Merge in SNORT/snort3 from ~ASERBENI/snort3:32bit_issue to master
Squashed commit of the following:
commit
8137a4fca03573398a89f011ce3e66743b9c4154
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Wed Jan 4 17:15:04 2023 +0200
src: address numbers parsing related concerns
commit
99895d8af9eb73b5646d54dc063322b910e467ea
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Wed Jan 4 15:35:20 2023 +0200
framework: add strtoul methods to Value class
commit
8e431851bc5416cb845684108d5a3c0a2407ecc3
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Wed Dec 21 16:48:01 2022 +0200
framework: change range check types to int64_t
long may not be enough on 32bit platforms, where it's only 4 bytes long. issue initially found with seq ips option, where a valid value of 3,927,875,496 would be perceived as erroneous because it would not fit in 4 byte signed long (max value is 2,147,483,647)
commit
59fec3d494cc8560754123688c4d9de7e216bbee
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Tue Dec 20 14:38:30 2022 -0500
dce_rpc: add errno resets during uuid parsing
return true;
}
-static bool get_num(const string& s, long& num)
+static bool get_num(const string& s, int64_t& num)
{
if ( s.empty() )
{
}
errno = 0;
char* end = nullptr;
- num = strtol(s.c_str(), &end, 0);
+ num = strtoll(s.c_str(), &end, 0);
return !errno and !*end;
}
return true;
}
-bool RangeCheck::eval(long c) const
+bool RangeCheck::eval(int64_t c) const
{
switch ( op )
{
// require no leading or trailing whitespace
// and either # | #: | :# | #:#
// where # is a valid pos or neg dec, hex, or octal number
- long v_min, v_max;
+ int64_t v_min, v_max;
if ( op == LG or op == LEG )
{
if ( *r != ':' )
{
- long low = strtol(r, nullptr, 0);
+ int64_t low = strtoll(r, nullptr, 0);
if ( v_min < low )
return false;
if ( t && *++t )
{
- long hi = strtol(t, nullptr, 0);
+ int64_t hi = strtoll(t, nullptr, 0);
if ( v_max > hi )
return false;
};
Op op = MAX;
- long min = 0;
- long max = 0;
+ int64_t min = 0;
+ int64_t max = 0;
bool operator==(const RangeCheck&) const;
bool is_set() const;
// FIXIT-L add ttl style syntax
bool parse(const char* s);
- bool eval(long) const;
+ bool eval(int64_t) const;
bool validate(const char* s, const char* r);
uint32_t hash() const;
};
return true;
}
+bool Value::strtoul(unsigned long& n) const
+{
+ const char* s = str.c_str();
+
+ if ( !*s )
+ return false;
+
+ char* end = nullptr;
+
+ n = ::strtoul(s, &end, 0);
+
+ if ( *end )
+ return false;
+
+ return true;
+}
+
+bool Value::strtoul(unsigned long& n, const std::string& tok) const
+{
+ const char* s = tok.c_str();
+
+ if ( !*s )
+ return false;
+
+ char* end = nullptr;
+
+ n = ::strtoul(s, &end, 0);
+
+ if ( *end )
+ return false;
+
+ return true;
+}
+
std::string Value::get_as_string() const
{
std::string value_str = str;
bool strtol(long&) const;
bool strtol(long&, const std::string&) const;
+ bool strtoul(unsigned long&) const;
+ bool strtoul(unsigned long&, const std::string&) const;
bool operator==(const char* s) const
{ return str == s; }
intf = 0;
else
{
- intf = strtol(config_intf.c_str(), nullptr, 0);
+ intf = strtoll(config_intf.c_str(), nullptr, 0);
if ( intf < 1 or intf >= DF_ANY_INTF )
{
WarningMessage("Discovery Filter: Invalid interface at line %u from %s;"
else if (v.is("rvalue"))
{
- long n;
- if (v.strtol(n))
+ unsigned long n;
+ if (v.strtoul(n))
{
if (n == 0)
return false;
CHECK(obj.set(nullptr, v, nullptr));
CHECK(strcmp(obj.off_var.c_str(), "off_test_var") == 0);
}
+ SECTION("rvalue isn't truncated")
+ {
+ Value v("4294967295");
+ Parameter p{"rvalue", Parameter::PT_STRING, nullptr, nullptr,
+ "value to use mathematical operation against"};
+ v.set(&p);
+
+ CHECK(obj.set(nullptr, v, nullptr));
+ CHECK(obj.data.rvalue == 4294967295UL);
+ }
delete[] obj.data.result_name;
}
else if (v.is("~compare"))
{
- long n;
- if (v.strtol(n))
+ unsigned long n;
+ if (v.strtoul(n))
data.cmp_value = n;
else
cmp_var = v.get_string();
value_tmp.set(¶m);
REQUIRE(module_test.set(nullptr, value_tmp, nullptr) == true);
}
+
+ SECTION("Value isn't truncated")
+ {
+ Value value_tmp("4294967295");
+ Parameter param("~compare", snort::Parameter::Type::PT_BOOL,
+ nullptr, "default", "help");
+ value_tmp.set(¶m);
+ REQUIRE(module_test.set(nullptr, value_tmp, nullptr) == true);
+ REQUIRE(module_test.data.cmp_value == 4294967295UL);
+ }
}
SECTION("Case param \"~offset\"")
char* endp;
idx->offset_var = IPS_OPTIONS_NO_VAR;
- idx->offset = strtol(offset, &endp, 10);
+ idx->offset = strtoul(offset, &endp, 10);
if (offset == endp)
{
errno = 0;
char* end = nullptr;
- int64_t num = (int64_t)strtol(v.get_string(), &end, 0);
+ int64_t num = strtoll(v.get_string(), &end, 0);
if ( *end or errno or num < 0 or num > 0xFFFFFFFF )
return false;
if ( p->is_wild_card() )
val = opt;
- long n = (long)strtoll(val, &end, 0);
+ int64_t n = strtoll(val, &end, 0);
if ( !*end )
- v.set(n);
+ v.set((double)n);
else
ok = false;
}
snort_free(app_name);
continue;
}
- service_id = strtol(token, nullptr, 10);
+ service_id = strtoul(token, nullptr, 10);
token = strtok_r(nullptr, CONF_SEPARATORS, &context);
if (!token)
snort_free(app_name);
continue;
}
- client_id = strtol(token, nullptr, 10);
+ client_id = strtoul(token, nullptr, 10);
token = strtok_r(nullptr, CONF_SEPARATORS, &context);
if (!token)
snort_free(app_name);
continue;
}
- payload_id = strtol(token, nullptr, 10);
+ payload_id = strtoul(token, nullptr, 10);
AppInfoTableEntry* entry = new AppInfoTableEntry(app_id, app_name, service_id,
client_id, payload_id);
if ( *cidrbuf )
{
char* end;
+ errno = 0;
int value = strtol(cidrbuf, &end, 10);
if ( value > dest->get_bits() || value <= 0 || errno == ERANGE )
if (strlen(if_hex) != DCE2_IFACE__TIME_LOW_LEN)
return false;
+ errno = 0;
time_low = strtoul(if_hex, &endptr, 16);
if ((errno == ERANGE) || (*endptr != '\0'))
return false;
if (strlen(if_hex) != DCE2_IFACE__TIME_MID_LEN)
return false;
+ errno = 0;
time_mid = strtoul(if_hex, &endptr, 16);
if ((errno == ERANGE) || (*endptr != '\0'))
return false;
if (strlen(if_hex) != DCE2_IFACE__TIME_HIGH_LEN)
return false;
+ errno = 0;
time_high = strtoul(if_hex, &endptr, 16);
if ((errno == ERANGE) || (*endptr != '\0'))
return false;
return false;
/* Work backwards */
+ errno = 0;
clock_seq_low = strtoul(&if_hex[2], &endptr, 16);
if ((errno == ERANGE) || (*endptr != '\0'))
return false;
/* Set third byte to null so we can _dpd.SnortStrtoul the first part */
if_hex[2] = '\x00';
+ errno = 0;
clock_seq_and_reserved = strtoul(if_hex, &endptr, 16);
if ((errno == ERANGE) || (*endptr != '\0'))
return false;
(i >= 0) && (j >= 0);
i -= 2, j--)
{
+ errno = 0;
/* Only giving strtoul 1 byte */
uuid->node[j] = (uint8_t)strtoul(&if_hex[i], &endptr, 16);
if ((errno == ERANGE) || (*endptr != '\0'))