From 8023007fbd4967e75bc1b72284e53d14463c94ba Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Fri, 19 Apr 2013 10:38:51 +0200 Subject: [PATCH] flowvar: cleanup keyword argument parsing. Should also address Coverity 400655. --- src/detect-flowvar.c | 131 ++++++++++--------------------------------- 1 file changed, 31 insertions(+), 100 deletions(-) diff --git a/src/detect-flowvar.c b/src/detect-flowvar.c index 7fc1492153..52d5e96136 100644 --- a/src/detect-flowvar.c +++ b/src/detect-flowvar.c @@ -133,15 +133,16 @@ int DetectFlowvarMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr) { - DetectFlowvarData *cd = NULL; + DetectFlowvarData *fd = NULL; SigMatch *sm = NULL; - char *str = rawstr; - char dubbed = 0; - uint16_t len; char *varname = NULL, *varcontent = NULL; #define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; + const char *str_ptr; + char *contentstr = NULL; + uint16_t contentlen = 0; + int contentflags = 0; ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret != 3) { @@ -149,7 +150,6 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *raws return -1; } - const char *str_ptr; res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); @@ -157,122 +157,53 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *raws } varname = (char *)str_ptr; - if (ret > 2) { - res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); - if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); - return -1; - } - varcontent = (char *)str_ptr; - } - - if (varcontent[0] == '\"' && varcontent[strlen(varcontent)-1] == '\"') { - str = SCStrdup(varcontent+1); - if (unlikely(str == NULL)) { - return -1; - } - str[strlen(varcontent)-2] = '\0'; - dubbed = 1; - } - - len = strlen(str); - if (len == 0) { - if (dubbed) SCFree(str); + res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); + if (res < 0) { + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); return -1; } + varcontent = (char *)str_ptr; - cd = SCMalloc(sizeof(DetectFlowvarData)); - if (unlikely(cd == NULL)) + res = DetectContentDataParse("flowvar", varcontent, &contentstr, &contentlen, &contentflags); + if (res == -1) goto error; - char converted = 0; - - { - uint16_t i, x; - uint8_t bin = 0, binstr[3] = "", binpos = 0; - for (i = 0, x = 0; i < len; i++) { - // printf("str[%02u]: %c\n", i, str[i]); - if (str[i] == '|') { - if (bin) { - bin = 0; - } else { - bin = 1; - } - } else { - if (bin) { - if (isdigit((unsigned char)str[i]) || - str[i] == 'A' || str[i] == 'a' || - str[i] == 'B' || str[i] == 'b' || - str[i] == 'C' || str[i] == 'c' || - str[i] == 'D' || str[i] == 'd' || - str[i] == 'E' || str[i] == 'e' || - str[i] == 'F' || str[i] == 'f') { - // printf("part of binary: %c\n", str[i]); - - binstr[binpos] = (char)str[i]; - binpos++; - - if (binpos == 2) { - uint8_t c = strtol((char *)binstr, (char **) NULL, 16) & 0xFF; - binpos = 0; - str[x] = c; - x++; - converted = 1; - } - } else if (str[i] == ' ') { - // printf("space as part of binary string\n"); - } - } else { - str[x] = str[i]; - x++; - } - } - } -#ifdef DEBUG - if (SCLogDebugEnabled()) { - for (i = 0; i < x; i++) { - if (isprint((unsigned char)str[i])) printf("%c", str[i]); - else printf("\\x%02u", str[i]); - } - printf("\n"); - } -#endif + fd = SCMalloc(sizeof(DetectFlowvarData)); + if (unlikely(fd == NULL)) + goto error; - if (converted) - len = x; - } + fd->content = SCMalloc(contentlen); + if (unlikely(fd->content == NULL)) + goto error; - cd->content = SCMalloc(len); - if (cd->content == NULL) { - if (dubbed) SCFree(str); - SCFree(cd); - return -1; - } + memcpy(fd->content, contentstr, contentlen);; + fd->content_len = contentlen; + fd->flags = contentflags; - cd->name = SCStrdup(varname); - cd->idx = VariableNameGetIdx(de_ctx, varname, DETECT_FLOWVAR); - memcpy(cd->content, str, len); - cd->content_len = len; - cd->flags = 0; + fd->name = SCStrdup(varname); + fd->idx = VariableNameGetIdx(de_ctx, varname, DETECT_FLOWVAR); /* Okay so far so good, lets get this into a SigMatch * and put it in the Signature. */ sm = SigMatchAlloc(); - if (sm == NULL) + if (unlikely(sm == NULL)) goto error; sm->type = DETECT_FLOWVAR; - sm->ctx = (void *)cd; + sm->ctx = (void *)fd; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH); - if (dubbed) SCFree(str); + SCFree(contentstr); return 0; error: - if (dubbed) SCFree(str); - if (cd) SCFree(cd); - if (sm) SCFree(sm); + if (fd != NULL) + DetectFlowvarDataFree(fd); + if (sm != NULL) + SCFree(sm); + if (contentstr != NULL) + SCFree(contentstr); return -1; }