Convert flowbits keyword parsing to use pcre_copy_substring

diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c
index 232b00832ee443543163bfe788f0b2c5f812a52e..30cae06c673a0bd6293bf7a6da0e980109d41429 100644 (file)
--- a/src/detect-flowbits.c
+++ b/src/detect-flowbits.c
@@ -164,11 +164,11 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr)
 {
     DetectFlowbitsData *cd = NULL;
     SigMatch *sm = NULL;
-    char *fb_cmd_str = NULL, *fb_name = NULL;
     uint8_t fb_cmd = 0;
 #define MAX_SUBSTRINGS 30
     int ret = 0, res = 0;
     int ov[MAX_SUBSTRINGS];
+    char fb_cmd_str[16] = "", fb_name[256] = "";
 
     ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
     if (ret != 2 && ret != 3) {
@@ -176,21 +176,18 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr)
         return -1;
     }
 
-    const char *str_ptr;
-    res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
+    res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, fb_cmd_str, sizeof(fb_cmd_str));
     if (res < 0) {
-        SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
+        SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
         return -1;
     }
-    fb_cmd_str = (char *)str_ptr;
 
     if (ret == 3) {
-        res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
+        res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, fb_name, sizeof(fb_name));
         if (res < 0) {
-            SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
+            SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
             goto error;
         }
-        fb_name = (char *)str_ptr;
     }
 
     if (strcmp(fb_cmd_str,"noalert") == 0) {
@@ -212,7 +209,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr)
 
     switch (fb_cmd) {
         case DETECT_FLOWBITS_CMD_NOALERT:
-            if(fb_name != NULL)
+            if (strlen(fb_name) != 0)
                 goto error;
             s->flags |= SIG_FLAG_NOALERT;
             return 0;
@@ -222,7 +219,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr)
         case DETECT_FLOWBITS_CMD_UNSET:
         case DETECT_FLOWBITS_CMD_TOGGLE:
         default:
-            if(fb_name == NULL)
+            if (strlen(fb_name) == 0)
                 goto error;
             break;
     }
@@ -235,12 +232,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr)
     cd->cmd = fb_cmd;
 
     SCLogDebug("idx %" PRIu32 ", cmd %s, name %s",
-        cd->idx, fb_cmd_str, fb_name ? fb_name : "(null)");
-
-    pcre_free_substring(fb_name);
-    fb_name = NULL;
-    pcre_free_substring(fb_cmd_str);
-    fb_cmd_str = NULL;
+        cd->idx, fb_cmd_str, strlen(fb_name) ? fb_name : "(none)");
 
     /* Okay so far so good, lets get this into a SigMatch
      * and put it in the Signature. */
@@ -273,10 +265,6 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr)
     return 0;
 
 error:
-    if (fb_name != NULL)
-        pcre_free_substring(fb_name);
-    if (fb_cmd_str != NULL)
-        pcre_free_substring(fb_cmd_str);
     if (cd != NULL)
         SCFree(cd);
     if (sm != NULL)