Merge in SNORT/snort3 from ~AMARNAYA/snort3:fix_searcher to master
Squashed commit of the following:
commit
20191e9a84c6b1b73d0a589f54c7aab53fb94d91
Author: Amarnath Nayak <amarnaya@cisco.com>
Date: Tue Nov 23 08:02:30 2021 +0000
ips_options: creating LiteralSearch object for vba decompression at the time of snort initialization
// RLE algorithm.
int32_t OleFile :: get_file_offset(const uint8_t* data, int32_t data_len)
{
- search_handle = snort::LiteralSearch::setup();
- searcher = snort::LiteralSearch::instantiate(search_handle,
- (const uint8_t*)"ATTRIBUT", 8, true);
if (searcher == nullptr)
{
VBA_DEBUG(vba_data_trace, DEFAULT_TRACE_OPTION_ID, TRACE_ERROR_LEVEL, CURRENT_PACKET,
}
int32_t offset = searcher->search(search_handle, data, data_len);
- delete searcher;
- snort::LiteralSearch::cleanup(search_handle);
return offset;
}
OleFile(const uint8_t* file_buf, const uint32_t buf_len)
{
- //header = new OleHeader;
this->file_buf = file_buf;
this->buf_len = buf_len;
- //dir_list = new DirectoryList();
}
~OleFile()
delete[] mini_fat_list;
}
- snort::LiteralSearch* searcher = nullptr;
- snort::LiteralSearch::Handle* search_handle = nullptr;
-
private:
const uint8_t* file_buf;
uint32_t buf_len;
THREAD_LOCAL const snort::Trace* vba_data_trace = nullptr;
+snort::LiteralSearch::Handle* search_handle = nullptr;
+const snort::LiteralSearch* searcher = nullptr ;
+
namespace snort
{
LiteralSearch::Handle* LiteralSearch::setup() { return nullptr; }
THREAD_LOCAL const Trace* vba_data_trace = nullptr;
+LiteralSearch::Handle* search_handle = nullptr;
+const LiteralSearch* searcher = nullptr;
+
CursorActionType VbaDataOption::get_cursor_type() const
{ return CAT_SET_VBA; }
return MATCH;
}
+bool VbaDataModule::end(const char*, int, SnortConfig*)
+{
+ if (!search_handle)
+ search_handle = LiteralSearch::setup();
+
+ if (!searcher)
+ searcher = snort::LiteralSearch::instantiate(search_handle,
+ (const uint8_t*)"ATTRIBUT", 8, true);
+
+ return true;
+}
+
+VbaDataModule::~VbaDataModule()
+{
+ if (searcher)
+ {
+ delete searcher;
+ searcher = nullptr;
+ }
+
+ if (search_handle)
+ {
+ LiteralSearch::cleanup(search_handle);
+ search_handle = nullptr;
+ }
+}
ProfileStats* VbaDataModule::get_profile() const
{ return &vbaDataPerfStats; }
#include "framework/cursor.h"
#include "framework/ips_option.h"
#include "framework/module.h"
+#include "helpers/literal_search.h"
#include "profiler/profiler.h"
#include "trace/trace.h"
extern THREAD_LOCAL const snort::Trace* vba_data_trace;
+extern snort::LiteralSearch::Handle* search_handle ;
+extern const snort::LiteralSearch* searcher ;
+
class VbaDataOption : public snort::IpsOption
{
public:
{
public:
VbaDataModule() : Module(s_name, s_help) { }
+ ~VbaDataModule() override;
+
+ bool end(const char*, int, snort::SnortConfig*) override;
snort::ProfileStats* get_profile() const override;
projects / thirdparty / snort3.git / commitdiff
