*offset = 0;
*relative = 0;
size_t pcre2_len;
+ pcre2_match_data *match = NULL;
- pcre2_match_data *match = pcre2_match_data_create_from_pattern(decode_pcre.regex, NULL);
- if (match == NULL)
- goto error;
-
- int pcre_rc = pcre2_match(decode_pcre.regex, (PCRE2_SPTR8)str, strlen(str), 0, 0, match, NULL);
+ int pcre_rc = DetectParsePcreExec(&decode_pcre, &match, str, 0, 0);
if (pcre_rc < 3) {
goto error;
}
}
}
+ retval = 1;
+
pcre2_match_data_free(match);
match = NULL;
- retval = 1;
+
error:
+
if (bytes_str != NULL) {
pcre2_substring_free((PCRE2_UCHAR8 *)bytes_str);
}
if (relative_str != NULL) {
pcre2_substring_free((PCRE2_UCHAR8 *)relative_str);
}
- if (match != NULL) {
+ if (match) {
pcre2_match_data_free(match);
}
return retval;
static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ctx, const char *arg)
{
DetectByteExtractData *bed = NULL;
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2len;
int i = 0;
+ pcre2_match_data *match = NULL;
- ret = DetectParsePcreExec(&parse_regex, arg, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, arg, 0, 0);
if (ret < 3 || ret > 19) {
SCLogError("parse error, ret %" PRId32 ", string \"%s\"", ret, arg);
SCLogError("Invalid arg to byte_extract : %s "
/* no of bytes to extract */
char nbytes_str[64] = "";
pcre2len = sizeof(nbytes_str);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 1, (PCRE2_UCHAR8 *)nbytes_str, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)nbytes_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 1 for byte_extract");
/* offset */
char offset_str[64] = "";
pcre2len = sizeof(offset_str);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 2, (PCRE2_UCHAR8 *)offset_str, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)offset_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 2 for byte_extract");
/* var name */
char varname_str[256] = "";
pcre2len = sizeof(varname_str);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 3, (PCRE2_UCHAR8 *)varname_str, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)varname_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 3 for byte_extract");
for (i = 4; i < ret; i++) {
char opt_str[64] = "";
pcre2len = sizeof(opt_str);
- res = SC_Pcre2SubstringCopy(parse_regex.match, i, (PCRE2_UCHAR8 *)opt_str, &pcre2len);
+ res = SC_Pcre2SubstringCopy(match, i, (PCRE2_UCHAR8 *)opt_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg %d for byte_extract with %d",
char multiplier_str[16] = "";
pcre2len = sizeof(multiplier_str);
res = pcre2_substring_copy_bynumber(
- parse_regex.match, i, (PCRE2_UCHAR8 *)multiplier_str, &pcre2len);
+ match, i, (PCRE2_UCHAR8 *)multiplier_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg %d for byte_extract",
char align_str[16] = "";
pcre2len = sizeof(align_str);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, i, (PCRE2_UCHAR8 *)align_str, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, i, (PCRE2_UCHAR8 *)align_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg %d in byte_extract",
bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_DEFAULT;
}
+ pcre2_match_data_free(match);
+
return bed;
error:
if (bed != NULL)
DetectByteExtractFree(de_ctx, bed);
+ if (match) {
+ pcre2_match_data_free(match);
+ }
return NULL;
}
{
DetectBytejumpData *data = NULL;
char args[10][64];
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2len;
int numargs = 0;
int i = 0;
uint32_t nbytes = 0;
char *str_ptr;
char *end_ptr;
+ pcre2_match_data *match = NULL;
memset(args, 0x00, sizeof(args));
/* Execute the regex and populate args with captures. */
- ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, optstr, 0, 0);
if (ret < 2 || ret > 10) {
SCLogError("parse error, ret %" PRId32 ", string \"%s\"", ret, optstr);
goto error;
*/
char str[512] = "";
pcre2len = sizeof(str);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)str, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 1");
/* The remaining args are directly from PCRE substrings */
for (i = 1; i < (ret - 1); i++) {
pcre2len = sizeof(args[0]);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, i + 1, (PCRE2_UCHAR8 *)args[i + 1], &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, i + 1, (PCRE2_UCHAR8 *)args[i + 1], &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed for arg %d", i + 1);
goto error;
}
}
+ pcre2_match_data_free(match);
return data;
error:
}
if (data != NULL)
DetectBytejumpFree(de_ctx, data);
+ if (match) {
+ pcre2_match_data_free(match);
+ }
return NULL;
}
};
char *test_value = NULL;
char *data_offset = NULL;
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2_len;
int i;
uint32_t nbytes;
const char *str_ptr = NULL;
+ pcre2_match_data *match = NULL;
/* Execute the regex and populate args with captures. */
- ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, optstr, 0, 0);
if (ret < 4 || ret > 9) {
SCLogError("parse error, ret %" PRId32 ", string %s", ret, optstr);
goto error;
/* Subtract two since two values are conjoined */
for (i = 0; i < (ret - 1); i++) {
- res = pcre2_substring_get_bynumber(
- parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed "
"for arg %d",
if (data_offset) SCFree(data_offset);
if (test_value)
pcre2_substring_free((PCRE2_UCHAR8 *)test_value);
+ pcre2_match_data_free(match);
return data;
error:
if (test_value)
pcre2_substring_free((PCRE2_UCHAR8 *)test_value);
if (data) SCFree(data);
+ if (match) {
+ pcre2_match_data_free(match);
+ }
return NULL;
}
const size_t esize = CLASSTYPE_NAME_MAX_LEN + 8;
char e[esize];
+ pcre2_match_data *match = NULL;
- int ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 0) {
SCLogError("Invalid Classtype in Signature");
- return -1;
+ goto error;
}
pcre2len = esize;
- ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)e, &pcre2len);
+ ret = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)e, &pcre2len);
if (ret < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
- return -1;
+ goto error;
}
if (strlen(e) >= CLASSTYPE_NAME_MAX_LEN) {
SCLogError("classtype '%s' is too big: max %d", rawstr, CLASSTYPE_NAME_MAX_LEN - 1);
- return -1;
+ goto error;
}
(void)strlcpy(out, e, outsize);
+ pcre2_match_data_free(match);
return 0;
+
+error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
+ return -1;
}
/**
DetectConfigData *fd = NULL;
SigMatch *sm = NULL;
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2len;
#if 0
/* filestore and bypass keywords can't work together */
return -1;
}
#endif
+ pcre2_match_data *match = NULL;
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
char scopeval[32];
SCLogDebug("str %s", str);
- ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, str, 0, 0);
if (ret != 7) {
SCLogError("config is rather picky at this time");
goto error;
}
pcre2len = sizeof(subsys);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)subsys, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)subsys, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
SCLogDebug("subsys %s", subsys);
pcre2len = sizeof(state);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)state, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)state, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
SCLogDebug("state %s", state);
pcre2len = sizeof(type);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)type, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)type, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
SCLogDebug("type %s", type);
pcre2len = sizeof(typeval);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 4, (PCRE2_UCHAR8 *)typeval, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 4, (PCRE2_UCHAR8 *)typeval, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
SCLogDebug("typeval %s", typeval);
pcre2len = sizeof(scope);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 5, (PCRE2_UCHAR8 *)scope, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 5, (PCRE2_UCHAR8 *)scope, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
SCLogDebug("scope %s", scope);
pcre2len = sizeof(scopeval);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 6, (PCRE2_UCHAR8 *)scopeval, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 6, (PCRE2_UCHAR8 *)scopeval, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
sm->ctx = (SigMatchCtx*)fd;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
+ pcre2_match_data_free(match);
return 0;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (sm != NULL)
SCFree(sm);
return -1;
static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr)
{
DetectThresholdData *df = NULL;
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2_len;
const char *str_ptr = NULL;
char *args[6] = { NULL, NULL, NULL, NULL, NULL, NULL };
size_t pos = 0;
int i = 0;
char *saveptr = NULL;
+ pcre2_match_data *match = NULL;
copy_str = SCStrdup(rawstr);
if (unlikely(copy_str == NULL)) {
if (count_found != 1 || seconds_found != 1 || track_found != 1)
goto error;
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 5) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
df->type = TYPE_DETECTION;
for (i = 0; i < (ret - 1); i++) {
- res = pcre2_substring_get_bynumber(
- parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR *)args[i]);
}
+
+ pcre2_match_data_free(match);
return df;
error:
}
if (df != NULL)
SCFree(df);
+ if (match) {
+ pcre2_match_data_free(match);
+ }
return NULL;
}
{
int i;
DetectEngineEventData *de = NULL;
- int ret = 0, res = 0, found = 0;
+ int res = 0, found = 0;
size_t pcre2len;
+ pcre2_match_data *match = NULL;
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 1) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
char copy_str[128] = "";
pcre2len = sizeof(copy_str);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 0, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 0, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
}
}
+ pcre2_match_data_free(match);
return de;
error:
if (de)
SCFree(de);
+ if (match) {
+ pcre2_match_data_free(match);
+ }
return NULL;
}
*/
static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
{
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2len;
char arg_substr[128] = "";
DetectContentData *cd = NULL;
+ pcre2_match_data *match = NULL;
SigMatch *pm1 = DetectGetLastSMFromMpmLists(de_ctx, s);
SigMatch *pm2 = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
}
/* Execute the regex and populate args with captures. */
- ret = DetectParsePcreExec(&parse_regex, arg, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, arg, 0, 0);
/* fast pattern only */
if (ret == 2) {
if ((cd->flags & DETECT_CONTENT_NEGATED) ||
/* fast pattern chop */
} else if (ret == 4) {
pcre2len = sizeof(arg_substr);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 2, (PCRE2_UCHAR8 *)arg_substr, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)arg_substr, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for fast_pattern offset");
}
pcre2len = sizeof(arg_substr);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 3, (PCRE2_UCHAR8 *)arg_substr, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)arg_substr, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed "
"for fast_pattern offset");
cd->flags |= DETECT_CONTENT_FAST_PATTERN;
+ pcre2_match_data_free(match);
return 0;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
return -1;
}
DetectFilestoreData *fd = NULL;
SigMatch *sm = NULL;
char *args[3] = {NULL,NULL,NULL};
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2len;
+ pcre2_match_data *match = NULL;
/* filestore and bypass keywords can't work together */
if (s->flags & SIG_FLAG_BYPASS) {
char str_2[32];
SCLogDebug("str %s", str);
- ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, str, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError("parse error, ret %" PRId32 ", string %s", ret, str);
goto error;
if (ret > 1) {
pcre2len = sizeof(str_0);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 1, (PCRE2_UCHAR8 *)str_0, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)str_0, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
if (ret > 2) {
pcre2len = sizeof(str_1);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 2, (PCRE2_UCHAR8 *)str_1, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)str_1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
if (ret > 3) {
pcre2len = sizeof(str_2);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 3, (PCRE2_UCHAR8 *)str_2, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)str_2, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
sm->ctx = NULL;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
-
s->flags |= SIG_FLAG_FILESTORE;
+
+ if (match)
+ pcre2_match_data_free(match);
+
return 0;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (sm != NULL)
SCFree(sm);
return -1;
{
DetectFlowData *fd = NULL;
char *args[3] = {NULL,NULL,NULL};
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2len;
char str1[16] = "", str2[16] = "", str3[16] = "";
+ pcre2_match_data *match = NULL;
- ret = DetectParsePcreExec(&parse_regex, flowstr, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, flowstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError("parse error, ret %" PRId32 ", string %s", ret, flowstr);
goto error;
if (ret > 1) {
pcre2len = sizeof(str1);
- res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len);
+ res = SC_Pcre2SubstringCopy(match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
if (ret > 2) {
pcre2len = sizeof(str2);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
if (ret > 3) {
pcre2len = sizeof(str3);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 3, (PCRE2_UCHAR8 *)str3, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)str3, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
//printf("args[%" PRId32 "]: %s match_cnt: %" PRId32 " flags: 0x%02X\n", i, args[i], fd->match_cnt, fd->flags);
}
}
+ pcre2_match_data_free(match);
return fd;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (fd != NULL)
DetectFlowFree(de_ctx, fd);
return NULL;
static int DetectFlowbitParse(const char *str, char *cmd, int cmd_len, char *name,
int name_len)
{
- int count, rc;
+ int rc;
size_t pcre2len;
+ pcre2_match_data *match = NULL;
- count = DetectParsePcreExec(&parse_regex, str, 0, 0);
+ int count = DetectParsePcreExec(&parse_regex, &match, str, 0, 0);
if (count != 2 && count != 3) {
SCLogError("\"%s\" is not a valid setting for flowbits.", str);
- return 0;
+ goto error;
}
pcre2len = cmd_len;
- rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len);
+ rc = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len);
if (rc < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
- return 0;
+ goto error;
}
if (count == 3) {
pcre2len = name_len;
- rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len);
+ rc = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)name, &pcre2len);
if (rc < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
- return 0;
+ goto error;
}
/* Trim trailing whitespace. */
for (size_t i = 0; i < strlen(name); i++) {
if (isblank(name[i])) {
SCLogError("spaces not allowed in flowbit names");
- return 0;
+ goto error;
}
}
}
}
+ pcre2_match_data_free(match);
return 1;
+
+error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
+ return 0;
}
int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
char *varname = NULL;
char *varval = NULL;
char *modstr = NULL;
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2_len;
uint8_t modifier = FLOWINT_MODIFIER_UNKNOWN;
unsigned long long value_long = 0;
const char *str_ptr;
+ pcre2_match_data *match = NULL;
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 3 || ret > 4) {
SCLogError("\"%s\" is not a valid setting for flowint(ret = %d).", rawstr, ret);
- return NULL;
+ goto error;
}
/* Get our flowint varname */
- res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
}
varname = (char *)str_ptr;
- res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
if (ret < 4)
goto error;
- res = pcre2_substring_get_bynumber(
- parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
varval = (char *)str_ptr;
if (res < 0 || varval == NULL || strcmp(varval, "") == 0) {
SCLogError("pcre2_substring_get_bynumber failed");
pcre2_substring_free((PCRE2_UCHAR *)modstr);
if (varval)
pcre2_substring_free((PCRE2_UCHAR *)varval);
+ pcre2_match_data_free(match);
return sfd;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (varname)
pcre2_substring_free((PCRE2_UCHAR *)varname);
if (varval)
DetectFlowvarData *fd = NULL;
SigMatch *sm = NULL;
char varname[64], varcontent[64];
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2len;
uint8_t *content = NULL;
uint16_t contentlen = 0;
uint32_t contentflags = s->init_data->negated ? DETECT_CONTENT_NEGATED : 0;
+ pcre2_match_data *match = NULL;
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret != 3) {
SCLogError("\"%s\" is not a valid setting for flowvar.", rawstr);
+ if (match) {
+ pcre2_match_data_free(match);
+ }
return -1;
}
pcre2len = sizeof(varname);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)varname, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)varname, &pcre2len);
if (res < 0) {
+ pcre2_match_data_free(match);
SCLogError("pcre2_substring_copy_bynumber failed");
return -1;
}
pcre2len = sizeof(varcontent);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 2, (PCRE2_UCHAR8 *)varcontent, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)varcontent, &pcre2len);
+ pcre2_match_data_free(match);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
return -1;
static DetectFragBitsData *DetectFragBitsParse (const char *rawstr)
{
DetectFragBitsData *de = NULL;
- int ret = 0, found = 0, res = 0;
+ int found = 0, res = 0;
size_t pcre2_len;
const char *str_ptr = NULL;
char *args[2] = { NULL, NULL};
char *ptr;
int i;
+ pcre2_match_data *match = NULL;
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 1) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
}
for (i = 0; i < (ret - 1); i++) {
- res = SC_Pcre2SubstringGet(parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = SC_Pcre2SubstringGet(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed %d", res);
goto error;
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
+ pcre2_match_data_free(match);
return de;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
for (i = 0; i < 2; i++) {
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
{
DetectFragOffsetData *fragoff = NULL;
char *substr[3] = {NULL, NULL, NULL};
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2_len;
int i;
const char *str_ptr;
char *mode = NULL;
+ pcre2_match_data *match = NULL;
- ret = DetectParsePcreExec(&parse_regex, fragoffsetstr, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, fragoffsetstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError("Parse error %s", fragoffsetstr);
goto error;
}
for (i = 1; i < ret; i++) {
- res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = SC_Pcre2SubstringGet(match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
}
+ pcre2_match_data_free(match);
return fragoff;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
for (i = 0; i < 3; i++) {
if (substr[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
DetectFtpdataData *ftpcommandd = NULL;
char arg1[5] = "";
size_t pcre2len;
+ pcre2_match_data *match = NULL;
- int ret = DetectParsePcreExec(&parse_regex, ftpcommandstr, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, ftpcommandstr, 0, 0);
if (ret != 2) {
SCLogError("parse error, ret %" PRId32 "", ret);
goto error;
}
pcre2len = sizeof(arg1);
- int res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
+ int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
goto error;
}
+ pcre2_match_data_free(match);
return ftpcommandd;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (ftpcommandd)
SCFree(ftpcommandd);
return NULL;
static int DetectHostbitParse(const char *str, char *cmd, int cmd_len,
char *name, int name_len, char *dir, int dir_len)
{
- int count, rc;
+ int rc;
size_t pcre2len;
- count = DetectParsePcreExec(&parse_regex, str, 0, 0);
+ pcre2_match_data *match = NULL;
+ int count = DetectParsePcreExec(&parse_regex, &match, str, 0, 0);
if (count != 2 && count != 3 && count != 4) {
SCLogError("\"%s\" is not a valid setting for hostbits.", str);
- return 0;
+ goto error;
}
pcre2len = cmd_len;
- rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len);
+ rc = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len);
if (rc < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
- return 0;
+ goto error;
}
if (count >= 3) {
pcre2len = name_len;
- rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len);
+ rc = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)name, &pcre2len);
if (rc < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
- return 0;
+ goto error;
}
if (count >= 4) {
pcre2len = dir_len;
- rc = pcre2_substring_copy_bynumber(
- parse_regex.match, 3, (PCRE2_UCHAR8 *)dir, &pcre2len);
+ rc = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)dir, &pcre2len);
if (rc < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
- return 0;
+ goto error;
}
}
}
+ pcre2_match_data_free(match);
return 1;
+
+error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
+ return 0;
}
int DetectHostbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
DetectIcmpIdData *iid = NULL;
char *substr[3] = {NULL, NULL, NULL};
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2_len;
- ret = DetectParsePcreExec(&parse_regex, icmpidstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, icmpidstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError("Parse error %s", icmpidstr);
goto error;
int i;
const char *str_ptr;
for (i = 1; i < ret; i++) {
- res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = SC_Pcre2SubstringGet(match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
if (substr[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
}
+ pcre2_match_data_free(match);
return iid;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
for (i = 0; i < 3; i++) {
if (substr[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
{
DetectIcmpSeqData *iseq = NULL;
char *substr[3] = {NULL, NULL, NULL};
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2_len;
int i;
const char *str_ptr;
- ret = DetectParsePcreExec(&parse_regex, icmpseqstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, icmpseqstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError("Parse error %s", icmpseqstr);
goto error;
}
for (i = 1; i < ret; i++) {
- res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = SC_Pcre2SubstringGet(match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
}
+ pcre2_match_data_free(match);
return iseq;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
for (i = 0; i < 3; i++) {
if (substr[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
{
uint16_t temp;
DetectIdData *id_d = NULL;
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2len;
+ pcre2_match_data *match = NULL;
- ret = DetectParsePcreExec(&parse_regex, idstr, 0, 0);
+ int ret = DetectParsePcreExec(&parse_regex, &match, idstr, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError("invalid id option '%s'. The id option "
"value must be in the range %u - %u",
idstr, DETECT_IPID_MIN, DETECT_IPID_MAX);
- return NULL;
+ goto error;
}
char copy_str[128] = "";
char *tmp_str;
pcre2len = sizeof(copy_str);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
- return NULL;
+ goto error;
}
tmp_str = copy_str;
/* ok, fill the id data */
if (StringParseUint16(&temp, 10, 0, (const char *)tmp_str) < 0) {
SCLogError("invalid id option '%s'", tmp_str);
- return NULL;
+ goto error;
}
/* We have a correct id option */
id_d = SCMalloc(sizeof(DetectIdData));
if (unlikely(id_d == NULL))
- return NULL;
+ goto error;
id_d->id = temp;
SCLogDebug("detect-id: will look for ip_id: %u\n", id_d->id);
+ pcre2_match_data_free(match);
return id_d;
+
+error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
+ return NULL;
}
/**
* ike.chosen_sa_attribute:"hash_algorithm=8"
*/
DetectIkeChosenSaData *dd = NULL;
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2len;
char attribute[100];
char value[100];
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 3 || ret > 5) {
SCLogError(
"pcre match for ike.chosen_sa_attribute failed, should be: <sa_attribute>=<type>, "
}
pcre2len = sizeof(attribute);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)attribute, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)attribute, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
pcre2len = sizeof(value);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)value, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
goto error;
}
+ pcre2_match_data_free(match);
return dd;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (dd) {
if (dd->sa_type != NULL)
SCFree(dd->sa_type);
{
int i;
DetectIpOptsData *de = NULL;
- int ret = 0, found = 0;
+ int found = 0;
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 1) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
de->ipopt = ipopts[i].code;
+ pcre2_match_data_free(match);
return de;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (de) SCFree(de);
return NULL;
}
{
DetectIPProtoData *data = NULL;
char *args[2] = { NULL, NULL };
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2_len;
int i;
const char *str_ptr;
/* Execute the regex and populate args with captures. */
- ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, optstr, 0, 0);
if (ret != 3) {
SCLogError("pcre_exec parse error, ret"
"%" PRId32 ", string %s",
}
for (i = 0; i < (ret - 1); i++) {
- res = pcre2_substring_get_bynumber(
- parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
+ pcre2_match_data_free(match);
return data;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
for (i = 0; i < (ret - 1) && i < 2; i++){
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
{
DetectIsdataatData *idad = NULL;
char *args[3] = {NULL,NULL,NULL};
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2_len;
int i=0;
- ret = DetectParsePcreExec(&parse_regex, isdataatstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, isdataatstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, isdataatstr);
goto error;
if (ret > 1) {
const char *str_ptr;
- res = pcre2_substring_get_bynumber(
- parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
if (ret > 2) {
- res = pcre2_substring_get_bynumber(
- parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
args[1] = (char *)str_ptr;
}
if (ret > 3) {
- res = pcre2_substring_get_bynumber(
- parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
+ pcre2_match_data_free(match);
return idad;
}
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
for (i = 0; i < (ret -1) && i < 3; i++){
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
{
DetectKrb5ErrCodeData *krb5d = NULL;
char arg1[4] = "";
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2len;
- ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, krb5str, 0, 0);
if (ret != 2) {
SCLogError("parse error, ret %" PRId32 "", ret);
goto error;
}
pcre2len = sizeof(arg1);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
(const char *)arg1) < 0) {
goto error;
}
+ pcre2_match_data_free(match);
return krb5d;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (krb5d)
SCFree(krb5d);
return NULL;
{
DetectKrb5MsgTypeData *krb5d = NULL;
char arg1[4] = "";
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2len;
- ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, krb5str, 0, 0);
if (ret != 2) {
SCLogError("parse error, ret %" PRId32 "", ret);
goto error;
}
pcre2len = sizeof(arg1);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
(const char *)arg1) < 0) {
goto error;
}
+ pcre2_match_data_free(match);
return krb5d;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (krb5d)
SCFree(krb5d);
return NULL;
*/
static void * DetectMarkParse (const char *rawstr)
{
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2_len;
const char *str_ptr = NULL;
char *ptr = NULL;
uint32_t mask;
DetectMarkData *data;
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 1) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
+ pcre2_match_data_free(match);
return NULL;
}
- res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
- return NULL;
+ goto error;
}
ptr = (char *)str_ptr;
if (ptr == NULL)
- return NULL;
+ goto error;
errno = 0;
mark = strtoul(ptr, &endptr, 0);
if (errno == ERANGE) {
SCLogError("Numeric value out of range");
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
- return NULL;
+ goto error;
} /* If there is no numeric value in the given string then strtoull(), makes
endptr equals to ptr and return 0 as result */
else if (endptr == ptr && mark == 0) {
SCLogError("No numeric value");
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
- return NULL;
+ goto error;
} else if (endptr == ptr) {
SCLogError("Invalid numeric value");
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
- return NULL;
+ goto error;
}
- res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
- return NULL;
+ goto error;
}
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
if (ptr == NULL) {
data = SCMalloc(sizeof(DetectMarkData));
if (unlikely(data == NULL)) {
- return NULL;
+ goto error;
}
data->mark = mark;
data->mask = 0xffff;
+ pcre2_match_data_free(match);
return data;
}
if (errno == ERANGE) {
SCLogError("Numeric value out of range");
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
- return NULL;
+ goto error;
} /* If there is no numeric value in the given string then strtoull(), makes
endptr equals to ptr and return 0 as result */
else if (endptr == ptr && mask == 0) {
SCLogError("No numeric value");
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
- return NULL;
+ goto error;
}
else if (endptr == ptr) {
SCLogError("Invalid numeric value");
pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
- return NULL;
+ goto error;
}
SCLogDebug("Rule will set mark 0x%x with mask 0x%x", mark, mask);
data = SCMalloc(sizeof(DetectMarkData));
if (unlikely(data == NULL)) {
- return NULL;
+ goto error;
}
data->mark = mark;
data->mask = mask;
+ pcre2_match_data_free(match);
return data;
+
+error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
+ return NULL;
}
#endif /* NFQ */
*/
static DetectMQTTConnectFlagsData *DetectMQTTConnectFlagsParse(const char *rawstr)
{
- DetectMQTTConnectFlagsData *de = NULL;
- int ret = 0;
+ char copy[strlen(rawstr) + 1];
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ DetectMQTTConnectFlagsData *de = SCCalloc(1, sizeof(DetectMQTTConnectFlagsData));
+ if (unlikely(de == NULL))
+ return NULL;
+
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 1) {
SCLogError("invalid flag definition: %s", rawstr);
- return NULL;
+ goto error;
}
- de = SCCalloc(1, sizeof(DetectMQTTConnectFlagsData));
- if (unlikely(de == NULL))
- return NULL;
de->username = de->password = de->will = MQTT_DONT_CARE;
de->will_retain = de->clean_session = MQTT_DONT_CARE;
- char copy[strlen(rawstr)+1];
strlcpy(copy, rawstr, sizeof(copy));
char *xsaveptr = NULL;
char *flagv = strtok_r(copy, ",", &xsaveptr);
flagv = strtok_r(NULL, ",", &xsaveptr);
}
+ pcre2_match_data_free(match);
return de;
error:
- /* de can't be NULL here */
- SCFree(de);
+ if (match) {
+ pcre2_match_data_free(match);
+ }
+ if (de)
+ SCFree(de);
return NULL;
}
*/
static DetectMQTTFlagsData *DetectMQTTFlagsParse(const char *rawstr)
{
- DetectMQTTFlagsData *de = NULL;
- int ret = 0;
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ DetectMQTTFlagsData *de = SCCalloc(1, sizeof(DetectMQTTFlagsData));
+ if (unlikely(de == NULL))
+ return NULL;
+
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 1) {
SCLogError("invalid flag definition: %s", rawstr);
+ if (match) {
+ pcre2_match_data_free(match);
+ }
+ SCFree(de);
return NULL;
}
- de = SCCalloc(1, sizeof(DetectMQTTFlagsData));
- if (unlikely(de == NULL))
- return NULL;
de->retain = de->dup = MQTT_DONT_CARE;
char copy[strlen(rawstr)+1];
flagv = strtok_r(NULL, ",", &xsaveptr);
}
+ pcre2_match_data_free(match);
return de;
error:
- /* de can't be NULL here */
- SCFree(de);
+ if (match) {
+ pcre2_match_data_free(match);
+ }
+ if (de)
+ SCFree(de);
return NULL;
}
static DetectParseRegex *g_detect_parse_regex_list = NULL;
-int DetectParsePcreExec(
- DetectParseRegex *parse_regex, const char *str, int start_offset, int options)
+int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str,
+ int start_offset, int options)
{
- return pcre2_match(parse_regex->regex, (PCRE2_SPTR8)str, strlen(str), options, start_offset,
- parse_regex->match, NULL);
+ *match = pcre2_match_data_create_from_pattern(parse_regex->regex, NULL);
+ if (*match)
+ return pcre2_match(parse_regex->regex, (PCRE2_SPTR8)str, strlen(str), options, start_offset,
+ *match, NULL);
+ return -1;
}
void DetectParseFreeRegex(DetectParseRegex *r)
void DetectParseFreeRegex(DetectParseRegex *r);
/* parse regex exec */
-int DetectParsePcreExec(
- DetectParseRegex *parse_regex, const char *str, int start_offset, int options);
+int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str,
+ int start_offset, int options);
int SC_Pcre2SubstringCopy(
pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR *buffer, PCRE2_SIZE *bufflen);
int SC_Pcre2SubstringGet(pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR **bufferptr,
static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
char *varname = NULL, *varcontent = NULL;
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2_len;
uint8_t *content = NULL;
uint16_t len = 0;
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret != 3) {
SCLogError("\"%s\" is not a valid setting for pktvar.", rawstr);
- return -1;
+ goto error;
}
const char *str_ptr;
- res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
- return -1;
+ goto error;
}
varname = (char *)str_ptr;
- res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
pcre2_substring_free((PCRE2_UCHAR8 *)varname);
SCLogError("pcre2_substring_get_bynumber failed");
- return -1;
+ goto error;
}
varcontent = (char *)str_ptr;
if (ret == -1 || content == NULL) {
pcre2_substring_free((PCRE2_UCHAR8 *)varname);
pcre2_substring_free((PCRE2_UCHAR8 *)varcontent);
- return -1;
+ goto error;
}
pcre2_substring_free((PCRE2_UCHAR8 *)varcontent);
if (unlikely(cd == NULL)) {
pcre2_substring_free((PCRE2_UCHAR8 *)varname);
SCFree(content);
- return -1;
+ goto error;
}
cd->content = content;
SigMatch *sm = SigMatchAlloc();
if (unlikely(sm == NULL)) {
DetectPktvarFree(de_ctx, cd);
- return -1;
+ goto error;
}
sm->type = DETECT_PKTVAR;
sm->ctx = (SigMatchCtx *)cd;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+
+ pcre2_match_data_free(match);
return 0;
+
+error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
+ return -1;
}
static int DetectPrioritySetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
char copy_str[128] = "";
-
- int ret = 0;
size_t pcre2len;
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 0) {
SCLogError("Invalid Priority in Signature "
"- %s",
rawstr);
+ if (match)
+ pcre2_match_data_free(match);
return -1;
}
pcre2len = sizeof(copy_str);
- ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
+ ret = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (ret < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
+ pcre2_match_data_free(match);
return -1;
}
- long prio = 0;
+ pcre2_match_data_free(match);
char *endptr = NULL;
- prio = strtol(copy_str, &endptr, 10);
+ long prio = strtol(copy_str, &endptr, 10);
if (endptr == NULL || *endptr != '\0') {
SCLogError("Saw an invalid character as arg "
"to priority keyword");
{
SCEnter();
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2len;
char key[REFERENCE_SYSTEM_NAME_MAX] = "";
char content[REFERENCE_CONTENT_NAME_MAX] = "";
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 2) {
SCLogError("Unable to parse \"reference\" "
"keyword argument - \"%s\". Invalid argument.",
rawstr);
+ if (match) {
+ pcre2_match_data_free(match);
+ }
return NULL;
}
DetectReference *ref = SCCalloc(1, sizeof(DetectReference));
if (unlikely(ref == NULL)) {
+ pcre2_match_data_free(match);
return NULL;
}
pcre2len = sizeof(key);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)key, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)key, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
pcre2len = sizeof(content);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)content, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)content, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
goto error;
}
+ pcre2_match_data_free(match);
/* free the substrings */
SCReturnPtr(ref, "Reference");
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
DetectReferenceFree(ref);
SCReturnPtr(NULL, "Reference");
}
{
int i;
DetectRfbSecresultData *de = NULL;
- int ret = 0, found = 0;
+ int found = 0;
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 1) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
de->result = results[i].code;
+ pcre2_match_data_free(match);
return de;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (de) SCFree(de);
return NULL;
}
{
DetectRpcData *rd = NULL;
char *args[3] = {NULL,NULL,NULL};
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2_len;
- ret = DetectParsePcreExec(&parse_regex, rpcstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, rpcstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError("parse error, ret %" PRId32 ", string %s", ret, rpcstr);
goto error;
if (ret > 1) {
const char *str_ptr;
- res = pcre2_substring_get_bynumber(
- parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
args[0] = (char *)str_ptr;
if (ret > 2) {
- res = pcre2_substring_get_bynumber(
- parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
args[1] = (char *)str_ptr;
}
if (ret > 3) {
- res = pcre2_substring_get_bynumber(
- parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
+ pcre2_match_data_free(match);
return rd;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
for (i = 0; i < (ret -1) && i < 3; i++){
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
static DetectSNMPPduTypeData *DetectSNMPPduTypeParse (const char *rawstr)
{
DetectSNMPPduTypeData *dd = NULL;
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2len;
char value1[20] = "";
char *endptr = NULL;
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret != 2) {
SCLogError("Parse error %s", rawstr);
goto error;
}
pcre2len = sizeof(value1);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)value1, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)value1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
goto error;
}
+ pcre2_match_data_free(match);
return dd;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (dd)
SCFree(dd);
return NULL;
static DetectSshVersionData *DetectSshVersionParse (DetectEngineCtx *de_ctx, const char *str)
{
DetectSshVersionData *ssh = NULL;
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2_len;
- ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, str, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError("invalid ssh.protoversion option");
goto error;
if (ret > 1) {
const char *str_ptr;
- res = pcre2_substring_get_bynumber(
- parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
SCLogDebug("will look for ssh %s", ssh->ver);
}
+ pcre2_match_data_free(match);
return ssh;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (ssh != NULL)
DetectSshVersionFree(de_ctx, ssh);
return NULL;
static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (DetectEngineCtx *de_ctx, const char *str)
{
DetectSshSoftwareVersionData *ssh = NULL;
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2_len;
- ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, str, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError("invalid ssh.softwareversion option");
if (ret > 1) {
const char *str_ptr = NULL;
- res = pcre2_substring_get_bynumber(
- parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
/* We have a correct id option */
ssh = SCMalloc(sizeof(DetectSshSoftwareVersionData));
- if (unlikely(ssh == NULL))
+ if (unlikely(ssh == NULL)) {
+ pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
goto error;
-
+ }
ssh->software_ver = (uint8_t *)SCStrdup((char *)str_ptr);
if (ssh->software_ver == NULL) {
+ pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
goto error;
}
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
SCLogDebug("will look for ssh %s", ssh->software_ver);
}
+ pcre2_match_data_free(match);
return ssh;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (ssh != NULL)
DetectSshSoftwareVersionFree(de_ctx, ssh);
return NULL;
*/
static DetectSslStateData *DetectSslStateParse(const char *arg)
{
- int ret = 0, res = 0;
size_t pcre2len;
char str1[64];
char str2[64];
uint32_t flags = 0, mask = 0;
DetectSslStateData *ssd = NULL;
- ret = DetectParsePcreExec(&parse_regex1, arg, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex1, &match, arg, 0, 0);
if (ret < 1) {
SCLogError("Invalid arg \"%s\" supplied to "
"ssl_state keyword.",
}
pcre2len = sizeof(str1);
- res = pcre2_substring_copy_bynumber(parse_regex1.match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len);
+ int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
negate = !strcmp("!", str1);
pcre2len = sizeof(str1);
- res = pcre2_substring_copy_bynumber(parse_regex1.match, 2, (PCRE2_UCHAR8 *)str1, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)str1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
pcre2len = sizeof(str1);
- res = pcre2_substring_copy_bynumber(parse_regex1.match, 3, (PCRE2_UCHAR8 *)str1, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)str1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
while (res >= 0 && strlen(str1) > 0) {
- ret = DetectParsePcreExec(&parse_regex2, str1, 0, 0);
+ pcre2_match_data *match2 = NULL;
+ ret = DetectParsePcreExec(&parse_regex2, &match2, str1, 0, 0);
if (ret < 1) {
SCLogError("Invalid arg \"%s\" supplied to "
"ssl_state keyword.",
arg);
+ if (match2) {
+ pcre2_match_data_free(match2);
+ }
goto error;
}
pcre2len = sizeof(str2);
- res = pcre2_substring_copy_bynumber(parse_regex2.match, 1, (PCRE2_UCHAR8 *)str2, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match2, 1, (PCRE2_UCHAR8 *)str2, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
+ pcre2_match_data_free(match2);
goto error;
}
negate = !strcmp("!", str2);
pcre2len = sizeof(str2);
- res = pcre2_substring_copy_bynumber(parse_regex2.match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match2, 2, (PCRE2_UCHAR8 *)str2, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
+ pcre2_match_data_free(match2);
goto error;
}
if (strcmp("client_hello", str2) == 0) {
SCLogError("Found invalid option \"%s\" "
"in ssl_state keyword.",
str2);
+ pcre2_match_data_free(match2);
goto error;
}
pcre2len = sizeof(str2);
- res = pcre2_substring_copy_bynumber(parse_regex2.match, 3, (PCRE2_UCHAR8 *)str2, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match2, 3, (PCRE2_UCHAR8 *)str2, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
+ pcre2_match_data_free(match2);
goto error;
}
memcpy(str1, str2, sizeof(str1));
+ pcre2_match_data_free(match2);
}
if ( (ssd = SCMalloc(sizeof(DetectSslStateData))) == NULL) {
ssd->flags = flags;
ssd->mask = mask;
+ pcre2_match_data_free(match);
return ssd;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
return NULL;
}
static DetectTagData *DetectTagParse(const char *tagstr)
{
DetectTagData td;
- int ret = 0, res = 0;
size_t pcre2_len;
const char *str_ptr = NULL;
- ret = DetectParsePcreExec(&parse_regex, tagstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, tagstr, 0, 0);
if (ret < 1) {
SCLogError("parse error, ret %" PRId32 ", string %s", ret, tagstr);
goto error;
}
- res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ int res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
td.direction = DETECT_TAG_DIR_DST;
if (ret > 4) {
- res = pcre2_substring_get_bynumber(
- parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
str_ptr = NULL;
- res = pcre2_substring_get_bynumber(
- parse_regex.match, 4, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 4, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
/* if specified, overwrite it */
if (ret == 7) {
- res = pcre2_substring_get_bynumber(
- parse_regex.match, 6, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, 6, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
}
memcpy(real_td, &td, sizeof(DetectTagData));
+ pcre2_match_data_free(match);
return real_td;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (str_ptr != NULL)
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
return NULL;
*/
static int DetectTargetParse(Signature *s, const char *targetstr)
{
- int ret = 0, res = 0;
size_t pcre2len;
char value[10];
- ret = DetectParsePcreExec(&parse_regex, targetstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, targetstr, 0, 0);
if (ret < 1) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, targetstr);
- return -1;
+ goto error;
}
pcre2len = sizeof(value);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)value, &pcre2len);
+ int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)value, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
- return -1;
+ goto error;
}
/* now check key value */
if (!strcmp(value, "src_ip")) {
if (s->flags & SIG_FLAG_DEST_IS_TARGET) {
SCLogError("Conflicting values of target keyword");
- return -1;
+ goto error;
}
s->flags |= SIG_FLAG_SRC_IS_TARGET;
} else if (!strcmp(value, "dest_ip")) {
if (s->flags & SIG_FLAG_SRC_IS_TARGET) {
SCLogError("Conflicting values of target keyword");
- return -1;
+ goto error;
}
s->flags |= SIG_FLAG_DEST_IS_TARGET;
} else {
SCLogError("only 'src_ip' and 'dest_ip' are supported as target value");
- return -1;
+ goto error;
}
+ pcre2_match_data_free(match);
return 0;
+
+error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
+ return -1;
}
/**
{
SCEnter();
- int ret = 0, found = 0, ignore = 0, res = 0;
- size_t pcre2len;
+ int found = 0, ignore = 0;
char *ptr;
+ DetectFlagsData *de = NULL;
char arg1[16] = "";
char arg2[16] = "";
char arg3[16] = "";
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
SCLogDebug("input '%s', pcre said %d", rawstr, ret);
if (ret < 3) {
SCLogError("pcre match failed");
- SCReturnPtr(NULL, "DetectFlagsData");
+ goto error;
}
- pcre2len = sizeof(arg1);
- res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
+ size_t pcre2len = sizeof(arg1);
+ int res = SC_Pcre2SubstringCopy(match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
- SCReturnPtr(NULL, "DetectFlagsData");
+ goto error;
}
if (ret >= 2) {
pcre2len = sizeof(arg2);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
- SCReturnPtr(NULL, "DetectFlagsData");
+ goto error;
}
}
if (ret >= 3) {
pcre2len = sizeof(arg3);
- res = SC_Pcre2SubstringCopy(parse_regex.match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len);
+ res = SC_Pcre2SubstringCopy(match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
- SCReturnPtr(NULL, "DetectFlagsData");
+ goto error;
}
}
SCLogDebug("args '%s', '%s', '%s'", arg1, arg2, arg3);
if (strlen(arg2) == 0) {
SCLogDebug("empty argument");
- SCReturnPtr(NULL, "DetectFlagsData");
+ goto error;
}
- DetectFlagsData *de = SCMalloc(sizeof(DetectFlagsData));
+ de = SCMalloc(sizeof(DetectFlagsData));
if (unlikely(de == NULL))
goto error;
memset(de, 0, sizeof(DetectFlagsData));
}
}
+ pcre2_match_data_free(match);
SCLogDebug("found %"PRId32" ignore %"PRId32"", found, ignore);
SCReturnPtr(de, "DetectFlagsData");
if (de) {
SCFree(de);
}
+ if (match) {
+ pcre2_match_data_free(match);
+ }
SCReturnPtr(NULL, "DetectFlagsData");
}
static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char *windowstr)
{
DetectWindowData *wd = NULL;
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2len;
- ret = DetectParsePcreExec(&parse_regex, windowstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, windowstr, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, windowstr);
goto error;
if (ret > 1) {
char copy_str[128] = "";
pcre2len = sizeof(copy_str);
- res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
+ res = SC_Pcre2SubstringCopy(match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
if (ret > 2) {
pcre2len = sizeof(copy_str);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 2, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
}
+ pcre2_match_data_free(match);
return wd;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (wd != NULL)
DetectWindowFree(de_ctx, wd);
return NULL;
{
char arg1[4] = "";
char arg2[4] = "";
- size_t pcre2len;
- int ret = DetectParsePcreExec(&parse_regex, templatestr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, templatestr, 0, 0);
if (ret != 3) {
SCLogError("parse error, ret %" PRId32 "", ret);
- return NULL;
+ goto error;
}
- pcre2len = sizeof(arg1);
- ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
+ size_t pcre2len = sizeof(arg1);
+ ret = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (ret < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
- return NULL;
+ goto error;
}
SCLogDebug("Arg1 \"%s\"", arg1);
pcre2len = sizeof(arg2);
- ret = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len);
+ ret = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len);
if (ret < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
- return NULL;
+ goto error;
}
SCLogDebug("Arg2 \"%s\"", arg2);
DetectTemplateData *templated = SCMalloc(sizeof (DetectTemplateData));
if (unlikely(templated == NULL))
- return NULL;
+ goto error;
if (ByteExtractStringUint8(&templated->arg1, 10, 0, (const char *)arg1) < 0) {
SCFree(templated);
- return NULL;
+ goto error;
}
if (ByteExtractStringUint8(&templated->arg2, 10, 0, (const char *)arg2) < 0) {
SCFree(templated);
- return NULL;
+ goto error;
}
+ pcre2_match_data_free(match);
return templated;
+
+error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
+ return NULL;
}
/**
int second_pos = 0, count_pos = 0;
size_t pos = 0;
int i = 0;
+ pcre2_match_data *match = NULL;
copy_str = SCStrdup(rawstr);
if (unlikely(copy_str == NULL)) {
if(count_found != 1 || second_found != 1 || type_found != 1 || track_found != 1)
goto error;
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 5) {
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
for (i = 0; i < (ret - 1); i++) {
- res = pcre2_substring_get_bynumber(
- parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
}
+ pcre2_match_data_free(match);
return de;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
for (i = 0; i < (ret - 1); i++){
if (args[i] != NULL)
pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr)
{
DetectTlsValidityData *dd = NULL;
- int ret = 0, res = 0;
- size_t pcre2len;
char mode[2] = "";
char value1[20] = "";
char value2[20] = "";
char range[3] = "";
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret < 3 || ret > 5) {
SCLogError("Parse error %s", rawstr);
goto error;
}
- pcre2len = sizeof(mode);
- res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len);
+ size_t pcre2len = sizeof(mode);
+ int res = SC_Pcre2SubstringCopy(match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
SCLogDebug("mode \"%s\"", mode);
pcre2len = sizeof(value1);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
if (ret > 3) {
pcre2len = sizeof(range);
- res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)range, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)range, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
if (ret > 4) {
pcre2len = sizeof(value2);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 4, (PCRE2_UCHAR8 *)value2, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 4, (PCRE2_UCHAR8 *)value2, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
goto error;
}
}
+ pcre2_match_data_free(match);
return dd;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (dd)
SCFree(dd);
return NULL;
{
uint16_t temp;
DetectTlsVersionData *tls = NULL;
- int ret = 0, res = 0;
+ int res = 0;
size_t pcre2len;
- ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, str, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError("invalid tls.version option");
goto error;
char ver_ptr[64];
char *tmp_str;
pcre2len = sizeof(ver_ptr);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 1, (PCRE2_UCHAR8 *)ver_ptr, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)ver_ptr, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
SCLogDebug("will look for tls %"PRIu16"", tls->ver);
}
+ pcre2_match_data_free(match);
return tls;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (tls != NULL)
DetectTlsVersionFree(de_ctx, tls);
return NULL;
static DetectTlsData *DetectTlsSubjectParse (DetectEngineCtx *de_ctx, const char *str, bool negate)
{
DetectTlsData *tls = NULL;
- int ret = 0, res = 0;
size_t pcre2_len;
const char *str_ptr;
char *orig = NULL;
char *tmp_str;
uint32_t flag = 0;
- ret = DetectParsePcreExec(&subject_parse_regex, str, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&subject_parse_regex, &match, str, 0, 0);
if (ret != 2) {
SCLogError("invalid tls.subject option");
goto error;
if (negate)
flag = DETECT_CONTENT_NEGATED;
- res = pcre2_substring_get_bynumber(
- subject_parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ int res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
goto error;
}
+ pcre2_match_data_free(match);
SCFree(orig);
SCLogDebug("will look for TLS subject %s", tls->subject);
return tls;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (orig != NULL)
SCFree(orig);
if (tls != NULL)
static DetectTlsData *DetectTlsIssuerDNParse(DetectEngineCtx *de_ctx, const char *str, bool negate)
{
DetectTlsData *tls = NULL;
- int ret = 0, res = 0;
size_t pcre2_len;
const char *str_ptr;
char *orig = NULL;
char *tmp_str;
uint32_t flag = 0;
- ret = DetectParsePcreExec(&issuerdn_parse_regex, str, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&issuerdn_parse_regex, &match, str, 0, 0);
if (ret != 2) {
SCLogError("invalid tls.issuerdn option");
goto error;
if (negate)
flag = DETECT_CONTENT_NEGATED;
- res = pcre2_substring_get_bynumber(
- issuerdn_parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
+ int res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
SCFree(orig);
+ pcre2_match_data_free(match);
SCLogDebug("Will look for TLS issuerdn %s", tls->issuerdn);
return tls;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
if (orig != NULL)
SCFree(orig);
if (tls != NULL)
static DetectTosData *DetectTosParse(const char *arg, bool negate)
{
DetectTosData *tosd = NULL;
- int ret = 0, res = 0;
size_t pcre2len;
- ret = DetectParsePcreExec(&parse_regex, arg, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, arg, 0, 0);
if (ret != 2) {
SCLogError("invalid tos option - %s. "
"The tos option value must be in the range "
/* For TOS value */
char tosbytes_str[64] = "";
pcre2len = sizeof(tosbytes_str);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 1, (PCRE2_UCHAR8 *)tosbytes_str, &pcre2len);
+ int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)tosbytes_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
tosd->tos = (uint8_t)tos;
tosd->negated = negate;
+ pcre2_match_data_free(match);
return tosd;
error:
+ if (match) {
+ pcre2_match_data_free(match);
+ }
return NULL;
}
DetectXbitsData *cd = NULL;
uint8_t fb_cmd = 0;
uint8_t hb_dir = 0;
- int ret = 0, res = 0;
size_t pcre2len;
char fb_cmd_str[16] = "", fb_name[256] = "";
char hb_dir_str[16] = "";
enum VarTypes var_type = VAR_TYPE_NOT_SET;
uint32_t expire = DETECT_XBITS_EXPIRE_DEFAULT;
- ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
+ pcre2_match_data *match = NULL;
+ int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
if (ret != 2 && ret != 3 && ret != 4 && ret != 5) {
SCLogError("\"%s\" is not a valid setting for xbits.", rawstr);
+ if (match) {
+ pcre2_match_data_free(match);
+ }
return -1;
}
SCLogDebug("ret %d, %s", ret, rawstr);
pcre2len = sizeof(fb_cmd_str);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 1, (PCRE2_UCHAR8 *)fb_cmd_str, &pcre2len);
+ int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)fb_cmd_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
+ pcre2_match_data_free(match);
return -1;
}
if (ret >= 3) {
pcre2len = sizeof(fb_name);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 2, (PCRE2_UCHAR8 *)fb_name, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)fb_name, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
+ pcre2_match_data_free(match);
return -1;
}
if (ret >= 4) {
pcre2len = sizeof(hb_dir_str);
- res = pcre2_substring_copy_bynumber(
- parse_regex.match, 3, (PCRE2_UCHAR8 *)hb_dir_str, &pcre2len);
+ res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)hb_dir_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
+ pcre2_match_data_free(match);
return -1;
}
SCLogDebug("hb_dir_str %s", hb_dir_str);
var_type = VAR_TYPE_IPPAIR_BIT;
} else {
// TODO
+ pcre2_match_data_free(match);
return -1;
}
}
char expire_str[16] = "";
pcre2len = sizeof(expire_str);
res = pcre2_substring_copy_bynumber(
- parse_regex.match, 4, (PCRE2_UCHAR8 *)expire_str, &pcre2len);
+ match, 4, (PCRE2_UCHAR8 *)expire_str, &pcre2len);
if (res < 0) {
SCLogError("pcre2_substring_copy_bynumber failed");
+ pcre2_match_data_free(match);
return -1;
}
SCLogDebug("expire_str %s", expire_str);
SCLogError("Invalid value for "
"expire: \"%s\"",
expire_str);
+ pcre2_match_data_free(match);
return -1;
}
if (expire == 0) {
SCLogError("expire must be bigger than 0");
+ pcre2_match_data_free(match);
return -1;
}
SCLogDebug("expire %d", expire);
}
}
+ pcre2_match_data_free(match);
if (strcmp(fb_cmd_str,"noalert") == 0) {
fb_cmd = DETECT_XBITS_CMD_NOALERT;
} else if (strcmp(fb_cmd_str,"isset") == 0) {
projects / thirdparty / suricata.git / commitdiff
