From: Russ Combs Date: Thu, 8 Dec 2016 13:45:02 +0000 (-0500) Subject: cppcheck cleanup X-Git-Tag: 3.0.0-233~151 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2add961acf91e15397703ccbe9c48bfb0d556418;p=thirdparty%2Fsnort3.git cppcheck cleanup --- diff --git a/ChangeLog b/ChangeLog index 7d7212133..57988fc1d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,7 +14,7 @@ -- add alternate fast patterns for dce_udp endianness -- removed underscores from all peg counts -- document sensitive data use --- user manual refactoring and updages +-- user manual refactoring and updates 16/11/21 - build 219 diff --git a/extra/src/inspectors/http_server/hi_server.cc b/extra/src/inspectors/http_server/hi_server.cc index 7f540a538..ecbe6a91a 100644 --- a/extra/src/inspectors/http_server/hi_server.cc +++ b/extra/src/inspectors/http_server/hi_server.cc @@ -256,13 +256,13 @@ static inline int hi_server_extract_status_msg(const u_char* start, const u_char { const u_char* crlf = (u_char*)SnortStrnStr((const char*)ptr, end - ptr, "\n"); result->uri = ptr; + if (crlf) { if (crlf[-1] == '\r') result->uri_end = crlf - 1; else result->uri_end = crlf; - ptr = crlf; } else { diff --git a/extra/src/inspectors/http_server/ips_http_header.cc b/extra/src/inspectors/http_server/ips_http_header.cc index 35d01479e..4c93d4e83 100644 --- a/extra/src/inspectors/http_server/ips_http_header.cc +++ b/extra/src/inspectors/http_server/ips_http_header.cc @@ -130,7 +130,7 @@ bool HttpHeaderOption::operator==(const IpsOption& ips) const return ( hdr_name == rhs.hdr_name ); } -static bool find( +static bool find_hdr( const string& s, const InspectionBuffer& b, Cursor& c) { const char* h = s.c_str(); @@ -201,7 +201,7 @@ int HttpHeaderOption::eval(Cursor& c, Packet* p) return DETECTION_OPTION_MATCH; } - if ( find(hdr_name, hb, c) ) + if ( find_hdr(hdr_name, hb, c) ) return DETECTION_OPTION_MATCH; return DETECTION_OPTION_NO_MATCH; diff --git a/extra/src/search_engines/lowmem/sfksearch.cc b/extra/src/search_engines/lowmem/sfksearch.cc index 8fe692b1e..b2d759162 100644 --- a/extra/src/search_engines/lowmem/sfksearch.cc +++ b/extra/src/search_engines/lowmem/sfksearch.cc @@ -705,7 +705,7 @@ int match(unsigned id, int index, void* context) { trie_nmatches++; data = context; - printf("id=%d found at index=%d, %s\n",id,index,gargv[id]); + printf("id=%u found at index=%d, %s\n", id, index, gargv[id]); return 0; } diff --git a/src/framework/lua_api.h b/src/framework/lua_api.h index 32cd56a14..541e39fe0 100644 --- a/src/framework/lua_api.h +++ b/src/framework/lua_api.h @@ -35,8 +35,6 @@ public: std::string name; std::string chunk; - static const char* type; - protected: LuaApi(std::string& s, std::string& c) { diff --git a/src/hash/sfxhash.cc b/src/hash/sfxhash.cc index 5c82f488a..c692885ac 100644 --- a/src/hash/sfxhash.cc +++ b/src/hash/sfxhash.cc @@ -1281,7 +1281,7 @@ int main(int argc, char** argv) n != 0; n = sfxhash_findnext(t) ) { - printf("hash-findfirst/next: n=%x, key=%s, data=%s\n", n, n->key, n->data); + printf("hash-findfirst/next: n=%p, key=%s, data=%s\n", n, n->key, n->data); /* remove node we are looking at, this is first/next safe. diff --git a/src/ips_options/ips_hash.cc b/src/ips_options/ips_hash.cc index 8145b24c9..adcc25b8a 100644 --- a/src/ips_options/ips_hash.cc +++ b/src/ips_options/ips_hash.cc @@ -311,6 +311,7 @@ HashMatchData* HashModule::get_data() bool HashModule::begin(const char*, int, SnortConfig*) { + assert(!hmd); hmd = new HashMatchData; return true; } diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc index e6c8cadd2..05909815f 100644 --- a/src/managers/module_manager.cc +++ b/src/managers/module_manager.cc @@ -662,7 +662,7 @@ SO_PUBLIC bool open_table(const char* s, int idx) return false; // FIXIT-M only basic modules and inspectors can be reloaded at present - if ( Snort::is_reloading() && h && h->api && h->api->type != PT_INSPECTOR ) + if ( Snort::is_reloading() and h->api and h->api->type != PT_INSPECTOR ) return false; Module* m = h->mod; diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc index c774f083d..3cc93775a 100644 --- a/src/network_inspectors/appid/appid_inspector.cc +++ b/src/network_inspectors/appid/appid_inspector.cc @@ -82,6 +82,7 @@ AppIdInspector::~AppIdInspector() bool AppIdInspector::configure(SnortConfig*) { + assert(!active_config); active_config = new AppIdConfig( ( AppIdModuleConfig* )config); get_data_bus().subscribe(HTTP_REQUEST_HEADER_EVENT_KEY, new HttpEventHandler(HttpEventHandler::REQUEST_EVENT)); diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index 836045f10..d8ba53114 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -247,9 +247,9 @@ AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const S { sfip_ntop(cliIp, src_ip, sizeof(src_ip)); sfip_ntop(srvIp, dst_ip, sizeof(dst_ip)); - LogMessage("AppIdDbg %s related flow %s for %s-%u -> %s-%u %u\n", - asd->session_logging_id, asd ? "created" : "creation failed", - src_ip, (unsigned)cliPort, dst_ip, (unsigned)srvPort, (unsigned)proto); + LogMessage("AppIdDbg %s related flow created for %s-%u -> %s-%u %u\n", + asd->session_logging_id, + src_ip, (unsigned)cliPort, dst_ip, (unsigned)srvPort, (unsigned)proto); } asd->in_expected_cache = true; diff --git a/src/network_inspectors/appid/detector_plugins/detector_http.cc b/src/network_inspectors/appid/detector_plugins/detector_http.cc index 39dd392a3..35bb199b6 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_http.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_http.cc @@ -1939,19 +1939,18 @@ AppId get_appid_from_url(char* host, char* url, char** version, char* referer, A snort_free(temp_host); /* if referred_id feature id disabled, referer will be null */ - if (referer && (!payload_found || AppInfoManager::get_instance().get_app_info_flags(data->payload_id, APPINFO_FLAG_REFERRED))) + if (referer && (!payload_found || + AppInfoManager::get_instance().get_app_info_flags(data->payload_id, APPINFO_FLAG_REFERRED))) { referer_start = referer; char* referer_offset = (char*)service_strstr((uint8_t*)referer_start, URL_SCHEME_MAX_LEN, (uint8_t*)URL_SCHEME_END_PATTERN, sizeof(URL_SCHEME_END_PATTERN)-1); - if (referer_offset) - { - referer_offset += sizeof(URL_SCHEME_END_PATTERN)-1; - } - else + + if ( !referer_offset ) return 0; + referer_offset += sizeof(URL_SCHEME_END_PATTERN)-1; referer_start = referer_offset; referer_len = strlen(referer_start); referer_path = strchr(referer_start, '/'); @@ -1967,7 +1966,7 @@ AppId get_appid_from_url(char* host, char* url, char** version, char* referer, A referer_path_len = 1; } - if (referer_start && referer_len > 0) + if ( referer_len > 0 ) { data = nullptr; patterns[0].pattern = (uint8_t*)referer_start; diff --git a/src/network_inspectors/port_scan/ps_module.cc b/src/network_inspectors/port_scan/ps_module.cc index 745e18f7f..5814ebbed 100644 --- a/src/network_inspectors/port_scan/ps_module.cc +++ b/src/network_inspectors/port_scan/ps_module.cc @@ -186,6 +186,7 @@ bool PortScanModule::set(const char*, Value& v, SnortConfig*) bool PortScanModule::begin(const char*, int, SnortConfig*) { + assert(!config); config = new PortscanConfig; return true; } @@ -226,6 +227,7 @@ ProfileStats* PortScanGlobalModule::get_profile() const bool PortScanGlobalModule::begin(const char*, int, SnortConfig*) { + assert(!common); common = new PsCommon; common->memcap = 1048576; return true; diff --git a/src/network_inspectors/reputation/reputation_module.cc b/src/network_inspectors/reputation/reputation_module.cc index 403f2c6bf..852732049 100644 --- a/src/network_inspectors/reputation/reputation_module.cc +++ b/src/network_inspectors/reputation/reputation_module.cc @@ -84,9 +84,7 @@ ReputationModule::ReputationModule() : Module(REPUTATION_NAME, REPUTATION_HELP, ReputationModule::~ReputationModule() { if ( conf ) - { delete conf; - } } const RuleMap* ReputationModule::get_rules() const @@ -139,8 +137,8 @@ ReputationConfig* ReputationModule::get_data() bool ReputationModule::begin(const char*, int, SnortConfig*) { + assert(!conf); conf = new ReputationConfig; - return true; } diff --git a/src/ports/port_object2.cc b/src/ports/port_object2.cc index 6b2fe6004..511383051 100644 --- a/src/ports/port_object2.cc +++ b/src/ports/port_object2.cc @@ -54,12 +54,13 @@ * swap on big endian hardware */ #ifdef WORDS_BIGENDIAN #define SWAP_BYTES(a) \ + a = \ ((((uint32_t)(a) & 0xFF000000) >> 24) | \ (((uint32_t)(a) & 0x00FF0000) >> 8) | \ (((uint32_t)(a) & 0x0000FF00) << 8) | \ (((uint32_t)(a) & 0x000000FF) << 24)) #else -#define SWAP_BYTES(a) (a) +#define SWAP_BYTES(a) #endif static unsigned po_rule_hash_func(SFHASHFCN* p, unsigned char* k, int n) @@ -70,7 +71,7 @@ static unsigned po_rule_hash_func(SFHASHFCN* p, unsigned char* k, int n) /* Since the input is really an int, put the bytes into a normalized * order so that the hash function returns consistent results across * on BE & LE hardware. */ - ikey = SWAP_BYTES(ikey); + SWAP_BYTES(ikey); /* Set a pointer to the key to pass to the hashing function */ key = (unsigned char*)&ikey; diff --git a/src/service_inspectors/dce_rpc/dce_smb2.cc b/src/service_inspectors/dce_rpc/dce_smb2.cc index 93a10f528..4d79d44cb 100644 --- a/src/service_inspectors/dce_rpc/dce_smb2.cc +++ b/src/service_inspectors/dce_rpc/dce_smb2.cc @@ -836,13 +836,15 @@ DCE2_Ret DCE2_Smb2InitFileTracker(DCE2_SmbFileTracker* ftracker, DCE2_SmbVersion DCE2_Smb2Version(const Packet* p) { /* Only check reassembled SMB2 packet*/ - if (p->has_paf_payload() && - (p->dsize > sizeof(NbssHdr) + sizeof(DCE2_SMB_ID))) + if ( p->has_paf_payload() and + (p->dsize > sizeof(NbssHdr) + 4) ) // DCE2_SMB_ID is u32 { Smb2Hdr* smb_hdr = (Smb2Hdr*)(p->data + sizeof(NbssHdr)); uint32_t smb_version_id = SmbId((SmbNtHdr*)smb_hdr); + if (smb_version_id == DCE2_SMB_ID) return DCE2_SMB_VERISON_1; + else if (smb_version_id == DCE2_SMB2_ID) return DCE2_SMB_VERISON_2; } diff --git a/src/service_inspectors/dce_rpc/dce_utils.h b/src/service_inspectors/dce_rpc/dce_utils.h index 13b698c9a..86b550fca 100644 --- a/src/service_inspectors/dce_rpc/dce_utils.h +++ b/src/service_inspectors/dce_rpc/dce_utils.h @@ -392,5 +392,5 @@ inline void DCE2_BufferEmpty(DCE2_Buffer* buf) #define DCE2_MOVE(data_ptr, data_len, amount) \ { data_len -= (amount); data_ptr = (uint8_t*)data_ptr + (amount); } -#endif /* _DCE2_UTILS_H_ */ +#endif diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc index 915787636..04a2f7d1c 100644 --- a/src/service_inspectors/dce_rpc/smb_message.cc +++ b/src/service_inspectors/dce_rpc/smb_message.cc @@ -695,7 +695,7 @@ static void DCE2_SmbCheckCommand(DCE2_SmbSsnData* ssd, } // Move just past byte count field which is the end of the command - DCE2_MOVE(nb_ptr, nb_len, com_info.cmd_size); + nb_len -= com_info.cmd_size; // Validate that there is enough data to be able to process the command if (nb_len < DCE2_SmbGetMinByteCount(smb_com, (uint8_t)com_info.smb_type)) diff --git a/src/service_inspectors/dnp3/ips_dnp3_obj.cc b/src/service_inspectors/dnp3/ips_dnp3_obj.cc index 910315a73..6143148e9 100644 --- a/src/service_inspectors/dnp3/ips_dnp3_obj.cc +++ b/src/service_inspectors/dnp3/ips_dnp3_obj.cc @@ -42,7 +42,8 @@ static THREAD_LOCAL ProfileStats dnp3_obj_perf_stats; -static int dnp3_decode_object(uint8_t* buf, uint16_t buflen, uint8_t rule_group, uint8_t rule_var) +static int dnp3_decode_object( + uint8_t* buf, uint16_t buflen, uint8_t rule_group, uint8_t rule_var) { uint8_t group, var; @@ -56,8 +57,6 @@ static int dnp3_decode_object(uint8_t* buf, uint16_t buflen, uint8_t rule_group, /* Decode var */ var = *buf; - buf++; - buflen--; /* Match the rule option here, quit decoding if we found the right header. */ if ((group == rule_group) && (var == rule_var)) diff --git a/src/service_inspectors/dns/dns.cc b/src/service_inspectors/dns/dns.cc index 734eb396d..14dc1cd88 100644 --- a/src/service_inspectors/dns/dns.cc +++ b/src/service_inspectors/dns/dns.cc @@ -112,14 +112,10 @@ static DNSData* get_dns_session_data(Packet* p, bool from_server) } static uint16_t ParseDNSHeader( - const unsigned char* data, - uint16_t bytes_unused, - DNSData* dnsSessionData) + const unsigned char* data, uint16_t bytes_unused, DNSData* dnsSessionData) { - if (bytes_unused == 0) - { - return bytes_unused; - } + if ( !bytes_unused ) + return 0; switch (dnsSessionData->state) { @@ -128,144 +124,123 @@ static uint16_t ParseDNSHeader( dnsSessionData->length = ((uint8_t)*data) << 8; dnsSessionData->state = DNS_RESP_STATE_LENGTH_PART; data++; - bytes_unused--; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_LENGTH_PART: dnsSessionData->length |= ((uint8_t)*data); dnsSessionData->state = DNS_RESP_STATE_HDR_ID; data++; - bytes_unused--; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_HDR_ID: dnsSessionData->hdr.id = (uint8_t)*data << 8; - data++; - bytes_unused--; dnsSessionData->state = DNS_RESP_STATE_HDR_ID_PART; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_HDR_ID_PART: dnsSessionData->hdr.id |= (uint8_t)*data; - data++; - bytes_unused--; dnsSessionData->state = DNS_RESP_STATE_HDR_FLAGS; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_HDR_FLAGS: dnsSessionData->hdr.flags = (uint8_t)*data << 8; - data++; - bytes_unused--; dnsSessionData->state = DNS_RESP_STATE_HDR_FLAGS_PART; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_HDR_FLAGS_PART: dnsSessionData->hdr.flags |= (uint8_t)*data; - data++; - bytes_unused--; dnsSessionData->state = DNS_RESP_STATE_HDR_QS; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_HDR_QS: dnsSessionData->hdr.questions = (uint8_t)*data << 8; - data++; - bytes_unused--; dnsSessionData->state = DNS_RESP_STATE_HDR_QS_PART; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_HDR_QS_PART: dnsSessionData->hdr.questions |= (uint8_t)*data; - data++; - bytes_unused--; dnsSessionData->state = DNS_RESP_STATE_HDR_ANSS; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_HDR_ANSS: dnsSessionData->hdr.answers = (uint8_t)*data << 8; - data++; - bytes_unused--; dnsSessionData->state = DNS_RESP_STATE_HDR_ANSS_PART; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_HDR_ANSS_PART: dnsSessionData->hdr.answers |= (uint8_t)*data; - data++; - bytes_unused--; dnsSessionData->state = DNS_RESP_STATE_HDR_AUTHS; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_HDR_AUTHS: dnsSessionData->hdr.authorities = (uint8_t)*data << 8; - data++; - bytes_unused--; dnsSessionData->state = DNS_RESP_STATE_HDR_AUTHS_PART; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_HDR_AUTHS_PART: dnsSessionData->hdr.authorities |= (uint8_t)*data; - data++; - bytes_unused--; dnsSessionData->state = DNS_RESP_STATE_HDR_ADDS; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_HDR_ADDS: dnsSessionData->hdr.additionals = (uint8_t)*data << 8; - data++; - bytes_unused--; dnsSessionData->state = DNS_RESP_STATE_HDR_ADDS_PART; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_HDR_ADDS_PART: dnsSessionData->hdr.additionals |= (uint8_t)*data; - data++; - bytes_unused--; dnsSessionData->state = DNS_RESP_STATE_QUESTION; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ - default: - /* Continue -- we're beyond the header */ + bytes_unused--; break; } @@ -273,9 +248,7 @@ static uint16_t ParseDNSHeader( } static uint16_t ParseDNSName( - const unsigned char* data, - uint16_t bytes_unused, - DNSData* dnsSessionData) + const unsigned char* data, uint16_t bytes_unused, DNSData* dnsSessionData) { uint16_t bytes_required = dnsSessionData->curr_txt.txt_len - dnsSessionData->curr_txt.txt_bytes_seen; @@ -366,17 +339,13 @@ static uint16_t ParseDNSName( } static uint16_t ParseDNSQuestion( - const unsigned char* data, - uint16_t bytes_unused, - DNSData* dnsSessionData) + const unsigned char* data, uint16_t bytes_unused, DNSData* dnsSessionData) { uint16_t bytes_used = 0; uint16_t new_bytes_unused = 0; - if (bytes_unused == 0) - { - return bytes_unused; - } + if ( !bytes_unused ) + return 0; if (dnsSessionData->curr_rec_state < DNS_RESP_STATE_Q_NAME_COMPLETE) { @@ -390,11 +359,8 @@ static uint16_t ParseDNSQuestion( data = data + bytes_used; bytes_unused = new_bytes_unused; - if (bytes_unused == 0) - { - /* ran out of data */ - return bytes_unused; - } + if ( !bytes_unused ) + return 0; /* ran out of data */ } else { @@ -407,46 +373,35 @@ static uint16_t ParseDNSQuestion( { case DNS_RESP_STATE_Q_TYPE: dnsSessionData->curr_q.type = (uint8_t)*data << 8; - data++; - bytes_unused--; dnsSessionData->curr_rec_state = DNS_RESP_STATE_Q_TYPE_PART; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_Q_TYPE_PART: dnsSessionData->curr_q.type |= (uint8_t)*data; - data++; - bytes_unused--; dnsSessionData->curr_rec_state = DNS_RESP_STATE_Q_CLASS; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_Q_CLASS: dnsSessionData->curr_q.dns_class = (uint8_t)*data << 8; - data++; - bytes_unused--; dnsSessionData->curr_rec_state = DNS_RESP_STATE_Q_CLASS_PART; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_Q_CLASS_PART: dnsSessionData->curr_q.dns_class |= (uint8_t)*data; - data++; - bytes_unused--; dnsSessionData->curr_rec_state = DNS_RESP_STATE_Q_COMPLETE; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ - default: - /* Continue -- we're beyond this question */ + bytes_unused--; break; } @@ -454,17 +409,13 @@ static uint16_t ParseDNSQuestion( } static uint16_t ParseDNSAnswer( - const unsigned char* data, - uint16_t bytes_unused, - DNSData* dnsSessionData) + const unsigned char* data, uint16_t bytes_unused, DNSData* dnsSessionData) { uint16_t bytes_used = 0; uint16_t new_bytes_unused = 0; - if (bytes_unused == 0) - { - return bytes_unused; - } + if ( !bytes_unused ) + return 0; if (dnsSessionData->curr_rec_state < DNS_RESP_STATE_RR_NAME_COMPLETE) { @@ -479,66 +430,58 @@ static uint16_t ParseDNSAnswer( } bytes_unused = new_bytes_unused; - if (bytes_unused == 0) - { - /* ran out of data */ - return bytes_unused; - } + if ( !bytes_unused ) + return 0; /* ran out of data */ } switch (dnsSessionData->curr_rec_state) { case DNS_RESP_STATE_RR_TYPE: dnsSessionData->curr_rr.type = (uint8_t)*data << 8; - data++; - bytes_unused--; dnsSessionData->curr_rec_state = DNS_RESP_STATE_RR_TYPE_PART; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_RR_TYPE_PART: dnsSessionData->curr_rr.type |= (uint8_t)*data; - data++; - bytes_unused--; dnsSessionData->curr_rec_state = DNS_RESP_STATE_RR_CLASS; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_RR_CLASS: dnsSessionData->curr_rr.dns_class = (uint8_t)*data << 8; - data++; - bytes_unused--; dnsSessionData->curr_rec_state = DNS_RESP_STATE_RR_CLASS_PART; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_RR_CLASS_PART: dnsSessionData->curr_rr.dns_class |= (uint8_t)*data; - data++; - bytes_unused--; dnsSessionData->curr_rec_state = DNS_RESP_STATE_RR_TTL; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_RR_TTL: dnsSessionData->curr_rr.ttl = (uint8_t)*data << 24; - data++; - bytes_unused--; dnsSessionData->curr_rec_state = DNS_RESP_STATE_RR_TTL_PART; dnsSessionData->bytes_seen_curr_rec = 1; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_RR_TTL_PART: while (dnsSessionData->bytes_seen_curr_rec < 4) { @@ -546,36 +489,26 @@ static uint16_t ParseDNSAnswer( dnsSessionData->curr_rr.ttl |= (uint8_t)*data << (4-dnsSessionData->bytes_seen_curr_rec)*8; data++; - bytes_unused--; - if (bytes_unused == 0) - { - return bytes_unused; - } + + if ( !--bytes_unused ) + return 0; } dnsSessionData->curr_rec_state = DNS_RESP_STATE_RR_RDLENGTH; - /* Fall through */ + // Fall through + case DNS_RESP_STATE_RR_RDLENGTH: dnsSessionData->curr_rr.length = (uint8_t)*data << 8; - data++; - bytes_unused--; dnsSessionData->curr_rec_state = DNS_RESP_STATE_RR_RDLENGTH_PART; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ + data++; + + if ( !--bytes_unused ) + return 0; + // Fall through + case DNS_RESP_STATE_RR_RDLENGTH_PART: dnsSessionData->curr_rr.length |= (uint8_t)*data; - data++; - bytes_unused--; dnsSessionData->curr_rec_state = DNS_RESP_STATE_RR_RDATA_START; - if (bytes_unused == 0) - { - return bytes_unused; - } - /* Fall through */ - default: - /* Continue -- we're beyond this answer */ + bytes_unused--; break; } diff --git a/src/service_inspectors/ftp_telnet/telnet_module.cc b/src/service_inspectors/ftp_telnet/telnet_module.cc index bba8cf592..68f6440cd 100644 --- a/src/service_inspectors/ftp_telnet/telnet_module.cc +++ b/src/service_inspectors/ftp_telnet/telnet_module.cc @@ -106,6 +106,7 @@ TELNET_PROTO_CONF* TelnetModule::get_data() bool TelnetModule::begin(const char*, int, SnortConfig*) { + assert(!conf); conf = new TELNET_PROTO_CONF; return true; } diff --git a/src/service_inspectors/imap/imap_module.cc b/src/service_inspectors/imap/imap_module.cc index 5c5a3d86b..e3b3e0c1c 100644 --- a/src/service_inspectors/imap/imap_module.cc +++ b/src/service_inspectors/imap/imap_module.cc @@ -132,8 +132,8 @@ IMAP_PROTO_CONF* ImapModule::get_data() bool ImapModule::begin(const char*, int, SnortConfig*) { + assert(!config); config = new IMAP_PROTO_CONF; - return true; } diff --git a/src/service_inspectors/pop/pop_module.cc b/src/service_inspectors/pop/pop_module.cc index 9cc434dbf..4b2362bab 100644 --- a/src/service_inspectors/pop/pop_module.cc +++ b/src/service_inspectors/pop/pop_module.cc @@ -134,8 +134,8 @@ POP_PROTO_CONF* PopModule::get_data() bool PopModule::begin(const char*, int, SnortConfig*) { + assert(!config); config = new POP_PROTO_CONF; - return true; } diff --git a/src/service_inspectors/sip/sip_config.h b/src/service_inspectors/sip/sip_config.h index d6054ae25..52f45da5c 100644 --- a/src/service_inspectors/sip/sip_config.h +++ b/src/service_inspectors/sip/sip_config.h @@ -104,7 +104,7 @@ struct SIP_PROTO_CONF uint16_t maxViaLen; // Maximum Via field size uint16_t maxContactLen; // Maximum Contact field size uint16_t maxContentLen; // Maximum Content length - uint8_t ignoreChannel; // Whether to ignore media channels found by SIP PP + bool ignoreChannel; // Whether to ignore media channels found by SIP PP }; // API to parse method list diff --git a/src/service_inspectors/sip/sip_module.cc b/src/service_inspectors/sip/sip_module.cc index 93eda9918..bb8e1e69d 100644 --- a/src/service_inspectors/sip/sip_module.cc +++ b/src/service_inspectors/sip/sip_module.cc @@ -199,7 +199,7 @@ ProfileStats* SipModule::get_profile() const bool SipModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("ignore_call_channel") ) - conf->ignoreChannel = 1; + conf->ignoreChannel = v.get_bool(); else if ( v.is("max_call_id_len") ) conf->maxCallIdLen = v.get_long(); @@ -249,23 +249,13 @@ SIP_PROTO_CONF* SipModule::get_data() bool SipModule::begin(const char*, int, SnortConfig*) { + assert(!conf); conf = new SIP_PROTO_CONF; - conf->ignoreChannel = 0; - conf->maxNumSessions = 10000; - conf->maxNumDialogsInSession = 4; - conf->maxUriLen = 256; - conf->maxCallIdLen = 256; - conf->maxRequestNameLen = 20; - conf->maxFromLen = 256; - conf->maxToLen = 256; - - conf->maxViaLen = 1024; - conf->maxContactLen = 256; - conf->maxContentLen = 1024; conf->methodsConfig = SIP_METHOD_NULL; conf->methods = NULL; sip_methods = default_methods; + return true; } diff --git a/src/service_inspectors/ssh/ssh.cc b/src/service_inspectors/ssh/ssh.cc index 2bd8fdfe7..d6eacd297 100644 --- a/src/service_inspectors/ssh/ssh.cc +++ b/src/service_inspectors/ssh/ssh.cc @@ -75,26 +75,14 @@ static SSHData* get_session_data(Flow* flow) static void PrintSshConf(SSH_PROTO_CONF* config) { - if (config == NULL) + if ( !config ) return; LogMessage("SSH config: \n"); - LogMessage(" Max Encrypted Packets: %d %s \n", - config->MaxEncryptedPackets, - config->MaxEncryptedPackets - == SSH_DEFAULT_MAX_ENC_PKTS ? - "(Default)" : ""); - LogMessage(" Max Server Version String Length: %d %s \n", - config->MaxServerVersionLen, - config->MaxServerVersionLen - == SSH_DEFAULT_MAX_SERVER_VERSION_LEN ? - "(Default)" : ""); - - LogMessage(" MaxClientBytes: %d %s \n", - config->MaxClientBytes, - config->MaxClientBytes - == SSH_DEFAULT_MAX_CLIENT_BYTES ? - "(Default)" : ""); + + LogMessage(" Max Encrypted Packets: %d\n", config->MaxEncryptedPackets); + LogMessage(" Max Server Version String Length: %d\n", config->MaxServerVersionLen); + LogMessage(" MaxClientBytes: %d\n", config->MaxClientBytes); LogMessage("\n"); } diff --git a/src/service_inspectors/ssh/ssh_config.h b/src/service_inspectors/ssh/ssh_config.h index 8f7252f6a..903b32fc2 100644 --- a/src/service_inspectors/ssh/ssh_config.h +++ b/src/service_inspectors/ssh/ssh_config.h @@ -31,8 +31,4 @@ struct SSH_PROTO_CONF uint16_t MaxServerVersionLen; }; -#define SSH_DEFAULT_MAX_ENC_PKTS 25 -#define SSH_DEFAULT_MAX_CLIENT_BYTES 19600 -#define SSH_DEFAULT_MAX_SERVER_VERSION_LEN 80 - #endif diff --git a/src/service_inspectors/ssh/ssh_module.cc b/src/service_inspectors/ssh/ssh_module.cc index b1f1bc69b..2d9bcb66f 100644 --- a/src/service_inspectors/ssh/ssh_module.cc +++ b/src/service_inspectors/ssh/ssh_module.cc @@ -116,15 +116,8 @@ SSH_PROTO_CONF* SshModule::get_data() bool SshModule::begin(const char*, int, SnortConfig*) { + assert(!conf); conf = new SSH_PROTO_CONF; - conf->MaxClientBytes = SSH_DEFAULT_MAX_CLIENT_BYTES; - conf->MaxEncryptedPackets = SSH_DEFAULT_MAX_ENC_PKTS; - conf->MaxServerVersionLen = SSH_DEFAULT_MAX_SERVER_VERSION_LEN; - return true; -} - -bool SshModule::end(const char*, int, SnortConfig*) -{ return true; } diff --git a/src/service_inspectors/ssh/ssh_module.h b/src/service_inspectors/ssh/ssh_module.h index 5e8aca895..a7b7394da 100644 --- a/src/service_inspectors/ssh/ssh_module.h +++ b/src/service_inspectors/ssh/ssh_module.h @@ -54,7 +54,6 @@ public: bool set(const char*, Value&, SnortConfig*) override; bool begin(const char*, int, SnortConfig*) override; - bool end(const char*, int, SnortConfig*) override; unsigned get_gid() const override { return GID_SSH; } diff --git a/src/service_inspectors/ssl/ssl_module.cc b/src/service_inspectors/ssl/ssl_module.cc index c952dd33d..d6806b495 100644 --- a/src/service_inspectors/ssl/ssl_module.cc +++ b/src/service_inspectors/ssl/ssl_module.cc @@ -84,10 +84,8 @@ ProfileStats* SslModule::get_profile() const bool SslModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("trust_servers") ) - { - if (v.get_bool()) - conf->trustservers = true; - } + conf->trustservers = v.get_bool(); + else if ( v.is("max_heartbeat_length") ) conf->max_heartbeat_len = v.get_long(); @@ -106,9 +104,8 @@ SSL_PROTO_CONF* SslModule::get_data() bool SslModule::begin(const char*, int, SnortConfig*) { + assert(!conf); conf = new SSL_PROTO_CONF; - conf->max_heartbeat_len = 0; - conf->trustservers = false; return true; }