From 8fd00d52d81cf309ba7177e4e3dc33033e41040e Mon Sep 17 00:00:00 2001 From: "Russ Combs (rucombs)" Date: Fri, 25 Aug 2017 08:39:46 -0400 Subject: [PATCH] Merge pull request #997 in SNORT/snort3 from port_table_cruft to master Squashed commit of the following: commit d52c5cac7ed64dc56f80f2b78f10e065c88d1320 Author: Victor Roemer Date: Wed Aug 23 15:42:04 2017 -0400 snort: disallow invalid port range !:65535 (!any) commit dd620176da4daaccee9a56827f00d2a0e73bcfd3 Author: Victor Roemer Date: Wed Aug 23 15:01:02 2017 -0400 snort: remove port object cruft --- src/parser/parse_ports.cc | 35 ++++++++++++++++++++++------------- src/ports/port_object.cc | 10 ++++------ src/ports/port_object.h | 4 ++-- src/ports/port_table.cc | 31 +++---------------------------- 4 files changed, 31 insertions(+), 49 deletions(-) diff --git a/src/parser/parse_ports.cc b/src/parser/parse_ports.cc index 58e86f9b2..06bc461a9 100644 --- a/src/parser/parse_ports.cc +++ b/src/parser/parse_ports.cc @@ -293,7 +293,7 @@ static PortObject* _POParsePort(POParser* pop) { /* Open ended range, highport is 65k */ hport = MAX_PORTS-1; - PortObjectAddRange(po, lport, hport, 0); + PortObjectAddRange(po, lport, hport); return po; } @@ -319,11 +319,11 @@ static PortObject* _POParsePort(POParser* pop) return NULL; } - PortObjectAddRange(po, lport, hport, 0); + PortObjectAddRange(po, lport, hport); } else { - PortObjectAddPort(po, lport, 0); + PortObjectAddPort(po, lport); } return po; @@ -488,20 +488,20 @@ PortObject* PortObjectParseString(PortVarTable* pvTable, POParser* pop, POParserInit(pop, s, pvTable); po = PortObjectNew(); - if (!po) + if ( !po ) { - pop->errflag=POPERR_MALLOC_FAILED; - return 0; + pop->errflag = POPERR_MALLOC_FAILED; + return nullptr; } if ( nameflag ) /* parse a name */ { po->name = POParserName(pop); - if (!po->name ) + if ( !po->name ) { - pop->errflag=POPERR_NO_NAME; + pop->errflag = POPERR_NO_NAME; PortObjectFree(po); - return 0; + return nullptr; } } else @@ -516,19 +516,28 @@ PortObject* PortObjectParseString(PortVarTable* pvTable, POParser* pop, potmp = _POParseString(pop); - if (!potmp) + if ( !potmp ) { PortObjectFree(po); - return NULL; + return nullptr; } PortObjectNormalize(potmp); - if (PortObjectAddPortObject(po, potmp, &pop->errflag)) + // Catches !:65535 + if ( sflist_count(potmp->item_list) == 0 ) { PortObjectFree(po); PortObjectFree(potmp); - return NULL; + pop->errflag = POPERR_INVALID_RANGE; + return nullptr; + } + + if ( PortObjectAddPortObject(po, potmp, &pop->errflag) ) + { + PortObjectFree(po); + PortObjectFree(potmp); + return nullptr; } PortObjectFree(potmp); diff --git a/src/ports/port_object.cc b/src/ports/port_object.cc index 655b13145..cc63acd1c 100644 --- a/src/ports/port_object.cc +++ b/src/ports/port_object.cc @@ -153,12 +153,12 @@ int PortObjectAddPortObject(PortObject* podst, PortObject* posrc, int* errflag) return ret; } -int PortObjectAddPort(PortObject* po, int port, int not_flag) +int PortObjectAddPort(PortObject* po, int port) { - return PortObjectAddRange(po, port, port, not_flag); + return PortObjectAddRange(po, port, port); } -int PortObjectAddRange(PortObject* po, int lport, int hport, int not_flag) +int PortObjectAddRange(PortObject* po, int lport, int hport) { PortObjectItem* poi = PortObjectItemNew(); @@ -168,8 +168,6 @@ int PortObjectAddRange(PortObject* po, int lport, int hport, int not_flag) poi->lport = (unsigned short)lport; poi->hport = (unsigned short)hport; - poi->negate = not_flag != 0; - sflist_add_tail(po->item_list, poi); return 0; } @@ -198,7 +196,7 @@ int PortObjectAddPortAny(PortObject* po) if (!po->name) po->name = snort_strdup("any"); - return PortObjectAddRange(po, 0, SFPO_MAX_PORTS-1, 0); + return PortObjectAddRange(po, 0, SFPO_MAX_PORTS-1); } /* diff --git a/src/ports/port_object.h b/src/ports/port_object.h index f1c152faf..2af69dd57 100644 --- a/src/ports/port_object.h +++ b/src/ports/port_object.h @@ -51,8 +51,8 @@ void PortObjectFinalize(PortObject*); int PortObjectSetName(PortObject*, const char* name); int PortObjectAddItem(PortObject*, PortObjectItem*, int* errflag); int PortObjectAddPortObject(PortObject* podst, PortObject* posrc, int* errflag); -int PortObjectAddPort(PortObject*, int port, int not_flag); -int PortObjectAddRange(PortObject*, int lport, int hport, int not_flag); +int PortObjectAddPort(PortObject*, int port); +int PortObjectAddRange(PortObject*, int lport, int hport); int PortObjectAddRule(PortObject*, int rule); int PortObjectAddPortAny(PortObject*); diff --git a/src/ports/port_table.cc b/src/ports/port_table.cc index 561ab8840..04ad0665f 100644 --- a/src/ports/port_table.cc +++ b/src/ports/port_table.cc @@ -530,51 +530,26 @@ static inline void add_port_object(Port port, PortObject* po, SF_LIST** parray) // Update port object lists static inline void update_port_lists(PortObject* po, SF_LIST** parray) { - bool not_flag_set = false; - PortObjectItem* poi; SF_LNODE* lpos; for ( poi = (PortObjectItem*)sflist_first(po->item_list, &lpos); poi; poi = (PortObjectItem*)sflist_next(&lpos) ) { + assert(!poi->negate); + if( poi->any()) return; else if( poi->one() ) - { - if (poi->negate ) - { - not_flag_set = true; - break; - } - add_port_object(poi->lport, po, parray); - } - else - { - if (poi->negate ) - { - not_flag_set = true; - break; - } + else for( int port = poi->lport; port <= poi->hport; port++ ) - { add_port_object(port, po, parray); - } - } add_port_object(poi->lport, po, parray); } - - if (not_flag_set) - { - for( int port = 0; port < SFPO_MAX_PORTS; port++ ) - { - add_port_object(port, po, parray); - } - } } // Create optimized port lists per port -- 2.47.3