From: Philippe Antoine Date: Thu, 6 May 2021 07:25:49 +0000 (+0200) Subject: detect: use u32 for InspectionBufferMultipleForList X-Git-Tag: suricata-6.0.3~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=234cafdcfe84f2d83c4e08244e78fe656af525d1;p=thirdparty%2Fsuricata.git detect: use u32 for InspectionBufferMultipleForList So that we do not have an endless loop casting index to u16 and having more than 65536 buffers in one transaction Changes for all protocols, even ones where it is impossible to have such a pattern, so as to avoid bad pattern copy/paste in the future (cherry picked from commit 7d0a39412bb451443a4e19e6571ab86a0583214c) --- diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 89f32e8e67..1762182a04 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -914,7 +914,7 @@ pub extern "C" fn rs_dns_state_get_tx_data( #[no_mangle] pub extern "C" fn rs_dns_tx_get_query_name(tx: &mut DNSTransaction, - i: u16, + i: u32, buf: *mut *const u8, len: *mut u32) -> u8 diff --git a/rust/src/krb/detect.rs b/rust/src/krb/detect.rs index 127903d734..aa451782b8 100644 --- a/rust/src/krb/detect.rs +++ b/rust/src/krb/detect.rs @@ -43,7 +43,7 @@ pub unsafe extern "C" fn rs_krb5_tx_get_errcode(tx: &mut KRB5Transaction, #[no_mangle] pub unsafe extern "C" fn rs_krb5_tx_get_cname(tx: &mut KRB5Transaction, - i: u16, + i: u32, buffer: *mut *const u8, buffer_len: *mut u32) -> u8 @@ -61,7 +61,7 @@ pub unsafe extern "C" fn rs_krb5_tx_get_cname(tx: &mut KRB5Transaction, #[no_mangle] pub unsafe extern "C" fn rs_krb5_tx_get_sname(tx: &mut KRB5Transaction, - i: u16, + i: u32, buffer: *mut *const u8, buffer_len: *mut u32) -> u8 diff --git a/rust/src/mqtt/detect.rs b/rust/src/mqtt/detect.rs index 2e02bdffab..fc8c297797 100644 --- a/rust/src/mqtt/detect.rs +++ b/rust/src/mqtt/detect.rs @@ -353,7 +353,7 @@ pub extern "C" fn rs_mqtt_tx_get_publish_message( #[no_mangle] pub extern "C" fn rs_mqtt_tx_get_subscribe_topic(tx: &MQTTTransaction, - i: u16, + i: u32, buf: *mut *const u8, len: *mut u32) -> u8 @@ -386,7 +386,7 @@ pub extern "C" fn rs_mqtt_tx_get_subscribe_topic(tx: &MQTTTransaction, #[no_mangle] pub extern "C" fn rs_mqtt_tx_get_unsubscribe_topic(tx: &MQTTTransaction, - i: u16, + i: u32, buf: *mut *const u8, len: *mut u32) -> u8 @@ -607,4 +607,4 @@ mod test { r = rs_mqtt_tx_get_subscribe_topic(&t, 4, &mut s, &mut slen); assert_eq!(r, 0); } -} \ No newline at end of file +} diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index 016d35fede..c8798fa651 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -68,7 +68,7 @@ static void DetectDnsQueryRegisterTests(void); static int g_dns_query_buffer_id = 0; struct DnsQueryGetDataArgs { - int local_id; /**< used as index into thread inspect array */ + uint32_t local_id; /**< used as index into thread inspect array */ void *txv; }; @@ -87,8 +87,7 @@ static InspectionBuffer *DnsQueryGetData(DetectEngineThreadCtx *det_ctx, const uint8_t *data; uint32_t data_len; - if (rs_dns_tx_get_query_name(cbdata->txv, (uint16_t)cbdata->local_id, - &data, &data_len) == 0) { + if (rs_dns_tx_get_query_name(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) { return NULL; } InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); @@ -103,7 +102,7 @@ static int DetectEngineInspectDnsQuery( const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { - int local_id = 0; + uint32_t local_id = 0; const DetectEngineTransforms *transforms = NULL; if (!engine->mpm) { @@ -160,7 +159,7 @@ static void PrefilterTxDnsQuery(DetectEngineThreadCtx *det_ctx, const MpmCtx *mpm_ctx = ctx->mpm_ctx; const int list_id = ctx->list_id; - int local_id = 0; + uint32_t local_id = 0; while(1) { // loop until we get a NULL diff --git a/src/detect-engine-mpm.h b/src/detect-engine-mpm.h index 4751808474..e9ed4078cc 100644 --- a/src/detect-engine-mpm.h +++ b/src/detect-engine-mpm.h @@ -125,7 +125,7 @@ typedef struct PrefilterMpmListId { } PrefilterMpmListId; struct MpmListIdDataArgs { - int local_id; /**< used as index into thread inspect array */ + uint32_t local_id; /**< used as index into thread inspect array */ void *txv; }; diff --git a/src/detect-http2.c b/src/detect-http2.c index c8bc096bb6..11846af5bc 100644 --- a/src/detect-http2.c +++ b/src/detect-http2.c @@ -703,7 +703,7 @@ static InspectionBuffer *GetHttp2HNameData(DetectEngineThreadCtx *det_ctx, uint32_t b_len = 0; const uint8_t *b = NULL; - if (rs_http2_tx_get_header_name(cbdata->txv, flags, (uint32_t)cbdata->local_id, &b, &b_len) != 1) + if (rs_http2_tx_get_header_name(cbdata->txv, flags, cbdata->local_id, &b, &b_len) != 1) return NULL; if (b == NULL || b_len == 0) return NULL; @@ -725,7 +725,7 @@ static void PrefilterTxHttp2HName(DetectEngineThreadCtx *det_ctx, const MpmCtx *mpm_ctx = ctx->mpm_ctx; const int list_id = ctx->list_id; - int local_id = 0; + uint32_t local_id = 0; while(1) { // loop until we get a NULL @@ -769,7 +769,7 @@ static int DetectEngineInspectHttp2HeaderName( const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { - int local_id = 0; + uint32_t local_id = 0; const DetectEngineTransforms *transforms = NULL; if (!engine->mpm) { @@ -837,7 +837,7 @@ static InspectionBuffer *GetHttp2HeaderData(DetectEngineThreadCtx *det_ctx, uint32_t b_len = 0; const uint8_t *b = NULL; - if (rs_http2_tx_get_header(cbdata->txv, flags, (uint32_t)cbdata->local_id, &b, &b_len) != 1) + if (rs_http2_tx_get_header(cbdata->txv, flags, cbdata->local_id, &b, &b_len) != 1) return NULL; if (b == NULL || b_len == 0) return NULL; @@ -859,7 +859,7 @@ static void PrefilterTxHttp2Header(DetectEngineThreadCtx *det_ctx, const MpmCtx *mpm_ctx = ctx->mpm_ctx; const int list_id = ctx->list_id; - int local_id = 0; + uint32_t local_id = 0; while(1) { // loop until we get a NULL @@ -902,7 +902,7 @@ static int DetectEngineInspectHttp2Header( const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { - int local_id = 0; + uint32_t local_id = 0; const DetectEngineTransforms *transforms = NULL; if (!engine->mpm) { diff --git a/src/detect-krb5-cname.c b/src/detect-krb5-cname.c index e7ca0fe84a..3a71aaf5b4 100644 --- a/src/detect-krb5-cname.c +++ b/src/detect-krb5-cname.c @@ -39,7 +39,7 @@ static int g_krb5_cname_buffer_id = 0; struct Krb5PrincipalNameDataArgs { - int local_id; /**< used as index into thread inspect array */ + uint32_t local_id; /**< used as index into thread inspect array */ void *txv; }; @@ -71,7 +71,7 @@ static InspectionBuffer *GetKrb5CNameData(DetectEngineThreadCtx *det_ctx, uint32_t b_len = 0; const uint8_t *b = NULL; - if (rs_krb5_tx_get_cname(cbdata->txv, (uint16_t)cbdata->local_id, &b, &b_len) != 1) + if (rs_krb5_tx_get_cname(cbdata->txv, cbdata->local_id, &b, &b_len) != 1) return NULL; if (b == NULL || b_len == 0) return NULL; @@ -88,7 +88,7 @@ static int DetectEngineInspectKrb5CName( const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { - int local_id = 0; + uint32_t local_id = 0; const DetectEngineTransforms *transforms = NULL; if (!engine->mpm) { @@ -147,7 +147,7 @@ static void PrefilterTxKrb5CName(DetectEngineThreadCtx *det_ctx, const MpmCtx *mpm_ctx = ctx->mpm_ctx; const int list_id = ctx->list_id; - int local_id = 0; + uint32_t local_id = 0; while(1) { // loop until we get a NULL diff --git a/src/detect-krb5-sname.c b/src/detect-krb5-sname.c index fd33bb49bf..0ae6cf2097 100644 --- a/src/detect-krb5-sname.c +++ b/src/detect-krb5-sname.c @@ -39,7 +39,7 @@ static int g_krb5_sname_buffer_id = 0; struct Krb5PrincipalNameDataArgs { - int local_id; /**< used as index into thread inspect array */ + uint32_t local_id; /**< used as index into thread inspect array */ void *txv; }; @@ -71,7 +71,7 @@ static InspectionBuffer *GetKrb5SNameData(DetectEngineThreadCtx *det_ctx, uint32_t b_len = 0; const uint8_t *b = NULL; - if (rs_krb5_tx_get_sname(cbdata->txv, (uint16_t)cbdata->local_id, &b, &b_len) != 1) + if (rs_krb5_tx_get_sname(cbdata->txv, cbdata->local_id, &b, &b_len) != 1) return NULL; if (b == NULL || b_len == 0) return NULL; @@ -88,7 +88,7 @@ static int DetectEngineInspectKrb5SName( const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { - int local_id = 0; + uint32_t local_id = 0; const DetectEngineTransforms *transforms = NULL; if (!engine->mpm) { @@ -147,7 +147,7 @@ static void PrefilterTxKrb5SName(DetectEngineThreadCtx *det_ctx, const MpmCtx *mpm_ctx = ctx->mpm_ctx; const int list_id = ctx->list_id; - int local_id = 0; + uint32_t local_id = 0; while(1) { // loop until we get a NULL diff --git a/src/detect-mqtt-subscribe-topic.c b/src/detect-mqtt-subscribe-topic.c index 57ab2c4c03..25b4188cb0 100644 --- a/src/detect-mqtt-subscribe-topic.c +++ b/src/detect-mqtt-subscribe-topic.c @@ -59,7 +59,7 @@ static int DetectMQTTSubscribeTopicSetup(DetectEngineCtx *, Signature *, const c static int g_mqtt_subscribe_topic_buffer_id = 0; struct MQTTSubscribeTopicGetDataArgs { - int local_id; + uint32_t local_id; void *txv; }; @@ -78,8 +78,7 @@ static InspectionBuffer *MQTTSubscribeTopicGetData(DetectEngineThreadCtx *det_ct const uint8_t *data; uint32_t data_len; - if (rs_mqtt_tx_get_subscribe_topic(cbdata->txv, (uint16_t)cbdata->local_id, - &data, &data_len) == 0) { + if (rs_mqtt_tx_get_subscribe_topic(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) { return NULL; } @@ -95,7 +94,7 @@ static int DetectEngineInspectMQTTSubscribeTopic( const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { - int local_id = 0; + uint32_t local_id = 0; const DetectEngineTransforms *transforms = NULL; if (!engine->mpm) { @@ -152,7 +151,7 @@ static void PrefilterTxMQTTSubscribeTopic(DetectEngineThreadCtx *det_ctx, const MpmCtx *mpm_ctx = ctx->mpm_ctx; const int list_id = ctx->list_id; - int local_id = 0; + uint32_t local_id = 0; while(1) { struct MQTTSubscribeTopicGetDataArgs cbdata = { local_id, txv }; InspectionBuffer *buffer = MQTTSubscribeTopicGetData(det_ctx, ctx->transforms, diff --git a/src/detect-mqtt-unsubscribe-topic.c b/src/detect-mqtt-unsubscribe-topic.c index 307f843ea4..c4b9806ccf 100644 --- a/src/detect-mqtt-unsubscribe-topic.c +++ b/src/detect-mqtt-unsubscribe-topic.c @@ -59,7 +59,7 @@ static int DetectMQTTUnsubscribeTopicSetup(DetectEngineCtx *, Signature *, const static int g_mqtt_unsubscribe_topic_buffer_id = 0; struct MQTTUnsubscribeTopicGetDataArgs { - int local_id; + uint32_t local_id; void *txv; }; @@ -78,8 +78,7 @@ static InspectionBuffer *MQTTUnsubscribeTopicGetData(DetectEngineThreadCtx *det_ const uint8_t *data; uint32_t data_len; - if (rs_mqtt_tx_get_unsubscribe_topic(cbdata->txv, (uint16_t)cbdata->local_id, - &data, &data_len) == 0) { + if (rs_mqtt_tx_get_unsubscribe_topic(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) { return NULL; } @@ -95,7 +94,7 @@ static int DetectEngineInspectMQTTUnsubscribeTopic( const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { - int local_id = 0; + uint32_t local_id = 0; const DetectEngineTransforms *transforms = NULL; if (!engine->mpm) { @@ -152,7 +151,7 @@ static void PrefilterTxMQTTUnsubscribeTopic(DetectEngineThreadCtx *det_ctx, const MpmCtx *mpm_ctx = ctx->mpm_ctx; const int list_id = ctx->list_id; - int local_id = 0; + uint32_t local_id = 0; while(1) { struct MQTTUnsubscribeTopicGetDataArgs cbdata = { local_id, txv }; InspectionBuffer *buffer = MQTTUnsubscribeTopicGetData(det_ctx, ctx->transforms, diff --git a/src/detect-tls-certs.c b/src/detect-tls-certs.c index 5eb7be2898..92fb088407 100644 --- a/src/detect-tls-certs.c +++ b/src/detect-tls-certs.c @@ -71,7 +71,7 @@ static int PrefilterMpmTlsCertsRegister(DetectEngineCtx *de_ctx, static int g_tls_certs_buffer_id = 0; struct TlsCertsGetDataArgs { - int local_id; /**< used as index into thread inspect array */ + uint32_t local_id; /**< used as index into thread inspect array */ SSLCertsChain *cert; };