430fa..8e48e9ec1e 100644 --- a/src/alert-unified2-alert.c +++ b/src/alert-unified2-alert.c @@ -62,7 +62,7 @@ #define DEFAULT_LOG_FILENAME "unified2.alert" /**< Default log file limit in MB. */ -#define DEFAULT_LIMIT 32 +#define DEFAULT_LIMIT 32 * 1024 * 1024 /**< Minimum log file limit in MB. */ #define MIN_LIMIT 1 * 1024 * 1024 @@ -1169,19 +1169,17 @@ OutputCtx *Unified2AlertInitCtx(ConfNode *conf) file_ctx->prefix = SCStrdup(filename); const char *s_limit = NULL; - uint64_t limit = DEFAULT_LIMIT; + file_ctx->size_limit = DEFAULT_LIMIT; if (conf != NULL) { s_limit = ConfNodeLookupChildValue(conf, "limit"); if (s_limit != NULL) { - long double res; - if (ParseSizeString(s_limit, &res) < 0) { + if (ParseSizeStringU64(s_limit, &file_ctx->size_limit) < 0) { SCLogError(SC_ERR_INVALID_ARGUMENT, "Failed to initialize unified2 output, invalid limit: %s", s_limit); exit(EXIT_FAILURE); } - limit = res; - if (limit < MIN_LIMIT) { + if (file_ctx->size_limit < MIN_LIMIT) { SCLogError(SC_ERR_INVALID_ARGUMENT, "Failed to initialize unified2 output, limit less than " "allowed minimum: %d.", MIN_LIMIT); @@ -1189,7 +1187,6 @@ OutputCtx *Unified2AlertInitCtx(ConfNode *conf) } } } - file_ctx->size_limit = limit; ret = Unified2AlertOpenFileCtx(file_ctx, filename); if (ret < 0) @@ -1202,7 +1199,7 @@ OutputCtx *Unified2AlertInitCtx(ConfNode *conf) output_ctx->DeInit = Unified2AlertDeInitCtx; SCLogInfo("Unified2-alert initialized: filename %s, limit %"PRIu64" MB", - filename, limit); + filename, file_ctx->size_limit); SC_ATOMIC_INIT(unified2_event_id); diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index eb284be7ce..ae469df0dd 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -1738,14 +1738,12 @@ static void HTPConfigure(void) } else if (strcasecmp("request-body-limit", p->name) == 0 || strcasecmp("request_body_limit", p->name) == 0) { - long double res; - if (ParseSizeString(p->val, &res) < 0) { + if (ParseSizeStringU32(p->val, &cfglist.request_body_limit) < 0) { SCLogError(SC_ERR_SIZE_PARSE, "Error parsing request-body-limit " "from conf file - %s. Killing engine", p->val); exit(EXIT_FAILURE); } - cfglist.request_body_limit = (uint32_t)res; } else if (strcasecmp("response-body-limit", p->name) == 0) { /* limit */ @@ -1906,14 +1904,12 @@ static void HTPConfigure(void) SCLogDebug("LIBHTP default: %s=%s", p->name, p->val); - long double res; - if (ParseSizeString(p->val, &res) < 0) { + if (ParseSizeStringU32(p->val, &htprec->request_body_limit) < 0) { SCLogError(SC_ERR_SIZE_PARSE, "Error parsing request-body-limit " "from conf file - %s. Killing engine", p->val); exit(EXIT_FAILURE); } - htprec->request_body_limit = (uint32_t)res; } else if (strcasecmp("response-body-limit", p->name) == 0) { /* limit */ diff --git a/src/decode.c b/src/decode.c index ec0c1ee9a4..443e3091dd 100644 --- a/src/decode.c +++ b/src/decode.c @@ -312,7 +312,7 @@ inline int PacketCopyDataOffset(Packet *p, int offset, uint8_t *data, int datale /* Do we have already an packet with allocated data */ if (! p->ext_pkt) { - if (offset + datalen <= default_packet_size) { + if (offset + datalen <= (int)default_packet_size) { /* data will fit in memory allocated with packet */ memcpy(p->pkt + offset, data, datalen); } else { diff --git a/src/decode.h b/src/decode.h index dda5f38d57..18c1164ff7 100644 --- a/src/decode.h +++ b/src/decode.h @@ -465,7 +465,7 @@ typedef struct Packet_ #define DEFAULT_PACKET_SIZE (1500 + ETHERNET_HEADER_LEN) /* storage: maximum ip packet size + link header */ #define MAX_PAYLOAD_SIZE (IPV6_HEADER_LEN + 65536 + 28) -intmax_t default_packet_size; +uint32_t default_packet_size; #define SIZE_OF_PACKET (default_packet_size + sizeof(Packet)) typedef struct PacketQueue_ { diff --git a/src/flow.c b/src/flow.c index 40f6fc251e..9f09862003 100644 --- a/src/flow.c +++ b/src/flow.c @@ -865,14 +865,12 @@ void FlowInitConfig(char quiet) /** set config values for memcap, prealloc and hash_size */ if ((ConfGet("flow.memcap", &conf_val)) == 1) { - long double res; - if (ParseSizeString(conf_val, &res) < 0) { + if (ParseSizeStringU64(conf_val, &flow_config.memcap) < 0) { SCLogError(SC_ERR_SIZE_PARSE, "Error parsing flow.memcap " "from conf file - %s. Killing engine", conf_val); exit(EXIT_FAILURE); } - flow_config.memcap = res; } if ((ConfGet("flow.hash_size", &conf_val)) == 1) { diff --git a/src/log-pcap.c b/src/log-pcap.c index af7bb23509..62b598eed5 100644 --- a/src/log-pcap.c +++ b/src/log-pcap.c @@ -58,7 +58,7 @@ #define DEFAULT_LOG_FILENAME "pcaplog" #define MODULE_NAME "PcapLog" #define MIN_LIMIT 1 * 1024 * 1024 -#define DEFAULT_LIMIT 100 +#define DEFAULT_LIMIT 100 * 1024 * 1024 #define DEFAULT_FILE_LIMIT 0 #define LOGMODE_NORMAL 0 @@ -425,20 +425,18 @@ OutputCtx *PcapLogInitCtx(ConfNode *conf) return NULL; } - uint64_t limit = DEFAULT_LIMIT; + pl->size_limit = DEFAULT_LIMIT; if (conf != NULL) { const char *s_limit = NULL; s_limit = ConfNodeLookupChildValue(conf, "limit"); if (s_limit != NULL) { - long double res; - if (ParseSizeString(s_limit, &res) < 0) { + if (ParseSizeStringU64(s_limit, &pl->size_limit) < 0) { SCLogError(SC_ERR_INVALID_ARGUMENT, "Failed to initialize unified2 output, invalid limit: %s", s_limit); exit(EXIT_FAILURE); } - limit = res; - if (limit < MIN_LIMIT) { + if (pl->size_limit < MIN_LIMIT) { SCLogError(SC_ERR_INVALID_ARGUMENT, "Fail to initialize pcap-log output, limit less than " "allowed minimum."); @@ -446,7 +444,6 @@ OutputCtx *PcapLogInitCtx(ConfNode *conf) } } } - pl->size_limit = limit; if (conf != NULL) { const char *s_mode = NULL; diff --git a/src/stream-tcp.c b/src/stream-tcp.c index fe82b2f7ae..bbeb89c37d 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -361,14 +361,12 @@ void StreamTcpInitConfig(char quiet) char *temp_stream_memcap_str; if (ConfGet("stream.memcap", &temp_stream_memcap_str) == 1) { - long double res; - if (ParseSizeString(temp_stream_memcap_str, &res) < 0) { + if (ParseSizeStringU64(temp_stream_memcap_str, &stream_config.memcap) < 0) { SCLogError(SC_ERR_SIZE_PARSE, "Error parsing stream.memcap " "from conf file - %s. Killing engine", temp_stream_memcap_str); exit(EXIT_FAILURE); } - stream_config.memcap = res; } else { stream_config.memcap = STREAMTCP_DEFAULT_MEMCAP; } @@ -418,15 +416,14 @@ void StreamTcpInitConfig(char quiet) char *temp_stream_reassembly_memcap_str; if (ConfGet("stream.reassembly.memcap", &temp_stream_reassembly_memcap_str) == 1) { - long double res; - if (ParseSizeString(temp_stream_reassembly_memcap_str, &res) < 0) { + if (ParseSizeStringU64(temp_stream_reassembly_memcap_str, + &stream_config.reassembly_memcap) < 0) { SCLogError(SC_ERR_SIZE_PARSE, "Error parsing " "stream.reassembly.memcap " "from conf file - %s. Killing engine", temp_stream_reassembly_memcap_str); exit(EXIT_FAILURE); } - stream_config.reassembly_memcap = res; } else { stream_config.reassembly_memcap = STREAMTCP_DEFAULT_REASSEMBLY_MEMCAP; } @@ -437,15 +434,14 @@ void StreamTcpInitConfig(char quiet) char *temp_stream_reassembly_depth_str; if (ConfGet("stream.reassembly.depth", &temp_stream_reassembly_depth_str) == 1) { - long double res; - if (ParseSizeString(temp_stream_reassembly_depth_str, &res) < 0) { + if (ParseSizeStringU32(temp_stream_reassembly_depth_str, + &stream_config.reassembly_depth) < 0) { SCLogError(SC_ERR_SIZE_PARSE, "Error parsing " "stream.reassembly.depth " "from conf file - %s. Killing engine", temp_stream_reassembly_depth_str); exit(EXIT_FAILURE); } - stream_config.reassembly_depth = res; } else { stream_config.reassembly_depth = 0; } @@ -457,16 +453,14 @@ void StreamTcpInitConfig(char quiet) char *temp_stream_reassembly_toserver_chunk_size_str; if (ConfGet("stream.reassembly.toserver_chunk_size", &temp_stream_reassembly_toserver_chunk_size_str) == 1) { - long double res; - if (ParseSizeString(temp_stream_reassembly_toserver_chunk_size_str, - &res) < 0) { + if (ParseSizeStringU16(temp_stream_reassembly_toserver_chunk_size_str, + &stream_config.reassembly_toserver_chunk_size) < 0) { SCLogError(SC_ERR_SIZE_PARSE, "Error parsing " "stream.reassembly.toserver_chunk_size " "from conf file - %s. Killing engine", temp_stream_reassembly_toserver_chunk_size_str); exit(EXIT_FAILURE); } - stream_config.reassembly_toserver_chunk_size = res; } else { stream_config.reassembly_toserver_chunk_size = STREAMTCP_DEFAULT_TOSERVER_CHUNK_SIZE; @@ -477,16 +471,14 @@ void StreamTcpInitConfig(char quiet) char *temp_stream_reassembly_toclient_chunk_size_str; if (ConfGet("stream.reassembly.toclient_chunk_size", &temp_stream_reassembly_toclient_chunk_size_str) == 1) { - long double res; - if (ParseSizeString(temp_stream_reassembly_toclient_chunk_size_str, - &res) < 0) { + if (ParseSizeStringU16(temp_stream_reassembly_toclient_chunk_size_str, + &stream_config.reassembly_toclient_chunk_size) < 0) { SCLogError(SC_ERR_SIZE_PARSE, "Error parsing " "stream.reassembly.toclient_chunk_size " "from conf file - %s. Killing engine", temp_stream_reassembly_toclient_chunk_size_str); exit(EXIT_FAILURE); } - stream_config.reassembly_toclient_chunk_size = res; } else { stream_config.reassembly_toclient_chunk_size = STREAMTCP_DEFAULT_TOCLIENT_CHUNK_SIZE; diff --git a/src/suricata.c b/src/suricata.c index a9ae02abec..90b2a06199 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -1160,14 +1160,12 @@ int main(int argc, char **argv) default_packet_size = DEFAULT_PACKET_SIZE; } } else { - long double res; - if (ParseSizeString(temp_default_packet_size, &res) < 0) { + if (ParseSizeStringU32(temp_default_packet_size, &default_packet_size) < 0) { SCLogError(SC_ERR_SIZE_PARSE, "Error parsing max-pending-packets " "from conf file - %s. Killing engine", temp_default_packet_size); exit(EXIT_FAILURE); } - default_packet_size = res; } SCLogDebug("Default packet size set to %"PRIiMAX, default_packet_size); diff --git a/src/util-misc.c b/src/util-misc.c index 181fe23f68..afb4c89ab3 100644 --- a/src/util-misc.c +++ b/src/util-misc.c @@ -28,7 +28,7 @@ #include "util-debug.h" #include "util-unittest.h" -int ParseSizeString(const char *size, long double *res) +static int ParseSizeString(const char *size, long double *res) { #define PARSE_REGEX "^\\s*(\\d+(?:.\\d+)?)\\s*([a-zA-Z]{2})?\\s*$" @@ -44,18 +44,22 @@ int ParseSizeString(const char *size, long double *res) int r; int ov[MAX_SUBSTRINGS]; + int retval = 0; + *res = 0; parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if (parse_regex == NULL) { SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset " "%" PRId32 ": %s", PARSE_REGEX, eo, eb); + retval = -2; goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if (eb != NULL) { SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); + retval = -2; goto error; } @@ -70,6 +74,7 @@ int ParseSizeString(const char *size, long double *res) "xxxmb or xxxMb or xxxMB or xxxmB <- indicates megabytes\n" "xxxgb or xxxGb or xxxGB or xxxgB <- indicates gigabytes.", size); + retval = -2; goto error; } @@ -78,6 +83,7 @@ int ParseSizeString(const char *size, long double *res) &str_ptr); if (r < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + retval = -2; goto error; } @@ -86,9 +92,11 @@ int ParseSizeString(const char *size, long double *res) *res = strtold(size, &endptr); if (errno == ERANGE) { SCLogError(SC_ERR_NUMERIC_VALUE_ERANGE, "Numeric value out of range"); + retval = -1; goto error; } else if (endptr == size) { SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "Invalid numeric value"); + retval = -1; goto error; } pcre_free_substring(str_ptr); @@ -98,6 +106,7 @@ int ParseSizeString(const char *size, long double *res) &str_ptr); if (r < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + retval = -2; goto error; } @@ -118,6 +127,74 @@ int ParseSizeString(const char *size, long double *res) return -1; } +int ParseSizeStringU8(const char *size, uint8_t *res) +{ + long double temp_res = 0; + + *res = 0; + int r = ParseSizeString(size, &temp_res); + if (r < 0) + return r; + + if (temp_res > UINT8_MAX) + return -1; + + *res = temp_res; + + return 0; +} + +int ParseSizeStringU16(const char *size, uint16_t *res) +{ + long double temp_res = 0; + + *res = 0; + int r = ParseSizeString(size, &temp_res); + if (r < 0) + return r; + + if (temp_res > UINT16_MAX) + return -1; + + *res = temp_res; + + return 0; +} + +int ParseSizeStringU32(const char *size, uint32_t *res) +{ + long double temp_res = 0; + + *res = 0; + int r = ParseSizeString(size, &temp_res); + if (r < 0) + return r; + + if (temp_res > UINT32_MAX) + return -1; + + *res = temp_res; + + return 0; +} + +int ParseSizeStringU64(const char *size, uint64_t *res) +{ + long double temp_res = 0; + + *res = 0; + int r = ParseSizeString(size, &temp_res); + if (r < 0) + return r; + + if (temp_res > UINT64_MAX) + return -1; + + *res = temp_res; + + return 0; +} + /*********************************Unittests********************************/ #ifdef UNITTESTS diff --git a/src/util-misc.h b/src/util-misc.h index dcfb74049a..ef783f8f6a 100644 --- a/src/util-misc.h +++ b/src/util-misc.h @@ -24,7 +24,10 @@ #ifndef __UTIL_MISC_H__ #define __UTIL_MISC_H__ -int ParseSizeString(const char *, long double *); +int ParseSizeStringU8(const char *, uint8_t *); +int ParseSizeStringU16(const char *, uint16_t *); +int ParseSizeStringU32(const char *, uint32_t *); +int ParseSizeStringU64(const char *, uint64_t *); void UtilMiscRegisterTests(void); #endif /* __UTIL_MISC_H__ */ diff --git a/suricata.yaml b/suricata.yaml index 9271e7c66e..efffcb4d90 100644 --- a/suricata.yaml +++ b/suricata.yaml @@ -93,7 +93,7 @@ outputs: # File size limit. Can be specified in kb, mb, gb. Just a number # is parsed as bytes. - limit: 1000 + limit: 1000mb # If set to a value will enable ring buffer mode. Will keep Maximum of "max_files" of size "limit" max_files: 2000