detect: use u32 for InspectionBufferMultipleForList

So that we do not have an endless loop casting index to
u16 and having more than 65536 buffers in one transaction

Changes for all protocols, even ones where it is impossible
to have such a pattern, so as to avoid bad pattern copy/paste
in the future

diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs
index 350c165aee922a2221a97db43a292f347fd4e328..b541e775e4a256593f3aca6a7f45a095e8b24eaf 100644 (file)
--- a/rust/src/dns/dns.rs
+++ b/rust/src/dns/dns.rs
@@ -888,7 +888,7 @@ pub extern "C" fn rs_dns_state_get_tx_data(
 
 #[no_mangle]
 pub extern "C" fn rs_dns_tx_get_query_name(tx: &mut DNSTransaction,
-                                       i: u16,
+                                       i: u32,
                                        buf: *mut *const u8,
                                        len: *mut u32)
                                        -> u8

diff --git a/rust/src/ike/detect.rs b/rust/src/ike/detect.rs
index 78f60c8d6720bd6791a9b14046b51891cf5c3e31..fc5bef396e7ecc89318bb1b3de71495df39984d7 100644 (file)
--- a/rust/src/ike/detect.rs
+++ b/rust/src/ike/detect.rs
@@ -117,9 +117,9 @@ pub extern "C" fn rs_ike_state_get_key_exchange(
 
 #[no_mangle]
 pub extern "C" fn rs_ike_tx_get_vendor(
-    tx: &IKETransaction, i: u16, buf: *mut *const u8, len: *mut u32,
+    tx: &IKETransaction, i: u32, buf: *mut *const u8, len: *mut u32,
 ) -> u8 {
-    if tx.ike_version == 1 && i < tx.hdr.ikev1_header.vendor_ids.len() as u16 {
+    if tx.ike_version == 1 && i < tx.hdr.ikev1_header.vendor_ids.len() as u32 {
         unsafe {
             *len = tx.hdr.ikev1_header.vendor_ids[i as usize].len() as u32;
             *buf = tx.hdr.ikev1_header.vendor_ids[i as usize].as_ptr();

diff --git a/rust/src/krb/detect.rs b/rust/src/krb/detect.rs
index 127903d73444869c102ea18e7bcd435cbee420fd..aa451782b8c37b07411588b42f40e09a2d4d5e42 100644 (file)
--- a/rust/src/krb/detect.rs
+++ b/rust/src/krb/detect.rs
@@ -43,7 +43,7 @@ pub unsafe extern "C" fn rs_krb5_tx_get_errcode(tx:  &mut KRB5Transaction,
 
 #[no_mangle]
 pub unsafe extern "C" fn rs_krb5_tx_get_cname(tx:  &mut KRB5Transaction,
-                                              i: u16,
+                                              i: u32,
                                               buffer: *mut *const u8,
                                               buffer_len: *mut u32)
                                               -> u8
@@ -61,7 +61,7 @@ pub unsafe extern "C" fn rs_krb5_tx_get_cname(tx:  &mut KRB5Transaction,
 
 #[no_mangle]
 pub unsafe extern "C" fn rs_krb5_tx_get_sname(tx:  &mut KRB5Transaction,
-                                              i: u16,
+                                              i: u32,
                                               buffer: *mut *const u8,
                                               buffer_len: *mut u32)
                                               -> u8

diff --git a/rust/src/mqtt/detect.rs b/rust/src/mqtt/detect.rs
index 2e02bdffababf87cbb37522c638e09060f58f177..fc8c297797c765ffd7c32db424476ac5b99f8671 100644 (file)
--- a/rust/src/mqtt/detect.rs
+++ b/rust/src/mqtt/detect.rs
@@ -353,7 +353,7 @@ pub extern "C" fn rs_mqtt_tx_get_publish_message(
 
 #[no_mangle]
 pub extern "C" fn rs_mqtt_tx_get_subscribe_topic(tx: &MQTTTransaction,
-    i: u16,
+    i: u32,
     buf: *mut *const u8,
     len: *mut u32)
     -> u8
@@ -386,7 +386,7 @@ pub extern "C" fn rs_mqtt_tx_get_subscribe_topic(tx: &MQTTTransaction,
 
 #[no_mangle]
 pub extern "C" fn rs_mqtt_tx_get_unsubscribe_topic(tx: &MQTTTransaction,
-    i: u16,
+    i: u32,
     buf: *mut *const u8,
     len: *mut u32)
     -> u8
@@ -607,4 +607,4 @@ mod test {
         r = rs_mqtt_tx_get_subscribe_topic(&t, 4, &mut s, &mut slen);
         assert_eq!(r, 0);
     }
-}
\ No newline at end of file
+}

diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c
index 36a7a996b16e03793ba339100034a999666280a8..50728041f270ec50dbb98387a04b1bc3ab08b360 100644 (file)
--- a/src/detect-dns-query.c
+++ b/src/detect-dns-query.c
@@ -68,7 +68,7 @@ static void DetectDnsQueryRegisterTests(void);
 static int g_dns_query_buffer_id = 0;
 
 struct DnsQueryGetDataArgs {
-    int local_id;  /**< used as index into thread inspect array */
+    uint32_t local_id; /**< used as index into thread inspect array */
     void *txv;
 };
 
@@ -87,8 +87,7 @@ static InspectionBuffer *DnsQueryGetData(DetectEngineThreadCtx *det_ctx,
 
     const uint8_t *data;
     uint32_t data_len;
-    if (rs_dns_tx_get_query_name(cbdata->txv, (uint16_t)cbdata->local_id,
-                &data, &data_len) == 0) {
+    if (rs_dns_tx_get_query_name(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) {
         return NULL;
     }
     InspectionBufferSetupMulti(buffer, transforms, data, data_len);
@@ -102,7 +101,7 @@ static int DetectEngineInspectDnsQuery(
         const Signature *s,
         Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
-    int local_id = 0;
+    uint32_t local_id = 0;
 
     const DetectEngineTransforms *transforms = NULL;
     if (!engine->mpm) {
@@ -159,7 +158,7 @@ static void PrefilterTxDnsQuery(DetectEngineThreadCtx *det_ctx,
     const MpmCtx *mpm_ctx = ctx->mpm_ctx;
     const int list_id = ctx->list_id;
 
-    int local_id = 0;
+    uint32_t local_id = 0;
     while(1) {
         // loop until we get a NULL
 

diff --git a/src/detect-engine-mpm.h b/src/detect-engine-mpm.h
index 47518084745b7d26d5b38511aa237da3f8144bbd..e9ed4078ccb7b4187b57f7ef4f125c0302409de8 100644 (file)
--- a/src/detect-engine-mpm.h
+++ b/src/detect-engine-mpm.h
@@ -125,7 +125,7 @@ typedef struct PrefilterMpmListId {
 } PrefilterMpmListId;
 
 struct MpmListIdDataArgs {
-    int local_id;  /**< used as index into thread inspect array */
+    uint32_t local_id; /**< used as index into thread inspect array */
     void *txv;
 };
 

diff --git a/src/detect-http2.c b/src/detect-http2.c
index 917230bba102431fe62c93e24cc1cf5501a3c600..cffbcbbfa48041ca880d49ab6cc6c9926f7fb680 100644 (file)
--- a/src/detect-http2.c
+++ b/src/detect-http2.c
@@ -701,7 +701,7 @@ static InspectionBuffer *GetHttp2HNameData(DetectEngineThreadCtx *det_ctx,
     uint32_t b_len = 0;
     const uint8_t *b = NULL;
 
-    if (rs_http2_tx_get_header_name(cbdata->txv, flags, (uint32_t)cbdata->local_id, &b, &b_len) != 1)
+    if (rs_http2_tx_get_header_name(cbdata->txv, flags, cbdata->local_id, &b, &b_len) != 1)
         return NULL;
     if (b == NULL || b_len == 0)
         return NULL;
@@ -723,7 +723,7 @@ static void PrefilterTxHttp2HName(DetectEngineThreadCtx *det_ctx,
     const MpmCtx *mpm_ctx = ctx->mpm_ctx;
     const int list_id = ctx->list_id;
 
-    int local_id = 0;
+    uint32_t local_id = 0;
 
     while(1) {
         // loop until we get a NULL
@@ -767,7 +767,7 @@ static int DetectEngineInspectHttp2HeaderName(
         const Signature *s,
         Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
-    int local_id = 0;
+    uint32_t local_id = 0;
 
     const DetectEngineTransforms *transforms = NULL;
     if (!engine->mpm) {
@@ -835,7 +835,7 @@ static InspectionBuffer *GetHttp2HeaderData(DetectEngineThreadCtx *det_ctx,
     uint32_t b_len = 0;
     const uint8_t *b = NULL;
 
-    if (rs_http2_tx_get_header(cbdata->txv, flags, (uint32_t)cbdata->local_id, &b, &b_len) != 1)
+    if (rs_http2_tx_get_header(cbdata->txv, flags, cbdata->local_id, &b, &b_len) != 1)
         return NULL;
     if (b == NULL || b_len == 0)
         return NULL;
@@ -856,7 +856,7 @@ static void PrefilterTxHttp2Header(DetectEngineThreadCtx *det_ctx,
     const MpmCtx *mpm_ctx = ctx->mpm_ctx;
     const int list_id = ctx->list_id;
 
-    int local_id = 0;
+    uint32_t local_id = 0;
 
     while(1) {
         // loop until we get a NULL
@@ -899,7 +899,7 @@ static int DetectEngineInspectHttp2Header(
         const Signature *s,
         Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
-    int local_id = 0;
+    uint32_t local_id = 0;
 
     const DetectEngineTransforms *transforms = NULL;
     if (!engine->mpm) {

diff --git a/src/detect-ike-vendor.c b/src/detect-ike-vendor.c
index c336f8c594cad04a460eb7eec61f4b6e56ace76c..eaa1d52ed812805bde73ade1b89e4d5f6b997e19 100644 (file)
--- a/src/detect-ike-vendor.c
+++ b/src/detect-ike-vendor.c
@@ -41,7 +41,7 @@ typedef struct {
 } DetectIkeVendorData;
 
 struct IkeVendorGetDataArgs {
-    int local_id;
+    uint32_t local_id;
     void *txv;
 };
 
@@ -68,7 +68,7 @@ static InspectionBuffer *IkeVendorGetData(DetectEngineThreadCtx *det_ctx,
 
     const uint8_t *data;
     uint32_t data_len;
-    if (rs_ike_tx_get_vendor(cbdata->txv, (uint16_t)cbdata->local_id, &data, &data_len) == 0) {
+    if (rs_ike_tx_get_vendor(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) {
         return NULL;
     }
 
@@ -94,7 +94,7 @@ static void PrefilterTxIkeVendor(DetectEngineThreadCtx *det_ctx, const void *pec
     const MpmCtx *mpm_ctx = ctx->mpm_ctx;
     const int list_id = ctx->list_id;
 
-    int local_id = 0;
+    uint32_t local_id = 0;
     while (1) {
         struct IkeVendorGetDataArgs cbdata = { local_id, txv };
         InspectionBuffer *buffer =
@@ -136,7 +136,7 @@ static int DetectEngineInspectIkeVendor(DetectEngineCtx *de_ctx, DetectEngineThr
         const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
         void *alstate, void *txv, uint64_t tx_id)
 {
-    int local_id = 0;
+    uint32_t local_id = 0;
 
     const DetectEngineTransforms *transforms = NULL;
     if (!engine->mpm) {

diff --git a/src/detect-krb5-cname.c b/src/detect-krb5-cname.c
index 7e90d679c2a09c259f9f77a972d5a3510f3f0ead..9ae593a8f234e86f995829164f9d40400f1bd683 100644 (file)
--- a/src/detect-krb5-cname.c
+++ b/src/detect-krb5-cname.c
@@ -39,7 +39,7 @@
 static int g_krb5_cname_buffer_id = 0;
 
 struct Krb5PrincipalNameDataArgs {
-    int local_id;  /**< used as index into thread inspect array */
+    uint32_t local_id; /**< used as index into thread inspect array */
     void *txv;
 };
 
@@ -71,7 +71,7 @@ static InspectionBuffer *GetKrb5CNameData(DetectEngineThreadCtx *det_ctx,
     uint32_t b_len = 0;
     const uint8_t *b = NULL;
 
-    if (rs_krb5_tx_get_cname(cbdata->txv, (uint16_t)cbdata->local_id, &b, &b_len) != 1)
+    if (rs_krb5_tx_get_cname(cbdata->txv, cbdata->local_id, &b, &b_len) != 1)
         return NULL;
     if (b == NULL || b_len == 0)
         return NULL;
@@ -87,7 +87,7 @@ static int DetectEngineInspectKrb5CName(
         const Signature *s,
         Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
-    int local_id = 0;
+    uint32_t local_id = 0;
 
     const DetectEngineTransforms *transforms = NULL;
     if (!engine->mpm) {
@@ -146,7 +146,7 @@ static void PrefilterTxKrb5CName(DetectEngineThreadCtx *det_ctx,
     const MpmCtx *mpm_ctx = ctx->mpm_ctx;
     const int list_id = ctx->list_id;
 
-    int local_id = 0;
+    uint32_t local_id = 0;
 
     while(1) {
         // loop until we get a NULL

diff --git a/src/detect-krb5-sname.c b/src/detect-krb5-sname.c
index a791c658d4158c4af62f8c9fc8291775c7a61607..6adb73695f77c1e39ab0d55f11d6cb0206284ab0 100644 (file)
--- a/src/detect-krb5-sname.c
+++ b/src/detect-krb5-sname.c
@@ -39,7 +39,7 @@
 static int g_krb5_sname_buffer_id = 0;
 
 struct Krb5PrincipalNameDataArgs {
-    int local_id;  /**< used as index into thread inspect array */
+    uint32_t local_id; /**< used as index into thread inspect array */
     void *txv;
 };
 
@@ -71,7 +71,7 @@ static InspectionBuffer *GetKrb5SNameData(DetectEngineThreadCtx *det_ctx,
     uint32_t b_len = 0;
     const uint8_t *b = NULL;
 
-    if (rs_krb5_tx_get_sname(cbdata->txv, (uint16_t)cbdata->local_id, &b, &b_len) != 1)
+    if (rs_krb5_tx_get_sname(cbdata->txv, cbdata->local_id, &b, &b_len) != 1)
         return NULL;
     if (b == NULL || b_len == 0)
         return NULL;
@@ -87,7 +87,7 @@ static int DetectEngineInspectKrb5SName(
         const Signature *s,
         Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
-    int local_id = 0;
+    uint32_t local_id = 0;
 
     const DetectEngineTransforms *transforms = NULL;
     if (!engine->mpm) {
@@ -146,7 +146,7 @@ static void PrefilterTxKrb5SName(DetectEngineThreadCtx *det_ctx,
     const MpmCtx *mpm_ctx = ctx->mpm_ctx;
     const int list_id = ctx->list_id;
 
-    int local_id = 0;
+    uint32_t local_id = 0;
 
     while(1) {
         // loop until we get a NULL

diff --git a/src/detect-mqtt-subscribe-topic.c b/src/detect-mqtt-subscribe-topic.c
index 0c035f2c83d814e4c762db699fcf180d5286853e..e8939ee4fca5f334c8712d126b3ba27dbf9cd165 100644 (file)
--- a/src/detect-mqtt-subscribe-topic.c
+++ b/src/detect-mqtt-subscribe-topic.c
@@ -59,7 +59,7 @@ static int DetectMQTTSubscribeTopicSetup(DetectEngineCtx *, Signature *, const c
 static int g_mqtt_subscribe_topic_buffer_id = 0;
 
 struct MQTTSubscribeTopicGetDataArgs {
-    int local_id;
+    uint32_t local_id;
     void *txv;
 };
 
@@ -78,8 +78,7 @@ static InspectionBuffer *MQTTSubscribeTopicGetData(DetectEngineThreadCtx *det_ct
 
     const uint8_t *data;
     uint32_t data_len;
-    if (rs_mqtt_tx_get_subscribe_topic(cbdata->txv, (uint16_t)cbdata->local_id,
-                &data, &data_len) == 0) {
+    if (rs_mqtt_tx_get_subscribe_topic(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) {
         return NULL;
     }
 
@@ -94,7 +93,7 @@ static int DetectEngineInspectMQTTSubscribeTopic(
         const Signature *s,
         Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
-    int local_id = 0;
+    uint32_t local_id = 0;
 
     const DetectEngineTransforms *transforms = NULL;
     if (!engine->mpm) {
@@ -151,7 +150,7 @@ static void PrefilterTxMQTTSubscribeTopic(DetectEngineThreadCtx *det_ctx,
     const MpmCtx *mpm_ctx = ctx->mpm_ctx;
     const int list_id = ctx->list_id;
 
-    int local_id = 0;
+    uint32_t local_id = 0;
     while(1) {
         struct MQTTSubscribeTopicGetDataArgs cbdata = { local_id, txv };
         InspectionBuffer *buffer = MQTTSubscribeTopicGetData(det_ctx, ctx->transforms,

diff --git a/src/detect-mqtt-unsubscribe-topic.c b/src/detect-mqtt-unsubscribe-topic.c
index d8ae6a7b511022bd9e98e4ffc7cb700e92dedb48..5409e5c6ba9404e1d72128ce4c7b136be986b3bf 100644 (file)
--- a/src/detect-mqtt-unsubscribe-topic.c
+++ b/src/detect-mqtt-unsubscribe-topic.c
@@ -59,7 +59,7 @@ static int DetectMQTTUnsubscribeTopicSetup(DetectEngineCtx *, Signature *, const
 static int g_mqtt_unsubscribe_topic_buffer_id = 0;
 
 struct MQTTUnsubscribeTopicGetDataArgs {
-    int local_id;
+    uint32_t local_id;
     void *txv;
 };
 
@@ -78,8 +78,7 @@ static InspectionBuffer *MQTTUnsubscribeTopicGetData(DetectEngineThreadCtx *det_
 
     const uint8_t *data;
     uint32_t data_len;
-    if (rs_mqtt_tx_get_unsubscribe_topic(cbdata->txv, (uint16_t)cbdata->local_id,
-                &data, &data_len) == 0) {
+    if (rs_mqtt_tx_get_unsubscribe_topic(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) {
         return NULL;
     }
 
@@ -94,7 +93,7 @@ static int DetectEngineInspectMQTTUnsubscribeTopic(
         const Signature *s,
         Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
-    int local_id = 0;
+    uint32_t local_id = 0;
 
     const DetectEngineTransforms *transforms = NULL;
     if (!engine->mpm) {
@@ -151,7 +150,7 @@ static void PrefilterTxMQTTUnsubscribeTopic(DetectEngineThreadCtx *det_ctx,
     const MpmCtx *mpm_ctx = ctx->mpm_ctx;
     const int list_id = ctx->list_id;
 
-    int local_id = 0;
+    uint32_t local_id = 0;
     while(1) {
         struct MQTTUnsubscribeTopicGetDataArgs cbdata = { local_id, txv };
         InspectionBuffer *buffer = MQTTUnsubscribeTopicGetData(det_ctx, ctx->transforms,

diff --git a/src/detect-tls-certs.c b/src/detect-tls-certs.c
index 08f0a706c60cf40ff2cc36c2e4a1267f45ebef37..8e8fd8c0f73c864aa47e9981a8abcf13ab30a6d2 100644 (file)
--- a/src/detect-tls-certs.c
+++ b/src/detect-tls-certs.c
@@ -71,7 +71,7 @@ static int PrefilterMpmTlsCertsRegister(DetectEngineCtx *de_ctx,
 static int g_tls_certs_buffer_id = 0;
 
 struct TlsCertsGetDataArgs {
-    int local_id;  /**< used as index into thread inspect array */
+    uint32_t local_id; /**< used as index into thread inspect array */
     SSLCertsChain *cert;
 };