From: Philippe Antoine Date: Thu, 9 Jun 2022 19:00:34 +0000 (+0200) Subject: detect: use generic integer functions for snmp.version X-Git-Tag: suricata-7.0.0-beta1~389 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2817f1a6ed2be762631617d3f4cef9b744c84472;p=thirdparty%2Fsuricata.git detect: use generic integer functions for snmp.version Ticket: #4112 --- diff --git a/src/detect-snmp-version.c b/src/detect-snmp-version.c index 0212007589..56c7ca398f 100644 --- a/src/detect-snmp-version.c +++ b/src/detect-snmp-version.c @@ -28,29 +28,11 @@ #include "detect-engine.h" #include "detect-engine-content-inspection.h" #include "detect-snmp-version.h" +#include "detect-engine-uint.h" #include "app-layer-parser.h" #include "rust.h" -/** - * [snmp.version]:[<|>|<=|>=]; - */ -#define PARSE_REGEX "^\\s*(<=|>=|<|>)?\\s*([0-9]+)\\s*$" -static DetectParseRegex parse_regex; - -enum DetectSNMPVersionMode { - PROCEDURE_EQ = 1, /* equal */ - PROCEDURE_LT, /* less than */ - PROCEDURE_LE, /* less than or equal */ - PROCEDURE_GT, /* greater than */ - PROCEDURE_GE, /* greater than or equal */ -}; - -typedef struct DetectSNMPVersionData_ { - uint32_t version; - enum DetectSNMPVersionMode mode; -} DetectSNMPVersionData; -static DetectSNMPVersionData *DetectSNMPVersionParse (const char *); static int DetectSNMPVersionSetup (DetectEngineCtx *, Signature *s, const char *str); static void DetectSNMPVersionFree(DetectEngineCtx *, void *); #ifdef UNITTESTS @@ -82,8 +64,6 @@ void DetectSNMPVersionRegister (void) sigmatch_table[DETECT_AL_SNMP_VERSION].RegisterTests = DetectSNMPVersionRegisterTests; #endif - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectSNMPRequestGeneric, NULL); @@ -101,35 +81,6 @@ static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); } -static inline int -VersionMatch(const uint32_t version, - enum DetectSNMPVersionMode mode, uint32_t ref_version) -{ - switch (mode) { - case PROCEDURE_EQ: - if (version == ref_version) - SCReturnInt(1); - break; - case PROCEDURE_LT: - if (version < ref_version) - SCReturnInt(1); - break; - case PROCEDURE_LE: - if (version <= ref_version) - SCReturnInt(1); - break; - case PROCEDURE_GT: - if (version > ref_version) - SCReturnInt(1); - break; - case PROCEDURE_GE: - if (version >= ref_version) - SCReturnInt(1); - break; - } - SCReturnInt(0); -} - /** * \internal * \brief Function to match version of a TX @@ -141,7 +92,7 @@ VersionMatch(const uint32_t version, * \param state App layer state. * \param s Pointer to the Signature. * \param m Pointer to the sigmatch that we will cast into - * DetectSNMPVersionData. + * DetectU32Data. * * \retval 0 no match. * \retval 1 match. @@ -153,12 +104,11 @@ static int DetectSNMPVersionMatch (DetectEngineThreadCtx *det_ctx, { SCEnter(); - const DetectSNMPVersionData *dd = (const DetectSNMPVersionData *)ctx; + const DetectU32Data *dd = (const DetectU32Data *)ctx; uint32_t version; rs_snmp_tx_get_version(txv, &version); - SCLogDebug("version %u mode %u ref_version %d", - version, dd->mode, dd->version); - if (VersionMatch(version, dd->mode, dd->version)) + SCLogDebug("version %u mode %u ref_version %d", version, dd->mode, dd->arg1); + if (DetectU32Match(version, dd)) SCReturnInt(1); SCReturnInt(0); } @@ -169,72 +119,12 @@ static int DetectSNMPVersionMatch (DetectEngineThreadCtx *det_ctx, * * \param rawstr Pointer to the user provided options. * - * \retval dd pointer to DetectSNMPVersionData on success. + * \retval dd pointer to DetectU32Data on success. * \retval NULL on failure. */ -static DetectSNMPVersionData *DetectSNMPVersionParse (const char *rawstr) +static DetectU32Data *DetectSNMPVersionParse(const char *rawstr) { - DetectSNMPVersionData *dd = NULL; - int ret = 0, res = 0; - size_t pcre2len; - char mode[2] = ""; - char value1[20] = ""; - char *endptr = NULL; - - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); - if (ret < 3 || ret > 5) { - SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr); - goto error; - } - - pcre2len = sizeof(mode); - res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); - if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); - goto error; - } - - pcre2len = sizeof(value1); - res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len); - if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); - goto error; - } - - dd = SCCalloc(1, sizeof(DetectSNMPVersionData)); - if (unlikely(dd == NULL)) - goto error; - - if (strlen(mode) == 1) { - if (mode[0] == '<') - dd->mode = PROCEDURE_LT; - else if (mode[0] == '>') - dd->mode = PROCEDURE_GT; - } else if (strlen(mode) == 2) { - if (strcmp(mode, "<=") == 0) - dd->mode = PROCEDURE_LE; - if (strcmp(mode, ">=") == 0) - dd->mode = PROCEDURE_GE; - } - - if (dd->mode == 0) { - dd->mode = PROCEDURE_EQ; - } - - /* set the first value */ - dd->version = strtoul(value1, &endptr, 10); - if (endptr == NULL || *endptr != '\0') { - SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid character as arg " - "to snmp.version keyword"); - goto error; - } - - return dd; - -error: - if (dd) - SCFree(dd); - return NULL; + return DetectU32Parse(rawstr); } @@ -253,7 +143,7 @@ error: static int DetectSNMPVersionSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr) { - DetectSNMPVersionData *dd = NULL; + DetectU32Data *dd = NULL; SigMatch *sm = NULL; if (DetectSignatureSetAppProto(s, ALPROTO_SNMP) != 0) @@ -274,7 +164,7 @@ static int DetectSNMPVersionSetup (DetectEngineCtx *de_ctx, Signature *s, sm->type = DETECT_AL_SNMP_VERSION; sm->ctx = (void *)dd; - SCLogDebug("snmp.version %d", dd->version); + SCLogDebug("snmp.version %d", dd->arg1); SigMatchAppendSMToList(s, sm, g_snmp_version_buffer_id); return 0; @@ -285,13 +175,13 @@ error: /** * \internal - * \brief Function to free memory associated with DetectSNMPVersionData. + * \brief Function to free memory associated with DetectU32Data. * - * \param de_ptr Pointer to DetectSNMPVersionData. + * \param de_ptr Pointer to DetectU32Data. */ static void DetectSNMPVersionFree(DetectEngineCtx *de_ctx, void *ptr) { - SCFree(ptr); + rs_detect_u32_free(ptr); } diff --git a/src/tests/detect-snmp-version.c b/src/tests/detect-snmp-version.c index 052dc2d0b9..5da24b1b87 100644 --- a/src/tests/detect-snmp-version.c +++ b/src/tests/detect-snmp-version.c @@ -26,10 +26,10 @@ */ static int SNMPValidityTestParse01 (void) { - DetectSNMPVersionData *dd = NULL; + DetectU32Data *dd = NULL; dd = DetectSNMPVersionParse("2"); FAIL_IF_NULL(dd); - FAIL_IF_NOT(dd->version == 2 && dd->mode == PROCEDURE_EQ); + FAIL_IF_NOT(dd->arg1 == 2 && dd->mode == DETECT_UINT_EQ); DetectSNMPVersionFree(NULL, dd); PASS; } @@ -42,10 +42,10 @@ static int SNMPValidityTestParse01 (void) */ static int SNMPValidityTestParse02 (void) { - DetectSNMPVersionData *dd = NULL; + DetectU32Data *dd = NULL; dd = DetectSNMPVersionParse(">2"); FAIL_IF_NULL(dd); - FAIL_IF_NOT(dd->version == 2 && dd->mode == PROCEDURE_GT); + FAIL_IF_NOT(dd->arg1 == 2 && dd->mode == DETECT_UINT_GT); DetectSNMPVersionFree(NULL, dd); PASS; }