rule-parsing: quick fix for rules with wrong double quotes

The stripping of leading and trailing "s has issues with rules like the
ones described in issue 1638 thus resulted in crashing the rule parser.
So for now this is a quick fix which approaches this issue directly by
stripping those "s correctly and handling error cases. It also adds the
skip for leading spaces at the msg keyword and worksaround a possible
null pointer dereference (that should never occur though).
A more general approach should be done in the future.

diff --git a/src/detect-depth.c b/src/detect-depth.c
index f58438dae473f473eca25ac1f495d60bff4e3c8c..9e323f6bf829d4e051381f4cbd37a76225290b1a 100644 (file)
--- a/src/detect-depth.c
+++ b/src/detect-depth.c
@@ -62,12 +62,14 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
     SigMatch *pm = NULL;
     int ret = -1;
 
-    /* strip "'s */
-    if (depthstr[0] == '\"' && depthstr[strlen(depthstr) - 1] == '\"') {
+    /* Strip leading and trailing "s. */
+    if (depthstr[0] == '\"') {
         str = SCStrdup(depthstr + 1);
         if (unlikely(str == NULL))
             goto end;
-        str[strlen(depthstr) - 2] = '\0';
+        if (strlen(str) && str[strlen(str) - 1] == '\"') {
+            str[strlen(str) - 1] = '\0';
+        }
         dubbed = 1;
     }
 

diff --git a/src/detect-distance.c b/src/detect-distance.c
index a8284dbeb339c09cbb2da5ccdefa1b0c14d35b62..33b32787f77349281a7c5bc1dc88f61d9f9ec2e6 100644 (file)
--- a/src/detect-distance.c
+++ b/src/detect-distance.c
@@ -70,12 +70,14 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
     SigMatch *pm = NULL;
     int ret = -1;
 
-    /* strip "'s */
-    if (distancestr[0] == '\"' && distancestr[strlen(distancestr) - 1] == '\"') {
+    /* Strip leading and trailing "s. */
+    if (distancestr[0] == '\"') {
         str = SCStrdup(distancestr + 1);
         if (unlikely(str == NULL))
             goto end;
-        str[strlen(distancestr) - 2] = '\0';
+        if (strlen(str) && str[strlen(str) - 1] == '\"') {
+            str[strlen(str) - 1] = '\0';
+        }
         dubbed = 1;
     }
 

diff --git a/src/detect-l3proto.c b/src/detect-l3proto.c
index c67b47c8bb82a492918a4fbbc3f9a8c7b6b21fe1..f7e4995290d00e360afb3e4b517eebf1113e2ba6 100644 (file)
--- a/src/detect-l3proto.c
+++ b/src/detect-l3proto.c
@@ -73,12 +73,14 @@ static int DetectL3ProtoSetup(DetectEngineCtx *de_ctx, Signature *s, char *optst
     char *str = optstr;
     char dubbed = 0;
 
-    /* strip "'s */
-    if (optstr[0] == '\"' && optstr[strlen(optstr) - 1] == '\"') {
+    /* Strip leading and trailing "s. */
+    if (optstr[0] == '\"') {
         str = SCStrdup(optstr + 1);
         if (unlikely(str == NULL))
             goto error;
-        str[strlen(optstr) - 2] = '\0';
+        if (strlen(str) && str[strlen(str) - 1] == '\"') {
+            str[strlen(str) - 1] = '\0';
+        }
         dubbed = 1;
     }
 

diff --git a/src/detect-msg.c b/src/detect-msg.c
index e8b87529673a32f76e879500f36915dcf4e86b0f..eddf311972568c0a58cd636c73ad6bd860004c7d 100644 (file)
--- a/src/detect-msg.c
+++ b/src/detect-msg.c
@@ -51,28 +51,34 @@ static int DetectMsgSetup (DetectEngineCtx *de_ctx, Signature *s, char *msgstr)
 {
     char *str = NULL;
     uint16_t len;
+    uint16_t pos = 0;
+    uint16_t slen = 0;
 
-    if (strlen(msgstr) == 0)
+    slen = strlen(msgstr);
+    if (slen == 0)
         goto error;
 
-    /* strip "'s */
-    if (msgstr[0] == '\"' && msgstr[strlen(msgstr)-1] == '\"') {
+    /* skip the first spaces */
+    while (pos < slen && isspace((unsigned char)msgstr[pos]))
+        pos++;
+
+    /* Strip leading and trailing "s. */
+    if (msgstr[pos] == '\"') {
         str = SCStrdup(msgstr+1);
         if (unlikely(str == NULL))
             goto error;
-        str[strlen(msgstr)-2] = '\0';
-    } else if (msgstr[1] == '\"' && msgstr[strlen(msgstr)-1] == '\"') {
-        /* XXX do this parsing in a better way */
-        str = SCStrdup(msgstr+2);
-        if (unlikely(str == NULL))
-            goto error;
-        str[strlen(msgstr)-3] = '\0';
-        //printf("DetectMsgSetup: format hack applied: \'%s\'\n", str);
+        if (strlen(str) && str[strlen(str) - 1] == '\"') {
+            str[strlen(str)-1] = '\0';
+        }
     } else {
         SCLogError(SC_ERR_INVALID_VALUE, "format error \'%s\'", msgstr);
         goto error;
     }
 
+    /* make sure that we don't proceed with null pointer */
+    if (unlikely(str == NULL))
+        goto error;
+
     len = strlen(str);
     if (len == 0)
         goto error;

diff --git a/src/detect-offset.c b/src/detect-offset.c
index 65372ec0af5d5bfd503c037ee0f3a33173e7926a..e13de7f602a02cedd0a9ede9ad2d4d621d8cbe07 100644 (file)
--- a/src/detect-offset.c
+++ b/src/detect-offset.c
@@ -61,12 +61,14 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr)
     SigMatch *pm = NULL;
     int ret = -1;
 
-    /* strip "'s */
-   if (offsetstr[0] == '\"' && offsetstr[strlen(offsetstr)-1] == '\"') {
+    /* Strip leading and trailing "s. */
+    if (offsetstr[0] == '\"') {
         str = SCStrdup(offsetstr+1);
         if (unlikely(str == NULL))
             goto end;
-        str[strlen(offsetstr) - 2] = '\0';
+        if (strlen(str) && str[strlen(str) - 1] == '\"') {
+            str[strlen(str) - 1] = '\0';
+        }
         dubbed = 1;
     }
 

diff --git a/src/detect-rev.c b/src/detect-rev.c
index 6306f6cc7d1e4d723e4a5455c9ac03112abdc0e1..d540ec6163a0f400abf3cd773466c4d9dc54bc1e 100644 (file)
--- a/src/detect-rev.c
+++ b/src/detect-rev.c
@@ -46,13 +46,14 @@ static int DetectRevSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr)
     char *str = rawstr;
     char dubbed = 0;
 
-    /* strip "'s */
-    if (rawstr[0] == '\"' && rawstr[strlen(rawstr)-1] == '\"') {
+    /* Strip leading and trailing "s. */
+    if (rawstr[0] == '\"') {
         str = SCStrdup(rawstr+1);
         if (unlikely(str == NULL))
             return -1;
-
-        str[strlen(rawstr)-2] = '\0';
+        if (strlen(str) && str[strlen(str) - 1] == '\"') {
+            str[strlen(rawstr)-1] = '\0';
+        }
         dubbed = 1;
     }
 

diff --git a/src/detect-within.c b/src/detect-within.c
index 25c97238676b382dacff4db9a3e526919b8766a5..2845856fe2918860a0b59a942f8c6f48052b8f11 100644 (file)
--- a/src/detect-within.c
+++ b/src/detect-within.c
@@ -74,12 +74,14 @@ static int DetectWithinSetup(DetectEngineCtx *de_ctx, Signature *s, char *within
     SigMatch *pm = NULL;
     int ret = -1;
 
-    /* strip "'s */
-    if (withinstr[0] == '\"' && withinstr[strlen(withinstr)-1] == '\"') {
+    /* Strip leading and trailing "s. */
+    if (withinstr[0] == '\"') {
         str = SCStrdup(withinstr+1);
         if (unlikely(str == NULL))
             goto end;
-        str[strlen(withinstr) - 2] = '\0';
+        if (strlen(str) && str[strlen(str) - 1] == '\"') {
+            str[strlen(str) - 1] = '\0';
+        }
         dubbed = 1;
     }