From: Tom Peters (thopeter) Date: Mon, 22 Apr 2019 20:19:24 +0000 (-0400) Subject: Merge pull request #1583 in SNORT/snort3 from ~MIREDDEN/snort3:int_range_check to... X-Git-Tag: 3.0.0-254~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=37becb0179cf3ba8f87301f74d2de4313f4a8088;p=thirdparty%2Fsnort3.git Merge pull request #1583 in SNORT/snort3 from ~MIREDDEN/snort3:int_range_check to master Squashed commit of the following: commit 389a46587625947d2f6a771e06739513c342b655 Author: Mike Redden Date: Thu Apr 18 07:35:11 2019 -0400 snort2lua: Integer parameter range check --- diff --git a/tools/snort2lua/config_states/config_one_int_option.cc b/tools/snort2lua/config_states/config_one_int_option.cc index 83ef3daaf..78fcb5848 100644 --- a/tools/snort2lua/config_states/config_one_int_option.cc +++ b/tools/snort2lua/config_states/config_one_int_option.cc @@ -54,15 +54,16 @@ public: ConfigIntOption(Converter& c, const std::string* snort_opt, const std::string* table, - const std::string* lua_opt) : + const std::string* lua_opt, + int max_int_value) : ConversionState(c), snort_option(snort_opt), lua_table(table), - lua_option(lua_opt) + lua_option(lua_opt), + max_value(max_int_value) { } - bool convert(std::istringstream& stream) override { if ((snort_option == nullptr) || @@ -81,12 +82,19 @@ public: // if the two names are not equal ... if ((lua_option != nullptr) && *snort_option != *lua_option) { - retval = parse_int_option(*lua_option, stream, false); + if (max_value) + retval = parse_max_int_option(*lua_option, stream, max_value, false); + else + retval = parse_int_option(*lua_option, stream, false); + table_api.add_diff_option_comment("config " + *snort_option + ":", *lua_option); } else { - retval = parse_int_option(*snort_option, stream, false); + if (max_value) + retval = parse_max_int_option(*snort_option, stream, max_value, false); + else + retval = parse_int_option(*snort_option, stream, false); } table_api.close_table(); @@ -98,14 +106,16 @@ private: const std::string* snort_option; const std::string* lua_table; const std::string* lua_option; + const int max_value; }; template + const std::string* lua_table, + const std::string* lua_option = nullptr, + int max_int_value = 0> static ConversionState* config_int_ctor(Converter& c) { - return new ConfigIntOption(c, snort_option, lua_table, lua_option); + return new ConfigIntOption(c, snort_option, lua_table, lua_option, max_int_value); } } // namespace @@ -185,9 +195,10 @@ static const std::string max_mpls_stack_depth = "max_mpls_stack_depth"; static const ConvertMap max_mpls_labelchain_len_api = { max_mpls_labelchain_len, - config_int_ctor<& max_mpls_labelchain_len, - & mpls, - & max_mpls_stack_depth>, + config_int_ctor<&max_mpls_labelchain_len, + &mpls, + &max_mpls_stack_depth, + 255>, }; const ConvertMap* max_mpls_labelchain_len_map = &max_mpls_labelchain_len_api; diff --git a/tools/snort2lua/conversion_state.h b/tools/snort2lua/conversion_state.h index 073a45afd..61fef0598 100644 --- a/tools/snort2lua/conversion_state.h +++ b/tools/snort2lua/conversion_state.h @@ -93,6 +93,31 @@ protected: return false; } + // Reduces int value to max value if value > max value + inline bool parse_max_int_option(const std::string& opt_name, + std::istringstream& stream, int max, bool append) + { + int val; + + if (stream >> val) + { + if (val > max) + { + table_api.add_comment("option value reduced to maximum: '" + opt_name + "'"); + val = max; + } + + if (append) + table_api.append_option(opt_name, val); + else + table_api.add_option(opt_name, val); + return true; + } + + table_api.add_comment("snort.conf missing argument for: " + opt_name + " "); + return false; + } + // Like parse_int_option() but reverses -1 and 0 values inline bool parse_int_option_reverse_m10(const std::string& opt_name, std::istringstream& stream) diff --git a/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc b/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc index 42c70c22c..71db71adb 100644 --- a/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc +++ b/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc @@ -230,7 +230,7 @@ bool HttpInspectServer::convert(std::istringstream& data_stream) parse_deleted_option("chunk_length", data_stream); else if (keyword == "oversize_dir_length") - tmpval = parse_int_option("oversize_dir_length", data_stream, false); + tmpval = parse_max_int_option("oversize_dir_length", data_stream, 65535, false); else if (keyword == "max_header_length") parse_deleted_option("max_header_length", data_stream); diff --git a/tools/snort2lua/preprocessor_states/pps_smtp.cc b/tools/snort2lua/preprocessor_states/pps_smtp.cc index faf0bcc0d..4b7a28b91 100644 --- a/tools/snort2lua/preprocessor_states/pps_smtp.cc +++ b/tools/snort2lua/preprocessor_states/pps_smtp.cc @@ -218,15 +218,15 @@ bool Smtp::convert(std::istringstream& data_stream) } else if (keyword == "max_command_line_len") { - tmpval = parse_int_option("max_command_line_len", data_stream, false); + tmpval = parse_max_int_option("max_command_line_len", data_stream, 65535, false); } else if (keyword == "max_header_line_len") { - tmpval = parse_int_option("max_header_line_len", data_stream, false); + tmpval = parse_max_int_option("max_header_line_len", data_stream, 65535, false); } else if (keyword == "max_response_line_len") { - tmpval = parse_int_option("max_response_line_len", data_stream, false); + tmpval = parse_max_int_option("max_response_line_len", data_stream, 65535, false); } else if (keyword == "normalize") {