From: Philippe Antoine Date: Tue, 21 Nov 2023 20:31:10 +0000 (+0100) Subject: detect/xbits: fix coverity warning X-Git-Tag: suricata-8.0.0-beta1~2037 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3a79984e5ea81f8fd376caaee19ed69f68b805a3;p=thirdparty%2Fsuricata.git detect/xbits: fix coverity warning CID 1554237 and CID 1554233 Basically make the code easier to reason with for coverity without changing the behavior which was fine. --- diff --git a/src/detect-xbits.c b/src/detect-xbits.c index 92b86ba9da..a3f67dbfc9 100644 --- a/src/detect-xbits.c +++ b/src/detect-xbits.c @@ -340,44 +340,39 @@ int DetectXbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr) int result = DetectXbitParse(de_ctx, rawstr, &cd); if (result < 0) { return -1; - /* noalert doesn't use a cd/sm struct. It flags the sig. We're done. */ - } else if (result == 0 && cd == NULL) { + } else if (cd == NULL) { + /* noalert doesn't use a cd/sm struct. It flags the sig. We're done. */ s->flags |= SIG_FLAG_NOALERT; return 0; } /* Okay so far so good, lets get this into a SigMatch * and put it in the Signature. */ - switch (cd->cmd) { /* case DETECT_XBITS_CMD_NOALERT can't happen here */ - case DETECT_XBITS_CMD_ISNOTSET: case DETECT_XBITS_CMD_ISSET: /* checks, so packet list */ if (SigMatchAppendSMToList( de_ctx, s, DETECT_XBITS, (SigMatchCtx *)cd, DETECT_SM_LIST_MATCH) == NULL) { - goto error; + SCFree(cd); + return -1; } break; - case DETECT_XBITS_CMD_SET: - case DETECT_XBITS_CMD_UNSET: - case DETECT_XBITS_CMD_TOGGLE: + // all other cases + // DETECT_XBITS_CMD_SET, DETECT_XBITS_CMD_UNSET, DETECT_XBITS_CMD_TOGGLE: + default: /* modifiers, only run when entire sig has matched */ if (SigMatchAppendSMToList(de_ctx, s, DETECT_XBITS, (SigMatchCtx *)cd, DETECT_SM_LIST_POSTMATCH) == NULL) { - goto error; + SCFree(cd); + return -1; } break; } return 0; - -error: - if (cd != NULL) - SCFree(cd); - return -1; } static void DetectXbitFree (DetectEngineCtx *de_ctx, void *ptr)