From: Jeff Lucovsky Date: Thu, 11 Jun 2020 13:05:08 +0000 (-0400) Subject: detect/transform: Add validation function X-Git-Tag: suricata-6.0.0-beta1~291 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0189ff998f982f4ac8519f0a8c47bdbd94bc646b;p=thirdparty%2Fsuricata.git detect/transform: Add validation function This commit adds a function to pre-validate buffers. If a content buffer contains whitespace, the validation fails. --- diff --git a/src/detect-transform-strip-whitespace.c b/src/detect-transform-strip-whitespace.c index 6574fdbc5f..96f8234cb9 100644 --- a/src/detect-transform-strip-whitespace.c +++ b/src/detect-transform-strip-whitespace.c @@ -38,6 +38,7 @@ static int DetectTransformStripWhitespaceSetup (DetectEngineCtx *, Signature *, static void DetectTransformStripWhitespaceRegisterTests(void); static void TransformStripWhitespace(InspectionBuffer *buffer, void *options); +static bool TransformStripWhitespaceValidate(const uint8_t *content, uint16_t content_len, void *options); void DetectTransformStripWhitespaceRegister(void) { @@ -48,6 +49,8 @@ void DetectTransformStripWhitespaceRegister(void) "/rules/transforms.html#strip-whitespace"; sigmatch_table[DETECT_TRANSFORM_STRIP_WHITESPACE].Transform = TransformStripWhitespace; + sigmatch_table[DETECT_TRANSFORM_STRIP_WHITESPACE].TransformValidate = + TransformStripWhitespaceValidate; sigmatch_table[DETECT_TRANSFORM_STRIP_WHITESPACE].Setup = DetectTransformStripWhitespaceSetup; sigmatch_table[DETECT_TRANSFORM_STRIP_WHITESPACE].RegisterTests = @@ -72,6 +75,27 @@ static int DetectTransformStripWhitespaceSetup (DetectEngineCtx *de_ctx, Signatu SCReturnInt(r); } +/* + * \brief Validate content bytes to see if it's compatible with this transform + * \param content Byte array to check for compatibility + * \param content_len Number of bytes to check + * \param options Ignored + * \retval false If the string contains spaces + * \retval true Otherwise. + */ +static bool TransformStripWhitespaceValidate(const uint8_t *content, + uint16_t content_len, void *options) +{ + if (content) { + for (uint32_t i = 0; i < content_len; i++) { + if (isspace(*content++)) { + return false; + } + } + } + return true; +} + static void TransformStripWhitespace(InspectionBuffer *buffer, void *options) { const uint8_t *input = buffer->inspect;