From: Mats Klepsland Date: Tue, 14 May 2019 06:12:47 +0000 (+0200) Subject: detect-tls: check return values of functions on setup X-Git-Tag: suricata-5.0.0-rc1~495 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0f7f35bd850307914d5523f1b91fb756b64aa992;p=thirdparty%2Fsuricata.git detect-tls: check return values of functions on setup Check the return values of DetectBufferSetActiveList() and DetectSignatureSetAppProto(). --- diff --git a/src/detect-tls-cert-fingerprint.c b/src/detect-tls-cert-fingerprint.c index 7b685de8c2..7b739f37be 100644 --- a/src/detect-tls-cert-fingerprint.c +++ b/src/detect-tls-cert-fingerprint.c @@ -110,14 +110,16 @@ void DetectTlsFingerprintRegister(void) * \param s Pointer to the Signature to which the current keyword belongs * \param str Should hold an empty string always * - * \retval 0 On success + * \retval 0 On success + * \retval -1 On failure */ static int DetectTlsFingerprintSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) { - DetectBufferSetActiveList(s, g_tls_cert_fingerprint_buffer_id); + if (DetectBufferSetActiveList(s, g_tls_cert_fingerprint_buffer_id) < 0) + return -1; - if (DetectSignatureSetAppProto(s, ALPROTO_TLS) != 0) + if (DetectSignatureSetAppProto(s, ALPROTO_TLS) < 0) return -1; return 0; diff --git a/src/detect-tls-cert-issuer.c b/src/detect-tls-cert-issuer.c index 6aedcebed9..8b5b72759e 100644 --- a/src/detect-tls-cert-issuer.c +++ b/src/detect-tls-cert-issuer.c @@ -101,12 +101,17 @@ void DetectTlsIssuerRegister(void) * \param s Pointer to the Signature to which the current keyword belongs * \param str Should hold an empty string always * - * \retval 0 On success + * \retval 0 On success + * \retval -1 On failure */ static int DetectTlsIssuerSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) { - DetectBufferSetActiveList(s, g_tls_cert_issuer_buffer_id); - s->alproto = ALPROTO_TLS; + if (DetectBufferSetActiveList(s, g_tls_cert_issuer_buffer_id) < 0) + return -1; + + if (DetectSignatureSetAppProto(s, ALPROTO_TLS) < 0) + return -1; + return 0; } diff --git a/src/detect-tls-cert-serial.c b/src/detect-tls-cert-serial.c index 4f34998aaf..f62bb76be4 100644 --- a/src/detect-tls-cert-serial.c +++ b/src/detect-tls-cert-serial.c @@ -110,13 +110,15 @@ void DetectTlsSerialRegister(void) * \param s Pointer to the Signature to which the current keyword belongs * \param str Should hold an empty string always * - * \retval 0 On success + * \retval 0 On success + * \retval -1 On failure */ static int DetectTlsSerialSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) { - DetectBufferSetActiveList(s, g_tls_cert_serial_buffer_id); + if (DetectBufferSetActiveList(s, g_tls_cert_serial_buffer_id) < 0) + return -1; - if (DetectSignatureSetAppProto(s, ALPROTO_TLS) != 0) + if (DetectSignatureSetAppProto(s, ALPROTO_TLS) < 0) return -1; return 0; diff --git a/src/detect-tls-cert-subject.c b/src/detect-tls-cert-subject.c index ba30018696..b2db219f26 100644 --- a/src/detect-tls-cert-subject.c +++ b/src/detect-tls-cert-subject.c @@ -100,12 +100,17 @@ void DetectTlsSubjectRegister(void) * \param s Pointer to the Signature to which the current keyword belongs * \param str Should hold an empty string always * - * \retval 0 On success + * \retval 0 On success + * \retval -1 On failure */ static int DetectTlsSubjectSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) { - DetectBufferSetActiveList(s, g_tls_cert_subject_buffer_id); - s->alproto = ALPROTO_TLS; + if (DetectBufferSetActiveList(s, g_tls_cert_subject_buffer_id) < 0) + return -1; + + if (DetectSignatureSetAppProto(s, ALPROTO_TLS) < 0) + return -1; + return 0; } diff --git a/src/detect-tls-ja3-hash.c b/src/detect-tls-ja3-hash.c index 5ecde459a9..5b1e19f693 100644 --- a/src/detect-tls-ja3-hash.c +++ b/src/detect-tls-ja3-hash.c @@ -111,12 +111,16 @@ void DetectTlsJa3HashRegister(void) * \param s Pointer to the Signature to which the current keyword belongs * \param str Should hold an empty string always * - * \retval 0 On success + * \retval 0 On success + * \retval -1 On failure */ static int DetectTlsJa3HashSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) { - DetectBufferSetActiveList(s, g_tls_ja3_hash_buffer_id); - s->alproto = ALPROTO_TLS; + if (DetectBufferSetActiveList(s, g_tls_ja3_hash_buffer_id) < 0) + return -1; + + if (DetectSignatureSetAppProto(s, ALPROTO_TLS) < 0) + return -1; if (RunmodeIsUnittests()) return 0; diff --git a/src/detect-tls-ja3-string.c b/src/detect-tls-ja3-string.c index 5fd7cd5e47..747b862733 100644 --- a/src/detect-tls-ja3-string.c +++ b/src/detect-tls-ja3-string.c @@ -101,12 +101,16 @@ void DetectTlsJa3StringRegister(void) * \param s Pointer to the Signature to which the current keyword belongs * \param str Should hold an empty string always * - * \retval 0 On success + * \retval 0 On success + * \retval -1 On failure */ static int DetectTlsJa3StringSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) { - DetectBufferSetActiveList(s, g_tls_ja3_str_buffer_id); - s->alproto = ALPROTO_TLS; + if (DetectBufferSetActiveList(s, g_tls_ja3_str_buffer_id) < 0) + return -1; + + if (DetectSignatureSetAppProto(s, ALPROTO_TLS) < 0) + return -1; if (RunmodeIsUnittests()) return 0; diff --git a/src/detect-tls-sni.c b/src/detect-tls-sni.c index 969b9d78ab..ddc1706061 100644 --- a/src/detect-tls-sni.c +++ b/src/detect-tls-sni.c @@ -99,12 +99,17 @@ void DetectTlsSniRegister(void) * \param s Pointer to the Signature to which the current keyword belongs * \param str Should hold an empty string always * - * \retval 0 On success + * \retval 0 On success + * \retval -1 On failure */ static int DetectTlsSniSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) { - DetectBufferSetActiveList(s, g_tls_sni_buffer_id); - s->alproto = ALPROTO_TLS; + if (DetectBufferSetActiveList(s, g_tls_sni_buffer_id) < 0) + return -1; + + if (DetectSignatureSetAppProto(s, ALPROTO_TLS) < 0) + return -1; + return 0; }