aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: use u32 for InspectionBufferMultipleForList

Browse Source 
So that we do not have an endless loop casting index to
u16 and having more than 65536 buffers in one transaction

Changes for all protocols, even ones where it is impossible
to have such a pattern, so as to avoid bad pattern copy/paste
in the future
pull/6261/head
Philippe Antoine 5 years ago committed by Victor Julien
parent e611adf3dc
commit 7d0a39412b
13 changed files with 40 additions and 43 deletions
Show Stats Download Patch File Download Diff File

2
rust/src/dns/dns.rs
Unescape Escape View File

@ -888,7 +888,7 @@ pub extern "C" fn rs_dns_state_get_tx_data(
#[no_mangle]
pub extern "C" fn rs_dns_tx_get_query_name(tx: &mut DNSTransaction,
i: u16,
i: u32,
buf: *mut *const u8,
len: *mut u32)
-> u8

4
rust/src/ike/detect.rs
Unescape Escape View File

@ -117,9 +117,9 @@ pub extern "C" fn rs_ike_state_get_key_exchange(
#[no_mangle]
pub extern "C" fn rs_ike_tx_get_vendor(
tx: &IKETransaction, i: u16, buf: *mut *const u8, len: *mut u32,
tx: &IKETransaction, i: u32, buf: *mut *const u8, len: *mut u32,
) -> u8 {
if tx.ike_version == 1 && i < tx.hdr.ikev1_header.vendor_ids.len() as u16 {
if tx.ike_version == 1 && i < tx.hdr.ikev1_header.vendor_ids.len() as u32 {
unsafe {
*len = tx.hdr.ikev1_header.vendor_ids[i as usize].len() as u32;
*buf = tx.hdr.ikev1_header.vendor_ids[i as usize].as_ptr();

4
rust/src/krb/detect.rs
Unescape Escape View File

@ -43,7 +43,7 @@ pub unsafe extern "C" fn rs_krb5_tx_get_errcode(tx: &mut KRB5Transaction,
#[no_mangle]
pub unsafe extern "C" fn rs_krb5_tx_get_cname(tx: &mut KRB5Transaction,
i: u16,
i: u32,
buffer: *mut *const u8,
buffer_len: *mut u32)
-> u8
@ -61,7 +61,7 @@ pub unsafe extern "C" fn rs_krb5_tx_get_cname(tx: &mut KRB5Transaction,
#[no_mangle]
pub unsafe extern "C" fn rs_krb5_tx_get_sname(tx: &mut KRB5Transaction,
i: u16,
i: u32,
buffer: *mut *const u8,
buffer_len: *mut u32)
-> u8

6
rust/src/mqtt/detect.rs
Unescape Escape View File

@ -353,7 +353,7 @@ pub extern "C" fn rs_mqtt_tx_get_publish_message(
#[no_mangle]
pub extern "C" fn rs_mqtt_tx_get_subscribe_topic(tx: &MQTTTransaction,
i: u16,
i: u32,
buf: *mut *const u8,
len: *mut u32)
-> u8
@ -386,7 +386,7 @@ pub extern "C" fn rs_mqtt_tx_get_subscribe_topic(tx: &MQTTTransaction,
#[no_mangle]
pub extern "C" fn rs_mqtt_tx_get_unsubscribe_topic(tx: &MQTTTransaction,
i: u16,
i: u32,
buf: *mut *const u8,
len: *mut u32)
-> u8
@ -607,4 +607,4 @@ mod test {
r = rs_mqtt_tx_get_subscribe_topic(&t, 4, &mut s, &mut slen);
assert_eq!(r, 0);
}
}
}

9
src/detect-dns-query.c
Unescape Escape View File

@ -68,7 +68,7 @@ static void DetectDnsQueryRegisterTests(void);
static int g_dns_query_buffer_id = 0;
struct DnsQueryGetDataArgs {
int local_id; /**< used as index into thread inspect array */
uint32_t local_id; /**< used as index into thread inspect array */
void *txv;
};
@ -87,8 +87,7 @@ static InspectionBuffer *DnsQueryGetData(DetectEngineThreadCtx *det_ctx,
const uint8_t *data;
uint32_t data_len;
if (rs_dns_tx_get_query_name(cbdata->txv, (uint16_t)cbdata->local_id,
&data, &data_len) == 0) {
if (rs_dns_tx_get_query_name(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) {
return NULL;
}
InspectionBufferSetupMulti(buffer, transforms, data, data_len);
@ -102,7 +101,7 @@ static int DetectEngineInspectDnsQuery(
const Signature *s,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
int local_id = 0;
uint32_t local_id = 0;
const DetectEngineTransforms *transforms = NULL;
if (!engine->mpm) {
@ -159,7 +158,7 @@ static void PrefilterTxDnsQuery(DetectEngineThreadCtx *det_ctx,
const MpmCtx *mpm_ctx = ctx->mpm_ctx;
const int list_id = ctx->list_id;
int local_id = 0;
uint32_t local_id = 0;
while(1) {
// loop until we get a NULL

2
src/detect-engine-mpm.h
Unescape Escape View File

@ -125,7 +125,7 @@ typedef struct PrefilterMpmListId {
} PrefilterMpmListId;
struct MpmListIdDataArgs {
int local_id; /**< used as index into thread inspect array */
uint32_t local_id; /**< used as index into thread inspect array */
void *txv;
};

12
src/detect-http2.c
Unescape Escape View File

@ -701,7 +701,7 @@ static InspectionBuffer *GetHttp2HNameData(DetectEngineThreadCtx *det_ctx,
uint32_t b_len = 0;
const uint8_t *b = NULL;
if (rs_http2_tx_get_header_name(cbdata->txv, flags, (uint32_t)cbdata->local_id, &b, &b_len) != 1)
if (rs_http2_tx_get_header_name(cbdata->txv, flags, cbdata->local_id, &b, &b_len) != 1)
return NULL;
if (b == NULL || b_len == 0)
return NULL;
@ -723,7 +723,7 @@ static void PrefilterTxHttp2HName(DetectEngineThreadCtx *det_ctx,
const MpmCtx *mpm_ctx = ctx->mpm_ctx;
const int list_id = ctx->list_id;
int local_id = 0;
uint32_t local_id = 0;
while(1) {
// loop until we get a NULL
@ -767,7 +767,7 @@ static int DetectEngineInspectHttp2HeaderName(
const Signature *s,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
int local_id = 0;
uint32_t local_id = 0;
const DetectEngineTransforms *transforms = NULL;
if (!engine->mpm) {
@ -835,7 +835,7 @@ static InspectionBuffer *GetHttp2HeaderData(DetectEngineThreadCtx *det_ctx,
uint32_t b_len = 0;
const uint8_t *b = NULL;
if (rs_http2_tx_get_header(cbdata->txv, flags, (uint32_t)cbdata->local_id, &b, &b_len) != 1)
if (rs_http2_tx_get_header(cbdata->txv, flags, cbdata->local_id, &b, &b_len) != 1)
return NULL;
if (b == NULL || b_len == 0)
return NULL;
@ -856,7 +856,7 @@ static void PrefilterTxHttp2Header(DetectEngineThreadCtx *det_ctx,
const MpmCtx *mpm_ctx = ctx->mpm_ctx;
const int list_id = ctx->list_id;
int local_id = 0;
uint32_t local_id = 0;
while(1) {
// loop until we get a NULL
@ -899,7 +899,7 @@ static int DetectEngineInspectHttp2Header(
const Signature *s,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
int local_id = 0;
uint32_t local_id = 0;
const DetectEngineTransforms *transforms = NULL;
if (!engine->mpm) {

8
src/detect-ike-vendor.c
Unescape Escape View File

@ -41,7 +41,7 @@ typedef struct {
} DetectIkeVendorData;
struct IkeVendorGetDataArgs {
int local_id;
uint32_t local_id;
void *txv;
};
@ -68,7 +68,7 @@ static InspectionBuffer *IkeVendorGetData(DetectEngineThreadCtx *det_ctx,
const uint8_t *data;
uint32_t data_len;
if (rs_ike_tx_get_vendor(cbdata->txv, (uint16_t)cbdata->local_id, &data, &data_len) == 0) {
if (rs_ike_tx_get_vendor(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) {
return NULL;
}
@ -94,7 +94,7 @@ static void PrefilterTxIkeVendor(DetectEngineThreadCtx *det_ctx, const void *pec
const MpmCtx *mpm_ctx = ctx->mpm_ctx;
const int list_id = ctx->list_id;
int local_id = 0;
uint32_t local_id = 0;
while (1) {
struct IkeVendorGetDataArgs cbdata = { local_id, txv };
InspectionBuffer *buffer =
@ -136,7 +136,7 @@ static int DetectEngineInspectIkeVendor(DetectEngineCtx *de_ctx, DetectEngineThr
const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
void *alstate, void *txv, uint64_t tx_id)
{
int local_id = 0;
uint32_t local_id = 0;
const DetectEngineTransforms *transforms = NULL;
if (!engine->mpm) {

8
src/detect-krb5-cname.c
Unescape Escape View File

@ -39,7 +39,7 @@
static int g_krb5_cname_buffer_id = 0;
struct Krb5PrincipalNameDataArgs {
int local_id; /**< used as index into thread inspect array */
uint32_t local_id; /**< used as index into thread inspect array */
void *txv;
};
@ -71,7 +71,7 @@ static InspectionBuffer *GetKrb5CNameData(DetectEngineThreadCtx *det_ctx,
uint32_t b_len = 0;
const uint8_t *b = NULL;
if (rs_krb5_tx_get_cname(cbdata->txv, (uint16_t)cbdata->local_id, &b, &b_len) != 1)
if (rs_krb5_tx_get_cname(cbdata->txv, cbdata->local_id, &b, &b_len) != 1)
return NULL;
if (b == NULL || b_len == 0)
return NULL;
@ -87,7 +87,7 @@ static int DetectEngineInspectKrb5CName(
const Signature *s,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
int local_id = 0;
uint32_t local_id = 0;
const DetectEngineTransforms *transforms = NULL;
if (!engine->mpm) {
@ -146,7 +146,7 @@ static void PrefilterTxKrb5CName(DetectEngineThreadCtx *det_ctx,
const MpmCtx *mpm_ctx = ctx->mpm_ctx;
const int list_id = ctx->list_id;
int local_id = 0;
uint32_t local_id = 0;
while(1) {
// loop until we get a NULL

8
src/detect-krb5-sname.c
Unescape Escape View File

@ -39,7 +39,7 @@
static int g_krb5_sname_buffer_id = 0;
struct Krb5PrincipalNameDataArgs {
int local_id; /**< used as index into thread inspect array */
uint32_t local_id; /**< used as index into thread inspect array */
void *txv;
};
@ -71,7 +71,7 @@ static InspectionBuffer *GetKrb5SNameData(DetectEngineThreadCtx *det_ctx,
uint32_t b_len = 0;
const uint8_t *b = NULL;
if (rs_krb5_tx_get_sname(cbdata->txv, (uint16_t)cbdata->local_id, &b, &b_len) != 1)
if (rs_krb5_tx_get_sname(cbdata->txv, cbdata->local_id, &b, &b_len) != 1)
return NULL;
if (b == NULL || b_len == 0)
return NULL;
@ -87,7 +87,7 @@ static int DetectEngineInspectKrb5SName(
const Signature *s,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
int local_id = 0;
uint32_t local_id = 0;
const DetectEngineTransforms *transforms = NULL;
if (!engine->mpm) {
@ -146,7 +146,7 @@ static void PrefilterTxKrb5SName(DetectEngineThreadCtx *det_ctx,
const MpmCtx *mpm_ctx = ctx->mpm_ctx;
const int list_id = ctx->list_id;
int local_id = 0;
uint32_t local_id = 0;
while(1) {
// loop until we get a NULL

9
src/detect-mqtt-subscribe-topic.c
Unescape Escape View File

@ -59,7 +59,7 @@ static int DetectMQTTSubscribeTopicSetup(DetectEngineCtx *, Signature *, const c
static int g_mqtt_subscribe_topic_buffer_id = 0;
struct MQTTSubscribeTopicGetDataArgs {
int local_id;
uint32_t local_id;
void *txv;
};
@ -78,8 +78,7 @@ static InspectionBuffer *MQTTSubscribeTopicGetData(DetectEngineThreadCtx *det_ct
const uint8_t *data;
uint32_t data_len;
if (rs_mqtt_tx_get_subscribe_topic(cbdata->txv, (uint16_t)cbdata->local_id,
&data, &data_len) == 0) {
if (rs_mqtt_tx_get_subscribe_topic(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) {
return NULL;
}
@ -94,7 +93,7 @@ static int DetectEngineInspectMQTTSubscribeTopic(
const Signature *s,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
int local_id = 0;
uint32_t local_id = 0;
const DetectEngineTransforms *transforms = NULL;
if (!engine->mpm) {
@ -151,7 +150,7 @@ static void PrefilterTxMQTTSubscribeTopic(DetectEngineThreadCtx *det_ctx,
const MpmCtx *mpm_ctx = ctx->mpm_ctx;
const int list_id = ctx->list_id;
int local_id = 0;
uint32_t local_id = 0;
while(1) {
struct MQTTSubscribeTopicGetDataArgs cbdata = { local_id, txv };
InspectionBuffer *buffer = MQTTSubscribeTopicGetData(det_ctx, ctx->transforms,

9
src/detect-mqtt-unsubscribe-topic.c
Unescape Escape View File

@ -59,7 +59,7 @@ static int DetectMQTTUnsubscribeTopicSetup(DetectEngineCtx *, Signature *, const
static int g_mqtt_unsubscribe_topic_buffer_id = 0;
struct MQTTUnsubscribeTopicGetDataArgs {
int local_id;
uint32_t local_id;
void *txv;
};
@ -78,8 +78,7 @@ static InspectionBuffer *MQTTUnsubscribeTopicGetData(DetectEngineThreadCtx *det_
const uint8_t *data;
uint32_t data_len;
if (rs_mqtt_tx_get_unsubscribe_topic(cbdata->txv, (uint16_t)cbdata->local_id,
&data, &data_len) == 0) {
if (rs_mqtt_tx_get_unsubscribe_topic(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) {
return NULL;
}
@ -94,7 +93,7 @@ static int DetectEngineInspectMQTTUnsubscribeTopic(
const Signature *s,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
int local_id = 0;
uint32_t local_id = 0;
const DetectEngineTransforms *transforms = NULL;
if (!engine->mpm) {
@ -151,7 +150,7 @@ static void PrefilterTxMQTTUnsubscribeTopic(DetectEngineThreadCtx *det_ctx,
const MpmCtx *mpm_ctx = ctx->mpm_ctx;
const int list_id = ctx->list_id;
int local_id = 0;
uint32_t local_id = 0;
while(1) {
struct MQTTUnsubscribeTopicGetDataArgs cbdata = { local_id, txv };
InspectionBuffer *buffer = MQTTUnsubscribeTopicGetData(det_ctx, ctx->transforms,

2
src/detect-tls-certs.c
Unescape Escape View File

@ -71,7 +71,7 @@ static int PrefilterMpmTlsCertsRegister(DetectEngineCtx *de_ctx,
static int g_tls_certs_buffer_id = 0;
struct TlsCertsGetDataArgs {
int local_id; /**< used as index into thread inspect array */
uint32_t local_id; /**< used as index into thread inspect array */
SSLCertsChain *cert;
};

Write Preview
Loading…
Cancel
Save