int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
uint8_t hex_value;
- const char *pcre_sub_str = NULL;
+ char copy_str[128] = "";
int i = 0, j = 0;
int len = 0;
- char temp_str[3];
+ char temp_str[3] = "";
int version;
ret = pcre_exec(parse_regex, parse_regex_study, arg, strlen(arg), 0, 0, ov,
memset(did, 0, sizeof(DetectDceIfaceData));
/* retrieve the iface uuid string. iface uuid is a compulsion in the keyword */
- res = pcre_get_substring(arg, ov, MAX_SUBSTRINGS, 1, &pcre_sub_str);
+ res = pcre_copy_substring(arg, ov, MAX_SUBSTRINGS, 1, copy_str, sizeof(copy_str));
if (res < 0) {
- SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
+ SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
goto error;
}
/* parse the iface uuid string */
- len = strlen(pcre_sub_str);
+ len = strlen(copy_str);
j = 0;
temp_str[2] = '\0';
for (i = 0; i < len; ) {
- if (pcre_sub_str[i] == '-') {
+ if (copy_str[i] == '-') {
i++;
continue;
}
- temp_str[0] = pcre_sub_str[i];
- temp_str[1] = pcre_sub_str[i + 1];
+ temp_str[0] = copy_str[i];
+ temp_str[1] = copy_str[i + 1];
hex_value = strtol(temp_str, NULL, 16);
did->uuid[j] = hex_value;
if (ret == 4 || ret == 5) {
/* first handle the version number, so that we can do some additional
* validations of the version number, wrt. the operator */
- res = pcre_get_substring(arg, ov, MAX_SUBSTRINGS, 3, &pcre_sub_str);
+ res = pcre_copy_substring(arg, ov, MAX_SUBSTRINGS, 3, copy_str, sizeof(copy_str));
if (res < 0) {
- SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
+ SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
goto error;
}
- version = atoi(pcre_sub_str);
+ version = atoi(copy_str);
if (version > UINT16_MAX) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "DCE_IFACE interface version "
"invalid: %d\n", version);
}
did->version = version;
- /* free the substring */
- pcre_free_substring(pcre_sub_str);
-
/* now let us handle the operator supplied with the version number */
- res = pcre_get_substring(arg, ov, MAX_SUBSTRINGS, 2, &pcre_sub_str);
+ res = pcre_copy_substring(arg, ov, MAX_SUBSTRINGS, 2, copy_str, sizeof(copy_str));
if (res < 0) {
- SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
+ SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
goto error;
}
- switch (pcre_sub_str[0]) {
+ switch (copy_str[0]) {
case '<':
if (version == 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "DCE_IFACE interface "
did->op = DETECT_DCE_IFACE_OP_NE;
break;
}
-
- /* free the substring */
- pcre_free_substring(pcre_sub_str);
}
return did;
goto error;
}
- const char *str_ptr;
- res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 0, &str_ptr);
+ char copy_str[128] = "";
+ res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 0,
+ copy_str, sizeof(copy_str));
if (res < 0) {
- SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
+ SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
goto error;
}
for (i = 0; DEvents[i].event_name != NULL; i++) {
- if (strcasecmp(DEvents[i].event_name,str_ptr) == 0) {
+ if (strcasecmp(DEvents[i].event_name,copy_str) == 0) {
found = 1;
break;
}
if (found == 0) {
SCLogError(SC_ERR_UNKNOWN_DECODE_EVENT, "unknown decode event \"%s\"",
- str_ptr);
+ copy_str);
goto error;
}
return de;
error:
- if (de) SCFree(de);
+ if (de)
+ SCFree(de);
return NULL;
}
#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- const char *arg_substr = NULL;
+ char arg_substr[128] = "";
DetectContentData *cd = NULL;
if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL &&
/* fast pattern chop */
} else if (ret == 4) {
- res = pcre_get_substring((char *)arg, ov, MAX_SUBSTRINGS,
- 2, &arg_substr);
+ res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
+ 2, arg_substr, sizeof(arg_substr));
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed "
"for fast_pattern offset");
goto error;
}
- res = pcre_get_substring((char *)arg, ov, MAX_SUBSTRINGS,
- 3, &arg_substr);
+ res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
+ 3, arg_substr, sizeof(arg_substr));
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed "
"for fast_pattern offset");
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
-
ret = pcre_exec(parse_regex, parse_regex_study, idstr, strlen(idstr), 0, 0,
ov, MAX_SUBSTRINGS);
if (ret > 1) {
- const char *str_ptr;
- char *orig;
+ char copy_str[128] = "";
char *tmp_str;
- res = pcre_get_substring((char *)idstr, ov, MAX_SUBSTRINGS, 1,
- &str_ptr);
+ res = pcre_copy_substring((char *)idstr, ov, MAX_SUBSTRINGS, 1,
+ copy_str, sizeof(copy_str));
if (res < 0) {
- SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
+ SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
goto error;
}
- /* We have a correct id option */
- id_d = SCMalloc(sizeof(DetectIdData));
- if (unlikely(id_d == NULL))
- goto error;
-
- orig = SCStrdup((char*)str_ptr);
- if (unlikely(orig == NULL)) {
- goto error;
- }
- tmp_str=orig;
+ tmp_str = copy_str;
/* Let's see if we need to scape "'s */
if (tmp_str[0] == '"')
SCLogError(SC_ERR_INVALID_VALUE, "\"id\" option must be in "
"the range %u - %u",
DETECT_IPID_MIN, DETECT_IPID_MAX);
-
- SCFree(orig);
goto error;
}
- id_d->id = temp;
- SCFree(orig);
+ /* We have a correct id option */
+ id_d = SCMalloc(sizeof(DetectIdData));
+ if (unlikely(id_d == NULL))
+ goto error;
+
+ id_d->id = temp;
SCLogDebug("detect-id: will look for ip_id: %u\n", id_d->id);
}
return id_d;
error:
- if (id_d != NULL) DetectIdFree(id_d);
+ if (id_d != NULL)
+ DetectIdFree(id_d);
return NULL;
}
static int DetectPrioritySetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr)
{
- const char *prio_str = NULL;
+ char copy_str[128] = "";
#define MAX_SUBSTRINGS 30
int ret = 0;
return -1;
}
- ret = pcre_get_substring((char *)rawstr, ov, 30, 1, &prio_str);
+ ret = pcre_copy_substring((char *)rawstr, ov, 30, 1, copy_str, sizeof(copy_str));
if (ret < 0) {
- SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
+ SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
return -1;
}
long prio = 0;
char *endptr = NULL;
- prio = strtol(rawstr, &endptr, 10);
+ prio = strtol(copy_str, &endptr, 10);
if (endptr == NULL || *endptr != '\0') {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Saw an invalid character as arg "
"to priority keyword");
- goto error;
+ return -1;
}
/* if we have reached here, we have had a valid priority. Assign it */
s->prio = prio;
return 0;
- error:
- return -1;
}
/*------------------------------Unittests-------------------------------------*/
DetectWindowData *DetectWindowParse(char *windowstr)
{
DetectWindowData *wd = NULL;
- char *args[3] = {NULL,NULL,NULL}; /* PR: Why PCRE MAX_SUBSTRING must be multiple of 3? */
- #define MAX_SUBSTRINGS 30
-
+#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
-
ret = pcre_exec(parse_regex, parse_regex_study, windowstr, strlen(windowstr), 0, 0, ov, MAX_SUBSTRINGS);
-
if (ret < 1 || ret > 3) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, windowstr);
goto error;
goto error;
if (ret > 1) {
- const char *str_ptr;
- res = pcre_get_substring((char *)windowstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
+ char copy_str[128] = "";
+ res = pcre_copy_substring((char *)windowstr, ov, MAX_SUBSTRINGS, 1,
+ copy_str, sizeof(copy_str));
if (res < 0) {
- SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
+ SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
goto error;
}
- args[0] = (char *)str_ptr;
+
/* Detect if it's negated */
- if (args[0][0] == '!')
+ if (copy_str[0] == '!')
wd->negated = 1;
else
wd->negated = 0;
if (ret > 2) {
- res = pcre_get_substring((char *)windowstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
+ res = pcre_copy_substring((char *)windowstr, ov, MAX_SUBSTRINGS, 2,
+ copy_str, sizeof(copy_str));
if (res < 0) {
- SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
+ SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
goto error;
}
- /* Get the window size if it's a valid value (in packets, we should alert if this doesn't happend from decode) */
- if (-1 == ByteExtractStringUint16(&wd->size, 10, 0, str_ptr)) {
+ /* Get the window size if it's a valid value (in packets, we
+ * should alert if this doesn't happend from decode) */
+ if (-1 == ByteExtractStringUint16(&wd->size, 10, 0, copy_str)) {
goto error;
}
}
}
- int i = 0;
- for (i = 0; i < (ret -1); i++){
- if (args[i] != NULL)
- SCFree(args[i]);
- }
return wd;
error:
- for (i = 0; i < (ret -1) && i < 3; i++){
- if (args[i] != NULL)
- SCFree(args[i]);
- }
if (wd != NULL)
DetectWindowFree(wd);
return NULL;