*/
static int DetectAddressParse2(const DetectEngineCtx *de_ctx,
DetectAddressHead *gh, DetectAddressHead *ghn,
- const char *s, int negate, ResolvedVariablesList *var_list)
+ const char *s, int negate, ResolvedVariablesList *var_list,
+ int recur)
{
size_t x = 0;
size_t u = 0;
const char *rule_var_address = NULL;
char *temp_rule_var_address = NULL;
+ if (++recur > 64) {
+ SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "address block recursion "
+ "limit reached (max 64)");
+ goto error;
+ }
+
SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
for (u = 0, x = 0; u < size && x < sizeof(address); u++) {
/* normal block */
SCLogDebug("normal block");
- if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list) < 0)
+ if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
goto error;
} else {
/* negated block
DetectAddressHead tmp_gh = { NULL, NULL };
DetectAddressHead tmp_ghn = { NULL, NULL };
- if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list) < 0) {
+ if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
DetectAddressHeadCleanup(&tmp_gh);
DetectAddressHeadCleanup(&tmp_ghn);
goto error;
if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
- (negate + n_set) % 2, var_list) < 0)
+ (negate + n_set) % 2, var_list, recur) < 0)
{
if (temp_rule_var_address != rule_var_address)
SCFree(temp_rule_var_address);
}
if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
- (negate + n_set) % 2, var_list) < 0) {
+ (negate + n_set) % 2, var_list, recur) < 0) {
SCLogDebug("DetectAddressParse2 hates us");
if (temp_rule_var_address != rule_var_address)
SCFree(temp_rule_var_address);
goto error;
}
- int r = DetectAddressParse2(NULL, gh, ghn, seq_node->val, /* start with negate no */0, &var_list);
+ int r = DetectAddressParse2(NULL, gh, ghn, seq_node->val, /* start with negate no */0, &var_list, 0);
CleanVariableResolveList(&var_list);
return -1;
}
- int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */0, NULL);
+ int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */0, NULL, 0);
if (r < 0) {
SCLogDebug("DetectAddressParse2 returned %d", r);
DetectAddressHeadFree(ghn);
PASS;
}
+/** \test recursion limit */
+static int AddressTestParse26(void)
+{
+ DetectAddressHead *gh = DetectAddressHeadInit();
+ FAIL_IF_NULL(gh);
+ /* exactly 64: should pass */
+ int r = DetectAddressParse(NULL, gh,
+ "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
+ "1.2.3.4"
+ "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
+ );
+ FAIL_IF_NOT(r == 0);
+ DetectAddressHeadFree(gh);
+ gh = DetectAddressHeadInit();
+ FAIL_IF_NULL(gh);
+ /* exactly 65: should fail */
+ r = DetectAddressParse(NULL, gh,
+ "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
+ "1.2.3.4"
+ "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
+ );
+ FAIL_IF(r == 0);
+ DetectAddressHeadFree(gh);
+ PASS;
+}
+
static int AddressTestParse27(void)
{
DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
UtRegisterTest("AddressTestParse23", AddressTestParse23);
UtRegisterTest("AddressTestParse24", AddressTestParse24);
UtRegisterTest("AddressTestParse25", AddressTestParse25);
+ UtRegisterTest("AddressTestParse26", AddressTestParse26);
UtRegisterTest("AddressTestParse27", AddressTestParse27);
UtRegisterTest("AddressTestParse28", AddressTestParse28);
UtRegisterTest("AddressTestParse29", AddressTestParse29);
projects / thirdparty / suricata.git / commitdiff
