threshold-config: Improve support for big IP lists

author Jeff Lucovsky <jeff@lucovsky.org>

Sat, 5 Dec 2020 14:28:38 +0000 (09:28 -0500)

committer Shivani Bhardwaj <shivanib134@gmail.com>

Thu, 29 Apr 2021 09:52:28 +0000 (15:22 +0530)
author Jeff Lucovsky <jeff@lucovsky.org>
Sat, 5 Dec 2020 14:28:38 +0000 (09:28 -0500)
committer Shivani Bhardwaj <shivanib134@gmail.com>
Thu, 29 Apr 2021 09:52:28 +0000 (15:22 +0530)
diff --git a/src/util-threshold-config.c b/src/util-threshold-config.c

index ac75c95a1159b8e4dddb76d8ad5c88ca8ec86aa1..9d4bfb177e3eb6faa05102906d481a5200c2b489 100644 (file)
--- a/src/util-threshold-config.c
+++ b/src/util-threshold-config.c
@@ -631,14 +631,14 @@ static int ParseThresholdRule(DetectEngineCtx *de_ctx, char *rawstr,
      char th_rule_type[32];
      char th_gid[16];
      char th_sid[16];
-    char rule_extend[1024];
+    const char *rule_extend = NULL;
      char th_type[16] = "";
      char th_track[16] = "";
      char th_count[16] = "";
      char th_seconds[16] = "";
      char th_new_action[16] = "";
      char th_timeout[16] = "";
-    char th_ip[64] = "";
+    const char *th_ip = NULL;
  
      uint8_t parsed_type = 0;
      uint8_t parsed_track = 0;
@@ -681,9 +681,10 @@ static int ParseThresholdRule(DetectEngineCtx *de_ctx, char *rawstr,
          goto error;
      }
  
-    ret = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, rule_extend, sizeof(rule_extend));
+    /* Use "get" for heap allocation */
+    ret = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, &rule_extend);
      if (ret < 0) {
-        SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
+        SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
          goto error;
      }
  
@@ -772,10 +773,10 @@ static int ParseThresholdRule(DetectEngineCtx *de_ctx, char *rawstr,
                      SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
                      goto error;
                  }
-                /* retrieve the IP */
-                ret = pcre_copy_substring((char *)rule_extend, ov, MAX_SUBSTRINGS, 2, th_ip, sizeof(th_ip));
+                /* retrieve the IP; use "get" for heap allocation */
+                ret = pcre_get_substring((char *)rule_extend, ov, MAX_SUBSTRINGS, 2, &th_ip);
                  if (ret < 0) {
-                    SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
+                    SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
                      goto error;
                  }
              } else {
@@ -923,13 +924,21 @@ static int ParseThresholdRule(DetectEngineCtx *de_ctx, char *rawstr,
      *ret_parsed_seconds = parsed_seconds;
      *ret_parsed_timeout = parsed_timeout;
      *ret_th_ip = NULL;
-    if (strcmp("", th_ip) != 0) {
-        *ret_th_ip = SCStrdup(th_ip);
-        if (*ret_th_ip == NULL)
-            goto error;
+    if (th_ip != NULL) {
+        *ret_th_ip = (char *)th_ip;
+    } else {
+        SCFree((char *)th_ip);
      }
+    SCFree((char *)rule_extend);
      return 0;
+
  error:
+    if (rule_extend != NULL) {
+        SCFree((char *)rule_extend);
+    }
+    if (th_ip != NULL) {
+        SCFree((char *)th_ip);
+    }
      return -1;
  }
author	Jeff Lucovsky <jeff@lucovsky.org>
	Sat, 5 Dec 2020 14:28:38 +0000 (09:28 -0500)
committer	Shivani Bhardwaj <shivanib134@gmail.com>
	Thu, 29 Apr 2021 09:52:28 +0000 (15:22 +0530)