}
SCLogDebug("data->event_id %u", data->event_id);
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_APP_LAYER_EVENT;
- sm->ctx = (SigMatchCtx *)data;
-
if (event_type == APP_LAYER_EVENT_TYPE_PACKET) {
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_APP_LAYER_EVENT, (SigMatchCtx *)data,
+ DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
} else {
if (DetectSignatureSetAppProto(s, data->alproto) != 0)
goto error;
- SigMatchAppendSMToList(s, sm, g_applayer_events_list_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_APP_LAYER_EVENT, (SigMatchCtx *)data,
+ g_applayer_events_list_id) == NULL) {
+ goto error;
+ }
s->flags |= SIG_FLAG_APPLAYER;
}
if (data) {
DetectAppLayerEventFree(de_ctx, data);
}
- if (sm) {
- sm->ctx = NULL;
- SigMatchFree(de_ctx, sm);
- }
return -1;
}
Signature *s, const char *arg)
{
DetectAppLayerProtocolData *data = NULL;
- SigMatch *sm = NULL;
if (s->alproto != ALPROTO_UNKNOWN) {
SCLogError("Either we already "
}
}
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_APP_LAYER_PROTOCOL, (SigMatchCtx *)data,
+ DETECT_SM_LIST_MATCH) == NULL) {
goto error;
-
- sm->type = DETECT_AL_APP_LAYER_PROTOCOL;
- sm->ctx = (void *)data;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ }
return 0;
error:
if (ad == NULL)
return -1;
- /* Okay so far so good, lets get this into a SigMatch
- * and put it in the Signature. */
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_ASN1, (SigMatchCtx *)ad, DETECT_SM_LIST_MATCH) ==
+ NULL) {
DetectAsn1Free(de_ctx, ad);
return -1;
}
- sm->type = DETECT_ASN1;
- sm->ctx = (SigMatchCtx *)ad;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
-
return 0;
}
uint8_t relative = 0;
DetectBase64Decode *data = NULL;
int sm_list;
- SigMatch *sm = NULL;
SigMatch *pm = NULL;
if (str != NULL) {
}
}
- sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_BASE64_DECODE, (SigMatchCtx *)data, sm_list) ==
+ NULL) {
goto error;
}
- sm->type = DETECT_BASE64_DECODE;
- sm->ctx = (SigMatchCtx *)data;
- SigMatchAppendSMToList(s, sm, sm_list);
if (!data->bytes) {
data->bytes = BASE64_DECODE_MAX;
static int DetectBsizeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *sizestr)
{
SCEnter();
- SigMatch *sm = NULL;
if (DetectBufferGetActiveList(de_ctx, s) == -1)
SCReturnInt(-1);
if (bsz == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_BSIZE, (SigMatchCtx *)bsz, list) == NULL) {
goto error;
- sm->type = DETECT_BSIZE;
- sm->ctx = (void *)bsz;
-
- SigMatchAppendSMToList(s, sm, list);
+ }
SCReturnInt(0);
static int DetectBypassSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
- SigMatch *sm = NULL;
if (s->flags & SIG_FLAG_FILESTORE) {
SCLogError("bypass can't work with filestore keyword");
}
s->flags |= SIG_FLAG_BYPASS;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_BYPASS, NULL, DETECT_SM_LIST_POSTMATCH) == NULL) {
return -1;
-
- sm->type = DETECT_BYPASS;
- sm->ctx = NULL;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
+ }
return 0;
}
*/
static int DetectByteExtractSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
{
- SigMatch *sm = NULL;
SigMatch *prev_pm = NULL;
DetectByteExtractData *data = NULL;
int ret = -1;
if (data->local_id > de_ctx->byte_extract_max_local_id)
de_ctx->byte_extract_max_local_id = data->local_id;
-
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_BYTE_EXTRACT, (SigMatchCtx *)data, sm_list) ==
+ NULL) {
goto error;
- sm->type = DETECT_BYTE_EXTRACT;
- sm->ctx = (void *)data;
- SigMatchAppendSMToList(s, sm, sm_list);
-
+ }
if (!(data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE))
goto okay;
static int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, const char *optstr)
{
- SigMatch *sm = NULL;
SigMatch *prev_pm = NULL;
DetectBytejumpData *data = NULL;
char *offset = NULL;
offset = NULL;
}
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_BYTEJUMP, (SigMatchCtx *)data, sm_list) == NULL) {
goto error;
- sm->type = DETECT_BYTEJUMP;
- sm->ctx = (SigMatchCtx *)data;
- SigMatchAppendSMToList(s, sm, sm_list);
+ }
if (!(data->flags & DETECT_BYTEJUMP_RELATIVE))
goto okay;
*/
static int DetectByteMathSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
{
- SigMatch *sm = NULL;
SigMatch *prev_pm = NULL;
DetectByteMathData *data;
char *rvalue = NULL;
de_ctx->byte_extract_max_local_id = data->local_id;
}
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_BYTEMATH, (SigMatchCtx *)data, sm_list) == NULL) {
goto error;
- sm->type = DETECT_BYTEMATH;
- sm->ctx = (void *)data;
- SigMatchAppendSMToList(s, sm, sm_list);
+ }
if (!(data->flags & DETECT_BYTEMATH_FLAG_RELATIVE))
goto okay;
static int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, const char *optstr)
{
- SigMatch *sm = NULL;
SigMatch *prev_pm = NULL;
char *value = NULL;
char *offset = NULL;
nbytes = NULL;
}
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_BYTETEST, (SigMatchCtx *)data, sm_list) == NULL) {
goto error;
- sm->type = DETECT_BYTETEST;
- sm->ctx = (SigMatchCtx *)data;
- SigMatchAppendSMToList(s, sm, sm_list);
+ }
if (!(data->flags & DETECT_BYTETEST_RELATIVE))
goto okay;
SCEnter();
DetectCipServiceData *cipserviced = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_ENIP) != 0)
return -1;
if (cipserviced == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_CIPSERVICE, (SigMatchCtx *)cipserviced,
+ g_cip_buffer_id) == NULL) {
goto error;
-
- sm->type = DETECT_CIPSERVICE;
- sm->ctx = (void *) cipserviced;
-
- SigMatchAppendSMToList(s, sm, g_cip_buffer_id);
+ }
SCReturnInt(0);
error:
if (cipserviced != NULL)
DetectCipServiceFree(de_ctx, cipserviced);
- if (sm != NULL)
- SCFree(sm);
SCReturnInt(-1);
}
const char *rulestr)
{
DetectEnipCommandData *enipcmdd = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_ENIP) != 0)
return -1;
if (enipcmdd == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_ENIPCOMMAND, (SigMatchCtx *)enipcmdd, g_enip_buffer_id) == NULL) {
goto error;
-
- sm->type = DETECT_ENIPCOMMAND;
- sm->ctx = (void *) enipcmdd;
-
- SigMatchAppendSMToList(s, sm, g_enip_buffer_id);
+ }
SCReturnInt(0);
error:
if (enipcmdd != NULL)
DetectEnipCommandFree(de_ctx, enipcmdd);
- if (sm != NULL)
- SCFree(sm);
SCReturnInt(-1);
}
SCEnter();
DetectConfigData *fd = NULL;
- SigMatch *sm = NULL;
int res = 0;
size_t pcre2len;
#if 0
}
#endif
pcre2_match_data *match = NULL;
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
- sm->type = DETECT_CONFIG;
if (str == NULL || strlen(str) == 0) {
SCLogError("config keywords need arguments");
s->flags |= SIG_FLAG_APPLAYER;
}
- sm->ctx = (SigMatchCtx*)fd;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_CONFIG, (SigMatchCtx *)fd, DETECT_SM_LIST_POSTMATCH) == NULL) {
+ goto error;
+ }
pcre2_match_data_free(match);
return 0;
if (match) {
pcre2_match_data_free(match);
}
- if (sm != NULL)
- SCFree(sm);
return -1;
}
}
}
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_CONTENT, (SigMatchCtx *)cd, sm_list) == NULL) {
goto error;
- sm->ctx = (void *)cd;
- sm->type = DETECT_CONTENT;
- SigMatchAppendSMToList(s, sm, sm_list);
+ }
return 0;
static int DetectIPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *csum_str)
{
DetectCsumData *cd = NULL;
- SigMatch *sm = NULL;
//printf("DetectCsumSetup: \'%s\'\n", csum_str);
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_IPV4_CSUM;
-
if ( (cd = SCMalloc(sizeof(DetectCsumData))) == NULL)
goto error;
memset(cd, 0, sizeof(DetectCsumData));
if (DetectCsumParseArg(csum_str, cd) == 0)
goto error;
- sm->ctx = (SigMatchCtx *)cd;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_IPV4_CSUM, (SigMatchCtx *)cd, DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
return 0;
error:
- if (cd != NULL) DetectIPV4CsumFree(de_ctx, cd);
- if (sm != NULL) SCFree(sm);
+ if (cd != NULL)
+ DetectIPV4CsumFree(de_ctx, cd);
return -1;
}
static int DetectTCPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *csum_str)
{
DetectCsumData *cd = NULL;
- SigMatch *sm = NULL;
//printf("DetectCsumSetup: \'%s\'\n", csum_str);
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_TCPV4_CSUM;
-
if ( (cd = SCMalloc(sizeof(DetectCsumData))) == NULL)
goto error;
memset(cd, 0, sizeof(DetectCsumData));
if (DetectCsumParseArg(csum_str, cd) == 0)
goto error;
- sm->ctx = (SigMatchCtx *)cd;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_TCPV4_CSUM, (SigMatchCtx *)cd, DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
return 0;
error:
- if (cd != NULL) DetectTCPV4CsumFree(de_ctx, cd);
- if (sm != NULL) SCFree(sm);
+ if (cd != NULL)
+ DetectTCPV4CsumFree(de_ctx, cd);
return -1;
}
static int DetectTCPV6CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *csum_str)
{
DetectCsumData *cd = NULL;
- SigMatch *sm = NULL;
//printf("DetectCsumSetup: \'%s\'\n", csum_str);
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_TCPV6_CSUM;
-
if ( (cd = SCMalloc(sizeof(DetectCsumData))) == NULL)
goto error;
memset(cd, 0, sizeof(DetectCsumData));
if (DetectCsumParseArg(csum_str, cd) == 0)
goto error;
- sm->ctx = (SigMatchCtx *)cd;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_TCPV6_CSUM, (SigMatchCtx *)cd, DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
return 0;
error:
- if (cd != NULL) DetectTCPV6CsumFree(de_ctx, cd);
- if (sm != NULL) SCFree(sm);
+ if (cd != NULL)
+ DetectTCPV6CsumFree(de_ctx, cd);
return -1;
}
static int DetectUDPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *csum_str)
{
DetectCsumData *cd = NULL;
- SigMatch *sm = NULL;
//printf("DetectCsumSetup: \'%s\'\n", csum_str);
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_UDPV4_CSUM;
-
if ( (cd = SCMalloc(sizeof(DetectCsumData))) == NULL)
goto error;
memset(cd, 0, sizeof(DetectCsumData));
if (DetectCsumParseArg(csum_str, cd) == 0)
goto error;
- sm->ctx = (SigMatchCtx *)cd;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_UDPV4_CSUM, (SigMatchCtx *)cd, DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
return 0;
error:
- if (cd != NULL) DetectUDPV4CsumFree(de_ctx, cd);
- if (sm != NULL) SCFree(sm);
+ if (cd != NULL)
+ DetectUDPV4CsumFree(de_ctx, cd);
return -1;
}
static int DetectUDPV6CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *csum_str)
{
DetectCsumData *cd = NULL;
- SigMatch *sm = NULL;
//printf("DetectCsumSetup: \'%s\'\n", csum_str);
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_UDPV6_CSUM;
-
if ( (cd = SCMalloc(sizeof(DetectCsumData))) == NULL)
goto error;
memset(cd, 0, sizeof(DetectCsumData));
if (DetectCsumParseArg(csum_str, cd) == 0)
goto error;
- sm->ctx = (void *)cd;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_UDPV6_CSUM, (SigMatchCtx *)cd, DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
return 0;
error:
- if (cd != NULL) DetectUDPV6CsumFree(de_ctx, cd);
- if (sm != NULL) SCFree(sm);
+ if (cd != NULL)
+ DetectUDPV6CsumFree(de_ctx, cd);
return -1;
}
static int DetectICMPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *csum_str)
{
DetectCsumData *cd = NULL;
- SigMatch *sm = NULL;
//printf("DetectCsumSetup: \'%s\'\n", csum_str);
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_ICMPV4_CSUM;
-
if ( (cd = SCMalloc(sizeof(DetectCsumData))) == NULL)
goto error;
memset(cd, 0, sizeof(DetectCsumData));
if (DetectCsumParseArg(csum_str, cd) == 0)
goto error;
- sm->ctx = (SigMatchCtx *)cd;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_ICMPV4_CSUM, (SigMatchCtx *)cd, DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
return 0;
error:
- if (cd != NULL) DetectICMPV4CsumFree(de_ctx, cd);
- if (sm != NULL) SCFree(sm);
+ if (cd != NULL)
+ DetectICMPV4CsumFree(de_ctx, cd);
return -1;
}
static int DetectICMPV6CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *csum_str)
{
DetectCsumData *cd = NULL;
- SigMatch *sm = NULL;
-
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_ICMPV6_CSUM;
if ( (cd = SCMalloc(sizeof(DetectCsumData))) == NULL)
goto error;
if (DetectCsumParseArg(csum_str, cd) == 0)
goto error;
- sm->ctx = (SigMatchCtx *)cd;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_ICMPV6_CSUM, (SigMatchCtx *)cd, DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
return 0;
error:
- if (cd != NULL) DetectICMPV6CsumFree(de_ctx, cd);
- if (sm != NULL) SCFree(sm);
+ if (cd != NULL)
+ DetectICMPV6CsumFree(de_ctx, cd);
return -1;
}
static int DetectDatarepSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
- SigMatch *sm = NULL;
char cmd_str[16] = "", name[64] = "";
enum DatasetTypes type = DATASET_TYPE_NOTSET;
char load[PATH_MAX] = "";
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
- sm->type = DETECT_DATAREP;
- sm->ctx = (SigMatchCtx *)cd;
- SigMatchAppendSMToList(s, sm, list);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_DATAREP, (SigMatchCtx *)cd, list) == NULL) {
+ goto error;
+ }
return 0;
error:
if (cd != NULL)
SCFree(cd);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
int DetectDatasetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
DetectDatasetData *cd = NULL;
- SigMatch *sm = NULL;
uint8_t cmd = 0;
uint64_t memcap = 0;
uint32_t hashsize = 0;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
- sm->type = DETECT_DATASET;
- sm->ctx = (SigMatchCtx *)cd;
- SigMatchAppendSMToList(s, sm, list);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_DATASET, (SigMatchCtx *)cd, list) == NULL) {
+ goto error;
+ }
return 0;
error:
if (cd != NULL)
SCFree(cd);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
return -1;
}
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_DCE_IFACE, did, g_dce_generic_list_id) == NULL) {
+ DetectDceIfaceFree(de_ctx, did);
return -1;
}
-
- sm->type = DETECT_DCE_IFACE;
- sm->ctx = did;
-
- SigMatchAppendSMToList(s, sm, g_dce_generic_list_id);
return 0;
}
return -1;
}
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_DCE_OPNUM, (SigMatchCtx *)dod, g_dce_generic_list_id) == NULL) {
DetectDceOpnumFree(de_ctx, dod);
return -1;
}
-
- sm->type = DETECT_DCE_OPNUM;
- sm->ctx = (void *)dod;
-
- SigMatchAppendSMToList(s, sm, g_dce_generic_list_id);
return 0;
}
{
SCEnter();
DetectThresholdData *df = NULL;
- SigMatch *sm = NULL;
SigMatch *tmpm = NULL;
/* checks if there's a previous instance of threshold */
if (df == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_DETECTION_FILTER, (SigMatchCtx *)df,
+ DETECT_SM_LIST_THRESHOLD) == NULL) {
goto error;
-
- sm->type = DETECT_DETECTION_FILTER;
- sm->ctx = (SigMatchCtx *)df;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_THRESHOLD);
+ }
return 0;
error:
if (df)
SCFree(df);
- if (sm)
- SCFree(sm);
return -1;
}
/* okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_DHCP_LEASETIME;
- sm->ctx = (void *)dd;
- SigMatchAppendSMToList(s, sm, g_buffer_id);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_AL_DHCP_LEASETIME, (SigMatchCtx *)dd, g_buffer_id) == NULL) {
+ goto error;
+ }
return 0;
error:
/* okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_DHCP_REBINDING_TIME;
- sm->ctx = (void *)dd;
- SigMatchAppendSMToList(s, sm, g_buffer_id);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_AL_DHCP_REBINDING_TIME, (SigMatchCtx *)dd, g_buffer_id) == NULL) {
+ goto error;
+ }
return 0;
error:
/* okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_DHCP_RENEWAL_TIME;
- sm->ctx = (void *)dd;
- SigMatchAppendSMToList(s, sm, g_buffer_id);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_AL_DHCP_RENEWAL_TIME, (SigMatchCtx *)dd, g_buffer_id) == NULL) {
+ goto error;
+ }
return 0;
error:
{
SCEnter();
DetectDNP3 *dnp3 = NULL;
- SigMatch *sm = NULL;
uint8_t function_code;
if (DetectSignatureSetAppProto(s, ALPROTO_DNP3) != 0)
}
dnp3->function_code = function_code;
- sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_DNP3FUNC, (SigMatchCtx *)dnp3,
+ g_dnp3_match_buffer_id) == NULL) {
goto error;
}
- sm->type = DETECT_AL_DNP3FUNC;
- sm->ctx = (void *)dnp3;
-
- SigMatchAppendSMToList(s, sm, g_dnp3_match_buffer_id);
SCReturnInt(0);
error:
if (dnp3 != NULL) {
SCFree(dnp3);
}
- if (sm != NULL) {
- SCFree(sm);
- }
SCReturnInt(-1);
}
{
SCEnter();
DetectDNP3 *detect = NULL;
- SigMatch *sm = NULL;
uint16_t flags;
if (DetectSignatureSetAppProto(s, ALPROTO_DNP3) != 0)
}
detect->ind_flags = flags;
- sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_DNP3IND, (SigMatchCtx *)detect,
+ g_dnp3_match_buffer_id) == NULL) {
goto error;
}
- sm->type = DETECT_AL_DNP3IND;
- sm->ctx = (void *)detect;
- SigMatchAppendSMToList(s, sm, g_dnp3_match_buffer_id);
SCReturnInt(0);
error:
if (detect != NULL) {
SCFree(detect);
}
- if (sm != NULL) {
- SCFree(sm);
- }
SCReturnInt(-1);
}
uint8_t group;
uint8_t variation;
DetectDNP3 *detect = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_DNP3) != 0)
return -1;
detect->obj_group = group;
detect->obj_variation = variation;
- sm = SigMatchAlloc();
- if (unlikely(sm == NULL)) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_DNP3OBJ, (SigMatchCtx *)detect,
+ g_dnp3_match_buffer_id) == NULL) {
goto fail;
}
- sm->type = DETECT_AL_DNP3OBJ;
- sm->ctx = (void *)detect;
- SigMatchAppendSMToList(s, sm, g_dnp3_match_buffer_id);
SCReturnInt(1);
fail:
if (detect != NULL) {
SCFree(detect);
}
- if (sm != NULL) {
- SCFree(sm);
- }
SCReturnInt(0);
}
return -1;
}
- SigMatch *sm = SigMatchAlloc();
- if (unlikely(sm == NULL)) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_DNS_OPCODE, (SigMatchCtx *)detect,
+ dns_opcode_list_id) == NULL) {
goto error;
}
- sm->type = DETECT_AL_DNS_OPCODE;
- sm->ctx = (void *)detect;
- SigMatchAppendSMToList(s, sm, dns_opcode_list_id);
-
SCReturnInt(0);
error:
static int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
DetectU16Data *dd = NULL;
- SigMatch *sm = NULL;
if (DetectGetLastSMFromLists(s, DETECT_DSIZE, -1)) {
SCLogError("Can't use 2 or more dsizes in "
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL){
- SCLogError("Failed to allocate memory for SigMatch");
+ SigMatch *sm = SigMatchAppendSMToList(
+ de_ctx, s, DETECT_DSIZE, (SigMatchCtx *)dd, DETECT_SM_LIST_MATCH);
+ if (sm == NULL) {
rs_detect_u16_free(dd);
goto error;
}
- sm->type = DETECT_DSIZE;
- sm->ctx = (SigMatchCtx *)dd;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
-
SCLogDebug("dd->arg1 %" PRIu16 ", dd->arg2 %" PRIu16 ", dd->mode %" PRIu8 "", dd->arg1,
dd->arg2, dd->mode);
/* tell the sig it has a dsize to speed up engine init */
SCLogDebug("rawstr %s %u", rawstr, de->event);
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, smtype, (SigMatchCtx *)de, DETECT_SM_LIST_MATCH) ==
+ NULL) {
SCFree(de);
return -1;
}
-
- sm->type = smtype;
- sm->ctx = (SigMatchCtx *)de;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
return 0;
}
DetectEngineCtx *de_ctx, Signature *s, const char *str, uint16_t type, int list)
{
DetectFileHashData *filehash = NULL;
- SigMatch *sm = NULL;
filehash = DetectFileHashParse(de_ctx, str, type);
if (filehash == NULL)
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = type;
- sm->ctx = (void *)filehash;
- SigMatchAppendSMToList(s, sm, list);
+ if (SigMatchAppendSMToList(de_ctx, s, type, (SigMatchCtx *)filehash, list) == NULL) {
+ goto error;
+ }
s->file_flags |= FILE_SIG_NEED_FILE;
error:
if (filehash != NULL)
DetectFileHashFree(de_ctx, filehash);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
{
SCEnter();
DetectU64Data *fsd = NULL;
- SigMatch *sm = NULL;
fsd = DetectU64Parse(str);
if (fsd == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_FILESIZE, (SigMatchCtx *)fsd, g_file_match_list_id) == NULL) {
goto error;
-
- sm->type = DETECT_FILESIZE;
- sm->ctx = (SigMatchCtx *)fsd;
-
- SigMatchAppendSMToList(s, sm, g_file_match_list_id);
+ }
s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_SIZE);
SCReturnInt(0);
error:
if (fsd != NULL)
DetectFilesizeFree(de_ctx, fsd);
- if (sm != NULL)
- SCFree(sm);
SCReturnInt(-1);
}
}
DetectFilestoreData *fd = NULL;
- SigMatch *sm = NULL;
char *args[3] = {NULL,NULL,NULL};
int res = 0;
size_t pcre2len;
return -1;
}
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_FILESTORE;
-
if (str != NULL && strlen(str) > 0) {
char str_0[32];
char str_1[32];
if (fd->scope == 0)
fd->scope = FILESTORE_SCOPE_DEFAULT;
}
-
- sm->ctx = (SigMatchCtx*)fd;
- } else {
- sm->ctx = (SigMatchCtx*)NULL;
}
if (s->alproto == ALPROTO_HTTP1 || s->alproto == ALPROTO_HTTP) {
AppLayerHtpNeedFileInspection();
}
- SigMatchAppendSMToList(s, sm, g_file_match_list_id);
- s->filestore_ctx = (const DetectFilestoreData *)sm->ctx;
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_FILESTORE, (SigMatchCtx *)fd, g_file_match_list_id) == NULL) {
+ goto error;
+ }
+ s->filestore_ctx = fd;
- sm = SigMatchAlloc();
- if (unlikely(sm == NULL))
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_FILESTORE_POSTMATCH, NULL, DETECT_SM_LIST_POSTMATCH) == NULL) {
goto error;
- sm->type = DETECT_FILESTORE_POSTMATCH;
- sm->ctx = NULL;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
+ }
s->flags |= SIG_FLAG_FILESTORE;
if (match) {
pcre2_match_data_free(match);
}
- if (sm != NULL)
- SCFree(sm);
return -1;
}
if (du32 == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_FLOW_AGE, (SigMatchCtx *)du32, DETECT_SM_LIST_MATCH) == NULL) {
DetectFlowAgeFree(de_ctx, du32);
return -1;
}
-
- sm->type = DETECT_FLOW_AGE;
- sm->ctx = (SigMatchCtx *)du32;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
if (du32 == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_FLOW_PKTS_TO_CLIENT, (SigMatchCtx *)du32,
+ DETECT_SM_LIST_MATCH) == NULL) {
DetectFlowPktsToClientFree(de_ctx, du32);
return -1;
}
-
- sm->type = DETECT_FLOW_PKTS_TO_CLIENT;
- sm->ctx = (SigMatchCtx *)du32;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
if (du32 == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_FLOW_PKTS_TO_SERVER, (SigMatchCtx *)du32,
+ DETECT_SM_LIST_MATCH) == NULL) {
DetectFlowPktsToServerFree(de_ctx, du32);
return -1;
}
-
- sm->type = DETECT_FLOW_PKTS_TO_SERVER;
- sm->ctx = (SigMatchCtx *)du32;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
if (du64 == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_FLOW_BYTES_TO_CLIENT, (SigMatchCtx *)du64,
+ DETECT_SM_LIST_MATCH) == NULL) {
DetectFlowBytesToClientFree(de_ctx, du64);
return -1;
}
-
- sm->type = DETECT_FLOW_BYTES_TO_CLIENT;
- sm->ctx = (SigMatchCtx *)du64;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
if (du64 == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_FLOW_BYTES_TO_SERVER, (SigMatchCtx *)du64,
+ DETECT_SM_LIST_MATCH) == NULL) {
DetectFlowBytesToServerFree(de_ctx, du64);
return -1;
}
-
- sm->type = DETECT_FLOW_BYTES_TO_SERVER;
- sm->ctx = (SigMatchCtx *)du64;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
if (fd == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_FLOW;
- sm->ctx = (SigMatchCtx *)fd;
-
+ bool appendsm = true;
/* set the signature direction flags */
if (fd->flags & DETECT_FLOW_FLAG_TOSERVER) {
s->flags |= SIG_FLAG_TOSERVER;
fd->flags == DETECT_FLOW_FLAG_TOCLIENT) {
/* no direct flow is needed for just direction,
* no sigmatch is needed either. */
- SigMatchFree(de_ctx, sm);
- sm = NULL;
+ appendsm = false;
} else {
s->init_data->init_flags |= SIG_FLAG_INIT_FLOW;
}
- if (sm != NULL) {
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (appendsm) {
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_FLOW, (SigMatchCtx *)fd, DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
+ } else if (fd != NULL) {
+ DetectFlowFree(de_ctx, fd);
}
if (parse_flags & DETECT_FLOW_FLAG_ONLYSTREAM) {
int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
DetectFlowbitsData *cd = NULL;
- SigMatch *sm = NULL;
uint8_t fb_cmd = 0;
char fb_cmd_str[16] = "", fb_name[256] = "";
}
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_FLOWBITS;
- sm->ctx = (SigMatchCtx *)cd;
switch (fb_cmd) {
/* case DETECT_FLOWBITS_CMD_NOALERT can't happen here */
case DETECT_FLOWBITS_CMD_ISNOTSET:
case DETECT_FLOWBITS_CMD_ISSET:
/* checks, so packet list */
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_FLOWBITS, (SigMatchCtx *)cd,
+ DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
break;
case DETECT_FLOWBITS_CMD_SET:
case DETECT_FLOWBITS_CMD_UNSET:
case DETECT_FLOWBITS_CMD_TOGGLE:
/* modifiers, only run when entire sig has matched */
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_FLOWBITS, (SigMatchCtx *)cd,
+ DETECT_SM_LIST_POSTMATCH) == NULL) {
+ goto error;
+ }
break;
// suppress coverity warning as scan-build-7 warns w/o this.
error:
if (cd != NULL)
DetectFlowbitFree(de_ctx, cd);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
static int DetectFlowintSetup(DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
DetectFlowintData *sfd = NULL;
- SigMatch *sm = NULL;
sfd = DetectFlowintParse(de_ctx, rawstr);
if (sfd == NULL)
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_FLOWINT;
- sm->ctx = (SigMatchCtx *)sfd;
switch (sfd->modifier) {
case FLOWINT_MODIFIER_SET:
case FLOWINT_MODIFIER_ADD:
case FLOWINT_MODIFIER_SUB:
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_FLOWINT, (SigMatchCtx *)sfd,
+ DETECT_SM_LIST_POSTMATCH) == NULL) {
+ goto error;
+ }
break;
case FLOWINT_MODIFIER_LT:
case FLOWINT_MODIFIER_GT:
case FLOWINT_MODIFIER_ISSET:
case FLOWINT_MODIFIER_NOTSET:
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_FLOWINT, (SigMatchCtx *)sfd,
+ DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
break;
default:
goto error;
error:
if (sfd)
DetectFlowintFree(de_ctx, sfd);
- if (sm)
- SCFree(sm);
return -1;
}
static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
DetectFlowvarData *fd = NULL;
- SigMatch *sm = NULL;
char varname[64], varcontent[64];
int res = 0;
size_t pcre2len;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (unlikely(sm == NULL))
- goto error;
-
- sm->type = DETECT_FLOWVAR;
- sm->ctx = (SigMatchCtx *)fd;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_FLOWVAR, (SigMatchCtx *)fd, DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
SCFree(content);
return 0;
error:
if (fd != NULL)
DetectFlowvarDataFree(de_ctx, fd);
- if (sm != NULL)
- SCFree(sm);
if (content != NULL)
SCFree(content);
return -1;
*/
int DetectFlowvarPostMatchSetup(DetectEngineCtx *de_ctx, Signature *s, uint32_t idx)
{
- SigMatch *sm = NULL;
DetectFlowvarData *fv = NULL;
fv = SCMalloc(sizeof(DetectFlowvarData));
fv->idx = idx;
fv->post_match = true;
- sm = SigMatchAlloc();
- if (unlikely(sm == NULL))
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_FLOWVAR_POSTMATCH, (SigMatchCtx *)fv,
+ DETECT_SM_LIST_POSTMATCH) == NULL) {
goto error;
-
- sm->type = DETECT_FLOWVAR_POSTMATCH;
- sm->ctx = (SigMatchCtx *)fv;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
+ }
return 0;
error:
if (fv != NULL)
static int DetectFragBitsSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
DetectFragBitsData *de = NULL;
- SigMatch *sm = NULL;
de = DetectFragBitsParse(rawstr);
if (de == NULL)
return -1;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_FRAGBITS, (SigMatchCtx *)de, DETECT_SM_LIST_MATCH) == NULL) {
goto error;
-
- sm->type = DETECT_FRAGBITS;
- sm->ctx = (SigMatchCtx *)de;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ }
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
static int DetectFragOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *fragoffsetstr)
{
DetectFragOffsetData *fragoff = NULL;
- SigMatch *sm = NULL;
fragoff = DetectFragOffsetParse(de_ctx, fragoffsetstr);
if (fragoff == NULL) goto error;
- sm = SigMatchAlloc();
- if (sm == NULL) goto error;
-
- sm->type = DETECT_FRAGOFFSET;
- sm->ctx = (SigMatchCtx *)fragoff;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_FRAGOFFSET, (SigMatchCtx *)fragoff,
+ DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
error:
- if (fragoff != NULL) DetectFragOffsetFree(de_ctx, fragoff);
- if (sm != NULL) SCFree(sm);
+ if (fragoff != NULL)
+ DetectFragOffsetFree(de_ctx, fragoff);
return -1;
}
{
SCEnter();
- SigMatch *sm = NULL;
-
if (DetectSignatureSetAppProto(s, ALPROTO_FTP) != 0)
return -1;
- sm = SigMatchAlloc();
- if (sm == NULL) {
- return -1;
- }
-
- sm->type = DETECT_FTPBOUNCE;
-
/* We don't need to allocate any data for ftpbounce here.
*
* TODO: As a suggestion, maybe we can add a flag in the flow
* without breaking the connection, so I guess we can make it a bit faster
* with a flow flag set lookup in the Match function.
*/
- sm->ctx = NULL;
- SigMatchAppendSMToList(s, sm, g_ftp_request_list_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_FTPBOUNCE, NULL, g_ftp_request_list_id) == NULL) {
+ return -1;
+ }
SCReturnInt(0);
}
if (ftpcommandd == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_FTPDATA, (SigMatchCtx *)ftpcommandd,
+ g_ftpdata_buffer_id) == NULL) {
DetectFtpdataFree(de_ctx, ftpcommandd);
return -1;
}
- sm->type = DETECT_FTPDATA;
- sm->ctx = (void *)ftpcommandd;
-
- SigMatchAppendSMToList(s, sm, g_ftpdata_buffer_id);
return 0;
}
static int DetectGeoipSetup(DetectEngineCtx *de_ctx, Signature *s, const char *optstr)
{
DetectGeoipData *geoipdata = NULL;
- SigMatch *sm = NULL;
geoipdata = DetectGeoipDataParse(de_ctx, optstr);
if (geoipdata == NULL)
goto error;
/* Get this into a SigMatch and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_GEOIP;
- sm->ctx = (SigMatchCtx *)geoipdata;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_GEOIP, (SigMatchCtx *)geoipdata, DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
error:
if (geoipdata != NULL)
DetectGeoipDataFree(de_ctx, geoipdata);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
int DetectHostbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
DetectXbitsData *cd = NULL;
- SigMatch *sm = NULL;
uint8_t fb_cmd = 0;
uint8_t hb_dir = 0;
char fb_cmd_str[16] = "", fb_name[256] = "";
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_HOSTBITS;
- sm->ctx = (void *)cd;
switch (fb_cmd) {
/* case DETECT_XBITS_CMD_NOALERT can't happen here */
case DETECT_XBITS_CMD_ISNOTSET:
case DETECT_XBITS_CMD_ISSET:
/* checks, so packet list */
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_HOSTBITS, (SigMatchCtx *)cd,
+ DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
break;
case DETECT_XBITS_CMD_SET:
case DETECT_XBITS_CMD_UNSET:
case DETECT_XBITS_CMD_TOGGLE:
/* modifiers, only run when entire sig has matched */
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_HOSTBITS, (SigMatchCtx *)cd,
+ DETECT_SM_LIST_POSTMATCH) == NULL) {
+ goto error;
+ }
break;
// suppress coverity warning as scan-build-7 warns w/o this.
error:
if (cd != NULL)
SCFree(cd);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
return -1;
*http2ft = frame_type;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_HTTP2_FRAMETYPE, (SigMatchCtx *)http2ft,
+ g_http2_match_buffer_id) == NULL) {
DetectHTTP2frametypeFree(NULL, http2ft);
return -1;
}
- sm->type = DETECT_HTTP2_FRAMETYPE;
- sm->ctx = (SigMatchCtx *)http2ft;
-
- SigMatchAppendSMToList(s, sm, g_http2_match_buffer_id);
-
return 0;
}
return -1;
*http2ec = error_code;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_HTTP2_ERRORCODE, (SigMatchCtx *)http2ec,
+ g_http2_match_buffer_id) == NULL) {
DetectHTTP2errorcodeFree(NULL, http2ec);
return -1;
}
- sm->type = DETECT_HTTP2_ERRORCODE;
- sm->ctx = (SigMatchCtx *)http2ec;
-
- SigMatchAppendSMToList(s, sm, g_http2_match_buffer_id);
-
return 0;
}
if (prio == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_HTTP2_PRIORITY, (SigMatchCtx *)prio,
+ g_http2_match_buffer_id) == NULL) {
rs_detect_u8_free(prio);
return -1;
}
- sm->type = DETECT_HTTP2_PRIORITY;
- sm->ctx = (SigMatchCtx *)prio;
-
- SigMatchAppendSMToList(s, sm, g_http2_match_buffer_id);
-
return 0;
}
if (wu == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_HTTP2_WINDOW, (SigMatchCtx *)wu,
+ g_http2_match_buffer_id) == NULL) {
rs_detect_u32_free(wu);
return -1;
}
- sm->type = DETECT_HTTP2_WINDOW;
- sm->ctx = (SigMatchCtx *)wu;
-
- SigMatchAppendSMToList(s, sm, g_http2_match_buffer_id);
-
return 0;
}
if (su == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_HTTP2_SIZEUPDATE, (SigMatchCtx *)su,
+ g_http2_match_buffer_id) == NULL) {
DetectHTTP2settingsFree(NULL, su);
return -1;
}
- sm->type = DETECT_HTTP2_SIZEUPDATE;
- sm->ctx = (SigMatchCtx *)su;
-
- SigMatchAppendSMToList(s, sm, g_http2_match_buffer_id);
-
return 0;
}
if (http2set == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_HTTP2_SETTINGS, (SigMatchCtx *)http2set,
+ g_http2_match_buffer_id) == NULL) {
DetectHTTP2settingsFree(NULL, http2set);
return -1;
}
- sm->type = DETECT_HTTP2_SETTINGS;
- sm->ctx = (SigMatchCtx *)http2set;
-
- SigMatchAppendSMToList(s, sm, g_http2_match_buffer_id);
-
return 0;
}
static int DetectIcmpIdSetup (DetectEngineCtx *de_ctx, Signature *s, const char *icmpidstr)
{
DetectIcmpIdData *iid = NULL;
- SigMatch *sm = NULL;
iid = DetectIcmpIdParse(de_ctx, icmpidstr);
if (iid == NULL) goto error;
- sm = SigMatchAlloc();
- if (sm == NULL) goto error;
-
- sm->type = DETECT_ICMP_ID;
- sm->ctx = (SigMatchCtx *)iid;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_ICMP_ID, (SigMatchCtx *)iid, DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
error:
- if (iid != NULL) DetectIcmpIdFree(de_ctx, iid);
- if (sm != NULL) SCFree(sm);
+ if (iid != NULL)
+ DetectIcmpIdFree(de_ctx, iid);
return -1;
}
static int DetectIcmpSeqSetup (DetectEngineCtx *de_ctx, Signature *s, const char *icmpseqstr)
{
DetectIcmpSeqData *iseq = NULL;
- SigMatch *sm = NULL;
iseq = DetectIcmpSeqParse(de_ctx, icmpseqstr);
if (iseq == NULL) goto error;
- sm = SigMatchAlloc();
- if (sm == NULL) goto error;
-
- sm->type = DETECT_ICMP_SEQ;
- sm->ctx = (SigMatchCtx *)iseq;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_ICMP_SEQ, (SigMatchCtx *)iseq, DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
return 0;
error:
- if (iseq != NULL) DetectIcmpSeqFree(de_ctx, iseq);
- if (sm != NULL) SCFree(sm);
+ if (iseq != NULL)
+ DetectIcmpSeqFree(de_ctx, iseq);
return -1;
}
if (icmpv6mtud == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_ICMPV6MTU, (SigMatchCtx *)icmpv6mtud,
+ DETECT_SM_LIST_MATCH) == NULL) {
DetectICMPv6mtuFree(de_ctx, icmpv6mtud);
return -1;
}
-
- sm->type = DETECT_ICMPV6MTU;
- sm->ctx = (SigMatchCtx *)icmpv6mtud;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
s->flags |= SIG_FLAG_REQUIRE_PACKET;
s->proto.flags |= DETECT_PROTO_IPV6;
{
DetectU8Data *icd = NULL;
- SigMatch *sm = NULL;
icd = DetectU8Parse(icodestr);
if (icd == NULL) goto error;
- sm = SigMatchAlloc();
- if (sm == NULL) goto error;
-
- sm->type = DETECT_ICODE;
- sm->ctx = (SigMatchCtx *)icd;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_ICODE, (SigMatchCtx *)icd, DETECT_SM_LIST_MATCH) ==
+ NULL) {
+ goto error;
+ }
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
error:
if (icd != NULL)
rs_detect_u8_free(icd);
- if (sm != NULL) SCFree(sm);
return -1;
}
int DetectIdSetup (DetectEngineCtx *de_ctx, Signature *s, const char *idstr)
{
DetectIdData *id_d = NULL;
- SigMatch *sm = NULL;
id_d = DetectIdParse(idstr);
if (id_d == NULL)
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_ID, (SigMatchCtx *)id_d, DETECT_SM_LIST_MATCH) ==
+ NULL) {
DetectIdFree(de_ctx, id_d);
return -1;
}
-
- sm->type = DETECT_ID;
- sm->ctx = (SigMatchCtx *)id_d;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
}
/* okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_IKE_CHOSEN_SA;
- sm->ctx = (void *)dd;
- SigMatchAppendSMToList(s, sm, g_ike_chosen_sa_buffer_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_IKE_CHOSEN_SA, (SigMatchCtx *)dd,
+ g_ike_chosen_sa_buffer_id) == NULL) {
+ goto error;
+ }
return 0;
error:
/* okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_IKE_EXCH_TYPE;
- sm->ctx = (SigMatchCtx *)ike_exch_type;
- SigMatchAppendSMToList(s, sm, g_ike_exch_type_buffer_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_IKE_EXCH_TYPE, (SigMatchCtx *)ike_exch_type,
+ g_ike_exch_type_buffer_id) == NULL) {
+ goto error;
+ }
return 0;
error:
/* okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_IKE_KEY_EXCHANGE_PAYLOAD_LENGTH;
- sm->ctx = (SigMatchCtx *)key_exchange_payload_length;
- SigMatchAppendSMToList(s, sm, g_ike_key_exch_payload_length_buffer_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_IKE_KEY_EXCHANGE_PAYLOAD_LENGTH,
+ (SigMatchCtx *)key_exchange_payload_length,
+ g_ike_key_exch_payload_length_buffer_id) == NULL) {
+ goto error;
+ }
return 0;
error:
/* okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_IKE_NONCE_PAYLOAD_LENGTH;
- sm->ctx = (SigMatchCtx *)nonce_payload_length;
- SigMatchAppendSMToList(s, sm, g_ike_nonce_payload_length_buffer_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_IKE_NONCE_PAYLOAD_LENGTH,
+ (SigMatchCtx *)nonce_payload_length,
+ g_ike_nonce_payload_length_buffer_id) == NULL) {
+ goto error;
+ }
return 0;
error:
static int DetectIpOptsSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
DetectIpOptsData *de = NULL;
- SigMatch *sm = NULL;
de = DetectIpOptsParse(rawstr);
if (de == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_IPOPTS, (SigMatchCtx *)de, DETECT_SM_LIST_MATCH) ==
+ NULL) {
goto error;
-
- sm->type = DETECT_IPOPTS;
- sm->ctx = (SigMatchCtx *)de;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ }
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
error:
- if (de) SCFree(de);
- if (sm) SCFree(sm);
+ if (de)
+ SCFree(de);
return -1;
}
*/
static int DetectIPProtoSetup(DetectEngineCtx *de_ctx, Signature *s, const char *optstr)
{
- SigMatch *sm = NULL;
int i;
DetectIPProtoData *data = DetectIPProtoParse(optstr);
break;
}
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_IPPROTO, (SigMatchCtx *)data, DETECT_SM_LIST_MATCH) == NULL) {
goto error;
- sm->type = DETECT_IPPROTO;
- sm->ctx = (void *)data;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ }
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
return -1;
}
-
void DetectIPProtoRemoveAllSMs(DetectEngineCtx *de_ctx, Signature *s)
{
SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
int DetectIPRepSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
- SigMatch *sm = NULL;
DetectIPRepData *cd = rs_detect_iprep_parse(rawstr);
if (cd == NULL) {
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_IPREP;
- sm->ctx = (SigMatchCtx *)cd;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_IPREP, (SigMatchCtx *)cd, DETECT_SM_LIST_MATCH) ==
+ NULL) {
+ goto error;
+ }
return 0;
error:
if (cd != NULL)
DetectIPRepFree(de_ctx, cd);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
*/
int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, const char *isdataatstr)
{
- SigMatch *sm = NULL;
SigMatch *prev_pm = NULL;
DetectIsdataatData *idad = NULL;
char *offset = NULL;
goto end;
}
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_ISDATAAT, (SigMatchCtx *)idad, sm_list) == NULL) {
goto end;
- sm->type = DETECT_ISDATAAT;
- sm->ctx = (SigMatchCtx *)idad;
- SigMatchAppendSMToList(s, sm, sm_list);
+ }
if (!(idad->flags & ISDATAAT_RELATIVE)) {
ret = 0;
{
DetectU8Data *itd = NULL;
- SigMatch *sm = NULL;
itd = DetectITypeParse(de_ctx, itypestr);
if (itd == NULL) goto error;
- sm = SigMatchAlloc();
- if (sm == NULL) goto error;
-
- sm->type = DETECT_ITYPE;
- sm->ctx = (SigMatchCtx *)itd;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_ITYPE, (SigMatchCtx *)itd, DETECT_SM_LIST_MATCH) ==
+ NULL) {
+ goto error;
+ }
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
error:
- if (itd != NULL) DetectITypeFree(de_ctx, itd);
- if (sm != NULL) SCFree(sm);
+ if (itd != NULL)
+ DetectITypeFree(de_ctx, itd);
return -1;
}
static int DetectKrb5ErrCodeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *krb5str)
{
DetectKrb5ErrCodeData *krb5d = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_KRB5) != 0)
return -1;
if (krb5d == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_KRB5_ERRCODE, (SigMatchCtx *)krb5d,
+ g_krb5_err_code_list_id) == NULL) {
goto error;
-
- sm->type = DETECT_AL_KRB5_ERRCODE;
- sm->ctx = (void *)krb5d;
-
- SigMatchAppendSMToList(s, sm, g_krb5_err_code_list_id);
+ }
return 0;
error:
if (krb5d != NULL)
DetectKrb5ErrCodeFree(de_ctx, krb5d);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
static int DetectKrb5MsgTypeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *krb5str)
{
DetectKrb5MsgTypeData *krb5d = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_KRB5) != 0)
return -1;
if (krb5d == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_KRB5_MSGTYPE, (SigMatchCtx *)krb5d,
+ g_krb5_msg_type_list_id) == NULL) {
goto error;
-
- sm->type = DETECT_AL_KRB5_MSGTYPE;
- sm->ctx = (void *)krb5d;
-
- SigMatchAppendSMToList(s, sm, g_krb5_msg_type_list_id);
+ }
return 0;
error:
if (krb5d != NULL)
DetectKrb5MsgTypeFree(de_ctx, krb5d);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
DetectEngineCtx *de_ctx, Signature *s, const char *krb5str)
{
DetectKrb5TicketEncryptionData *krb5d = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_KRB5) != 0)
return -1;
if (krb5d == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_KRB5_TICKET_ENCRYPTION, (SigMatchCtx *)krb5d,
+ g_krb5_ticket_encryption_list_id) == NULL) {
goto error;
-
- sm->type = DETECT_AL_KRB5_TICKET_ENCRYPTION;
- sm->ctx = (void *)krb5d;
-
- SigMatchAppendSMToList(s, sm, g_krb5_ticket_encryption_list_id);
+ }
return 0;
error:
if (krb5d != NULL)
DetectKrb5TicketEncryptionFree(de_ctx, krb5d);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
static int DetectLuaSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
DetectLuaData *lua = NULL;
- SigMatch *sm = NULL;
/* First check if Lua rules are enabled, by default Lua in rules
* is disabled. */
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_LUA;
- sm->ctx = (SigMatchCtx *)lua;
int list = -1;
if (lua->alproto == ALPROTO_UNKNOWN) {
goto error;
}
- SigMatchAppendSMToList(s, sm, list);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_LUA, (SigMatchCtx *)lua, list) == NULL) {
+ goto error;
+ }
return 0;
error:
if (lua != NULL)
DetectLuaFree(de_ctx, lua);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
if (data == NULL) {
return -1;
}
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
- DetectMarkDataFree(de_ctx, data);
- return -1;
- }
-
- sm->type = DETECT_MARK;
- sm->ctx = (SigMatchCtx *)data;
/* Append it to the list of post match, so the mark is set if the
* full signature matches. */
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_MARK, (SigMatchCtx *)data, DETECT_SM_LIST_POSTMATCH) == NULL) {
+ DetectMarkDataFree(de_ctx, data);
+ return -1;
+ }
return 0;
#endif
}
{
SCEnter();
DetectModbusRust *modbus = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_MODBUS) != 0)
return -1;
}
/* Okay so far so good, lets get this into a SigMatch and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_AL_MODBUS, (SigMatchCtx *)modbus, g_modbus_buffer_id) == NULL) {
goto error;
-
- sm->type = DETECT_AL_MODBUS;
- sm->ctx = (void *) modbus;
-
- SigMatchAppendSMToList(s, sm, g_modbus_buffer_id);
+ }
SCReturnInt(0);
error:
if (modbus != NULL)
DetectModbusFree(de_ctx, modbus);
- if (sm != NULL)
- SCFree(sm);
SCReturnInt(-1);
}
static int DetectMQTTConnackSessionPresentSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
bool *de = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_MQTT) < 0)
return -1;
if (de == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_MQTT_CONNACK_SESSION_PRESENT, (SigMatchCtx *)de,
+ mqtt_connack_session_present_id) == NULL) {
goto error;
-
- sm->type = DETECT_AL_MQTT_CONNACK_SESSION_PRESENT;
- sm->ctx = (SigMatchCtx *)de;
-
- SigMatchAppendSMToList(s, sm, mqtt_connack_session_present_id);
+ }
return 0;
error:
if (de != NULL)
SCFree(de);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
static int DetectMQTTConnectFlagsSetup(DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
DetectMQTTConnectFlagsData *de = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_MQTT) < 0)
return -1;
if (de == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_MQTT_CONNECT_FLAGS, (SigMatchCtx *)de,
+ mqtt_connect_flags_id) == NULL) {
goto error;
-
- sm->type = DETECT_AL_MQTT_CONNECT_FLAGS;
- sm->ctx = (SigMatchCtx *)de;
-
- SigMatchAppendSMToList(s, sm, mqtt_connect_flags_id);
+ }
return 0;
error:
if (de != NULL)
SCFree(de);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
static int DetectMQTTFlagsSetup(DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
DetectMQTTFlagsData *de = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_MQTT) < 0)
return -1;
if (de == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_MQTT_FLAGS, (SigMatchCtx *)de, mqtt_flags_id) ==
+ NULL) {
goto error;
-
- sm->type = DETECT_AL_MQTT_FLAGS;
- sm->ctx = (SigMatchCtx *)de;
-
- SigMatchAppendSMToList(s, sm, mqtt_flags_id);
+ }
return 0;
error:
if (de != NULL)
SCFree(de);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
*/
static int DetectMQTTProtocolVersionSetup(DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
- SigMatch *sm = NULL;
DetectU8Data *de = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_MQTT) < 0)
if (de == NULL)
return -1;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_MQTT_PROTOCOL_VERSION, (SigMatchCtx *)de,
+ mqtt_protocol_version_id) == NULL) {
goto error;
-
- sm->type = DETECT_AL_MQTT_PROTOCOL_VERSION;
- sm->ctx = (SigMatchCtx *)de;
-
- SigMatchAppendSMToList(s, sm, mqtt_protocol_version_id);
+ }
return 0;
error:
if (de != NULL)
rs_detect_u8_free(de);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
static int DetectMQTTQosSetup(DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
uint8_t *de = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_MQTT) < 0)
return -1;
if (de == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_MQTT_QOS, (SigMatchCtx *)de, mqtt_qos_id) ==
+ NULL) {
goto error;
-
- sm->type = DETECT_AL_MQTT_QOS;
- sm->ctx = (SigMatchCtx *)de;
-
- SigMatchAppendSMToList(s, sm, mqtt_qos_id);
+ }
return 0;
error:
if (de != NULL)
SCFree(de);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
static int DetectMQTTReasonCodeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
uint8_t *de = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_MQTT) < 0)
return -1;
if (de == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_MQTT_REASON_CODE, (SigMatchCtx *)de,
+ mqtt_reason_code_id) == NULL) {
goto error;
-
- sm->type = DETECT_AL_MQTT_REASON_CODE;
- sm->ctx = (SigMatchCtx *)de;
-
- SigMatchAppendSMToList(s, sm, mqtt_reason_code_id);
+ }
return 0;
error:
if (de != NULL)
SCFree(de);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
static int DetectMQTTTypeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
uint8_t *de = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_MQTT) < 0)
return -1;
if (de == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_MQTT_TYPE, (SigMatchCtx *)de, mqtt_type_id) ==
+ NULL) {
goto error;
-
- sm->type = DETECT_AL_MQTT_TYPE;
- sm->ctx = (SigMatchCtx *)de;
-
- SigMatchAppendSMToList(s, sm, mqtt_type_id);
+ }
return 0;
error:
if (de != NULL)
SCFree(de);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
const char *rawstr)
{
DetectU32Data *dd = NULL;
- SigMatch *sm = NULL;
SCLogDebug("\'%s\'", rawstr);
/* okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_NFS_PROCEDURE;
- sm->ctx = (void *)dd;
SCLogDebug("low %u hi %u", dd->arg1, dd->arg2);
- SigMatchAppendSMToList(s, sm, g_nfs_request_buffer_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_NFS_PROCEDURE, (SigMatchCtx *)dd,
+ g_nfs_request_buffer_id) == NULL) {
+ goto error;
+ }
return 0;
error:
/* okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_NFS_VERSION;
- sm->ctx = (void *)dd;
SCLogDebug("low %u hi %u", dd->arg1, dd->arg2);
- SigMatchAppendSMToList(s, sm, g_nfs_request_buffer_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_NFS_VERSION, (SigMatchCtx *)dd,
+ g_nfs_request_buffer_id) == NULL) {
+ goto error;
+ }
return 0;
error:
* \param new The sig match to append.
* \param list The list to append to.
*/
-void SigMatchAppendSMToList(Signature *s, SigMatch *new, const int list)
+SigMatch *SigMatchAppendSMToList(
+ DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
{
+ SigMatch *new = SigMatchAlloc();
+ if (new == NULL)
+ return NULL;
+
+ new->type = type;
+ new->ctx = ctx;
+
if (new->type == DETECT_CONTENT) {
s->init_data->max_content_list_id = MAX(s->init_data->max_content_list_id, (uint32_t)list);
}
s->init_data->curbuf == NULL) {
if (SignatureInitDataBufferCheckExpand(s) < 0) {
SCLogError("failed to expand rule buffer array");
- s->init_data->init_flags |= SIG_FLAG_INIT_OVERFLOW;
- // SignatureInitDataBufferCheckExpand should not fail in this case
- DEBUG_VALIDATE_BUG_ON(s->init_data->curbuf == NULL);
- // keep curbuf even with wrong id as we error on this signature
+ new->ctx = NULL;
+ SigMatchFree(de_ctx, new);
+ return NULL;
} else {
/* initialize new buffer */
s->init_data->curbuf = &s->init_data->buffers[s->init_data->buffer_index++];
sigmatch_table[sm->type].name, sm->idx);
}
}
+ return new;
}
void SigMatchRemoveSMFromList(Signature *s, SigMatch *sm, int sm_list)
/* setup may or may not add a new SigMatch to the list */
setup_ret = st->Setup(de_ctx, s, NULL);
}
- if (setup_ret < 0 || (s->init_data->init_flags & SIG_FLAG_INIT_OVERFLOW)) {
+ if (setup_ret < 0) {
SCLogDebug("\"%s\" failed to setup", st->name);
- if (s->init_data->init_flags & SIG_FLAG_INIT_OVERFLOW) {
- SCLogError("rule %u tries to use too many buffers", s->id);
- }
/* handle 'silent' error case */
if (setup_ret == -2) {
void SigParseRegisterTests(void);
Signature *DetectEngineAppendSig(DetectEngineCtx *, const char *);
-void SigMatchAppendSMToList(Signature *, SigMatch *, int);
+SigMatch *SigMatchAppendSMToList(DetectEngineCtx *, Signature *, uint16_t, SigMatchCtx *, int);
void SigMatchRemoveSMFromList(Signature *, SigMatch *, int);
int SigMatchListSMBelongsTo(const Signature *, const SigMatch *);
{
SCEnter();
DetectPcreData *pd = NULL;
- SigMatch *sm = NULL;
int parsed_sm_list = DETECT_SM_LIST_NOTSET;
char capture_names[1024] = "";
AppProto alproto = ALPROTO_UNKNOWN;
if (sm_list == -1)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ SigMatch *sm = SigMatchAppendSMToList(de_ctx, s, DETECT_PCRE, (SigMatchCtx *)pd, sm_list);
+ if (sm == NULL) {
goto error;
- sm->type = DETECT_PCRE;
- sm->ctx = (void *)pd;
- SigMatchAppendSMToList(s, sm, sm_list);
+ }
for (uint8_t x = 0; x < pd->idx; x++) {
if (DetectFlowvarPostMatchSetup(de_ctx, s, pd->capids[x]) < 0)
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- SigMatch *sm = SigMatchAlloc();
- if (unlikely(sm == NULL)) {
- DetectPktvarFree(de_ctx, cd);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_PKTVAR, (SigMatchCtx *)cd, DETECT_SM_LIST_MATCH) ==
+ NULL) {
goto error;
}
- sm->type = DETECT_PKTVAR;
- sm->ctx = (SigMatchCtx *)cd;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
pcre2_match_data_free(match);
return 0;
SCFree(content);
content = NULL;
- SigMatch *sm = SigMatchAlloc();
- if (unlikely(sm == NULL)) {
- SCFree(ud->replace);
- ud->replace = NULL;
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_REPLACE, NULL, DETECT_SM_LIST_POSTMATCH) == NULL) {
goto error;
}
- sm->type = DETECT_REPLACE;
- sm->ctx = NULL;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
return 0;
error:
static int DetectRfbSecresultSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
DetectRfbSecresultData *de = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_RFB) < 0)
return -1;
if (de == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_AL_RFB_SECRESULT, (SigMatchCtx *)de, rfb_secresult_id) == NULL) {
goto error;
-
- sm->type = DETECT_AL_RFB_SECRESULT;
- sm->ctx = (SigMatchCtx *)de;
-
- SigMatchAppendSMToList(s, sm, rfb_secresult_id);
+ }
return 0;
error:
- if (de) SCFree(de);
- if (sm) SCFree(sm);
+ if (de)
+ SCFree(de);
return -1;
}
/* okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_RFB_SECTYPE;
- sm->ctx = (void *)dd;
- SigMatchAppendSMToList(s, sm, g_rfb_sectype_buffer_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_RFB_SECTYPE, (SigMatchCtx *)dd,
+ g_rfb_sectype_buffer_id) == NULL) {
+ goto error;
+ }
return 0;
error:
int DetectRpcSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rpcstr)
{
DetectRpcData *rd = NULL;
- SigMatch *sm = NULL;
rd = DetectRpcParse(de_ctx, rpcstr);
if (rd == NULL) goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_RPC, (SigMatchCtx *)rd, DETECT_SM_LIST_MATCH) ==
+ NULL) {
goto error;
-
- sm->type = DETECT_RPC;
- sm->ctx = (SigMatchCtx *)rd;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ }
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
error:
- if (rd != NULL) DetectRpcFree(de_ctx, rd);
- if (sm != NULL) SCFree(sm);
+ if (rd != NULL)
+ DetectRpcFree(de_ctx, rd);
return -1;
}
*/
static int DetectSameipSetup(DetectEngineCtx *de_ctx, Signature *s, const char *optstr)
{
- SigMatch *sm = NULL;
/* Get this into a SigMatch and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_SAMEIP;
- sm->ctx = NULL;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_SAMEIP, NULL, DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
error:
- if (sm != NULL)
- SCFree(sm);
return -1;
-
}
#ifdef UNITTESTS
const char *rawstr)
{
DetectSNMPPduTypeData *dd = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_SNMP) != 0)
return -1;
/* okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_SNMP_PDU_TYPE;
- sm->ctx = (void *)dd;
SCLogDebug("snmp.pdu_type %d", dd->pdu_type);
- SigMatchAppendSMToList(s, sm, g_snmp_pdu_type_buffer_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_SNMP_PDU_TYPE, (SigMatchCtx *)dd,
+ g_snmp_pdu_type_buffer_id) == NULL) {
+ goto error;
+ }
return 0;
error:
const char *rawstr)
{
DetectU32Data *dd = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_SNMP) != 0)
return -1;
/* okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_SNMP_VERSION;
- sm->ctx = (void *)dd;
SCLogDebug("snmp.version %d", dd->arg1);
- SigMatchAppendSMToList(s, sm, g_snmp_version_buffer_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_SNMP_VERSION, (SigMatchCtx *)dd,
+ g_snmp_version_buffer_id) == NULL) {
+ goto error;
+ }
return 0;
error:
static int DetectSshVersionSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
DetectSshVersionData *ssh = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_SSH) != 0)
return -1;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_SSH_PROTOVERSION;
- sm->ctx = (void *)ssh;
- SigMatchAppendSMToList(s, sm, g_ssh_banner_list_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_SSH_PROTOVERSION, (SigMatchCtx *)ssh,
+ g_ssh_banner_list_id) == NULL) {
+ goto error;
+ }
return 0;
error:
if (ssh != NULL)
DetectSshVersionFree(de_ctx, ssh);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
static int DetectSshSoftwareVersionSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
DetectSshSoftwareVersionData *ssh = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_SSH) != 0)
return -1;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_SSH_SOFTWAREVERSION;
- sm->ctx = (void *)ssh;
- SigMatchAppendSMToList(s, sm, g_ssh_banner_list_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_SSH_SOFTWAREVERSION, (SigMatchCtx *)ssh,
+ g_ssh_banner_list_id) == NULL) {
+ goto error;
+ }
return 0;
error:
if (ssh != NULL)
DetectSshSoftwareVersionFree(de_ctx, ssh);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
static int DetectSslStateSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
{
DetectSslStateData *ssd = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_TLS) != 0)
return -1;
if (ssd == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_SSL_STATE, (SigMatchCtx *)ssd,
+ g_tls_generic_list_id) == NULL) {
goto error;
-
- sm->type = DETECT_AL_SSL_STATE;
- sm->ctx = (SigMatchCtx*)ssd;
-
- SigMatchAppendSMToList(s, sm, g_tls_generic_list_id);
+ }
return 0;
error:
if (ssd != NULL)
DetectSslStateFree(de_ctx, ssd);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
static int DetectSslVersionSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
DetectSslVersionData *ssl = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_TLS) != 0)
return -1;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_SSL_VERSION;
- sm->ctx = (void *)ssl;
- SigMatchAppendSMToList(s, sm, g_tls_generic_list_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_SSL_VERSION, (SigMatchCtx *)ssl,
+ g_tls_generic_list_id) == NULL) {
+ goto error;
+ }
return 0;
error:
if (ssl != NULL)
DetectSslVersionFree(de_ctx, ssl);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
if (sd == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_STREAM_SIZE, (SigMatchCtx *)sd, DETECT_SM_LIST_MATCH) == NULL) {
DetectStreamSizeFree(de_ctx, sd);
return -1;
}
-
- sm->type = DETECT_STREAM_SIZE;
- sm->ctx = (SigMatchCtx *)sd;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
return 0;
}
if (td == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ /* Append it to the list of tags */
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_TAG, (SigMatchCtx *)td, DETECT_SM_LIST_TMATCH) ==
+ NULL) {
DetectTagDataFree(de_ctx, td);
return -1;
}
-
- sm->type = DETECT_TAG;
- sm->ctx = (SigMatchCtx *)td;
-
- /* Append it to the list of tags */
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_TMATCH);
return 0;
}
static int DetectAckSetup(DetectEngineCtx *de_ctx, Signature *s, const char *optstr)
{
DetectAckData *data = NULL;
- SigMatch *sm = NULL;
data = SCMalloc(sizeof(DetectAckData));
if (unlikely(data == NULL))
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_ACK;
-
if (StringParseUint32(&data->ack, 10, 0, optstr) < 0) {
goto error;
}
- sm->ctx = (SigMatchCtx*)data;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_ACK, (SigMatchCtx *)data, DETECT_SM_LIST_MATCH) ==
+ NULL) {
+ goto error;
+ }
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
error:
if (data)
SCFree(data);
- if (sm)
- SigMatchFree(de_ctx, sm);
return -1;
}
static int DetectFlagsSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
DetectFlagsData *de = NULL;
- SigMatch *sm = NULL;
de = DetectFlagsParse(rawstr);
if (de == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_FLAGS, (SigMatchCtx *)de, DETECT_SM_LIST_MATCH) ==
+ NULL) {
goto error;
-
- sm->type = DETECT_FLAGS;
- sm->ctx = (SigMatchCtx *)de;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ }
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
error:
- if (de) SCFree(de);
- if (sm) SCFree(sm);
+ if (de)
+ SCFree(de);
return -1;
}
static int DetectSeqSetup (DetectEngineCtx *de_ctx, Signature *s, const char *optstr)
{
DetectSeqData *data = NULL;
- SigMatch *sm = NULL;
data = SCMalloc(sizeof(DetectSeqData));
if (unlikely(data == NULL))
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_SEQ;
-
if (StringParseUint32(&data->seq, 10, 0, optstr) < 0) {
goto error;
}
- sm->ctx = (SigMatchCtx*)data;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_SEQ, (SigMatchCtx *)data, DETECT_SM_LIST_MATCH) ==
+ NULL) {
+ goto error;
+ }
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
error:
if (data)
SCFree(data);
- if (sm)
- SigMatchFree(de_ctx, sm);
return -1;
}
static int DetectWindowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *windowstr)
{
DetectWindowData *wd = NULL;
- SigMatch *sm = NULL;
wd = DetectWindowParse(de_ctx, windowstr);
if (wd == NULL) goto error;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_WINDOW;
- sm->ctx = (SigMatchCtx *)wd;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_WINDOW, (SigMatchCtx *)wd, DETECT_SM_LIST_MATCH) ==
+ NULL) {
+ goto error;
+ }
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
error:
- if (wd != NULL) DetectWindowFree(de_ctx, wd);
- if (sm != NULL) SCFree(sm);
+ if (wd != NULL)
+ DetectWindowFree(de_ctx, wd);
return -1;
}
if (tcpmssd == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_TCPMSS, (SigMatchCtx *)tcpmssd, DETECT_SM_LIST_MATCH) == NULL) {
DetectTcpmssFree(de_ctx, tcpmssd);
return -1;
}
-
- sm->type = DETECT_TCPMSS;
- sm->ctx = (SigMatchCtx *)tcpmssd;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
if (templated == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_TEMPLATE, (SigMatchCtx *)templated,
+ DETECT_SM_LIST_MATCH) == NULL) {
DetectTemplateFree(de_ctx, templated);
return -1;
}
-
- sm->type = DETECT_TEMPLATE;
- sm->ctx = (void *)templated;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
if (template2d == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_TEMPLATE2, (SigMatchCtx *)template2d,
+ DETECT_SM_LIST_MATCH) == NULL) {
DetectTemplate2Free(de_ctx, template2d);
return -1;
}
-
- sm->type = DETECT_TEMPLATE2;
- sm->ctx = (SigMatchCtx *)template2d;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
static int DetectThresholdSetup(DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
DetectThresholdData *de = NULL;
- SigMatch *sm = NULL;
SigMatch *tmpm = NULL;
/* checks if there is a previous instance of detection_filter */
if (de == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_THRESHOLD, (SigMatchCtx *)de, DETECT_SM_LIST_THRESHOLD) == NULL) {
goto error;
-
- sm->type = DETECT_THRESHOLD;
- sm->ctx = (SigMatchCtx *)de;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_THRESHOLD);
+ }
return 0;
error:
- if (de) SCFree(de);
- if (sm) SCFree(sm);
+ if (de)
+ SCFree(de);
return -1;
}
const char *rawstr)
{
DetectTlsValidityData *dd = NULL;
- SigMatch *sm = NULL;
SCLogDebug("\'%s\'", rawstr);
/* okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
dd->mode = DETECT_TLS_VALIDITY_EX;
dd->type = DETECT_TLS_TYPE_NOTAFTER;
dd->epoch = 0;
dd->epoch2 = 0;
- sm->type = DETECT_AL_TLS_EXPIRED;
- sm->ctx = (void *)dd;
-
- SigMatchAppendSMToList(s, sm, g_tls_validity_buffer_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_TLS_EXPIRED, (SigMatchCtx *)dd,
+ g_tls_validity_buffer_id) == NULL) {
+ goto error;
+ }
return 0;
error:
DetectTlsValidityFree(de_ctx, dd);
- if (sm)
- SCFree(sm);
return -1;
}
const char *rawstr)
{
DetectTlsValidityData *dd = NULL;
- SigMatch *sm = NULL;
SCLogDebug("\'%s\'", rawstr);
/* okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
dd->mode = DETECT_TLS_VALIDITY_VA;
dd->type = DETECT_TLS_TYPE_NOTAFTER;
dd->epoch = 0;
dd->epoch2 = 0;
- sm->type = DETECT_AL_TLS_VALID;
- sm->ctx = (void *)dd;
-
- SigMatchAppendSMToList(s, sm, g_tls_validity_buffer_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_TLS_VALID, (SigMatchCtx *)dd,
+ g_tls_validity_buffer_id) == NULL) {
+ goto error;
+ }
return 0;
error:
DetectTlsValidityFree(de_ctx, dd);
- if (sm)
- SCFree(sm);
return -1;
}
const char *rawstr, uint8_t type)
{
DetectTlsValidityData *dd = NULL;
- SigMatch *sm = NULL;
SCLogDebug("\'%s\'", rawstr);
/* okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
if (type == DETECT_TLS_TYPE_NOTBEFORE) {
dd->type = DETECT_TLS_TYPE_NOTBEFORE;
- sm->type = DETECT_AL_TLS_NOTBEFORE;
}
else if (type == DETECT_TLS_TYPE_NOTAFTER) {
dd->type = DETECT_TLS_TYPE_NOTAFTER;
- sm->type = DETECT_AL_TLS_NOTAFTER;
}
else {
goto error;
}
- sm->ctx = (void *)dd;
-
- SigMatchAppendSMToList(s, sm, g_tls_validity_buffer_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_TLS_NOTAFTER, (SigMatchCtx *)dd,
+ g_tls_validity_buffer_id) == NULL) {
+ goto error;
+ }
return 0;
error:
DetectTlsValidityFree(de_ctx, dd);
- if (sm)
- SCFree(sm);
return -1;
}
return -1;
}
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, KEYWORD_ID, (SigMatchCtx *)dd, g_tls_cert_buffer_id) ==
+ NULL) {
rs_detect_u32_free(dd);
return -1;
}
- sm->type = KEYWORD_ID;
- sm->ctx = (void *)dd;
-
- SigMatchAppendSMToList(s, sm, g_tls_cert_buffer_id);
return 0;
}
static int DetectTlsVersionSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
DetectTlsVersionData *tls = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_TLS) != 0)
return -1;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_TLS_VERSION;
- sm->ctx = (void *)tls;
- SigMatchAppendSMToList(s, sm, g_tls_generic_list_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_TLS_VERSION, (SigMatchCtx *)tls,
+ g_tls_generic_list_id) == NULL) {
+ goto error;
+ }
return 0;
error:
if (tls != NULL)
DetectTlsVersionFree(de_ctx, tls);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
static int DetectTlsSubjectSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
DetectTlsData *tls = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_TLS) != 0)
return -1;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_TLS_SUBJECT;
- sm->ctx = (void *)tls;
- SigMatchAppendSMToList(s, sm, g_tls_cert_list_id);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_AL_TLS_SUBJECT, (SigMatchCtx *)tls, g_tls_cert_list_id) == NULL) {
+ goto error;
+ }
return 0;
error:
if (tls != NULL)
DetectTlsSubjectFree(de_ctx, tls);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
static int DetectTlsIssuerDNSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
DetectTlsData *tls = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_TLS) != 0)
return -1;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_AL_TLS_ISSUERDN;
- sm->ctx = (void *)tls;
- SigMatchAppendSMToList(s, sm, g_tls_cert_list_id);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_TLS_ISSUERDN, (SigMatchCtx *)tls,
+ g_tls_cert_list_id) == NULL) {
+ goto error;
+ }
return 0;
error:
if (tls != NULL)
DetectTlsIssuerDNFree(de_ctx, tls);
- if (sm != NULL)
- SCFree(sm);
return -1;
}
*/
static int DetectTlsStoreSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_TLS) != 0)
return -1;
- sm = SigMatchAlloc();
- if (sm == NULL)
- return -1;
-
- sm->type = DETECT_AL_TLS_STORE;
s->flags |= SIG_FLAG_TLSSTORE;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_TLS_STORE, NULL, DETECT_SM_LIST_POSTMATCH) ==
+ NULL) {
+ return -1;
+ }
return 0;
}
if (tosd == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_TOS, (SigMatchCtx *)tosd, DETECT_SM_LIST_MATCH) ==
+ NULL) {
DetectTosFree(de_ctx, tosd);
return -1;
}
-
- sm->type = DETECT_TOS;
- sm->ctx = (SigMatchCtx *)tosd;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
}
if (ttld == NULL)
return -1;
- SigMatch *sm = SigMatchAlloc();
- if (sm == NULL) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_TTL, (SigMatchCtx *)ttld, DETECT_SM_LIST_MATCH) ==
+ NULL) {
DetectTtlFree(de_ctx, ttld);
return -1;
}
-
- sm->type = DETECT_TTL;
- sm->ctx = (SigMatchCtx *)ttld;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
}
{
SCEnter();
DetectUrilenData *urilend = NULL;
- SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_HTTP) != 0)
return -1;
urilend = DetectUrilenParse(urilenstr);
if (urilend == NULL)
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
- sm->type = DETECT_AL_URILEN;
- sm->ctx = (void *)urilend;
- if (urilend->raw_buffer)
- SigMatchAppendSMToList(s, sm, g_http_raw_uri_buffer_id);
- else
- SigMatchAppendSMToList(s, sm, g_http_uri_buffer_id);
+ if (urilend->raw_buffer) {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_URILEN, (SigMatchCtx *)urilend,
+ g_http_raw_uri_buffer_id) == NULL) {
+ goto error;
+ }
+ } else {
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_AL_URILEN, (SigMatchCtx *)urilend,
+ g_http_uri_buffer_id) == NULL) {
+ goto error;
+ }
+ }
SCReturnInt(0);
int DetectXbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
- SigMatch *sm = NULL;
DetectXbitsData *cd = NULL;
int result = DetectXbitParse(de_ctx, rawstr, &cd);
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
- sm = SigMatchAlloc();
- if (sm == NULL)
- goto error;
-
- sm->type = DETECT_XBITS;
- sm->ctx = (void *)cd;
switch (cd->cmd) {
/* case DETECT_XBITS_CMD_NOALERT can't happen here */
case DETECT_XBITS_CMD_ISNOTSET:
case DETECT_XBITS_CMD_ISSET:
/* checks, so packet list */
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, DETECT_XBITS, (SigMatchCtx *)cd, DETECT_SM_LIST_MATCH) == NULL) {
+ goto error;
+ }
break;
case DETECT_XBITS_CMD_SET:
case DETECT_XBITS_CMD_UNSET:
case DETECT_XBITS_CMD_TOGGLE:
/* modifiers, only run when entire sig has matched */
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_XBITS, (SigMatchCtx *)cd,
+ DETECT_SM_LIST_POSTMATCH) == NULL) {
+ goto error;
+ }
break;
}
BIT_U32(8) /**< priority is explicitly set by the priority keyword */
#define SIG_FLAG_INIT_FILEDATA BIT_U32(9) /**< signature has filedata keyword */
#define SIG_FLAG_INIT_JA3 BIT_U32(10) /**< signature has ja3 keyword */
-#define SIG_FLAG_INIT_OVERFLOW BIT_U32(11) /**< signature has overflown buffers */
/* signature mask flags */
/** \note: additions should be added to the rule analyzer as well */
const char *th_ip)
{
Signature *s = NULL;
- SigMatch *sm = NULL;
DetectThresholdData *de = NULL;
BUG_ON(parsed_type != TYPE_SUPPRESS);
if (unlikely(de == NULL))
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL) {
- SCLogError("Error allocating SigMatch");
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_THRESHOLD, (SigMatchCtx *)de,
+ DETECT_SM_LIST_SUPPRESS) == NULL) {
goto error;
}
-
- sm->type = DETECT_THRESHOLD;
- sm->ctx = (void *)de;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_SUPPRESS);
}
} else if (id == 0 && gid > 0) {
if (parsed_track == TRACK_RULE) {
if (unlikely(de == NULL))
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL) {
- SCLogError("Error allocating SigMatch");
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_THRESHOLD, (SigMatchCtx *)de,
+ DETECT_SM_LIST_SUPPRESS) == NULL) {
goto error;
}
-
- sm->type = DETECT_THRESHOLD;
- sm->ctx = (void *)de;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_SUPPRESS);
}
} else if (id > 0 && gid == 0) {
SCLogError("Can't use a event config that has "
if (unlikely(de == NULL))
goto error;
- sm = SigMatchAlloc();
- if (sm == NULL) {
- SCLogError("Error allocating SigMatch");
+ if (SigMatchAppendSMToList(de_ctx, s, DETECT_THRESHOLD, (SigMatchCtx *)de,
+ DETECT_SM_LIST_SUPPRESS) == NULL) {
goto error;
}
-
- sm->type = DETECT_THRESHOLD;
- sm->ctx = (void *)de;
-
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_SUPPRESS);
}
}
/* Install it */
if (id == 0 && gid == 0) {
for (s = de_ctx->sig_list; s != NULL; s = s->next) {
- sm = DetectGetLastSMByListId(s,
- DETECT_SM_LIST_THRESHOLD, DETECT_THRESHOLD, -1);
+ sm = DetectGetLastSMByListId(s, DETECT_SM_LIST_THRESHOLD, DETECT_THRESHOLD, -1);
if (sm != NULL) {
SCLogWarning("signature sid:%" PRIu32 " has "
"an event var set. The signature event var is "
de->new_action = parsed_new_action;
de->timeout = parsed_timeout;
- sm = SigMatchAlloc();
- if (sm == NULL) {
- SCLogError("Error allocating SigMatch");
- goto error;
- }
-
+ uint16_t smtype = DETECT_THRESHOLD;
if (parsed_type == TYPE_RATE)
- sm->type = DETECT_DETECTION_FILTER;
- else
- sm->type = DETECT_THRESHOLD;
- sm->ctx = (void *)de;
+ smtype = DETECT_DETECTION_FILTER;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_THRESHOLD);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, smtype, (SigMatchCtx *)de, DETECT_SM_LIST_THRESHOLD) == NULL) {
+ goto error;
+ }
}
} else if (id == 0 && gid > 0) {
de->new_action = parsed_new_action;
de->timeout = parsed_timeout;
- sm = SigMatchAlloc();
- if (sm == NULL) {
- SCLogError("Error allocating SigMatch");
- goto error;
- }
-
+ uint16_t smtype = DETECT_THRESHOLD;
if (parsed_type == TYPE_RATE)
- sm->type = DETECT_DETECTION_FILTER;
- else
- sm->type = DETECT_THRESHOLD;
- sm->ctx = (void *)de;
+ smtype = DETECT_DETECTION_FILTER;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_THRESHOLD);
+ if (SigMatchAppendSMToList(de_ctx, s, smtype, (SigMatchCtx *)de,
+ DETECT_SM_LIST_THRESHOLD) == NULL) {
+ goto error;
+ }
}
}
} else if (id > 0 && gid == 0) {
de->new_action = parsed_new_action;
de->timeout = parsed_timeout;
- sm = SigMatchAlloc();
- if (sm == NULL) {
- SCLogError("Error allocating SigMatch");
- goto error;
- }
-
+ uint16_t smtype = DETECT_THRESHOLD;
if (parsed_type == TYPE_RATE)
- sm->type = DETECT_DETECTION_FILTER;
- else
- sm->type = DETECT_THRESHOLD;
- sm->ctx = (void *)de;
+ smtype = DETECT_DETECTION_FILTER;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_THRESHOLD);
+ if (SigMatchAppendSMToList(
+ de_ctx, s, smtype, (SigMatchCtx *)de, DETECT_SM_LIST_THRESHOLD) == NULL) {
+ goto error;
+ }
}
}
end:
projects / thirdparty / suricata.git / commitdiff
