detect: initialize empty buffers

2 years ago · 977c5ea719
parent abf1ac8e01
commit 977c5ea719
15 changed files with 45 additions and 6 deletions
--- a/src/detect-dns-query.c
+++ b/src/detect-dns-query.c
@ -88,6 +88,7 @@ static InspectionBuffer *DnsQueryGetData(DetectEngineThreadCtx *det_ctx,
    const uint8_t *data;
    uint32_t data_len;
    if (rs_dns_tx_get_query_name(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) {
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
    }
    InspectionBufferSetupMulti(buffer, transforms, data, data_len);
--- a/src/detect-engine-frame.c
+++ b/src/detect-engine-frame.c
@ -366,6 +366,7 @@ static bool BufferSetup(struct FrameStreamData *fsd, InspectionBuffer *buffer, c
            if (fo_inspect_offset >= (uint64_t)frame->len) {
                SCLogDebug("data entirely past frame (%" PRIu64 " > %" PRIi64 ")",
                        fo_inspect_offset, frame->len);
+                InspectionBufferSetupMultiEmpty(buffer);
                return false;
            }

--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@ -1427,6 +1427,19 @@ void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size)
    }
 }

+/** \brief setup the buffer empty */
+void InspectionBufferSetupMultiEmpty(InspectionBuffer *buffer)
+{
+#ifdef DEBUG_VALIDATION
+    DEBUG_VALIDATE_BUG_ON(buffer->initialized);
+    DEBUG_VALIDATE_BUG_ON(!buffer->multi);
+#endif
+    buffer->inspect = NULL;
+    buffer->inspect_len = 0;
+    buffer->len = 0;
+    buffer->initialized = true;
+}
+
 /** \brief setup the buffer with our initial data */
 void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms,
        const uint8_t *data, const uint32_t data_len)
--- a/src/detect-engine.h
+++ b/src/detect-engine.h
@ -37,6 +37,7 @@ void InspectionBufferApplyTransforms(InspectionBuffer *buffer,
        const DetectEngineTransforms *transforms);
 void InspectionBufferClean(DetectEngineThreadCtx *det_ctx);
 InspectionBuffer *InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id);
+void InspectionBufferSetupMultiEmpty(InspectionBuffer *buffer);
 void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms,
        const uint8_t *data, const uint32_t data_len);
 InspectionBuffer *InspectionBufferMultipleForListGet(
--- a/src/detect-file-data.c
+++ b/src/detect-file-data.c
@ -540,11 +540,13 @@ static InspectionBuffer *FiledataGetDataCallback(DetectEngineThreadCtx *det_ctx,
    /* no new data */
    if (cur_file->content_inspected == file_size) {
        SCLogDebug("no new data");
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
    }

    if (file_size == 0) {
        SCLogDebug("no data to inspect for this transaction");
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
    }

@ -554,6 +556,7 @@ static InspectionBuffer *FiledataGetDataCallback(DetectEngineThreadCtx *det_ctx,
        SCLogDebug("we still haven't seen the entire content. "
                   "Let's defer content inspection till we see the "
                   "entire content.");
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
    }

--- a/src/detect-filemagic.c
+++ b/src/detect-filemagic.c
@ -457,6 +457,7 @@ static InspectionBuffer *FilemagicGetDataCallback(DetectEngineThreadCtx *det_ctx
        DetectFilemagicThreadData *tfilemagic =
            (DetectFilemagicThreadData *)DetectThreadCtxGetKeywordThreadCtx(det_ctx, g_magic_thread_ctx_id);
        if (tfilemagic == NULL) {
+            InspectionBufferSetupMultiEmpty(buffer);
            return NULL;
        }

--- a/src/detect-http2.c
+++ b/src/detect-http2.c
@ -818,10 +818,14 @@ static InspectionBuffer *GetHttp2HeaderData(DetectEngineThreadCtx *det_ctx, cons
    uint32_t b_len = 0;
    const uint8_t *b = NULL;

-    if (rs_http2_tx_get_header(cbdata->txv, flags, cbdata->local_id, &b, &b_len) != 1)
+    if (rs_http2_tx_get_header(cbdata->txv, flags, cbdata->local_id, &b, &b_len) != 1) {
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
-    if (b == NULL || b_len == 0)
+    }
+    if (b == NULL || b_len == 0) {
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
+    }

    InspectionBufferSetupMulti(buffer, transforms, b, b_len);

--- a/src/detect-ike-vendor.c
+++ b/src/detect-ike-vendor.c
@ -70,6 +70,7 @@ static InspectionBuffer *IkeVendorGetData(DetectEngineThreadCtx *det_ctx,
    const uint8_t *data;
    uint32_t data_len;
    if (rs_ike_tx_get_vendor(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) {
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
    }

--- a/src/detect-krb5-cname.c
+++ b/src/detect-krb5-cname.c
@ -71,10 +71,14 @@ static InspectionBuffer *GetKrb5CNameData(DetectEngineThreadCtx *det_ctx,
    uint32_t b_len = 0;
    const uint8_t *b = NULL;

-    if (rs_krb5_tx_get_cname(cbdata->txv, cbdata->local_id, &b, &b_len) != 1)
+    if (rs_krb5_tx_get_cname(cbdata->txv, cbdata->local_id, &b, &b_len) != 1) {
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
-    if (b == NULL || b_len == 0)
+    }
+    if (b == NULL || b_len == 0) {
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
+    }

    InspectionBufferSetupMulti(buffer, transforms, b, b_len);

--- a/src/detect-krb5-sname.c
+++ b/src/detect-krb5-sname.c
@ -71,10 +71,14 @@ static InspectionBuffer *GetKrb5SNameData(DetectEngineThreadCtx *det_ctx,
    uint32_t b_len = 0;
    const uint8_t *b = NULL;

-    if (rs_krb5_tx_get_sname(cbdata->txv, cbdata->local_id, &b, &b_len) != 1)
+    if (rs_krb5_tx_get_sname(cbdata->txv, cbdata->local_id, &b, &b_len) != 1) {
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
-    if (b == NULL || b_len == 0)
+    }
+    if (b == NULL || b_len == 0) {
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
+    }

    InspectionBufferSetupMulti(buffer, transforms, b, b_len);

--- a/src/detect-mqtt-subscribe-topic.c
+++ b/src/detect-mqtt-subscribe-topic.c
@ -80,6 +80,7 @@ static InspectionBuffer *MQTTSubscribeTopicGetData(DetectEngineThreadCtx *det_ct
    const uint8_t *data;
    uint32_t data_len;
    if (rs_mqtt_tx_get_subscribe_topic(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) {
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
    }

--- a/src/detect-mqtt-unsubscribe-topic.c
+++ b/src/detect-mqtt-unsubscribe-topic.c
@ -80,6 +80,7 @@ static InspectionBuffer *MQTTUnsubscribeTopicGetData(DetectEngineThreadCtx *det_
    const uint8_t *data;
    uint32_t data_len;
    if (rs_mqtt_tx_get_unsubscribe_topic(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) {
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
    }

--- a/src/detect-quic-cyu-hash.c
+++ b/src/detect-quic-cyu-hash.c
@ -76,6 +76,7 @@ static InspectionBuffer *QuicHashGetData(DetectEngineThreadCtx *det_ctx,
    const uint8_t *data;
    uint32_t data_len;
    if (rs_quic_tx_get_cyu_hash(cbdata->txv, (uint16_t)cbdata->local_id, &data, &data_len) == 0) {
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
    }

--- a/src/detect-quic-cyu-string.c
+++ b/src/detect-quic-cyu-string.c
@ -74,6 +74,7 @@ static InspectionBuffer *QuicStringGetData(DetectEngineThreadCtx *det_ctx,
    const uint8_t *data;
    uint32_t data_len;
    if (rs_quic_tx_get_cyu_string(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) {
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
    }

--- a/src/detect-tls-certs.c
+++ b/src/detect-tls-certs.c
@ -156,6 +156,7 @@ static InspectionBuffer *TlsCertsGetData(DetectEngineThreadCtx *det_ctx,
    }

    if (TAILQ_EMPTY(&connp->certs)) {
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
    }

@ -165,6 +166,7 @@ static InspectionBuffer *TlsCertsGetData(DetectEngineThreadCtx *det_ctx,
        cbdata->cert = TAILQ_NEXT(cbdata->cert, next);
    }
    if (cbdata->cert == NULL) {
+        InspectionBufferSetupMultiEmpty(buffer);
        return NULL;
    }