uint16_t seq;
/** Actual header length **/
- uint32_t hlen;
+ uint16_t hlen;
/** Pointers to the embedded packet headers */
IPV4Hdr *emb_ipv4h;
}
int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatchData *smd,
- const Signature *s, const uint8_t *payload,
- uint16_t payload_len, uint64_t *value,
- uint8_t endian)
+ const Signature *s, const uint8_t *payload, uint32_t payload_len, uint64_t *value,
+ uint8_t endian)
{
DetectByteExtractData *data = (DetectByteExtractData *)smd->ctx;
const uint8_t *ptr = NULL;
i);
goto error;
}
- int32_t multiplier;
- if (StringParseI32RangeCheck(&multiplier, 10, 0,
- (const char *)multiplier_str,
- DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT,
- DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT) < 0) {
+ uint16_t multiplier;
+ if (StringParseU16RangeCheck(&multiplier, 10, 0, (const char *)multiplier_str,
+ DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT,
+ DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid value for"
"multiplier: \"%s\".", multiplier_str);
goto error;
SigMatch *DetectByteExtractRetrieveSMVar(const char *, const Signature *);
int DetectByteExtractDoMatch(DetectEngineThreadCtx *, const SigMatchData *, const Signature *,
- const uint8_t *, uint16_t, uint64_t *, uint8_t);
+ const uint8_t *, uint32_t, uint64_t *, uint8_t);
#endif /* __DETECT_BYTEEXTRACT_H__ */
#include "util-byte.h"
#include "util-unittest.h"
#include "util-debug.h"
+#include "util-validate.h"
#include "detect-pcre.h"
/**
*/
if (data->flags & DETECT_BYTEJUMP_RELATIVE) {
ptr = p->payload + det_ctx->buffer_offset;
- len = p->payload_len - det_ctx->buffer_offset;
+ DEBUG_VALIDATE_BUG_ON(p->payload_len - det_ctx->buffer_offset > UINT16_MAX);
+ len = (uint16_t)(p->payload_len - det_ctx->buffer_offset);
/* No match if there is no relative base */
if (ptr == NULL || len == 0) {
}
else {
ptr = p->payload + data->offset;
- len = p->payload_len - data->offset;
+ DEBUG_VALIDATE_BUG_ON(p->payload_len - data->offset > UINT16_MAX);
+ len = (uint16_t)(p->payload_len - data->offset);
}
/* Verify the to-be-extracted data is within the packet */
*/
/* Number of bytes */
- if (StringParseUint32(&nbytes, 10, strlen(args[0]), args[0]) <= 0) {
+ if (StringParseUint32(&nbytes, 10, (uint16_t)strlen(args[0]), args[0]) <= 0) {
SCLogError(SC_ERR_INVALID_VALUE, "Malformed number of bytes: %s", optstr);
goto error;
}
if (*offset == NULL)
goto error;
} else {
- if (StringParseInt32(&data->offset, 0, strlen(args[1]), args[1]) <= 0) {
+ if (StringParseInt32(&data->offset, 0, (uint16_t)strlen(args[1]), args[1]) <= 0) {
SCLogError(SC_ERR_INVALID_VALUE, "Malformed offset: %s", optstr);
goto error;
}
} else if (strcasecmp("align", args[i]) == 0) {
data->flags |= DETECT_BYTEJUMP_ALIGN;
} else if (strncasecmp("multiplier ", args[i], 11) == 0) {
- if (StringParseUint32(&data->multiplier, 10,
- strlen(args[i]) - 11,
- args[i] + 11) <= 0)
- {
+ if (StringParseUint32(
+ &data->multiplier, 10, (uint16_t)strlen(args[i]) - 11, args[i] + 11) <= 0) {
SCLogError(SC_ERR_INVALID_VALUE, "Malformed multiplier: %s", optstr);
goto error;
}
} else if (strncasecmp("post_offset ", args[i], 12) == 0) {
- if (StringParseInt32(&data->post_offset, 10,
- strlen(args[i]) - 12,
- args[i] + 12) <= 0)
- {
+ if (StringParseInt32(&data->post_offset, 10, (uint16_t)strlen(args[i]) - 12,
+ args[i] + 12) <= 0) {
SCLogError(SC_ERR_INVALID_VALUE, "Malformed post_offset: %s", optstr);
goto error;
}
char* token;
char *save;
- int var;
- int input[3] = { 0, 0, 0 };
- int i = 0;
+ uint8_t var;
+ uint8_t input[3] = { 0, 0, 0 };
+ uint8_t i = 0;
token = strtok_r(rulestr, delims, &save);
while (token != NULL)
goto error;
}
- sscanf(token, "%d", &var);
+ sscanf(token, "%2" SCNu8, &var);
input[i++] = var;
token = strtok_r(NULL, delims, &save);
if (p->level4_comp_csum == -1) {
uint16_t len = IPV6_GET_RAW_PLEN(p->ip6h) -
- ((uint8_t *)p->icmpv6h - (uint8_t *)p->ip6h - IPV6_HEADER_LEN);
+ (uint16_t)((uint8_t *)p->icmpv6h - (uint8_t *)p->ip6h - IPV6_HEADER_LEN);
p->level4_comp_csum = ICMPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->icmpv6h,
len);
*/
static int DetectDNP3FuncParseFunctionCode(const char *str, uint8_t *fc)
{
- if (StringParseUint8(fc, 10, strlen(str), str) >= 0) {
+ if (StringParseUint8(fc, 10, (uint16_t)strlen(str), str) >= 0) {
return 1;
}
for (size_t i = 0;
i < sizeof(DNP3FunctionNameMap) / sizeof(DNP3Mapping); i++) {
if (strcasecmp(str, DNP3FunctionNameMap[i].name) == 0) {
- *fc = DNP3FunctionNameMap[i].value;
+ *fc = (uint8_t)(DNP3FunctionNameMap[i].value);
return 1;
}
}
{
*flags = 0;
- if (StringParseUint16(flags, 0, strlen(str), str) > 0) {
+ if (StringParseUint16(flags, 0, (uint16_t)strlen(str), str) > 0) {
return 1;
}
*sep = '\0';
varstr = sep + 1;
- if (StringParseUint8(group, 0, strlen(groupstr), groupstr) < 0) {
+ if (StringParseUint8(group, 0, (uint16_t)strlen(groupstr), groupstr) < 0) {
return 0;
}
- if (StringParseUint8(var, 0, strlen(varstr), varstr) < 0) {
+ if (StringParseUint8(var, 0, (uint16_t)strlen(varstr), varstr) < 0) {
return 0;
}
DetectAddressMap *map1 = (DetectAddressMap *)data1;
DetectAddressMap *map2 = (DetectAddressMap *)data2;
-
- int r = (strcmp(map1->string, map2->string) == 0);
+ char r = (strcmp(map1->string, map2->string) == 0);
return r;
}
qsort(det_ctx->alert_queue, det_ctx->alert_queue_size, sizeof(PacketAlert),
AlertQueueSortHelper);
- int i = 0;
+ uint16_t i = 0;
uint16_t max_pos = det_ctx->alert_queue_size;
while (i < max_pos) {
const Signature *s = de_ctx->sig_array[det_ctx->alert_queue[i].num];
- uint8_t res = PacketAlertHandle(de_ctx, det_ctx, s, p, &det_ctx->alert_queue[i]);
+ int res = PacketAlertHandle(de_ctx, det_ctx, s, p, &det_ctx->alert_queue[i]);
if (res > 0) {
/* Now, if we have an alert, we have to check if we want
#include "detect-tcp-flags.h"
#include "feature.h"
#include "util-print.h"
+#include "util-validate.h"
static int rule_warnings_only = 0;
static FILE *rule_engine_analysis_FD = NULL;
* \retval 0 if it doesn't have % encoding
* \retval -1 on error
*/
-int PerCentEncodingMatch (uint8_t *content, uint8_t content_len)
+static int PerCentEncodingMatch(uint8_t *content, uint16_t content_len)
{
int ret = 0;
for (size_t i = 0; i < ARRAY_SIZE(analyzer_items); i++) {
DetectEngineAnalyzerItems *analyzer_item = &analyzer_items[i];
- analyzer_item->item_id = DetectBufferTypeGetByName(analyzer_item->item_name);
+ int item_id = DetectBufferTypeGetByName(analyzer_item->item_name);
+ DEBUG_VALIDATE_BUG_ON(item_id < 0 || item_id > UINT16_MAX);
+ analyzer_item->item_id = (uint16_t)item_id;
if (analyzer_item->item_id == -1) {
/* Mismatch between the analyzer_items array and what's supported */
FatalError(SC_ERR_INITIALIZATION,
void CleanupRuleAnalyzer (void);
int PerCentEncodingSetup (void);
-int PerCentEncodingMatch (uint8_t *content, uint8_t content_len);
void EngineAnalysisFP(const DetectEngineCtx *de_ctx,
const Signature *s, char *line);
json_object_set_new(types, "any5", json_integer(any5_cnt));
json_object_set_new(stats, "types", types);
- for (int i = 0; i < ALPROTO_MAX; i++) {
+ for (AppProto i = 0; i < ALPROTO_MAX; i++) {
if (alstats[i] > 0) {
json_t *app = json_object();
json_object_set_new(app, "total", json_integer(alstats[i]));
int CreateGroupedPortList(DetectEngineCtx *de_ctx, DetectPort *port_list, DetectPort **newhead, uint32_t unique_groups, int (*CompareFunc)(DetectPort *, DetectPort *), uint32_t max_idx);
int CreateGroupedPortListCmpCnt(DetectPort *a, DetectPort *b);
-static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, int ipproto, uint32_t direction) {
+static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, uint8_t ipproto, uint32_t direction)
+{
/* step 1: create a hash of 'DetectPort' objects based on all the
* rules. Each object will have a SGH with the sigs added
* that belong to the SGH. */
#include "util-spm.h"
#include "util-debug.h"
#include "util-print.h"
+#include "util-validate.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
DETECT_BYTE_EXTRACT_ENDIAN_LITTLE : DETECT_BYTE_EXTRACT_ENDIAN_BIG);
}
- if (DetectByteExtractDoMatch(det_ctx, smd, s, buffer,
- buffer_len,
- &det_ctx->byte_values[bed->local_id],
- endian) != 1) {
+ if (DetectByteExtractDoMatch(det_ctx, smd, s, buffer, buffer_len,
+ &det_ctx->byte_values[bed->local_id], endian) != 1) {
goto no_match;
}
rvalue = bmd->rvalue;
}
-
- if (DetectByteMathDoMatch(det_ctx, smd, s, buffer,
- buffer_len,
- rvalue,
- &det_ctx->byte_values[bmd->local_id],
- endian) != 1) {
+ DEBUG_VALIDATE_BUG_ON(buffer_len > UINT16_MAX);
+ if (DetectByteMathDoMatch(det_ctx, smd, s, buffer, (uint16_t)buffer_len, rvalue,
+ &det_ctx->byte_values[bmd->local_id], endian) != 1) {
goto no_match;
}
* \retval 0 on Success
* \retval -1 on Failure
*/
-static int DetectEngineEventSetupDo (DetectEngineCtx *de_ctx, Signature *s,
- const char *rawstr, int smtype)
+static int DetectEngineEventSetupDo(
+ DetectEngineCtx *de_ctx, Signature *s, const char *rawstr, uint16_t smtype)
{
DetectEngineEventData *de = DetectEngineEventParse(rawstr);
if (de == NULL)
goto error;
}
- int cidr;
- if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
+ uint8_t cidr;
+ if (StringParseU8RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
goto error;
dd->netmask = cidr;
SigNumArray *sna = SigNumArrayNew(de_ctx, &de_ctx->io_ctx);
/* Update the sig */
- uint8_t tmp = 1 << (src->signum % 8);
+ uint8_t tmp = (uint8_t)(1 << (src->signum % 8));
if (src->negated > 0)
/* Unset it */
sna = SigNumArrayCopy((SigNumArray *) user_data);
/* Update the sig */
- uint8_t tmp = 1 << (src->signum % 8);
+ uint8_t tmp = (uint8_t)(1 << (src->signum % 8));
if (src->negated > 0)
/* Unset it */
SigNumArray *sna = (SigNumArray *)user_data;
/* Update the sig */
- uint8_t tmp = 1 << (src->signum % 8);
+ uint8_t tmp = (uint8_t)(1 << (src->signum % 8));
if (src->negated > 0)
/* Unset it */
SigNumArray *sna = SigNumArrayNew(de_ctx, &de_ctx->io_ctx);
/* Update the sig */
- uint8_t tmp = 1 << (src->signum % 8);
+ uint8_t tmp = (uint8_t)(1 << (src->signum % 8));
if (src->negated > 0)
/* Unset it */
sna = SigNumArrayCopy((SigNumArray *)user_data);
/* Update the sig */
- uint8_t tmp = 1 << (src->signum % 8);
+ uint8_t tmp = (uint8_t)(1 << (src->signum % 8));
if (src->negated > 0)
/* Unset it */
sna->array[src->signum / 8] &= ~tmp;
SigNumArray *sna = (SigNumArray *)user_data;
/* Update the sig */
- uint8_t tmp = 1 << (src->signum % 8);
+ uint8_t tmp = (uint8_t)(1 << (src->signum % 8));
if (src->negated > 0)
/* Unset it */
sna->array[src->signum / 8] &= ~tmp;
SigNumArray *sna = SigNumArrayNew(de_ctx, &de_ctx->io_ctx);
/** Update the sig */
- uint8_t tmp = 1 << (dst->signum % 8);
+ uint8_t tmp = (uint8_t)(1 << (dst->signum % 8));
if (dst->negated > 0)
/** Unset it */
sna->array[dst->signum / 8] &= ~tmp;
sna = SigNumArrayCopy((SigNumArray *) user_data);
/* Update the sig */
- uint8_t tmp = 1 << (dst->signum % 8);
+ uint8_t tmp = (uint8_t)(1 << (dst->signum % 8));
if (dst->negated > 0)
/* Unset it */
sna->array[dst->signum / 8] &= ~tmp;
SigNumArray *sna = (SigNumArray *)user_data;
/* Update the sig */
- uint8_t tmp = 1 << (dst->signum % 8);
+ uint8_t tmp = (uint8_t)(1 << (dst->signum % 8));
if (dst->negated > 0)
/* Unset it */
sna->array[dst->signum / 8] &= ~tmp;
SigNumArray *sna = SigNumArrayNew(de_ctx, &de_ctx->io_ctx);
/* Update the sig */
- uint8_t tmp = 1 << (dst->signum % 8);
+ uint8_t tmp = (uint8_t)(1 << (dst->signum % 8));
if (dst->negated > 0)
/* Unset it */
sna->array[dst->signum / 8] &= ~tmp;
sna = SigNumArrayCopy((SigNumArray *)user_data);
/* Update the sig */
- uint8_t tmp = 1 << (dst->signum % 8);
+ uint8_t tmp = (uint8_t)(1 << (dst->signum % 8));
if (dst->negated > 0)
/* Unset it */
sna->array[dst->signum / 8] &= ~tmp;
SigNumArray *sna = (SigNumArray *)user_data;
/* Update the sig */
- uint8_t tmp = 1 << (dst->signum % 8);
+ uint8_t tmp = (uint8_t)(1 << (dst->signum % 8));
if (dst->negated > 0)
/* Unset it */
sna->array[dst->signum / 8] &= ~tmp;
snprintf(am->pname, sizeof(am->pname), "%s", am->name);
am->direction = direction;
DEBUG_VALIDATE_BUG_ON(sm_list < 0 || sm_list > INT16_MAX);
- am->sm_list = sm_list;
- am->sm_list_base = sm_list;
+ am->sm_list = (int16_t)sm_list;
+ am->sm_list_base = (int16_t)sm_list;
am->priority = priority;
am->type = DETECT_BUFFER_MPM_TYPE_APP;
am->name = t->name;
am->direction = t->direction;
DEBUG_VALIDATE_BUG_ON(id < 0 || id > INT16_MAX);
- am->sm_list = id; // use new id
+ am->sm_list = (uint16_t)id; // use new id
am->sm_list_base = t->sm_list;
am->type = DETECT_BUFFER_MPM_TYPE_APP;
am->PrefilterRegisterWithListId = t->PrefilterRegisterWithListId;
DetectBufferTypeSupportsFrames(name);
DetectBufferTypeSupportsTransformations(name);
int sm_list = DetectBufferTypeGetByName(name);
- if (sm_list == -1) {
+ if (sm_list < 0 || sm_list > UINT16_MAX) {
FatalError(SC_ERR_INITIALIZATION, "MPM engine registration for %s failed", name);
}
BUG_ON(am == NULL);
am->name = name;
snprintf(am->pname, sizeof(am->pname), "%s", am->name);
- am->sm_list = sm_list;
+ am->sm_list = (uint16_t)sm_list;
am->direction = direction;
am->priority = priority;
am->type = DETECT_BUFFER_MPM_TYPE_FRAME;
BUG_ON(am == NULL);
am->name = t->name;
snprintf(am->pname, sizeof(am->pname), "%s#%d", am->name, id);
- am->sm_list = id; // use new id
+ DEBUG_VALIDATE_BUG_ON(id < 0 || id > UINT16_MAX);
+ am->sm_list = (uint16_t)id; // use new id
am->sm_list_base = t->sm_list;
am->type = DETECT_BUFFER_MPM_TYPE_FRAME;
am->PrefilterRegisterWithListId = t->PrefilterRegisterWithListId;
AppProtoToString(alproto), type);
const int sm_list = DetectEngineBufferTypeRegister(de_ctx, name);
- if (sm_list < 0) {
+ if (sm_list < 0 || sm_list > UINT16_MAX) {
FatalError(SC_ERR_INITIALIZATION, "MPM engine registration for %s failed", name);
}
BUG_ON(am == NULL);
am->name = name;
snprintf(am->pname, sizeof(am->pname), "%s", am->name);
- am->sm_list = sm_list;
+ am->sm_list = (uint16_t)sm_list;
am->direction = direction;
am->priority = priority;
am->type = DETECT_BUFFER_MPM_TYPE_FRAME;
am->name = name;
snprintf(am->pname, sizeof(am->pname), "%s", am->name);
DEBUG_VALIDATE_BUG_ON(sm_list < 0 || sm_list > INT16_MAX);
- am->sm_list = sm_list;
+ am->sm_list = (uint16_t)sm_list;
am->priority = priority;
am->type = DETECT_BUFFER_MPM_TYPE_PKT;
am->name = t->name;
snprintf(am->pname, sizeof(am->pname), "%s#%d", am->name, id);
DEBUG_VALIDATE_BUG_ON(id < 0 || id > INT16_MAX);
- am->sm_list = id; // use new id
+ am->sm_list = (uint16_t)id; // use new id
am->sm_list_base = t->sm_list;
am->type = DETECT_BUFFER_MPM_TYPE_PKT;
am->PrefilterRegisterWithListId = t->PrefilterRegisterWithListId;
if (strcmp("auto", mpm_algo) == 0) {
goto done;
}
- for (uint16_t u = 0; u < MPM_TABLE_SIZE; u++) {
+ for (uint8_t u = 0; u < MPM_TABLE_SIZE; u++) {
if (mpm_table[u].name == NULL)
continue;
static int DetectPortCut(DetectEngineCtx *de_ctx, DetectPort *a,
DetectPort *b, DetectPort **c)
{
- uint32_t a_port1 = a->port;
- uint32_t a_port2 = a->port2;
- uint32_t b_port1 = b->port;
- uint32_t b_port2 = b->port2;
+ uint16_t a_port1 = a->port;
+ uint16_t a_port2 = a->port2;
+ uint16_t b_port1 = b->port;
+ uint16_t b_port2 = b->port2;
/* default to NULL */
*c = NULL;
e->PrefilterTx = PrefilterTxFunc;
e->pectx = pectx;
e->alproto = alproto;
- e->tx_min_progress = tx_min_progress;
+ // TODO change function prototype ?
+ DEBUG_VALIDATE_BUG_ON(tx_min_progress > UINT8_MAX);
+ e->tx_min_progress = (uint8_t)tx_min_progress;
e->Free = FreeFunc;
if (sgh->init->tx_engines == NULL) {
}
memset(sgh->tx_engines, 0x00, (cnt * sizeof(PrefilterEngine)));
- uint32_t local_id = 0;
+ uint16_t local_id = 0;
PrefilterEngine *e = sgh->tx_engines;
for (el = sgh->init->tx_engines ; el != NULL; el = el->next) {
e->local_id = local_id++;
FatalError(SC_ERR_INITIALIZATION,
"failed to register inspect engine %s: %s", name, strerror(errno));
}
- new_engine->sm_list = sm_list;
- new_engine->sm_list_base = sm_list;
+ new_engine->sm_list = (uint16_t)sm_list;
+ new_engine->sm_list_base = (uint16_t)sm_list;
new_engine->v1.Callback = Callback;
new_engine->v1.GetData = GetPktData;
BUG_ON(1);
}
- int direction;
+ uint8_t direction;
if (dir == SIG_FLAG_TOSERVER) {
direction = 0;
} else {
FatalError(SC_ERR_INITIALIZATION, "failed to register inspect engine %s: %s", name,
strerror(errno));
}
- new_engine->sm_list = sm_list;
- new_engine->sm_list_base = sm_list;
+ new_engine->sm_list = (uint16_t)sm_list;
+ new_engine->sm_list_base = (uint16_t)sm_list;
new_engine->dir = direction;
new_engine->v1.Callback = Callback;
new_engine->alproto = alproto;
BUG_ON(1);
}
- int direction;
+ uint8_t direction;
if (dir == SIG_FLAG_TOSERVER) {
direction = 0;
} else {
memset(new_engine, 0, sizeof(*new_engine));
new_engine->alproto = alproto;
new_engine->dir = direction;
- new_engine->sm_list = sm_list;
- new_engine->sm_list_base = sm_list;
- new_engine->progress = progress;
+ new_engine->sm_list = (uint16_t)sm_list;
+ new_engine->sm_list_base = (uint16_t)sm_list;
+ new_engine->progress = (int16_t)progress;
new_engine->v2.Callback = Callback2;
new_engine->v2.GetData = GetData;
}
new_engine->alproto = t->alproto;
new_engine->dir = t->dir;
- new_engine->sm_list = new_list; /* use new list id */
- new_engine->sm_list_base = sm_list;
+ DEBUG_VALIDATE_BUG_ON(new_list < 0 || new_list > UINT16_MAX);
+ new_engine->sm_list = (uint16_t)new_list; /* use new list id */
+ DEBUG_VALIDATE_BUG_ON(sm_list < 0 || sm_list > UINT16_MAX);
+ new_engine->sm_list_base = (uint16_t)sm_list;
new_engine->progress = t->progress;
new_engine->v2 = t->v2;
new_engine->v2.transforms = transforms; /* assign transforms */
if (unlikely(new_engine == NULL)) {
exit(EXIT_FAILURE);
}
- new_engine->sm_list = new_list; /* use new list id */
- new_engine->sm_list_base = sm_list;
+ DEBUG_VALIDATE_BUG_ON(new_list < 0 || new_list > UINT16_MAX);
+ new_engine->sm_list = (uint16_t)new_list; /* use new list id */
+ DEBUG_VALIDATE_BUG_ON(sm_list < 0 || sm_list > UINT16_MAX);
+ new_engine->sm_list_base = (uint16_t)sm_list;
new_engine->v1 = t->v1;
new_engine->v1.transforms = transforms; /* assign transforms */
BUG_ON(1);
}
- int direction;
+ uint8_t direction;
if (dir == SIG_FLAG_TOSERVER) {
direction = 0;
} else {
FatalError(SC_ERR_INITIALIZATION, "failed to register inspect engine %s: %s", name,
strerror(errno));
}
- new_engine->sm_list = sm_list;
- new_engine->sm_list_base = sm_list;
+ new_engine->sm_list = (uint16_t)sm_list;
+ new_engine->sm_list_base = (uint16_t)sm_list;
new_engine->dir = direction;
new_engine->v1.Callback = Callback;
new_engine->alproto = alproto;
if (unlikely(new_engine == NULL)) {
exit(EXIT_FAILURE);
}
- new_engine->sm_list = new_list; /* use new list id */
- new_engine->sm_list_base = sm_list;
+ DEBUG_VALIDATE_BUG_ON(new_list < 0 || new_list > UINT16_MAX);
+ new_engine->sm_list = (uint16_t)new_list; /* use new list id */
+ DEBUG_VALIDATE_BUG_ON(sm_list < 0 || sm_list > UINT16_MAX);
+ new_engine->sm_list_base = (uint16_t)sm_list;
new_engine->dir = t->dir;
new_engine->alproto = t->alproto;
new_engine->type = t->type;
*
* If stream inspection is MPM, then prepend it.
*/
-static void AppendStreamInspectEngine(Signature *s, SigMatchData *stream, int direction, uint32_t id)
+static void AppendStreamInspectEngine(
+ Signature *s, SigMatchData *stream, uint8_t direction, uint8_t id)
{
bool prepend = false;
}
bool head_is_mpm = false;
- uint32_t last_id = DE_STATE_FLAG_BASE;
+ uint8_t last_id = DE_STATE_FLAG_BASE;
const DetectEngineAppInspectionEngine *t = de_ctx->app_inspect_engines;
while (t != NULL) {
bool prepend = false;
DetectBufferType *map1 = (DetectBufferType *)data1;
DetectBufferType *map2 = (DetectBufferType *)data2;
- int r = (strcmp(map1->name, map2->name) == 0);
+ char r = (strcmp(map1->name, map2->name) == 0);
r &= (memcmp((uint8_t *)&map1->transforms, (uint8_t *)&map2->transforms, sizeof(map2->transforms)) == 0);
return r;
}
return -1;
e->mpm = s->init_data->mpm_sm_list == list_id;
- e->sm_list = list_id;
- e->sm_list_base = list_id;
+ DEBUG_VALIDATE_BUG_ON(list_id < 0 || list_id > UINT16_MAX);
+ e->sm_list = (uint16_t)list_id;
+ e->sm_list_base = (uint16_t)list_id;
e->v1.Callback = Callback;
e->smd = data;
}
if (max_uniq_toclient_groups_str != NULL) {
if (StringParseUint16(&de_ctx->max_uniq_toclient_groups, 10,
- strlen(max_uniq_toclient_groups_str),
- (const char *)max_uniq_toclient_groups_str) <= 0)
- {
+ (uint16_t)strlen(max_uniq_toclient_groups_str),
+ (const char *)max_uniq_toclient_groups_str) <= 0) {
de_ctx->max_uniq_toclient_groups = 20;
SCLogWarning(SC_ERR_SIZE_PARSE, "parsing '%s' for "
if (max_uniq_toserver_groups_str != NULL) {
if (StringParseUint16(&de_ctx->max_uniq_toserver_groups, 10,
- strlen(max_uniq_toserver_groups_str),
- (const char *)max_uniq_toserver_groups_str) <= 0)
- {
+ (uint16_t)strlen(max_uniq_toserver_groups_str),
+ (const char *)max_uniq_toserver_groups_str) <= 0) {
de_ctx->max_uniq_toserver_groups = 40;
SCLogWarning(SC_ERR_SIZE_PARSE, "parsing '%s' for "
goto bad_mapping;
uint32_t tenant_id = 0;
- if (StringParseUint32(&tenant_id, 10, strlen(tenant_id_node->val),
- tenant_id_node->val) < 0)
- {
+ if (StringParseUint32(&tenant_id, 10, (uint16_t)strlen(tenant_id_node->val),
+ tenant_id_node->val) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "tenant-id "
"of %s is invalid", tenant_id_node->val);
goto bad_mapping;
goto bad_mapping;
uint32_t tenant_id = 0;
- if (StringParseUint32(&tenant_id, 10, strlen(tenant_id_node->val),
- tenant_id_node->val) < 0)
- {
+ if (StringParseUint32(&tenant_id, 10, (uint16_t)strlen(tenant_id_node->val),
+ tenant_id_node->val) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "tenant-id "
"of %s is invalid", tenant_id_node->val);
goto bad_mapping;
}
uint16_t vlan_id = 0;
- if (StringParseUint16(&vlan_id, 10, strlen(vlan_id_node->val),
- vlan_id_node->val) < 0)
- {
+ if (StringParseUint16(
+ &vlan_id, 10, (uint16_t)strlen(vlan_id_node->val), vlan_id_node->val) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "vlan-id "
"of %s is invalid", vlan_id_node->val);
goto bad_mapping;
goto bad_mapping;
}
- if (DetectEngineTentantRegisterVlanId(tenant_id, (uint32_t)vlan_id) != 0) {
+ if (DetectEngineTentantRegisterVlanId(tenant_id, vlan_id) != 0) {
goto error;
}
SCLogConfig("vlan %u connected to tenant-id %u", vlan_id, tenant_id);
}
uint32_t tenant_id = 0;
- if (StringParseUint32(&tenant_id, 10, strlen(id_node->val),
- id_node->val) < 0)
- {
+ if (StringParseUint32(
+ &tenant_id, 10, (uint16_t)strlen(id_node->val), id_node->val) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "tenant_id "
"of %s is invalid", id_node->val);
goto bad_tenant;
* \retval 0 on Success
* \retval -1 on Failure
*/
-int DetectFileHashSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str,
- uint32_t type, int list)
+int DetectFileHashSetup(
+ DetectEngineCtx *de_ctx, Signature *s, const char *str, uint16_t type, int list)
{
DetectFileHashData *filehash = NULL;
SigMatch *sm = NULL;
int DetectFileHashMatch(DetectEngineThreadCtx *, Flow *, uint8_t,
File *, const Signature *, const SigMatchCtx *);
-int DetectFileHashSetup(DetectEngineCtx *, Signature *, const char *, uint32_t, int);
+int DetectFileHashSetup(DetectEngineCtx *, Signature *, const char *, uint16_t, int);
void DetectFileHashFree(DetectEngineCtx *, void *);
#endif /* __UTIL_DETECT_FILE_HASH_H__ */
* \param dflags detect flow flags
* \param match_cnt number of matches to trigger
*/
-static inline int FlowMatch(const uint32_t pflags, const uint8_t pflowflags,
- const uint16_t tflags, const uint16_t dflags, const uint8_t match_cnt)
+static inline int FlowMatch(const uint32_t pflags, const uint8_t pflowflags, const uint16_t tflags,
+ const uint16_t dflags, const uint16_t match_cnt)
{
uint8_t cnt = 0;
if (!PrefilterPacketHeaderExtraMatch(ctx, p))
return;
- if (FlowMatch(p->flags, p->flowflags, det_ctx->flags, ctx->v1.u8[0], ctx->v1.u8[1]))
- {
+ if (FlowMatch(p->flags, p->flowflags, det_ctx->flags, ctx->v1.u16[0], ctx->v1.u16[1])) {
PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt);
}
}
PrefilterPacketFlowSet(PrefilterPacketHeaderValue *v, void *smctx)
{
const DetectFlowData *fb = smctx;
- v->u8[0] = fb->flags;
- v->u8[1] = fb->match_cnt;
+ v->u16[0] = fb->flags;
+ v->u16[1] = fb->match_cnt;
}
static bool
PrefilterPacketFlowCompare(PrefilterPacketHeaderValue v, void *smctx)
{
const DetectFlowData *fb = smctx;
- if (v.u8[0] == fb->flags &&
- v.u8[1] == fb->match_cnt)
- {
+ if (v.u16[0] == fb->flags && v.u16[1] == fb->match_cnt) {
return true;
}
return false;
char *name;
uint32_t idx;
uint8_t *content;
- uint8_t content_len;
- uint8_t flags;
+ uint16_t content_len;
+ uint32_t flags;
} DetectFlowvarData;
/* prototypes */
*
* \retval 1 if ftpbounce detected, 0 if not
*/
-static int DetectFtpbounceMatchArgs(uint8_t *payload, uint16_t payload_len,
- uint32_t ip_orig, uint16_t offset)
+static int DetectFtpbounceMatchArgs(
+ uint8_t *payload, uint32_t payload_len, uint32_t ip_orig, uint32_t offset)
{
SCEnter();
SCLogDebug("Checking ftpbounce condition");
char *c = NULL;
- uint16_t i = 0;
+ uint32_t i = 0;
int octet = 0;
int octet_ascii_len = 0;
int noctet = 0;
static int DetectHTTP2FuncParseFrameType(const char *str, uint8_t *ft)
{
// first parse numeric value
- if (ByteExtractStringUint8(ft, 10, strlen(str), str) >= 0) {
+ if (ByteExtractStringUint8(ft, 10, (uint16_t)strlen(str), str) >= 0) {
return 1;
}
// it it failed so far, parse string value from enumeration
int r = rs_http2_parse_frametype(str);
- if (r >= 0) {
- *ft = r;
+ if (r >= 0 && r <= UINT8_MAX) {
+ *ft = (uint8_t)r;
return 1;
}
static int DetectHTTP2FuncParseErrorCode(const char *str, uint32_t *ec)
{
// first parse numeric value
- if (ByteExtractStringUint32(ec, 10, strlen(str), str) >= 0) {
+ if (ByteExtractStringUint32(ec, 10, (uint16_t)strlen(str), str) >= 0) {
return 1;
}
int value = rs_http2_tx_get_next_priority(txv, flags, nb);
const DetectU8Data *du8 = (const DetectU8Data *)ctx;
while (value >= 0) {
- if (DetectU8Match(value, du8)) {
+ if (DetectU8Match((uint8_t)value, du8)) {
return 1;
}
nb++;
*/
static DetectIdData *DetectIdParse (const char *idstr)
{
- uint32_t temp;
+ uint16_t temp;
DetectIdData *id_d = NULL;
int ret = 0, res = 0;
size_t pcre2len;
}
/* ok, fill the id data */
- if (StringParseU32RangeCheck(&temp, 10, 0, (const char *)tmp_str,
- DETECT_IPID_MIN, DETECT_IPID_MAX) < 0) {
+ if (StringParseUint16(&temp, 10, 0, (const char *)tmp_str) < 0) {
SCLogError(SC_ERR_INVALID_VALUE, "invalid id option '%s'", tmp_str);
return NULL;
}
goto error;
}
if (!lt_set && !not_set) {
- s->proto.proto[data->proto / 8] = 0xfe << (data->proto % 8);
+ s->proto.proto[data->proto / 8] = (uint8_t)(0xfe << (data->proto % 8));
for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
s->proto.proto[i] = 0xff;
}
for (i = 0; i < (data->proto / 8); i++) {
s->proto.proto[i] = 0xff;
}
- s->proto.proto[data->proto / 8] = ~(0xff << (data->proto % 8));
+ s->proto.proto[data->proto / 8] = (uint8_t)(~(0xff << (data->proto % 8)));
} else if (gt_set && !not_set) {
SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
while (temp_sm != NULL) {
for (i = 0; i < (data->proto / 8); i++) {
s->proto.proto[i] = 0xff;
}
- s->proto.proto[data->proto / 8] = ~(1 << (data->proto % 8));
+ s->proto.proto[data->proto / 8] = (uint8_t)(~(1 << (data->proto % 8)));
for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
s->proto.proto[i] = 0xff;
}
static const char *DetectMedatataHashAdd(DetectEngineCtx *de_ctx, const char *string)
{
- const char * hstring = (char *)HashTableLookup(de_ctx->metadata_table, (void *)string, strlen(string));
+ const char *hstring = (char *)HashTableLookup(
+ de_ctx->metadata_table, (void *)string, (uint16_t)strlen(string));
if (hstring) {
return hstring;
}
return NULL;
}
- if (HashTableAdd(de_ctx->metadata_table, (void *)astring, strlen(astring)) == 0) {
- return (char *)HashTableLookup(de_ctx->metadata_table, (void *)astring, strlen(astring));
+ if (HashTableAdd(de_ctx->metadata_table, (void *)astring, (uint16_t)strlen(astring)) == 0) {
+ return (char *)HashTableLookup(
+ de_ctx->metadata_table, (void *)astring, (uint16_t)strlen(astring));
} else {
SCFree((void *)astring);
}
SCEnter();
int ret = 0;
const uint8_t *ptr = NULL;
- uint16_t len = 0;
+ uint32_t len = 0;
PCRE2_SIZE capture_len = 0;
DetectPcreData *pe = (DetectPcreData *)smd->ctx;
memcpy(str_ptr2, pcre2_str_ptr2, capture_len);
pcre2_substring_free((PCRE2_UCHAR8 *)pcre2_str_ptr2);
- (void)DetectVarStoreMatchKeyValue(det_ctx,
- (uint8_t *)str_ptr, key_len,
- (uint8_t *)str_ptr2, capture_len,
+ (void)DetectVarStoreMatchKeyValue(det_ctx, (uint8_t *)str_ptr, key_len,
+ (uint8_t *)str_ptr2, (uint16_t)capture_len,
DETECT_VAR_TYPE_PKT_POSTMATCH);
} else if (pe->captypes[x] == VAR_TYPE_PKT_VAR) {
- (void)DetectVarStoreMatch(det_ctx, pe->capids[x],
- (uint8_t *)str_ptr, capture_len,
- DETECT_VAR_TYPE_PKT_POSTMATCH);
+ (void)DetectVarStoreMatch(det_ctx, pe->capids[x], (uint8_t *)str_ptr,
+ (uint16_t)capture_len, DETECT_VAR_TYPE_PKT_POSTMATCH);
} else if (pe->captypes[x] == VAR_TYPE_FLOW_VAR && f != NULL) {
- (void)DetectVarStoreMatch(det_ctx, pe->capids[x],
- (uint8_t *)str_ptr, capture_len,
- DETECT_VAR_TYPE_FLOW_POSTMATCH);
+ (void)DetectVarStoreMatch(det_ctx, pe->capids[x], (uint8_t *)str_ptr,
+ (uint16_t)capture_len, DETECT_VAR_TYPE_FLOW_POSTMATCH);
} else {
BUG_ON(1); // Impossible captype
SCFree(str_ptr);
typedef struct DetectPktvarData_ {
uint32_t id;
- uint8_t content_len;
+ uint16_t content_len;
uint8_t flags;
uint8_t *content;
} DetectPktvarData;
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
goto error;
}
- ssh->len = strlen((char *) ssh->ver);
+ ssh->len = (uint16_t)strlen((char *)ssh->ver);
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
SCLogDebug("will look for ssh %s", ssh->ver);
}
pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
- ssh->len = strlen((char *)ssh->software_ver);
+ ssh->len = (uint16_t)strlen((char *)ssh->software_ver);
SCLogDebug("will look for ssh %s", ssh->software_ver);
}
struct SSLVersionKeywords {
const char *word;
int index;
- int value;
+ uint16_t value;
};
struct SSLVersionKeywords ssl_version_keywords[TLS_SIZE] = {
uint8_t type; /**< tag type */
uint8_t direction; /**< host direction */
uint32_t count; /**< count */
- uint32_t metric; /**< metric */
+ uint8_t metric; /**< metric */
} DetectTagData;
/** This is the installed data at the session/global or host table */
if (i + 2 < input_len) {
if ((isxdigit(input[i+1])) && (isxdigit(input[i+2]))) {
// Decode %HH encoding.
- *oi = (input[i+1] >= 'A' ? ((input[i+1] & 0xdf) - 'A') + 10 : (input[i+1] - '0')) << 4;
+ *oi = (uint8_t)((input[i + 1] >= 'A' ? ((input[i + 1] & 0xdf) - 'A') + 10
+ : (input[i + 1] - '0'))
+ << 4);
*oi |= (input[i+2] >= 'A' ? ((input[i+2] & 0xdf) - 'A') + 10 : (input[i+2] - '0'));
oi++;
// one more increment before looping
DetectTransformXorFree(de_ctx, pxd);
SCReturnInt(-1);
}
- pxd->length = keylen / 2;
+ pxd->length = (uint8_t)(keylen / 2);
pxd->key = SCMalloc(keylen / 2);
if (pxd->key == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "memory allocation failed");
}
for (size_t i = 0; i < keylen / 2; i++) {
if ((isxdigit(optstr[2 * i])) && (isxdigit(optstr[2 * i + 1]))) {
- pxd->key[i] = (optstr[2 * i] >= 'A' ? ((optstr[2 * i] & 0xdf) - 'A') + 10
- : (optstr[2 * i] - '0'))
- << 4;
+ pxd->key[i] = (uint8_t)((optstr[2 * i] >= 'A' ? ((optstr[2 * i] & 0xdf) - 'A') + 10
+ : (optstr[2 * i] - '0'))
+ << 4);
pxd->key[i] |= (optstr[2 * i + 1] >= 'A' ? ((optstr[2 * i + 1] & 0xdf) - 'A') + 10
: (optstr[2 * i + 1] - '0'));
} else {
}
/** set the first urilen value */
- if (StringParseUint16(&urilend->urilen1,10,strlen(arg2),arg2) <= 0){
+ if (StringParseUint16(&urilend->urilen1, 10, (uint16_t)strlen(arg2), arg2) <= 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT,"Invalid size :\"%s\"",arg2);
goto error;
}
goto error;
}
- if(StringParseUint16(&urilend->urilen2,10,strlen(arg4),arg4) <= 0)
- {
+ if (StringParseUint16(&urilend->urilen2, 10, (uint16_t)strlen(arg4), arg4) <= 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT,"Invalid size :\"%s\"",arg4);
goto error;
}
/** \internal
* \brief build non-prefilter list based on the rule group list we've set.
*/
-static inline void
-DetectPrefilterBuildNonPrefilterList(DetectEngineThreadCtx *det_ctx,
- const SignatureMask mask, const uint8_t alproto)
+static inline void DetectPrefilterBuildNonPrefilterList(
+ DetectEngineThreadCtx *det_ctx, const SignatureMask mask, const AppProto alproto)
{
for (uint32_t x = 0; x < det_ctx->non_pf_store_cnt; x++) {
/* only if the mask matches this rule can possibly match,
* so build the non_mpm array only for match candidates */
const SignatureMask rule_mask = det_ctx->non_pf_store_ptr[x].mask;
- const uint8_t rule_alproto = det_ctx->non_pf_store_ptr[x].alproto;
+ const AppProto rule_alproto = det_ctx->non_pf_store_ptr[x].alproto;
if ((rule_mask & mask) == rule_mask &&
(rule_alproto == 0 || AppProtoEquals(rule_alproto, alproto))) {
det_ctx->non_pf_id_array[det_ctx->non_pf_id_cnt++] = det_ctx->non_pf_store_ptr[x].id;
const int direction = (flow_flags & STREAM_TOSERVER) ? 0 : 1;
uint32_t inspect_flags = stored_flags ? *stored_flags : 0;
int total_matches = 0;
- int file_no_match = 0;
+ uint16_t file_no_match = 0;
bool retval = false;
bool mpm_before_progress = false; // is mpm engine before progress?
bool mpm_in_progress = false; // is mpm engine in a buffer we will revisit?
TRACE_SID_TXS(s->id, tx, "engine %p match %d", engine, match);
if (engine->stream) {
can->stream_stored = true;
- can->stream_result = match;
+ // TODO change Callback prototype ?
+ can->stream_result = (uint8_t)match;
TRACE_SID_TXS(s->id, tx, "stream ran, store result %d for next tx (if any)", match);
}
}
DetectEngineIPOnlyCtx io_ctx;
ThresholdCtx ths_ctx;
- uint16_t mpm_matcher; /**< mpm matcher this ctx uses */
+ uint8_t mpm_matcher; /**< mpm matcher this ctx uses */
uint16_t spm_matcher; /**< spm matcher this ctx uses */
/* spm thread context prototype, built as spm matchers are constructed and
typedef struct SignatureNonPrefilterStore_ {
SigIntId id;
SignatureMask mask;
- uint8_t alproto;
+ AppProto alproto;
} SignatureNonPrefilterStore;
/** array of TX inspect rule candidates */
projects / thirdparty / suricata.git / commitdiff
