From 948a4ccb3b494290dd835486ffbef8e5e8bc0455 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Fri, 29 Mar 2019 10:21:28 +0100 Subject: [PATCH] detect/iponly: only run iponly address parsers for iponly rules --- src/detect-parse.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/src/detect-parse.c b/src/detect-parse.c index 44b7ee66bf..83aebd40d9 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -1100,13 +1100,6 @@ static int SigParseBasics(DetectEngineCtx *de_ctx, if (SigParseAddress(de_ctx, s, parser->dst, SIG_DIREC_DST ^ addrs_direction) < 0) goto error; - /* For IPOnly */ - if (IPOnlySigParseAddress(de_ctx, s, parser->src, SIG_DIREC_SRC ^ addrs_direction) < 0) - goto error; - - if (IPOnlySigParseAddress(de_ctx, s, parser->dst, SIG_DIREC_DST ^ addrs_direction) < 0) - goto error; - /* By AWS - Traditionally we should be doing this only for tcp/udp/sctp, * but we do it for regardless of ip proto, since the dns/dnstcp/dnsudp * changes that we made sees to it that at this point of time we don't @@ -1133,31 +1126,29 @@ error: * \param -1 parse error * \param 0 ok */ -static int SigParse(DetectEngineCtx *de_ctx, Signature *s, const char *sigstr, uint8_t addrs_direction) +static int SigParse(DetectEngineCtx *de_ctx, Signature *s, + const char *sigstr, uint8_t addrs_direction, SignatureParser *parser) { SCEnter(); - SignatureParser parser; - memset(&parser, 0x00, sizeof(parser)); - s->sig_str = SCStrdup(sigstr); if (unlikely(s->sig_str == NULL)) { SCReturnInt(-1); } - int ret = SigParseBasics(de_ctx, s, sigstr, &parser, addrs_direction); + int ret = SigParseBasics(de_ctx, s, sigstr, parser, addrs_direction); if (ret < 0) { SCLogDebug("SigParseBasics failed"); SCReturnInt(-1); } /* we can have no options, so make sure we have them */ - if (strlen(parser.opts) > 0) { - size_t buffer_size = strlen(parser.opts) + 1; + if (strlen(parser->opts) > 0) { + size_t buffer_size = strlen(parser->opts) + 1; char input[buffer_size]; char output[buffer_size]; memset(input, 0x00, buffer_size); - memcpy(input, parser.opts, strlen(parser.opts)+1); + memcpy(input, parser->opts, strlen(parser->opts)+1); /* loop the option parsing. Each run processes one option * and returns the rest of the option string through the @@ -1778,6 +1769,9 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s) static Signature *SigInitHelper(DetectEngineCtx *de_ctx, const char *sigstr, uint8_t dir) { + SignatureParser parser; + memset(&parser, 0x00, sizeof(parser)); + Signature *sig = SigAlloc(); if (sig == NULL) goto error; @@ -1785,7 +1779,7 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, const char *sigstr, /* default gid to 1 */ sig->gid = 1; - if (SigParse(de_ctx, sig, sigstr, dir) < 0) + if (SigParse(de_ctx, sig, sigstr, dir, &parser) < 0) goto error; /* signature priority hasn't been overwritten. Using default priority */ @@ -1864,6 +1858,14 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, const char *sigstr, /* check what the type of this sig is */ SignatureSetType(de_ctx, sig); + if (sig->flags & SIG_FLAG_IPONLY) { + /* For IPOnly */ + if (IPOnlySigParseAddress(de_ctx, sig, parser.src, SIG_DIREC_SRC ^ dir) < 0) + goto error; + + if (IPOnlySigParseAddress(de_ctx, sig, parser.dst, SIG_DIREC_DST ^ dir) < 0) + goto error; + } return sig; error: