From: Philippe Antoine Date: Sun, 11 Apr 2021 08:37:00 +0000 (+0200) Subject: pcre2: migrate keywords parsing X-Git-Tag: suricata-7.0.0-beta1~1346 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3de99a214c19b8c35ec68c0602b3a7151480800e;p=thirdparty%2Fsuricata.git pcre2: migrate keywords parsing --- diff --git a/src/detect-base64-decode.c b/src/detect-base64-decode.c index 2e047979fd..751a6972a3 100644 --- a/src/detect-base64-decode.c +++ b/src/detect-base64-decode.c @@ -105,8 +105,6 @@ int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s static int DetectBase64DecodeParse(const char *str, uint32_t *bytes, uint32_t *offset, uint8_t *relative) { - static const int max = 30; - int ov[max]; int pcre_rc; const char *bytes_str = NULL; const char *offset_str = NULL; @@ -116,14 +114,16 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes, *bytes = 0; *offset = 0; *relative = 0; + size_t pcre2_len; - pcre_rc = DetectParsePcreExec(&decode_pcre, str, 0, 0, ov, max); + pcre_rc = DetectParsePcreExec(&decode_pcre, str, 0, 0); if (pcre_rc < 3) { goto error; } if (pcre_rc >= 3) { - if (pcre_get_substring((char *)str, ov, max, 2, &bytes_str) > 0) { + if (pcre2_substring_get_bynumber( + decode_pcre.match, 2, (PCRE2_UCHAR8 **)&bytes_str, &pcre2_len) == 0) { if (StringParseUint32(bytes, 10, 0, bytes_str) <= 0) { SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "Bad value for bytes: \"%s\"", bytes_str); @@ -133,7 +133,8 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes, } if (pcre_rc >= 5) { - if (pcre_get_substring((char *)str, ov, max, 4, &offset_str)) { + if (pcre2_substring_get_bynumber( + decode_pcre.match, 4, (PCRE2_UCHAR8 **)&offset_str, &pcre2_len) == 0) { if (StringParseUint32(offset, 10, 0, offset_str) <= 0) { SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "Bad value for offset: \"%s\"", offset_str); @@ -143,7 +144,8 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes, } if (pcre_rc >= 6) { - if (pcre_get_substring((char *)str, ov, max, 5, &relative_str)) { + if (pcre2_substring_get_bynumber( + decode_pcre.match, 5, (PCRE2_UCHAR8 **)&relative_str, &pcre2_len) == 0) { if (strcmp(relative_str, "relative") == 0) { *relative = 1; } @@ -158,13 +160,13 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes, retval = 1; error: if (bytes_str != NULL) { - pcre_free_substring(bytes_str); + pcre2_substring_free((PCRE2_UCHAR8 *)bytes_str); } if (offset_str != NULL) { - pcre_free_substring(offset_str); + pcre2_substring_free((PCRE2_UCHAR8 *)offset_str); } if (relative_str != NULL) { - pcre_free_substring(relative_str); + pcre2_substring_free((PCRE2_UCHAR8 *)relative_str); } return retval; } diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c index 5ebd7b19c4..a5a0cb329d 100644 --- a/src/detect-byte-extract.c +++ b/src/detect-byte-extract.c @@ -214,13 +214,11 @@ int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatchData static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ctx, const char *arg) { DetectByteExtractData *bed = NULL; -#undef MAX_SUBSTRINGS -#define MAX_SUBSTRINGS 100 int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; int i = 0; - ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, arg, 0, 0); if (ret < 3 || ret > 19) { SCLogError(SC_ERR_PCRE_PARSE, "parse error, ret %" PRId32 ", string \"%s\"", ret, arg); @@ -236,11 +234,12 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ /* no of bytes to extract */ char nbytes_str[64] = ""; - res = pcre_copy_substring((char *)arg, ov, - MAX_SUBSTRINGS, 1, nbytes_str, sizeof(nbytes_str)); + pcre2len = sizeof(nbytes_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 1, (PCRE2_UCHAR8 *)nbytes_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for arg 1 for byte_extract"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " + "for arg 1 for byte_extract"); goto error; } if (StringParseUint8(&bed->nbytes, 10, 0, @@ -252,11 +251,12 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ /* offset */ char offset_str[64] = ""; - res = pcre_copy_substring((char *)arg, ov, - MAX_SUBSTRINGS, 2, offset_str, sizeof(offset_str)); + pcre2len = sizeof(offset_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 2, (PCRE2_UCHAR8 *)offset_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for arg 2 for byte_extract"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " + "for arg 2 for byte_extract"); goto error; } int32_t offset; @@ -268,11 +268,12 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ /* var name */ char varname_str[256] = ""; - res = pcre_copy_substring((char *)arg, ov, - MAX_SUBSTRINGS, 3, varname_str, sizeof(varname_str)); + pcre2len = sizeof(varname_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 3, (PCRE2_UCHAR8 *)varname_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for arg 3 for byte_extract"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " + "for arg 3 for byte_extract"); goto error; } bed->name = SCStrdup(varname_str); @@ -282,11 +283,14 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ /* check out other optional args */ for (i = 4; i < ret; i++) { char opt_str[64] = ""; - res = pcre_copy_substring((char *)arg, ov, - MAX_SUBSTRINGS, i, opt_str, sizeof(opt_str)); + pcre2len = sizeof(opt_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, i, (PCRE2_UCHAR8 *)opt_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for arg %d for byte_extract", i); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, + "pcre2_substring_copy_bynumber failed " + "for arg %d for byte_extract", + i); goto error; } @@ -307,11 +311,14 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ i++; char multiplier_str[16] = ""; - res = pcre_copy_substring((char *)arg, ov, - MAX_SUBSTRINGS, i, multiplier_str, sizeof(multiplier_str)); + pcre2len = sizeof(multiplier_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, i, (PCRE2_UCHAR8 *)multiplier_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for arg %d for byte_extract", i); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, + "pcre2_substring_copy_bynumber failed " + "for arg %d for byte_extract", + i); goto error; } int32_t multiplier; @@ -410,11 +417,14 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ i++; char align_str[16] = ""; - res = pcre_copy_substring((char *)arg, ov, - MAX_SUBSTRINGS, i, align_str, sizeof(align_str)); + pcre2len = sizeof(align_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, i, (PCRE2_UCHAR8 *)align_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for arg %d in byte_extract", i); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, + "pcre2_substring_copy_bynumber failed " + "for arg %d in byte_extract", + i); goto error; } if (StringParseUint8(&bed->align_value, 10, 0, diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c index c53005fde8..a1eba2ba59 100644 --- a/src/detect-bytejump.c +++ b/src/detect-bytejump.c @@ -321,7 +321,7 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch DetectBytejumpData *data = NULL; char args[10][64]; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; int numargs = 0; int i = 0; uint32_t nbytes; @@ -331,7 +331,7 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch memset(args, 0x00, sizeof(args)); /* Execute the regex and populate args with captures. */ - ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0); if (ret < 2 || ret > 10) { SCLogError(SC_ERR_PCRE_PARSE,"parse error, ret %" PRId32 ", string \"%s\"", ret, optstr); @@ -343,11 +343,11 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch * supports 9 substrings, sigh. */ char str[512] = ""; - res = pcre_copy_substring((char *)optstr, ov, - MAX_SUBSTRINGS, 1, str, sizeof(str)); + pcre2len = sizeof(str); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_copy_substring failed " - "for arg 1"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " + "for arg 1"); goto error; } @@ -373,9 +373,12 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch /* The remaining args are directly from PCRE substrings */ for (i = 1; i < (ret - 1); i++) { - res = pcre_copy_substring((char *)optstr, ov, MAX_SUBSTRINGS, i + 1, args[i+1], sizeof(args[0])); + pcre2len = sizeof(args[0]); + res = pcre2_substring_copy_bynumber( + parse_regex.match, i + 1, (PCRE2_UCHAR8 *)args[i + 1], &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_copy_substring failed for arg %d", i + 1); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed for arg %d", + i + 1); goto error; } numargs++; diff --git a/src/detect-bytemath.c b/src/detect-bytemath.c index 9a7005d81b..b7f1e28c33 100644 --- a/src/detect-bytemath.c +++ b/src/detect-bytemath.c @@ -259,12 +259,10 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch { DetectByteMathData *bmd = NULL; int ret, res; -#undef MAX_SUBSTRINGS -#define MAX_SUBSTRINGS 100 - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char tmp_str[128] = ""; - ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, arg, 0, 0); if (ret < MIN_GROUP || ret > MAX_GROUP) { SCLogError(SC_ERR_PCRE_PARSE, "byte_math parse error; invalid value: ret %" PRId32 ", string \"%s\"", ret, arg); @@ -276,11 +274,14 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch goto error; /* no of bytes to extract */ - res = pcre_copy_substring((char *)arg, ov, - MAX_SUBSTRINGS, BYTES_VAL, tmp_str, sizeof(tmp_str)); + pcre2len = sizeof(tmp_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, BYTES_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for \"nbytes\" value: \"%s\"", tmp_str); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, + "pcre2_substring_copy_bynumber failed " + "for \"nbytes\" value: \"%s\"", + tmp_str); goto error; } @@ -294,11 +295,14 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch } /* offset */ - res = pcre_copy_substring((char *)arg, ov, - MAX_SUBSTRINGS, OFFSET_VAL, tmp_str, sizeof(tmp_str)); + pcre2len = sizeof(tmp_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, OFFSET_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for \"offset\" value: \"%s\"", tmp_str); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, + "pcre2_substring_copy_bynumber failed " + "for \"offset\" value: \"%s\"", + tmp_str); goto error; } @@ -310,11 +314,14 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch } /* operator */ - res = pcre_copy_substring((char *)arg, ov, - MAX_SUBSTRINGS, OPER_VAL, tmp_str, sizeof(tmp_str)); + pcre2len = sizeof(tmp_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, OPER_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for \"operator\" value of byte_math: \"%s\"", tmp_str); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, + "pcre2_substring_copy_bynumber failed " + "for \"operator\" value of byte_math: \"%s\"", + tmp_str); goto error; } @@ -333,11 +340,14 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch } /* rvalue */ - res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, - RVALUE_VAL, tmp_str, sizeof(tmp_str)); + pcre2len = sizeof(tmp_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, RVALUE_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for \"rvalue\" to byte_math: \"%s\"", tmp_str); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, + "pcre2_substring_copy_bynumber failed " + "for \"rvalue\" to byte_math: \"%s\"", + tmp_str); goto error; } @@ -361,11 +371,12 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch } /* result */ - res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, - RESULT_VAL, tmp_str, sizeof(tmp_str)); + pcre2len = sizeof(tmp_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, RESULT_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for \"result\" to byte_math"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " + "for \"result\" to byte_math"); goto error; } if (!isalpha(*tmp_str)) { @@ -387,12 +398,13 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch */ if (ret > RELATIVE_KW) { - res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, - RELATIVE_KW, tmp_str, sizeof(tmp_str)); + pcre2len = sizeof(tmp_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, RELATIVE_KW, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for byte_math \"relative\" arg"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " + "for byte_math \"relative\" arg"); goto error; } @@ -402,11 +414,12 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch } if (ret > ENDIAN_VAL) { - res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, - ENDIAN_KW, tmp_str, sizeof(tmp_str)); + pcre2len = sizeof(tmp_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, ENDIAN_KW, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for byte_math \"endian\" arg"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " + "for byte_math \"endian\" arg"); goto error; } @@ -414,11 +427,12 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch bmd->flags |= DETECT_BYTEMATH_FLAG_ENDIAN; } - res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, - ENDIAN_VAL, tmp_str, sizeof(tmp_str)); + pcre2len = sizeof(tmp_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, ENDIAN_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for byte_math \"endian\" value"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " + "for byte_math \"endian\" value"); goto error; } @@ -430,11 +444,12 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch } if (ret > STRING_VAL) { - res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, - STRING_KW, tmp_str, sizeof(tmp_str)); + pcre2len = sizeof(tmp_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, STRING_KW, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for byte_math \"string\" arg"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " + "for byte_math \"string\" arg"); goto error; } @@ -442,11 +457,12 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch bmd->flags |= DETECT_BYTEMATH_FLAG_STRING; } - res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, - STRING_VAL, tmp_str, sizeof(tmp_str)); + pcre2len = sizeof(tmp_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, STRING_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for byte_math \"string\" value"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " + "for byte_math \"string\" value"); goto error; } @@ -461,11 +477,12 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch } if (ret > DCE_KW) { - res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, - DCE_KW, tmp_str, sizeof(tmp_str)); + pcre2len = sizeof(tmp_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, DCE_KW, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for byte_math \"dce\" arg"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " + "for byte_math \"dce\" arg"); goto error; } @@ -476,11 +493,12 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch } if (ret > BITMASK_VAL) { - res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, - BITMASK_KW, tmp_str, sizeof(tmp_str)); + pcre2len = sizeof(tmp_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, BITMASK_KW, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for byte_math \"bitmask\" arg"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " + "for byte_math \"bitmask\" arg"); goto error; } @@ -489,11 +507,14 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch } /* bitmask value*/ - res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, - BITMASK_VAL, tmp_str, sizeof(tmp_str)); + pcre2len = sizeof(tmp_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, BITMASK_VAL, (PCRE2_UCHAR8 *)tmp_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " - "for bitmask value: \"%s\"", tmp_str); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, + "pcre2_substring_copy_bynumber failed " + "for bitmask value: \"%s\"", + tmp_str); goto error; } diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c index eee8242467..7f1275fde7 100644 --- a/src/detect-bytetest.c +++ b/src/detect-bytetest.c @@ -271,13 +271,13 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value, char *test_value = NULL; char *data_offset = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; int i; uint32_t nbytes; const char *str_ptr = NULL; /* Execute the regex and populate args with captures. */ - ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0); if (ret < 4 || ret > 9) { SCLogError(SC_ERR_PCRE_PARSE, "parse error, ret %" PRId32 ", string %s", ret, optstr); @@ -286,11 +286,13 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value, /* Subtract two since two values are conjoined */ for (i = 0; i < (ret - 1); i++) { - res = pcre_get_substring((char *)optstr, ov, MAX_SUBSTRINGS, - i + 1, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed " - "for arg %d", i + 1); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, + "pcre2_substring_get_bynumber failed " + "for arg %d", + i + 1); goto error; } /* args[2] is comma separated test value, offset */ @@ -366,9 +368,9 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value, if (test_value) { /* - * test_value was created while fetching strings and contains the test value and offset, comma separated. The - * values was allocated by test_value (pcre_get_substring) and data_offset (SCStrdup), respectively; e.g., - * test_value,offset + * test_value was created while fetching strings and contains the test value and offset, + * comma separated. The values was allocated by test_value (pcre2_substring_get_bynumber) + * and data_offset (SCStrdup), respectively; e.g., test_value,offset */ char *end_ptr = test_value; while (!(isspace((unsigned char)*end_ptr) || (*end_ptr == ','))) end_ptr++; @@ -503,18 +505,22 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value, } for (i = 0; i < (ret - 1); i++){ - if (args[i] != NULL) SCFree(args[i]); + if (args[i] != NULL) + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } if (data_offset) SCFree(data_offset); - if (test_value) SCFree(test_value); + if (test_value) + pcre2_substring_free((PCRE2_UCHAR8 *)test_value); return data; error: for (i = 0; i < (ret - 1); i++){ - if (args[i] != NULL) SCFree(args[i]); + if (args[i] != NULL) + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } if (data_offset) SCFree(data_offset); - if (test_value) SCFree(test_value); + if (test_value) + pcre2_substring_free((PCRE2_UCHAR8 *)test_value); if (data) SCFree(data); return NULL; } diff --git a/src/detect-classtype.c b/src/detect-classtype.c index dc60a85c95..ae4490c035 100644 --- a/src/detect-classtype.c +++ b/src/detect-classtype.c @@ -69,20 +69,21 @@ void DetectClasstypeRegister(void) */ static int DetectClasstypeParseRawString(const char *rawstr, char *out, size_t outsize) { - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; const size_t esize = CLASSTYPE_NAME_MAX_LEN + 8; char e[esize]; - int ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + int ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 0) { SCLogError(SC_ERR_PCRE_MATCH, "Invalid Classtype in Signature"); return -1; } - ret = pcre_copy_substring((char *)rawstr, ov, 30, 1, e, esize); + pcre2len = esize; + ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)e, &pcre2len); if (ret < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return -1; } diff --git a/src/detect-config.c b/src/detect-config.c index f5bea5b922..0a81ba8eef 100644 --- a/src/detect-config.c +++ b/src/detect-config.c @@ -167,9 +167,8 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char DetectConfigData *fd = NULL; SigMatch *sm = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; #if 0 /* filestore and bypass keywords can't work together */ if (s->flags & SIG_FLAG_BYPASS) { @@ -195,14 +194,15 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char char scopeval[32]; SCLogDebug("str %s", str); - ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, str, 0, 0); if (ret != 7) { SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "config is rather picky at this time"); goto error; } - res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 1, subsys, sizeof(subsys)); + pcre2len = sizeof(subsys); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)subsys, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } @@ -212,9 +212,10 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char } SCLogDebug("subsys %s", subsys); - res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 2, state, sizeof(state)); + pcre2len = sizeof(state); + res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)state, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } @@ -224,9 +225,10 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char } SCLogDebug("state %s", state); - res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 3, type, sizeof(type)); + pcre2len = sizeof(type); + res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)type, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } @@ -236,9 +238,10 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char } SCLogDebug("type %s", type); - res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 4, typeval, sizeof(typeval)); + pcre2len = sizeof(typeval); + res = pcre2_substring_copy_bynumber(parse_regex.match, 4, (PCRE2_UCHAR8 *)typeval, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } @@ -248,9 +251,10 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char } SCLogDebug("typeval %s", typeval); - res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 5, scope, sizeof(scope)); + pcre2len = sizeof(scope); + res = pcre2_substring_copy_bynumber(parse_regex.match, 5, (PCRE2_UCHAR8 *)scope, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } @@ -260,9 +264,10 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char } SCLogDebug("scope %s", scope); - res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 6, scopeval, sizeof(scopeval)); + pcre2len = sizeof(scopeval); + res = pcre2_substring_copy_bynumber(parse_regex.match, 6, (PCRE2_UCHAR8 *)scopeval, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } diff --git a/src/detect-detection-filter.c b/src/detect-detection-filter.c index 593d645711..55cfcc21e3 100644 --- a/src/detect-detection-filter.c +++ b/src/detect-detection-filter.c @@ -97,7 +97,7 @@ static DetectThresholdData *DetectDetectionFilterParse (const char *rawstr) { DetectThresholdData *df = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; const char *str_ptr = NULL; char *args[6] = { NULL, NULL, NULL, NULL, NULL, NULL}; char *copy_str = NULL, *df_opt = NULL; @@ -129,7 +129,7 @@ static DetectThresholdData *DetectDetectionFilterParse (const char *rawstr) if (count_found != 1 || seconds_found != 1 || track_found != 1) goto error; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 5) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; @@ -144,9 +144,10 @@ static DetectThresholdData *DetectDetectionFilterParse (const char *rawstr) df->type = TYPE_DETECTION; for (i = 0; i < (ret - 1); i++) { - res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, i + 1, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } @@ -183,14 +184,14 @@ static DetectThresholdData *DetectDetectionFilterParse (const char *rawstr) for (i = 0; i < 6; i++){ if (args[i] != NULL) - SCFree(args[i]); + pcre2_substring_free((PCRE2_UCHAR *)args[i]); } return df; error: for (i = 0; i < 6; i++){ if (args[i] != NULL) - SCFree(args[i]); + pcre2_substring_free((PCRE2_UCHAR *)args[i]); } if (df != NULL) SCFree(df); diff --git a/src/detect-dsize.c b/src/detect-dsize.c index 542672c264..5278d68f41 100644 --- a/src/detect-dsize.c +++ b/src/detect-dsize.c @@ -143,44 +143,49 @@ static DetectDsizeData *DetectDsizeParse (const char *rawstr) { DetectDsizeData *dd = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char mode[2] = ""; char value1[6] = ""; char value2[6] = ""; char range[3] = ""; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 3 || ret > 5) { SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", rawstr); goto error; } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, mode, sizeof(mode)); + pcre2len = sizeof(mode); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("mode \"%s\"", mode); - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value1, sizeof(value1)); + pcre2len = sizeof(value1); + res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("value1 \"%s\"", value1); if (ret > 3) { - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, range, sizeof(range)); + pcre2len = sizeof(range); + res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)range, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("range \"%s\"", range); if (ret > 4) { - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, value2, sizeof(value2)); + pcre2len = sizeof(value2); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 4, (PCRE2_UCHAR8 *)value2, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("value2 \"%s\"", value2); diff --git a/src/detect-engine-event.c b/src/detect-engine-event.c index f81186e825..333c168a61 100644 --- a/src/detect-engine-event.c +++ b/src/detect-engine-event.c @@ -123,9 +123,9 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr) int i; DetectEngineEventData *de = NULL; int ret = 0, res = 0, found = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 1) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); @@ -133,11 +133,11 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr) } char copy_str[128] = ""; - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 0, - copy_str, sizeof(copy_str)); + pcre2len = sizeof(copy_str); + res = pcre2_substring_copy_bynumber(parse_regex.match, 0, (PCRE2_UCHAR8 *)copy_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } diff --git a/src/detect-engine-uint.c b/src/detect-engine-uint.c index 769b8bfdfb..e67df934da 100644 --- a/src/detect-engine-uint.c +++ b/src/detect-engine-uint.c @@ -96,33 +96,37 @@ DetectU32Data *DetectU32Parse (const char *u32str) char arg3[16] = ""; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; - ret = DetectParsePcreExec(&uint_pcre, u32str, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&uint_pcre, u32str, 0, 0); if (ret < 2 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); return NULL; } - res = pcre_copy_substring((char *) u32str, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1)); + pcre2len = sizeof(arg1); + res = pcre2_substring_copy_bynumber(uint_pcre.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return NULL; } SCLogDebug("Arg1 \"%s\"", arg1); if (ret >= 3) { - res = pcre_copy_substring((char *) u32str, ov, MAX_SUBSTRINGS, 2, arg2, sizeof(arg2)); + pcre2len = sizeof(arg2); + res = pcre2_substring_copy_bynumber(uint_pcre.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return NULL; } SCLogDebug("Arg2 \"%s\"", arg2); if (ret >= 4) { - res = pcre_copy_substring((char *) u32str, ov, MAX_SUBSTRINGS, 3, arg3, sizeof(arg3)); + pcre2len = sizeof(arg3); + res = pcre2_substring_copy_bynumber( + uint_pcre.match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return NULL; } SCLogDebug("Arg3 \"%s\"", arg3); @@ -308,33 +312,37 @@ DetectU8Data *DetectU8Parse (const char *u8str) char arg3[16] = ""; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; - ret = DetectParsePcreExec(&uint_pcre, u8str, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&uint_pcre, u8str, 0, 0); if (ret < 2 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); return NULL; } - res = pcre_copy_substring((char *) u8str, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1)); + pcre2len = sizeof(arg1); + res = pcre2_substring_copy_bynumber(uint_pcre.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return NULL; } SCLogDebug("Arg1 \"%s\"", arg1); if (ret >= 3) { - res = pcre_copy_substring((char *) u8str, ov, MAX_SUBSTRINGS, 2, arg2, sizeof(arg2)); + pcre2len = sizeof(arg2); + res = pcre2_substring_copy_bynumber(uint_pcre.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return NULL; } SCLogDebug("Arg2 \"%s\"", arg2); if (ret >= 4) { - res = pcre_copy_substring((char *) u8str, ov, MAX_SUBSTRINGS, 3, arg3, sizeof(arg3)); + pcre2len = sizeof(arg3); + res = pcre2_substring_copy_bynumber( + uint_pcre.match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return NULL; } SCLogDebug("Arg3 \"%s\"", arg3); diff --git a/src/detect-fast-pattern.c b/src/detect-fast-pattern.c index 880ab19e56..d28b52e08d 100644 --- a/src/detect-fast-pattern.c +++ b/src/detect-fast-pattern.c @@ -172,7 +172,7 @@ void DetectFastPatternRegister(void) static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg) { int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char arg_substr[128] = ""; DetectContentData *cd = NULL; @@ -237,7 +237,7 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c } /* Execute the regex and populate args with captures. */ - ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, arg, 0, 0); /* fast pattern only */ if (ret == 2) { if ((cd->flags & DETECT_CONTENT_NEGATED) || @@ -256,11 +256,12 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c /* fast pattern chop */ } else if (ret == 4) { - res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, - 2, arg_substr, sizeof(arg_substr)); + pcre2len = sizeof(arg_substr); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 2, (PCRE2_UCHAR8 *)arg_substr, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed " - "for fast_pattern offset"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " + "for fast_pattern offset"); goto error; } uint16_t offset; @@ -271,11 +272,12 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c goto error; } - res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, - 3, arg_substr, sizeof(arg_substr)); + pcre2len = sizeof(arg_substr); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 3, (PCRE2_UCHAR8 *)arg_substr, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed " - "for fast_pattern offset"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed " + "for fast_pattern offset"); goto error; } uint16_t length; diff --git a/src/detect-filesize.c b/src/detect-filesize.c index 999c6b5cfb..b33ae67a0f 100644 --- a/src/detect-filesize.c +++ b/src/detect-filesize.c @@ -147,9 +147,9 @@ static DetectFilesizeData *DetectFilesizeParse (const char *str) char *arg3 = NULL; char *arg4 = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; - ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, str, 0, 0); if (ret < 3 || ret > 5) { SCLogError(SC_ERR_PCRE_PARSE, "filesize option pcre parse error: \"%s\"", str); goto error; @@ -158,35 +158,37 @@ static DetectFilesizeData *DetectFilesizeParse (const char *str) SCLogDebug("ret %d", ret); - res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg1 = (char *) str_ptr; SCLogDebug("Arg1 \"%s\"", arg1); - res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 2, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg2 = (char *) str_ptr; SCLogDebug("Arg2 \"%s\"", arg2); if (ret > 3) { - res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 3, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg3 = (char *) str_ptr; SCLogDebug("Arg3 \"%s\"", arg3); if (ret > 4) { - res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 4, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 4, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg4 = (char *) str_ptr; @@ -240,25 +242,25 @@ static DetectFilesizeData *DetectFilesizeParse (const char *str) } } - pcre_free_substring(arg1); - pcre_free_substring(arg2); + pcre2_substring_free((PCRE2_UCHAR *)arg1); + pcre2_substring_free((PCRE2_UCHAR *)arg2); if (arg3 != NULL) - pcre_free_substring(arg3); + pcre2_substring_free((PCRE2_UCHAR *)arg3); if (arg4 != NULL) - pcre_free_substring(arg4); + pcre2_substring_free((PCRE2_UCHAR *)arg4); return fsd; error: if (fsd) SCFree(fsd); if (arg1 != NULL) - SCFree(arg1); + pcre2_substring_free((PCRE2_UCHAR *)arg1); if (arg2 != NULL) - SCFree(arg2); + pcre2_substring_free((PCRE2_UCHAR *)arg2); if (arg3 != NULL) - SCFree(arg3); + pcre2_substring_free((PCRE2_UCHAR *)arg3); if (arg4 != NULL) - SCFree(arg4); + pcre2_substring_free((PCRE2_UCHAR *)arg4); return NULL; } @@ -496,4 +498,4 @@ void DetectFilesizeRegisterTests(void) UtRegisterTest("DetectFilesizeParseTest05", DetectFilesizeParseTest05); UtRegisterTest("DetectFilesizeSetpTest01", DetectFilesizeSetpTest01); } -#endif /* UNITTESTS */ \ No newline at end of file +#endif /* UNITTESTS */ diff --git a/src/detect-filestore.c b/src/detect-filestore.c index 937a90fdaa..2e53572f56 100644 --- a/src/detect-filestore.c +++ b/src/detect-filestore.c @@ -349,7 +349,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch SigMatch *sm = NULL; char *args[3] = {NULL,NULL,NULL}; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; /* filestore and bypass keywords can't work together */ if (s->flags & SIG_FLAG_BYPASS) { @@ -370,32 +370,38 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch char str_2[32]; SCLogDebug("str %s", str); - ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, str, 0, 0); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, str); goto error; } if (ret > 1) { - res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 1, str_0, sizeof(str_0)); + pcre2len = sizeof(str_0); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 1, (PCRE2_UCHAR8 *)str_0, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } args[0] = (char *)str_0; if (ret > 2) { - res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 2, str_1, sizeof(str_1)); + pcre2len = sizeof(str_1); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 2, (PCRE2_UCHAR8 *)str_1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } args[1] = (char *)str_1; } if (ret > 3) { - res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 3, str_2, sizeof(str_2)); + pcre2len = sizeof(str_2); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 3, (PCRE2_UCHAR8 *)str_2, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } args[2] = (char *)str_2; diff --git a/src/detect-flow.c b/src/detect-flow.c index e4148c20c4..0392f53b6c 100644 --- a/src/detect-flow.c +++ b/src/detect-flow.c @@ -174,35 +174,40 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo DetectFlowData *fd = NULL; char *args[3] = {NULL,NULL,NULL}; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char str1[16] = "", str2[16] = "", str3[16] = ""; - ret = DetectParsePcreExec(&parse_regex, flowstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, flowstr, 0, 0); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, flowstr); goto error; } if (ret > 1) { - res = pcre_copy_substring((char *)flowstr, ov, MAX_SUBSTRINGS, 1, str1, sizeof(str1)); + pcre2len = sizeof(str1); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } args[0] = (char *)str1; if (ret > 2) { - res = pcre_copy_substring((char *)flowstr, ov, MAX_SUBSTRINGS, 2, str2, sizeof(str2)); + pcre2len = sizeof(str2); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } args[1] = (char *)str2; } if (ret > 3) { - res = pcre_copy_substring((char *)flowstr, ov, MAX_SUBSTRINGS, 3, str3, sizeof(str3)); + pcre2len = sizeof(str3); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 3, (PCRE2_UCHAR8 *)str3, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } args[2] = (char *)str3; diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c index 1b110b608c..9b1adc0a01 100644 --- a/src/detect-flowbits.c +++ b/src/detect-flowbits.c @@ -215,28 +215,28 @@ int DetectFlowbitMatch (DetectEngineThreadCtx *det_ctx, Packet *p, static int DetectFlowbitParse(const char *str, char *cmd, int cmd_len, char *name, int name_len) { - const int max_substrings = 30; int count, rc; - int ov[max_substrings]; + size_t pcre2len; - count = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, max_substrings); + count = DetectParsePcreExec(&parse_regex, str, 0, 0); if (count != 2 && count != 3) { SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowbits.", str); return 0; } - rc = pcre_copy_substring((char *)str, ov, max_substrings, 1, cmd, cmd_len); + pcre2len = cmd_len; + rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len); if (rc < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return 0; } if (count == 3) { - rc = pcre_copy_substring((char *)str, ov, max_substrings, 2, name, - name_len); + pcre2len = name_len; + rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len); if (rc < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return 0; } diff --git a/src/detect-flowint.c b/src/detect-flowint.c index db97ee9f49..ad80c122c1 100644 --- a/src/detect-flowint.c +++ b/src/detect-flowint.c @@ -230,28 +230,28 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char char *varval = NULL; char *modstr = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; uint8_t modifier = FLOWINT_MODIFIER_UNKNOWN; unsigned long long value_long = 0; const char *str_ptr; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 3 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowint(ret = %d).", rawstr, ret); return NULL; } /* Get our flowint varname */ - res = pcre_get_substring((char *) rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0 || str_ptr == NULL) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } varname = (char *)str_ptr; - res = pcre_get_substring((char *) rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0 || str_ptr == NULL) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } modstr = (char *)str_ptr; @@ -295,10 +295,11 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char if (ret < 4) goto error; - res = pcre_get_substring((char *) rawstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); varval = (char *)str_ptr; if (res < 0 || varval == NULL || strcmp(varval, "") == 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } @@ -333,18 +334,18 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char SCLogDebug("sfd->name %s id %u", sfd->name, sfd->idx); sfd->modifier = modifier; - pcre_free_substring(varname); - pcre_free_substring(modstr); + pcre2_substring_free((PCRE2_UCHAR *)varname); + pcre2_substring_free((PCRE2_UCHAR *)modstr); if (varval) - pcre_free_substring(varval); + pcre2_substring_free((PCRE2_UCHAR *)varval); return sfd; error: if (varname) - pcre_free_substring(varname); + pcre2_substring_free((PCRE2_UCHAR *)varname); if (varval) - pcre_free_substring(varval); + pcre2_substring_free((PCRE2_UCHAR *)varval); if (modstr) - pcre_free_substring(modstr); + pcre2_substring_free((PCRE2_UCHAR *)modstr); if (sfd != NULL) SCFree(sfd); return NULL; @@ -1337,4 +1338,4 @@ void DetectFlowintRegisterTests(void) UtRegisterTest("DetectFlowintTestPacket03Real", DetectFlowintTestPacket03Real); } -#endif /* UNITTESTS */ \ No newline at end of file +#endif /* UNITTESTS */ diff --git a/src/detect-flowvar.c b/src/detect-flowvar.c index 4e90785e90..751e48ac72 100644 --- a/src/detect-flowvar.c +++ b/src/detect-flowvar.c @@ -116,28 +116,30 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char DetectFlowvarData *fd = NULL; SigMatch *sm = NULL; char varname[64], varcontent[64]; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; uint8_t *content = NULL; uint16_t contentlen = 0; uint32_t contentflags = s->init_data->negated ? DETECT_CONTENT_NEGATED : 0; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret != 3) { SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowvar.", rawstr); return -1; } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, varname, sizeof(varname)); + pcre2len = sizeof(varname); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)varname, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return -1; } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, varcontent, sizeof(varcontent)); + pcre2len = sizeof(varcontent); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 2, (PCRE2_UCHAR8 *)varcontent, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return -1; } diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c index 33a6c6828c..a2241f796b 100644 --- a/src/detect-fragbits.c +++ b/src/detect-fragbits.c @@ -170,22 +170,23 @@ static DetectFragBitsData *DetectFragBitsParse (const char *rawstr) { DetectFragBitsData *de = NULL; int ret = 0, found = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; const char *str_ptr = NULL; char *args[2] = { NULL, NULL}; char *ptr; int i; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 1) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; } for (i = 0; i < (ret - 1); i++) { - res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, i + 1, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } @@ -253,14 +254,14 @@ static DetectFragBitsData *DetectFragBitsParse (const char *rawstr) for (i = 0; i < 2; i++) { if (args[i] != NULL) - SCFree(args[i]); + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } return de; error: for (i = 0; i < 2; i++) { if (args[i] != NULL) - SCFree(args[i]); + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } if (de != NULL) SCFree(de); diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c index 720642e141..2e54103a54 100644 --- a/src/detect-fragoffset.c +++ b/src/detect-fragoffset.c @@ -144,21 +144,22 @@ static DetectFragOffsetData *DetectFragOffsetParse (DetectEngineCtx *de_ctx, con DetectFragOffsetData *fragoff = NULL; char *substr[3] = {NULL, NULL, NULL}; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; int i; const char *str_ptr; char *mode = NULL; - ret = DetectParsePcreExec(&parse_regex, fragoffsetstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, fragoffsetstr, 0, 0); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", fragoffsetstr); goto error; } for (i = 1; i < ret; i++) { - res = pcre_get_substring((char *)fragoffsetstr, ov, MAX_SUBSTRINGS, i, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } substr[i-1] = (char *)str_ptr; @@ -195,14 +196,16 @@ static DetectFragOffsetData *DetectFragOffsetParse (DetectEngineCtx *de_ctx, con } for (i = 0; i < 3; i++) { - if (substr[i] != NULL) SCFree(substr[i]); + if (substr[i] != NULL) + pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]); } return fragoff; error: for (i = 0; i < 3; i++) { - if (substr[i] != NULL) SCFree(substr[i]); + if (substr[i] != NULL) + pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]); } if (fragoff != NULL) DetectFragOffsetFree(de_ctx, fragoff); return NULL; diff --git a/src/detect-ftpdata.c b/src/detect-ftpdata.c index 1d38e17a55..15ba03c4b4 100644 --- a/src/detect-ftpdata.c +++ b/src/detect-ftpdata.c @@ -141,17 +141,18 @@ static DetectFtpdataData *DetectFtpdataParse(const char *ftpcommandstr) { DetectFtpdataData *ftpcommandd = NULL; char arg1[5] = ""; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; - int ret = DetectParsePcreExec(&parse_regex, ftpcommandstr, 0, 0, ov, MAX_SUBSTRINGS); + int ret = DetectParsePcreExec(&parse_regex, ftpcommandstr, 0, 0); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); goto error; } - int res = pcre_copy_substring((char *) ftpcommandstr, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1)); + pcre2len = sizeof(arg1); + int res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("Arg1 \"%s\"", arg1); diff --git a/src/detect-hostbits.c b/src/detect-hostbits.c index 69200a3810..fd24123251 100644 --- a/src/detect-hostbits.c +++ b/src/detect-hostbits.c @@ -282,36 +282,36 @@ static int DetectHostbitMatch (DetectEngineThreadCtx *det_ctx, Packet *p, static int DetectHostbitParse(const char *str, char *cmd, int cmd_len, char *name, int name_len, char *dir, int dir_len) { - const int max_substrings = 30; int count, rc; - int ov[max_substrings]; + size_t pcre2len; - count = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, max_substrings); + count = DetectParsePcreExec(&parse_regex, str, 0, 0); if (count != 2 && count != 3 && count != 4) { SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for hostbits.", str); return 0; } - rc = pcre_copy_substring((char *)str, ov, max_substrings, 1, cmd, cmd_len); + pcre2len = cmd_len; + rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len); if (rc < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return 0; } if (count >= 3) { - rc = pcre_copy_substring((char *)str, ov, max_substrings, 2, name, - name_len); + pcre2len = name_len; + rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len); if (rc < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return 0; } if (count >= 4) { - rc = pcre_copy_substring((char *)str, ov, max_substrings, 3, dir, - dir_len); + pcre2len = dir_len; + rc = pcre2_substring_copy_bynumber( + parse_regex.match, 3, (PCRE2_UCHAR8 *)dir, &pcre2len); if (rc < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, - "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return 0; } } diff --git a/src/detect-icmp-id.c b/src/detect-icmp-id.c index 88409a423a..0a091e9787 100644 --- a/src/detect-icmp-id.c +++ b/src/detect-icmp-id.c @@ -161,9 +161,9 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char DetectIcmpIdData *iid = NULL; char *substr[3] = {NULL, NULL, NULL}; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; - ret = DetectParsePcreExec(&parse_regex, icmpidstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, icmpidstr, 0, 0); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", icmpidstr); goto error; @@ -172,9 +172,10 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char int i; const char *str_ptr; for (i = 1; i < ret; i++) { - res = pcre_get_substring((char *)icmpidstr, ov, MAX_SUBSTRINGS, i, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } substr[i-1] = (char *)str_ptr; @@ -206,13 +207,15 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char iid->id = htons(id); for (i = 0; i < 3; i++) { - if (substr[i] != NULL) SCFree(substr[i]); + if (substr[i] != NULL) + pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]); } return iid; error: for (i = 0; i < 3; i++) { - if (substr[i] != NULL) SCFree(substr[i]); + if (substr[i] != NULL) + pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]); } if (iid != NULL) DetectIcmpIdFree(de_ctx, iid); return NULL; diff --git a/src/detect-icmp-seq.c b/src/detect-icmp-seq.c index 799763f7e8..bc7dec06d9 100644 --- a/src/detect-icmp-seq.c +++ b/src/detect-icmp-seq.c @@ -163,20 +163,21 @@ static DetectIcmpSeqData *DetectIcmpSeqParse (DetectEngineCtx *de_ctx, const cha DetectIcmpSeqData *iseq = NULL; char *substr[3] = {NULL, NULL, NULL}; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; int i; const char *str_ptr; - ret = DetectParsePcreExec(&parse_regex, icmpseqstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, icmpseqstr, 0, 0); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", icmpseqstr); goto error; } for (i = 1; i < ret; i++) { - res = pcre_get_substring((char *)icmpseqstr, ov, MAX_SUBSTRINGS, i, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } substr[i-1] = (char *)str_ptr; @@ -209,14 +210,16 @@ static DetectIcmpSeqData *DetectIcmpSeqParse (DetectEngineCtx *de_ctx, const cha iseq->seq = htons(seq); for (i = 0; i < 3; i++) { - if (substr[i] != NULL) SCFree(substr[i]); + if (substr[i] != NULL) + pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]); } return iseq; error: for (i = 0; i < 3; i++) { - if (substr[i] != NULL) SCFree(substr[i]); + if (substr[i] != NULL) + pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]); } if (iseq != NULL) DetectIcmpSeqFree(de_ctx, iseq); return NULL; diff --git a/src/detect-icode.c b/src/detect-icode.c index 310c3154e4..102a65a8f9 100644 --- a/src/detect-icode.c +++ b/src/detect-icode.c @@ -152,9 +152,9 @@ static DetectICodeData *DetectICodeParse(DetectEngineCtx *de_ctx, const char *ic DetectICodeData *icd = NULL; char *args[3] = {NULL, NULL, NULL}; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; - ret = DetectParsePcreExec(&parse_regex, icodestr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, icodestr, 0, 0); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, icodestr); goto error; @@ -163,9 +163,10 @@ static DetectICodeData *DetectICodeParse(DetectEngineCtx *de_ctx, const char *ic int i; const char *str_ptr; for (i = 1; i < ret; i++) { - res = pcre_get_substring((char *)icodestr, ov, MAX_SUBSTRINGS, i, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } args[i-1] = (char *)str_ptr; @@ -243,14 +244,14 @@ static DetectICodeData *DetectICodeParse(DetectEngineCtx *de_ctx, const char *ic for (i = 0; i < (ret-1); i++) { if (args[i] != NULL) - SCFree(args[i]); + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } return icd; error: for (i = 0; i < (ret-1) && i < 3; i++) { if (args[i] != NULL) - SCFree(args[i]); + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } if (icd != NULL) DetectICodeFree(de_ctx, icd); diff --git a/src/detect-id.c b/src/detect-id.c index 6a12fccbb5..a132b71fbd 100644 --- a/src/detect-id.c +++ b/src/detect-id.c @@ -125,9 +125,9 @@ static DetectIdData *DetectIdParse (const char *idstr) uint32_t temp; DetectIdData *id_d = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; - ret = DetectParsePcreExec(&parse_regex, idstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, idstr, 0, 0); if (ret < 1 || ret > 3) { SCLogError(SC_ERR_INVALID_VALUE, "invalid id option '%s'. The id option " @@ -138,10 +138,10 @@ static DetectIdData *DetectIdParse (const char *idstr) char copy_str[128] = ""; char *tmp_str; - res = pcre_copy_substring((char *)idstr, ov, MAX_SUBSTRINGS, 1, - copy_str, sizeof(copy_str)); + pcre2len = sizeof(copy_str); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return NULL; } tmp_str = copy_str; diff --git a/src/detect-ike-chosen-sa.c b/src/detect-ike-chosen-sa.c index d08785d148..92b965c98c 100644 --- a/src/detect-ike-chosen-sa.c +++ b/src/detect-ike-chosen-sa.c @@ -143,11 +143,11 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr) */ DetectIkeChosenSaData *dd = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char attribute[100]; char value[100]; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 3 || ret > 5) { SCLogError(SC_ERR_PCRE_MATCH, "pcre match for ike.chosen_sa_attribute failed, should be: =, " @@ -156,15 +156,17 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr) goto error; } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, attribute, sizeof(attribute)); + pcre2len = sizeof(attribute); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)attribute, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value, sizeof(value)); + pcre2len = sizeof(value); + res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } diff --git a/src/detect-ipopts.c b/src/detect-ipopts.c index 3867e56894..787b2002ef 100644 --- a/src/detect-ipopts.c +++ b/src/detect-ipopts.c @@ -130,9 +130,8 @@ static DetectIpOptsData *DetectIpOptsParse (const char *rawstr) int i; DetectIpOptsData *de = NULL; int ret = 0, found = 0; - int ov[MAX_SUBSTRINGS]; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 1) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; @@ -363,4 +362,4 @@ void IpOptsRegisterTests(void) UtRegisterTest("IpOptsTestParse03", IpOptsTestParse03); UtRegisterTest("IpOptsTestParse04", IpOptsTestParse04); } -#endif /* UNITTESTS */ \ No newline at end of file +#endif /* UNITTESTS */ diff --git a/src/detect-ipproto.c b/src/detect-ipproto.c index eefed9845f..2eb4833692 100644 --- a/src/detect-ipproto.c +++ b/src/detect-ipproto.c @@ -85,12 +85,12 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr) DetectIPProtoData *data = NULL; char *args[2] = { NULL, NULL }; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; int i; const char *str_ptr; /* Execute the regex and populate args with captures. */ - ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0); if (ret != 3) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret" "%" PRId32 ", string %s", ret, optstr); @@ -98,10 +98,10 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr) } for (i = 0; i < (ret - 1); i++) { - res = pcre_get_substring((char *)optstr, ov, MAX_SUBSTRINGS, - i + 1, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } args[i] = (char *)str_ptr; @@ -139,7 +139,7 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr) for (i = 0; i < (ret - 1); i++){ if (args[i] != NULL) - SCFree(args[i]); + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } return data; @@ -147,7 +147,7 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr) error: for (i = 0; i < (ret - 1) && i < 2; i++){ if (args[i] != NULL) - SCFree(args[i]); + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } if (data != NULL) SCFree(data); @@ -2121,4 +2121,4 @@ static void DetectIPProtoRegisterTests(void) UtRegisterTest("DetectIPProtoTestSig2", DetectIPProtoTestSig2); UtRegisterTest("DetectIPProtoTestSig3", DetectIPProtoTestSig3); } -#endif /* UNITTESTS */ \ No newline at end of file +#endif /* UNITTESTS */ diff --git a/src/detect-iprep.c b/src/detect-iprep.c index f69bf41b89..ced8260e0e 100644 --- a/src/detect-iprep.c +++ b/src/detect-iprep.c @@ -246,39 +246,39 @@ int DetectIPRepSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr) char *cmd_str = NULL, *name = NULL, *op_str = NULL, *value = NULL; uint8_t cmd = 0; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret != 5) { SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for iprep", rawstr); return -1; } const char *str_ptr; - res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); return -1; } cmd_str = (char *)str_ptr; - res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } name = (char *)str_ptr; - res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } op_str = (char *)str_ptr; - res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 4, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } value = (char *)str_ptr; @@ -340,13 +340,13 @@ int DetectIPRepSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr) cd->val = val; SCLogDebug("cmd %u, cat %u, op %u, val %u", cd->cmd, cd->cat, cd->op, cd->val); - pcre_free_substring(name); + pcre2_substring_free((PCRE2_UCHAR *)name); name = NULL; - pcre_free_substring(cmd_str); + pcre2_substring_free((PCRE2_UCHAR *)cmd_str); cmd_str = NULL; - pcre_free_substring(op_str); + pcre2_substring_free((PCRE2_UCHAR *)op_str); op_str = NULL; - pcre_free_substring(value); + pcre2_substring_free((PCRE2_UCHAR *)value); value = NULL; /* Okay so far so good, lets get this into a SigMatch @@ -364,13 +364,13 @@ int DetectIPRepSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr) error: if (name != NULL) - pcre_free_substring(name); + pcre2_substring_free((PCRE2_UCHAR *)name); if (cmd_str != NULL) - pcre_free_substring(cmd_str); + pcre2_substring_free((PCRE2_UCHAR *)cmd_str); if (op_str != NULL) - pcre_free_substring(op_str); + pcre2_substring_free((PCRE2_UCHAR *)op_str); if (value != NULL) - pcre_free_substring(value); + pcre2_substring_free((PCRE2_UCHAR *)value); if (cd != NULL) SCFree(cd); if (sm != NULL) diff --git a/src/detect-isdataat.c b/src/detect-isdataat.c index e581772115..67dfd74640 100644 --- a/src/detect-isdataat.c +++ b/src/detect-isdataat.c @@ -99,10 +99,10 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c DetectIsdataatData *idad = NULL; char *args[3] = {NULL,NULL,NULL}; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; int i=0; - ret = DetectParsePcreExec(&parse_regex, isdataatstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, isdataatstr, 0, 0); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, isdataatstr); goto error; @@ -110,26 +110,29 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c if (ret > 1) { const char *str_ptr; - res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } args[0] = (char *)str_ptr; if (ret > 2) { - res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } args[1] = (char *)str_ptr; } if (ret > 3) { - res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } args[2] = (char *)str_ptr; @@ -175,7 +178,7 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c for (i = 0; i < (ret -1); i++) { if (args[i] != NULL) - SCFree(args[i]); + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } return idad; @@ -185,7 +188,7 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c error: for (i = 0; i < (ret -1) && i < 3; i++){ if (args[i] != NULL) - SCFree(args[i]); + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } if (idad != NULL) @@ -689,4 +692,4 @@ void DetectIsdataatRegisterTests(void) UtRegisterTest("DetectIsdataatTestPacket02", DetectIsdataatTestPacket02); UtRegisterTest("DetectIsdataatTestPacket03", DetectIsdataatTestPacket03); } -#endif \ No newline at end of file +#endif diff --git a/src/detect-itype.c b/src/detect-itype.c index 92eee8a268..30a54c45d3 100644 --- a/src/detect-itype.c +++ b/src/detect-itype.c @@ -152,9 +152,9 @@ static DetectITypeData *DetectITypeParse(DetectEngineCtx *de_ctx, const char *it DetectITypeData *itd = NULL; char *args[3] = {NULL, NULL, NULL}; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; - ret = DetectParsePcreExec(&parse_regex, itypestr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, itypestr, 0, 0); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, itypestr); goto error; @@ -163,9 +163,10 @@ static DetectITypeData *DetectITypeParse(DetectEngineCtx *de_ctx, const char *it int i; const char *str_ptr; for (i = 1; i < ret; i++) { - res = pcre_get_substring((char *)itypestr, ov, MAX_SUBSTRINGS, i, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } args[i-1] = (char *)str_ptr; @@ -243,14 +244,14 @@ static DetectITypeData *DetectITypeParse(DetectEngineCtx *de_ctx, const char *it for (i = 0; i < (ret-1); i++) { if (args[i] != NULL) - SCFree(args[i]); + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } return itd; error: for (i = 0; i < (ret-1) && i < 3; i++) { if (args[i] != NULL) - SCFree(args[i]); + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } if (itd != NULL) DetectITypeFree(de_ctx, itd); diff --git a/src/detect-krb5-errcode.c b/src/detect-krb5-errcode.c index c6c6e32d98..8484daebd6 100644 --- a/src/detect-krb5-errcode.c +++ b/src/detect-krb5-errcode.c @@ -139,17 +139,18 @@ static DetectKrb5ErrCodeData *DetectKrb5ErrCodeParse (const char *krb5str) DetectKrb5ErrCodeData *krb5d = NULL; char arg1[4] = ""; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; - ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); goto error; } - res = pcre_copy_substring((char *) krb5str, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1)); + pcre2len = sizeof(arg1); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } diff --git a/src/detect-krb5-msgtype.c b/src/detect-krb5-msgtype.c index 5c291d7464..4c661f38d6 100644 --- a/src/detect-krb5-msgtype.c +++ b/src/detect-krb5-msgtype.c @@ -136,17 +136,18 @@ static DetectKrb5MsgTypeData *DetectKrb5MsgTypeParse (const char *krb5str) DetectKrb5MsgTypeData *krb5d = NULL; char arg1[4] = ""; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; - ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); goto error; } - res = pcre_copy_substring((char *) krb5str, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1)); + pcre2len = sizeof(arg1); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } diff --git a/src/detect-mark.c b/src/detect-mark.c index 7fed85cc4b..6ba65c4f30 100644 --- a/src/detect-mark.c +++ b/src/detect-mark.c @@ -78,7 +78,7 @@ void DetectMarkRegister (void) static void * DetectMarkParse (const char *rawstr) { int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; const char *str_ptr = NULL; char *ptr = NULL; char *endptr = NULL; @@ -86,15 +86,15 @@ static void * DetectMarkParse (const char *rawstr) uint32_t mask; DetectMarkData *data; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 1) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); return NULL; } - res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); return NULL; } @@ -107,27 +107,27 @@ static void * DetectMarkParse (const char *rawstr) mark = strtoul(ptr, &endptr, 0); if (errno == ERANGE) { SCLogError(SC_ERR_NUMERIC_VALUE_ERANGE, "Numeric value out of range"); - SCFree(ptr); + pcre2_substring_free((PCRE2_UCHAR8 *)ptr); return NULL; } /* If there is no numeric value in the given string then strtoull(), makes endptr equals to ptr and return 0 as result */ else if (endptr == ptr && mark == 0) { SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "No numeric value"); - SCFree(ptr); + pcre2_substring_free((PCRE2_UCHAR8 *)ptr); return NULL; } else if (endptr == ptr) { SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "Invalid numeric value"); - SCFree(ptr); + pcre2_substring_free((PCRE2_UCHAR8 *)ptr); return NULL; } - res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); return NULL; } - SCFree(ptr); + pcre2_substring_free((PCRE2_UCHAR8 *)ptr); ptr = (char *)str_ptr; if (ptr == NULL) { @@ -144,23 +144,23 @@ static void * DetectMarkParse (const char *rawstr) mask = strtoul(ptr, &endptr, 0); if (errno == ERANGE) { SCLogError(SC_ERR_NUMERIC_VALUE_ERANGE, "Numeric value out of range"); - SCFree(ptr); + pcre2_substring_free((PCRE2_UCHAR8 *)ptr); return NULL; } /* If there is no numeric value in the given string then strtoull(), makes endptr equals to ptr and return 0 as result */ else if (endptr == ptr && mask == 0) { SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "No numeric value"); - SCFree(ptr); + pcre2_substring_free((PCRE2_UCHAR8 *)ptr); return NULL; } else if (endptr == ptr) { SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "Invalid numeric value"); - SCFree(ptr); + pcre2_substring_free((PCRE2_UCHAR8 *)ptr); return NULL; } SCLogDebug("Rule will set mark 0x%x with mask 0x%x", mark, mask); - SCFree(ptr); + pcre2_substring_free((PCRE2_UCHAR8 *)ptr); data = SCMalloc(sizeof(DetectMarkData)); if (unlikely(data == NULL)) { diff --git a/src/detect-mqtt-connect-flags.c b/src/detect-mqtt-connect-flags.c index 958becce67..5084a2e172 100644 --- a/src/detect-mqtt-connect-flags.c +++ b/src/detect-mqtt-connect-flags.c @@ -130,9 +130,8 @@ static DetectMQTTConnectFlagsData *DetectMQTTConnectFlagsParse(const char *rawst { DetectMQTTConnectFlagsData *de = NULL; int ret = 0; - int ov[MAX_SUBSTRINGS]; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 1) { SCLogError(SC_ERR_PCRE_MATCH, "invalid flag definition: %s", rawstr); return NULL; diff --git a/src/detect-mqtt-flags.c b/src/detect-mqtt-flags.c index 1ef1154fd2..3169a84601 100644 --- a/src/detect-mqtt-flags.c +++ b/src/detect-mqtt-flags.c @@ -125,9 +125,8 @@ static DetectMQTTFlagsData *DetectMQTTFlagsParse(const char *rawstr) { DetectMQTTFlagsData *de = NULL; int ret = 0; - int ov[MAX_SUBSTRINGS]; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 1) { SCLogError(SC_ERR_PCRE_MATCH, "invalid flag definition: %s", rawstr); return NULL; diff --git a/src/detect-nfs-procedure.c b/src/detect-nfs-procedure.c index b944d0507e..2f0a3005d7 100644 --- a/src/detect-nfs-procedure.c +++ b/src/detect-nfs-procedure.c @@ -205,49 +205,49 @@ static DetectNfsProcedureData *DetectNfsProcedureParse (const char *rawstr) { DetectNfsProcedureData *dd = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char mode[2] = ""; char value1[20] = ""; char value2[20] = ""; char range[3] = ""; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 3 || ret > 5) { SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr); goto error; } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, mode, - sizeof(mode)); + pcre2len = sizeof(mode); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("mode \"%s\"", mode); - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value1, - sizeof(value1)); + pcre2len = sizeof(value1); + res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("value1 \"%s\"", value1); if (ret > 3) { - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, - range, sizeof(range)); + pcre2len = sizeof(range); + res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)range, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("range \"%s\"", range); if (ret > 4) { - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, - value2, sizeof(value2)); + pcre2len = sizeof(value2); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 4, (PCRE2_UCHAR8 *)value2, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, - "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("value2 \"%s\"", value2); diff --git a/src/detect-nfs-version.c b/src/detect-nfs-version.c index 74ac4cd662..1f0bee7dcb 100644 --- a/src/detect-nfs-version.c +++ b/src/detect-nfs-version.c @@ -196,49 +196,49 @@ static DetectNfsVersionData *DetectNfsVersionParse (const char *rawstr) { DetectNfsVersionData *dd = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char mode[2] = ""; char value1[20] = ""; char value2[20] = ""; char range[3] = ""; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 3 || ret > 5) { SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr); goto error; } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, mode, - sizeof(mode)); + pcre2len = sizeof(mode); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("mode \"%s\"", mode); - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value1, - sizeof(value1)); + pcre2len = sizeof(value1); + res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("value1 \"%s\"", value1); if (ret > 3) { - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, - range, sizeof(range)); + pcre2len = sizeof(range); + res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)range, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("range \"%s\"", range); if (ret > 4) { - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, - value2, sizeof(value2)); + pcre2len = sizeof(value2); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 4, (PCRE2_UCHAR8 *)value2, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, - "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("value2 \"%s\"", value2); diff --git a/src/detect-parse.c b/src/detect-parse.c index cdbcc78815..3ae1011258 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -2431,30 +2431,21 @@ error: } static DetectParseRegex *g_detect_parse_regex_list = NULL; -int DetectParsePcreExecLen(DetectParseRegex *parse_regex, const char *str, - int str_len, - int start_offset, int options, - int *ovector, int ovector_size) -{ - return pcre_exec(parse_regex->regex, parse_regex->study, str, str_len, - start_offset, options, ovector, ovector_size); -} -int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, - int start_offset, int options, - int *ovector, int ovector_size) +int DetectParsePcreExec( + DetectParseRegex *parse_regex, const char *str, int start_offset, int options) { - return pcre_exec(parse_regex->regex, parse_regex->study, str, strlen(str), - start_offset, options, ovector, ovector_size); + return pcre2_match(parse_regex->regex, (PCRE2_SPTR8)str, strlen(str), options, start_offset, + parse_regex->match, NULL); } void DetectParseFreeRegex(DetectParseRegex *r) { if (r->regex) { - pcre_free(r->regex); + pcre2_code_free(r->regex); } - if (r->study) { - pcre_free_study(r->study); + if (r->match) { + pcre2_match_data_free(r->match); } } @@ -2505,29 +2496,28 @@ void DetectParseRegexAddToFreeList(DetectParseRegex *detect_parse) FatalError(SC_ERR_MEM_ALLOC, "failed to alloc memory for pcre free list"); } r->regex = detect_parse->regex; - r->study = detect_parse->study; + r->match = detect_parse->match; r->next = g_detect_parse_regex_list; g_detect_parse_regex_list = r; } bool DetectSetupParseRegexesOpts(const char *parse_str, DetectParseRegex *detect_parse, int opts) { - const char *eb = NULL; - int eo; + int en; + PCRE2_SIZE eo; - detect_parse->regex = pcre_compile(parse_str, opts, &eb, &eo, NULL); + detect_parse->regex = + pcre2_compile((PCRE2_SPTR8)parse_str, PCRE2_ZERO_TERMINATED, opts, &en, &eo, NULL); if (detect_parse->regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at " - "offset %" PRId32 ": %s", parse_str, eo, eb); - return false; - } - - detect_parse->study = pcre_study(detect_parse->regex, 0 , &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); + PCRE2_UCHAR errbuffer[256]; + pcre2_get_error_message(en, errbuffer, sizeof(errbuffer)); + SCLogError(SC_ERR_PCRE_COMPILE, + "pcre compile of \"%s\" failed at " + "offset %d: %s", + parse_str, en, errbuffer); return false; } - + detect_parse->match = pcre2_match_data_create_from_pattern(detect_parse->regex, NULL); DetectParseRegexAddToFreeList(detect_parse); diff --git a/src/detect-parse.h b/src/detect-parse.h index b0dd476c9e..fe4fc3e648 100644 --- a/src/detect-parse.h +++ b/src/detect-parse.h @@ -40,8 +40,8 @@ enum { }; typedef struct DetectParseRegex_ { - pcre *regex; - pcre_extra *study; + pcre2_code *regex; + pcre2_match_data *match; struct DetectParseRegex_ *next; } DetectParseRegex; @@ -103,15 +103,8 @@ void DetectParseFreeRegexes(void); void DetectParseFreeRegex(DetectParseRegex *r); /* parse regex exec */ -int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, - int start_offset, int options, - int *ovector, int ovector_size); -int DetectParsePcreExecLen(DetectParseRegex *parse_regex, const char *str, - int str_len, int start_offset, int options, - int *ovector, int ovector_size); - -/* typical size of ovector */ -#define MAX_SUBSTRINGS 30 +int DetectParsePcreExec( + DetectParseRegex *parse_regex, const char *str, int start_offset, int options); #endif /* __DETECT_PARSE_H__ */ diff --git a/src/detect-pcre.c b/src/detect-pcre.c index 1b5aca139d..c6cf05458e 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -410,7 +410,7 @@ static DetectPcreData *DetectPcreParse (DetectEngineCtx *de_ctx, res = pcre2_substring_copy_bynumber(parse_regex->match, 1, (PCRE2_UCHAR8 *)re, &slen); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return NULL; } @@ -419,7 +419,7 @@ static DetectPcreData *DetectPcreParse (DetectEngineCtx *de_ctx, res = pcre2_substring_copy_bynumber( parse_regex->match, 2, (PCRE2_UCHAR8 *)op_str, ©len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return NULL; } op = op_str; @@ -781,14 +781,14 @@ static int DetectPcreParseCapture(const char *regexstr, DetectEngineCtx *de_ctx, res = pcre2_substring_copy_bynumber( parse_capture_regex->match, 1, (PCRE2_UCHAR8 *)type_str, ©len); if (res != 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } cap_buffer_len = strlen(regexstr) + 1; res = pcre2_substring_copy_bynumber( parse_capture_regex->match, 2, (PCRE2_UCHAR8 *)capture_str, &cap_buffer_len); if (res != 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } if (strlen(capture_str) == 0 || strlen(type_str) == 0) { diff --git a/src/detect-pktvar.c b/src/detect-pktvar.c index 7ddf6938e3..ca2e61a8ff 100644 --- a/src/detect-pktvar.c +++ b/src/detect-pktvar.c @@ -89,28 +89,28 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char { char *varname = NULL, *varcontent = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; uint8_t *content = NULL; uint16_t len = 0; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret != 3) { SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for pktvar.", rawstr); return -1; } const char *str_ptr; - res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); return -1; } varname = (char *)str_ptr; - res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - pcre_free(varname); - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + pcre2_substring_free((PCRE2_UCHAR8 *)varname); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); return -1; } varcontent = (char *)str_ptr; @@ -129,15 +129,15 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char ret = DetectContentDataParse("pktvar", parse_content, &content, &len); if (ret == -1 || content == NULL) { - pcre_free(varname); - pcre_free(varcontent); + pcre2_substring_free((PCRE2_UCHAR8 *)varname); + pcre2_substring_free((PCRE2_UCHAR8 *)varcontent); return -1; } - pcre_free(varcontent); + pcre2_substring_free((PCRE2_UCHAR8 *)varcontent); DetectPktvarData *cd = SCCalloc(1, sizeof(DetectPktvarData)); if (unlikely(cd == NULL)) { - pcre_free(varname); + pcre2_substring_free((PCRE2_UCHAR8 *)varname); SCFree(content); return -1; } @@ -145,7 +145,7 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char cd->content = content; cd->content_len = len; cd->id = VarNameStoreSetupAdd(varname, VAR_TYPE_PKT_VAR); - pcre_free(varname); + pcre2_substring_free((PCRE2_UCHAR8 *)varname); /* Okay so far so good, lets get this into a SigMatch * and put it in the Signature. */ diff --git a/src/detect-priority.c b/src/detect-priority.c index 6860b4ea97..ce72a19e46 100644 --- a/src/detect-priority.c +++ b/src/detect-priority.c @@ -63,18 +63,19 @@ static int DetectPrioritySetup (DetectEngineCtx *de_ctx, Signature *s, const cha char copy_str[128] = ""; int ret = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, 30); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 0) { SCLogError(SC_ERR_PCRE_MATCH, "Invalid Priority in Signature " "- %s", rawstr); return -1; } - ret = pcre_copy_substring((char *)rawstr, ov, 30, 1, copy_str, sizeof(copy_str)); + pcre2len = sizeof(copy_str); + ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len); if (ret < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return -1; } diff --git a/src/detect-reference.c b/src/detect-reference.c index 2a4c132c7a..cbcda0c09c 100644 --- a/src/detect-reference.c +++ b/src/detect-reference.c @@ -96,11 +96,11 @@ static DetectReference *DetectReferenceParse(const char *rawstr, DetectEngineCtx SCEnter(); int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char key[REFERENCE_SYSTEM_NAME_MAX] = ""; char content[REFERENCE_CONTENT_NAME_MAX] = ""; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 2) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Unable to parse \"reference\" " "keyword argument - \"%s\". Invalid argument.", rawstr); @@ -112,15 +112,17 @@ static DetectReference *DetectReferenceParse(const char *rawstr, DetectEngineCtx return NULL; } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, key, sizeof(key)); + pcre2len = sizeof(key); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)key, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, content, sizeof(content)); + pcre2len = sizeof(content); + res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)content, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } diff --git a/src/detect-rfb-secresult.c b/src/detect-rfb-secresult.c index eee1ab787c..4af974555a 100644 --- a/src/detect-rfb-secresult.c +++ b/src/detect-rfb-secresult.c @@ -170,11 +170,9 @@ static DetectRfbSecresultData *DetectRfbSecresultParse (const char *rawstr) { int i; DetectRfbSecresultData *de = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, found = 0; - int ov[MAX_SUBSTRINGS]; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 1) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; diff --git a/src/detect-rfb-sectype.c b/src/detect-rfb-sectype.c index 3f254c6da6..28fc1c31ad 100644 --- a/src/detect-rfb-sectype.c +++ b/src/detect-rfb-sectype.c @@ -162,29 +162,28 @@ static int DetectRfbSectypeMatch (DetectEngineThreadCtx *det_ctx, static DetectRfbSectypeData *DetectRfbSectypeParse (const char *rawstr) { DetectRfbSectypeData *dd = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char mode[2] = ""; char value1[20] = ""; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 3 || ret > 5) { SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr); goto error; } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, mode, - sizeof(mode)); + pcre2len = sizeof(mode); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value1, - sizeof(value1)); + pcre2len = sizeof(value1); + res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } diff --git a/src/detect-rpc.c b/src/detect-rpc.c index ec4052dca5..8f56f723a0 100644 --- a/src/detect-rpc.c +++ b/src/detect-rpc.c @@ -150,9 +150,9 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst DetectRpcData *rd = NULL; char *args[3] = {NULL,NULL,NULL}; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; - ret = DetectParsePcreExec(&parse_regex, rpcstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rpcstr, 0, 0); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, rpcstr); goto error; @@ -160,25 +160,28 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst if (ret > 1) { const char *str_ptr; - res = pcre_get_substring((char *)rpcstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } args[0] = (char *)str_ptr; if (ret > 2) { - res = pcre_get_substring((char *)rpcstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } args[1] = (char *)str_ptr; } if (ret > 3) { - res = pcre_get_substring((char *)rpcstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } args[2] = (char *)str_ptr; @@ -230,14 +233,14 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst } for (i = 0; i < (ret -1); i++){ if (args[i] != NULL) - SCFree(args[i]); + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } return rd; error: for (i = 0; i < (ret -1) && i < 3; i++){ if (args[i] != NULL) - SCFree(args[i]); + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } if (rd != NULL) DetectRpcFree(de_ctx, rd); @@ -534,4 +537,4 @@ static void DetectRpcRegisterTests(void) UtRegisterTest("DetectRpcTestParse05", DetectRpcTestParse05); UtRegisterTest("DetectRpcTestSig01", DetectRpcTestSig01); } -#endif /* UNITTESTS */ \ No newline at end of file +#endif /* UNITTESTS */ diff --git a/src/detect-snmp-pdu_type.c b/src/detect-snmp-pdu_type.c index 2762079831..82d79342ed 100644 --- a/src/detect-snmp-pdu_type.c +++ b/src/detect-snmp-pdu_type.c @@ -135,20 +135,20 @@ static DetectSNMPPduTypeData *DetectSNMPPduTypeParse (const char *rawstr) { DetectSNMPPduTypeData *dd = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char value1[20] = ""; char *endptr = NULL; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr); goto error; } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, value1, - sizeof(value1)); + pcre2len = sizeof(value1); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)value1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } diff --git a/src/detect-snmp-version.c b/src/detect-snmp-version.c index 8013202d15..342430ff8f 100644 --- a/src/detect-snmp-version.c +++ b/src/detect-snmp-version.c @@ -176,28 +176,28 @@ static DetectSNMPVersionData *DetectSNMPVersionParse (const char *rawstr) { DetectSNMPVersionData *dd = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char mode[2] = ""; char value1[20] = ""; char *endptr = NULL; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 3 || ret > 5) { SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr); goto error; } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, mode, - sizeof(mode)); + pcre2len = sizeof(mode); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value1, - sizeof(value1)); + pcre2len = sizeof(value1); + res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } diff --git a/src/detect-ssh-proto-version.c b/src/detect-ssh-proto-version.c index 23c6b87e4d..98fe82d30b 100644 --- a/src/detect-ssh-proto-version.c +++ b/src/detect-ssh-proto-version.c @@ -161,9 +161,9 @@ static DetectSshVersionData *DetectSshVersionParse (DetectEngineCtx *de_ctx, con { DetectSshVersionData *ssh = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; - ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, str, 0, 0); if (ret < 1 || ret > 3) { SCLogError(SC_ERR_PCRE_MATCH, "invalid ssh.protoversion option"); goto error; @@ -171,16 +171,17 @@ static DetectSshVersionData *DetectSshVersionParse (DetectEngineCtx *de_ctx, con if (ret > 1) { const char *str_ptr; - res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } /* We have a correct id option */ ssh = SCMalloc(sizeof(DetectSshVersionData)); if (unlikely(ssh == NULL)) { - pcre_free_substring(str_ptr); + pcre2_substring_free((PCRE2_UCHAR *)str_ptr); goto error; } memset(ssh, 0x00, sizeof(DetectSshVersionData)); @@ -190,17 +191,17 @@ static DetectSshVersionData *DetectSshVersionParse (DetectEngineCtx *de_ctx, con if (strcmp("2_compat", str_ptr) == 0) { ssh->flags |= SSH_FLAG_PROTOVERSION_2_COMPAT; SCLogDebug("will look for ssh protocol version 2 (2, 2.0, 1.99 that's considered as 2"); - pcre_free_substring(str_ptr); + pcre2_substring_free((PCRE2_UCHAR *)str_ptr); return ssh; } ssh->ver = (uint8_t *)SCStrdup((char*)str_ptr); if (ssh->ver == NULL) { - pcre_free_substring(str_ptr); + pcre2_substring_free((PCRE2_UCHAR *)str_ptr); goto error; } ssh->len = strlen((char *) ssh->ver); - pcre_free_substring(str_ptr); + pcre2_substring_free((PCRE2_UCHAR *)str_ptr); SCLogDebug("will look for ssh %s", ssh->ver); } @@ -585,4 +586,4 @@ static void DetectSshVersionRegisterTests(void) UtRegisterTest("DetectSshVersionTestDetect03", DetectSshVersionTestDetect03); } -#endif /* UNITTESTS */ \ No newline at end of file +#endif /* UNITTESTS */ diff --git a/src/detect-ssh-software-version.c b/src/detect-ssh-software-version.c index 0db75aa653..653b8c3f30 100644 --- a/src/detect-ssh-software-version.c +++ b/src/detect-ssh-software-version.c @@ -164,9 +164,9 @@ static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (DetectEngine { DetectSshSoftwareVersionData *ssh = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; - ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, str, 0, 0); if (ret < 1 || ret > 3) { SCLogError(SC_ERR_PCRE_MATCH, "invalid ssh.softwareversion option"); @@ -175,9 +175,10 @@ static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (DetectEngine if (ret > 1) { const char *str_ptr = NULL; - res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } @@ -190,7 +191,7 @@ static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (DetectEngine if (ssh->software_ver == NULL) { goto error; } - pcre_free_substring(str_ptr); + pcre2_substring_free((PCRE2_UCHAR *)str_ptr); ssh->len = strlen((char *)ssh->software_ver); diff --git a/src/detect-ssl-state.c b/src/detect-ssl-state.c index 958a7116fa..ec267206bb 100644 --- a/src/detect-ssl-state.c +++ b/src/detect-ssl-state.c @@ -154,31 +154,32 @@ static int DetectSslStateMatch(DetectEngineThreadCtx *det_ctx, static DetectSslStateData *DetectSslStateParse(const char *arg) { int ret = 0, res = 0; - int ov1[MAX_SUBSTRINGS]; - int ov2[MAX_SUBSTRINGS]; + size_t pcre2len; char str1[64]; char str2[64]; int negate = 0; uint32_t flags = 0, mask = 0; DetectSslStateData *ssd = NULL; - ret = DetectParsePcreExec(&parse_regex1, arg, 0, 0, ov1, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex1, arg, 0, 0); if (ret < 1) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid arg \"%s\" supplied to " "ssl_state keyword.", arg); goto error; } - res = pcre_copy_substring((char *)arg, ov1, MAX_SUBSTRINGS, 1, str1, sizeof(str1)); + pcre2len = sizeof(str1); + res = pcre2_substring_copy_bynumber(parse_regex1.match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } negate = !strcmp("!", str1); - res = pcre_copy_substring((char *)arg, ov1, MAX_SUBSTRINGS, 2, str1, sizeof(str1)); + pcre2len = sizeof(str1); + res = pcre2_substring_copy_bynumber(parse_regex1.match, 2, (PCRE2_UCHAR8 *)str1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } @@ -208,29 +209,32 @@ static DetectSslStateData *DetectSslStateParse(const char *arg) goto error; } - res = pcre_copy_substring((char *)arg, ov1, MAX_SUBSTRINGS, 3, str1, sizeof(str1)); + pcre2len = sizeof(str1); + res = pcre2_substring_copy_bynumber(parse_regex1.match, 3, (PCRE2_UCHAR8 *)str1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } while (res > 0) { - ret = DetectParsePcreExec(&parse_regex2, str1, 0, 0, ov2, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex2, str1, 0, 0); if (ret < 1) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid arg \"%s\" supplied to " "ssl_state keyword.", arg); goto error; } - res = pcre_copy_substring((char *)str1, ov2, MAX_SUBSTRINGS, 1, str2, sizeof(str2)); + pcre2len = sizeof(str2); + res = pcre2_substring_copy_bynumber(parse_regex2.match, 1, (PCRE2_UCHAR8 *)str2, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } negate = !strcmp("!", str2); - res = pcre_copy_substring((char *)str1, ov2, MAX_SUBSTRINGS, 2, str2, sizeof(str2)); + pcre2len = sizeof(str2); + res = pcre2_substring_copy_bynumber(parse_regex2.match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len); if (res <= 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } if (strcmp("client_hello", str2) == 0) { @@ -259,9 +263,10 @@ static DetectSslStateData *DetectSslStateParse(const char *arg) goto error; } - res = pcre_copy_substring((char *)str1, ov2, MAX_SUBSTRINGS, 3, str2, sizeof(str2)); + pcre2len = sizeof(str2); + res = pcre2_substring_copy_bynumber(parse_regex2.match, 3, (PCRE2_UCHAR8 *)str2, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } diff --git a/src/detect-stream_size.c b/src/detect-stream_size.c index 68e7561008..6897325622 100644 --- a/src/detect-stream_size.c +++ b/src/detect-stream_size.c @@ -189,32 +189,32 @@ static DetectStreamSizeData *DetectStreamSizeParse (DetectEngineCtx *de_ctx, con char *value = NULL; char *mode = NULL; int res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; - int ret = DetectParsePcreExec(&parse_regex, streamstr, 0, 0, ov, MAX_SUBSTRINGS); + int ret = DetectParsePcreExec(&parse_regex, streamstr, 0, 0); if (ret != 4) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, streamstr); goto error; } const char *str_ptr; - res = pcre_get_substring((char *)streamstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg = (char *)str_ptr; - res = pcre_get_substring((char *)streamstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } mode = (char *)str_ptr; - res = pcre_get_substring((char *)streamstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } value = (char *)str_ptr; @@ -263,18 +263,18 @@ static DetectStreamSizeData *DetectStreamSizeParse (DetectEngineCtx *de_ctx, con goto error; } - SCFree(mode); - SCFree(arg); - SCFree(value); + pcre2_substring_free((PCRE2_UCHAR8 *)mode); + pcre2_substring_free((PCRE2_UCHAR8 *)arg); + pcre2_substring_free((PCRE2_UCHAR8 *)value); return sd; error: if (mode != NULL) - SCFree(mode); + pcre2_substring_free((PCRE2_UCHAR8 *)mode); if (arg != NULL) - SCFree(arg); + pcre2_substring_free((PCRE2_UCHAR8 *)arg); if (value != NULL) - SCFree(value); + pcre2_substring_free((PCRE2_UCHAR8 *)value); if (sd != NULL) DetectStreamSizeFree(de_ctx, sd); return NULL; @@ -503,4 +503,4 @@ void DetectStreamSizeRegisterTests(void) UtRegisterTest("DetectStreamSizeParseTest03", DetectStreamSizeParseTest03); UtRegisterTest("DetectStreamSizeParseTest04", DetectStreamSizeParseTest04); } -#endif /* UNITTESTS */ \ No newline at end of file +#endif /* UNITTESTS */ diff --git a/src/detect-tag.c b/src/detect-tag.c index 225fa567ce..db894f7921 100644 --- a/src/detect-tag.c +++ b/src/detect-tag.c @@ -158,18 +158,18 @@ static DetectTagData *DetectTagParse(const char *tagstr) { DetectTagData td; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; const char *str_ptr = NULL; - ret = DetectParsePcreExec(&parse_regex, tagstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, tagstr, 0, 0); if (ret < 1) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, tagstr); goto error; } - res = pcre_get_substring((char *)tagstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0 || str_ptr == NULL) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } @@ -182,7 +182,7 @@ static DetectTagData *DetectTagParse(const char *tagstr) SCLogError(SC_ERR_INVALID_VALUE, "Invalid argument type. Must be session or host (%s)", tagstr); goto error; } - pcre_free_substring(str_ptr); + pcre2_substring_free((PCRE2_UCHAR *)str_ptr); str_ptr = NULL; /* default tag is 256 packets from session or dst host */ @@ -191,9 +191,10 @@ static DetectTagData *DetectTagParse(const char *tagstr) td.direction = DETECT_TAG_DIR_DST; if (ret > 4) { - res = pcre_get_substring((char *)tagstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0 || str_ptr == NULL) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } @@ -204,12 +205,13 @@ static DetectTagData *DetectTagParse(const char *tagstr) goto error; } - pcre_free_substring(str_ptr); + pcre2_substring_free((PCRE2_UCHAR *)str_ptr); str_ptr = NULL; - res = pcre_get_substring((char *)tagstr, ov, MAX_SUBSTRINGS, 4, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 4, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0 || str_ptr == NULL) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } @@ -228,14 +230,15 @@ static DetectTagData *DetectTagParse(const char *tagstr) goto error; } - pcre_free_substring(str_ptr); + pcre2_substring_free((PCRE2_UCHAR *)str_ptr); str_ptr = NULL; /* if specified, overwrite it */ if (ret == 7) { - res = pcre_get_substring((char *)tagstr, ov, MAX_SUBSTRINGS, 6, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 6, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0 || str_ptr == NULL) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } @@ -253,7 +256,7 @@ static DetectTagData *DetectTagParse(const char *tagstr) SCLogWarning(SC_ERR_INVALID_VALUE, "Argument direction doesn't make sense for type \"session\" (%s [%"PRIu8"])", tagstr, td.type); } - pcre_free_substring(str_ptr); + pcre2_substring_free((PCRE2_UCHAR *)str_ptr); str_ptr = NULL; } } @@ -269,7 +272,7 @@ static DetectTagData *DetectTagParse(const char *tagstr) error: if (str_ptr != NULL) - pcre_free_substring(str_ptr); + pcre2_substring_free((PCRE2_UCHAR *)str_ptr); return NULL; } @@ -458,4 +461,4 @@ void DetectTagRegisterTests(void) DetectEngineTagRegisterTests(); } -#endif /* UNITTESTS */ \ No newline at end of file +#endif /* UNITTESTS */ diff --git a/src/detect-target.c b/src/detect-target.c index 62be7fb1b6..878ed18c63 100644 --- a/src/detect-target.c +++ b/src/detect-target.c @@ -82,19 +82,19 @@ void DetectTargetRegister(void) { static int DetectTargetParse(Signature *s, const char *targetstr) { int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char value[10]; - ret = DetectParsePcreExec(&parse_regex, targetstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, targetstr, 0, 0); if (ret < 1) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, targetstr); return -1; } - res = pcre_copy_substring(targetstr, ov, MAX_SUBSTRINGS, 1, - value, sizeof(value)); + pcre2len = sizeof(value); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)value, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return -1; } @@ -162,4 +162,4 @@ static void DetectTargetRegisterTests(void) UtRegisterTest("DetectTargetSignatureTest01", DetectTargetSignatureTest01); } -#endif /* UNITTESTS */ \ No newline at end of file +#endif /* UNITTESTS */ diff --git a/src/detect-tcp-flags.c b/src/detect-tcp-flags.c index 054cffd275..ea4bdca2ea 100644 --- a/src/detect-tcp-flags.c +++ b/src/detect-tcp-flags.c @@ -174,36 +174,39 @@ static DetectFlagsData *DetectFlagsParse (const char *rawstr) SCEnter(); int ret = 0, found = 0, ignore = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char *ptr; char arg1[16] = ""; char arg2[16] = ""; char arg3[16] = ""; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); SCLogDebug("input '%s', pcre said %d", rawstr, ret); if (ret < 3) { SCLogError(SC_ERR_PCRE_MATCH, "pcre match failed"); SCReturnPtr(NULL, "DetectFlagsData"); } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1)); + pcre2len = sizeof(arg1); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCReturnPtr(NULL, "DetectFlagsData"); } if (ret >= 2) { - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, arg2, sizeof(arg2)); + pcre2len = sizeof(arg2); + res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCReturnPtr(NULL, "DetectFlagsData"); } } if (ret >= 3) { - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, arg3, sizeof(arg3)); + pcre2len = sizeof(arg3); + res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); SCReturnPtr(NULL, "DetectFlagsData"); } } diff --git a/src/detect-tcp-window.c b/src/detect-tcp-window.c index da2693fc8e..43de305ff6 100644 --- a/src/detect-tcp-window.c +++ b/src/detect-tcp-window.c @@ -112,9 +112,9 @@ static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char * { DetectWindowData *wd = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; - ret = DetectParsePcreExec(&parse_regex, windowstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, windowstr, 0, 0); if (ret < 1 || ret > 3) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, windowstr); goto error; @@ -126,10 +126,11 @@ static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char * if (ret > 1) { char copy_str[128] = ""; - res = pcre_copy_substring((char *)windowstr, ov, MAX_SUBSTRINGS, 1, - copy_str, sizeof(copy_str)); + pcre2len = sizeof(copy_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } @@ -140,10 +141,11 @@ static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char * wd->negated = 0; if (ret > 2) { - res = pcre_copy_substring((char *)windowstr, ov, MAX_SUBSTRINGS, 2, - copy_str, sizeof(copy_str)); + pcre2len = sizeof(copy_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 2, (PCRE2_UCHAR8 *)copy_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } @@ -341,4 +343,4 @@ void DetectWindowRegisterTests(void) UtRegisterTest("DetectWindowTestParse04", DetectWindowTestParse04); UtRegisterTest("DetectWindowTestPacket01", DetectWindowTestPacket01); } -#endif /* UNITTESTS */ \ No newline at end of file +#endif /* UNITTESTS */ diff --git a/src/detect-tcpmss.c b/src/detect-tcpmss.c index 0c5d4a2817..f544d1c8ee 100644 --- a/src/detect-tcpmss.c +++ b/src/detect-tcpmss.c @@ -128,36 +128,38 @@ static DetectTcpmssData *DetectTcpmssParse (const char *tcpmssstr) char *arg2 = NULL; char *arg3 = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; - ret = DetectParsePcreExec(&parse_regex, tcpmssstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, tcpmssstr, 0, 0); if (ret < 2 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); goto error; } const char *str_ptr; - res = pcre_get_substring((char *) tcpmssstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg1 = (char *) str_ptr; SCLogDebug("Arg1 \"%s\"", arg1); if (ret >= 3) { - res = pcre_get_substring((char *) tcpmssstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg2 = (char *) str_ptr; SCLogDebug("Arg2 \"%s\"", arg2); if (ret >= 4) { - res = pcre_get_substring((char *) tcpmssstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg3 = (char *) str_ptr; @@ -250,20 +252,20 @@ static DetectTcpmssData *DetectTcpmssParse (const char *tcpmssstr) } } - SCFree(arg1); - SCFree(arg2); - SCFree(arg3); + pcre2_substring_free((PCRE2_UCHAR8 *)arg1); + pcre2_substring_free((PCRE2_UCHAR8 *)arg2); + pcre2_substring_free((PCRE2_UCHAR8 *)arg3); return tcpmssd; error: if (tcpmssd) SCFree(tcpmssd); if (arg1) - SCFree(arg1); + pcre2_substring_free((PCRE2_UCHAR8 *)arg1); if (arg2) - SCFree(arg2); + pcre2_substring_free((PCRE2_UCHAR8 *)arg2); if (arg3) - SCFree(arg3); + pcre2_substring_free((PCRE2_UCHAR8 *)arg3); return NULL; } diff --git a/src/detect-template.c b/src/detect-template.c index 3fd1f5f32c..ae04da95a1 100644 --- a/src/detect-template.c +++ b/src/detect-template.c @@ -129,24 +129,26 @@ static DetectTemplateData *DetectTemplateParse (const char *templatestr) { char arg1[4] = ""; char arg2[4] = ""; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; - int ret = DetectParsePcreExec(&parse_regex, templatestr, 0, 0, ov, MAX_SUBSTRINGS); + int ret = DetectParsePcreExec(&parse_regex, templatestr, 0, 0); if (ret != 3) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); return NULL; } - ret = pcre_copy_substring((char *) templatestr, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1)); + pcre2len = sizeof(arg1); + ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); if (ret < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return NULL; } SCLogDebug("Arg1 \"%s\"", arg1); - ret = pcre_copy_substring((char *) templatestr, ov, MAX_SUBSTRINGS, 2, arg2, sizeof(arg2)); + pcre2len = sizeof(arg2); + ret = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len); if (ret < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return NULL; } SCLogDebug("Arg2 \"%s\"", arg2); diff --git a/src/detect-template2.c b/src/detect-template2.c index b678eadf4c..2b20d31ee9 100644 --- a/src/detect-template2.c +++ b/src/detect-template2.c @@ -135,36 +135,38 @@ static DetectTemplate2Data *DetectTemplate2Parse (const char *template2str) char *arg2 = NULL; char *arg3 = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; - ret = DetectParsePcreExec(&parse_regex, template2str, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, template2str, 0, 0); if (ret < 2 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); goto error; } const char *str_ptr; - res = pcre_get_substring((char *) template2str, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg1 = (char *) str_ptr; SCLogDebug("Arg1 \"%s\"", arg1); if (ret >= 3) { - res = pcre_get_substring((char *) template2str, ov, MAX_SUBSTRINGS, 2, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg2 = (char *) str_ptr; SCLogDebug("Arg2 \"%s\"", arg2); if (ret >= 4) { - res = pcre_get_substring((char *) template2str, ov, MAX_SUBSTRINGS, 3, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg3 = (char *) str_ptr; @@ -263,20 +265,20 @@ static DetectTemplate2Data *DetectTemplate2Parse (const char *template2str) } } - SCFree(arg1); - SCFree(arg2); - SCFree(arg3); + pcre2_substring_free((PCRE2_UCHAR8 *)arg1); + pcre2_substring_free((PCRE2_UCHAR8 *)arg2); + pcre2_substring_free((PCRE2_UCHAR8 *)arg3); return template2d; error: if (template2d) SCFree(template2d); if (arg1) - SCFree(arg1); + pcre2_substring_free((PCRE2_UCHAR8 *)arg1); if (arg2) - SCFree(arg2); + pcre2_substring_free((PCRE2_UCHAR8 *)arg2); if (arg3) - SCFree(arg3); + pcre2_substring_free((PCRE2_UCHAR8 *)arg3); return NULL; } diff --git a/src/detect-threshold.c b/src/detect-threshold.c index 41a0ecb71f..4eb7244256 100644 --- a/src/detect-threshold.c +++ b/src/detect-threshold.c @@ -111,7 +111,7 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr) { DetectThresholdData *de = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; const char *str_ptr = NULL; char *args[9] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; char *copy_str = NULL, *threshold_opt = NULL; @@ -146,7 +146,7 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr) if(count_found != 1 || second_found != 1 || type_found != 1 || track_found != 1) goto error; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 5) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; @@ -160,10 +160,11 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr) for (i = 0; i < (ret - 1); i++) { - res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS,i + 1, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } @@ -204,13 +205,15 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr) } for (i = 0; i < (ret - 1); i++){ - if (args[i] != NULL) SCFree(args[i]); + if (args[i] != NULL) + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } return de; error: for (i = 0; i < (ret - 1); i++){ - if (args[i] != NULL) SCFree(args[i]); + if (args[i] != NULL) + pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } if (de != NULL) SCFree(de); diff --git a/src/detect-tls-cert-validity.c b/src/detect-tls-cert-validity.c index aca8a69797..e0bd4cf44c 100644 --- a/src/detect-tls-cert-validity.c +++ b/src/detect-tls-cert-validity.c @@ -306,49 +306,49 @@ static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr) { DetectTlsValidityData *dd = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char mode[2] = ""; char value1[20] = ""; char value2[20] = ""; char range[3] = ""; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret < 3 || ret > 5) { SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr); goto error; } - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, mode, - sizeof(mode)); + pcre2len = sizeof(mode); + res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("mode \"%s\"", mode); - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value1, - sizeof(value1)); + pcre2len = sizeof(value1); + res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("value1 \"%s\"", value1); if (ret > 3) { - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, - range, sizeof(range)); + pcre2len = sizeof(range); + res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)range, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("range \"%s\"", range); if (ret > 4) { - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, - value2, sizeof(value2)); + pcre2len = sizeof(value2); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 4, (PCRE2_UCHAR8 *)value2, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, - "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } SCLogDebug("value2 \"%s\"", value2); diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c index eddef6d4b7..4931914607 100644 --- a/src/detect-tls-version.c +++ b/src/detect-tls-version.c @@ -152,9 +152,9 @@ static DetectTlsVersionData *DetectTlsVersionParse (DetectEngineCtx *de_ctx, con uint16_t temp; DetectTlsVersionData *tls = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; - ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, str, 0, 0); if (ret < 1 || ret > 3) { SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.version option"); goto error; @@ -163,9 +163,11 @@ static DetectTlsVersionData *DetectTlsVersionParse (DetectEngineCtx *de_ctx, con if (ret > 1) { char ver_ptr[64]; char *tmp_str; - res = pcre_copy_substring((char *)str, ov, MAX_SUBSTRINGS, 1, ver_ptr, sizeof(ver_ptr)); + pcre2len = sizeof(ver_ptr); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 1, (PCRE2_UCHAR8 *)ver_ptr, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } diff --git a/src/detect-tls.c b/src/detect-tls.c index 626bd2de9e..9af57dab6c 100644 --- a/src/detect-tls.c +++ b/src/detect-tls.c @@ -223,13 +223,13 @@ static DetectTlsData *DetectTlsSubjectParse (DetectEngineCtx *de_ctx, const char { DetectTlsData *tls = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; const char *str_ptr; char *orig = NULL; char *tmp_str; uint32_t flag = 0; - ret = DetectParsePcreExec(&subject_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&subject_parse_regex, str, 0, 0); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.subject option"); goto error; @@ -238,9 +238,10 @@ static DetectTlsData *DetectTlsSubjectParse (DetectEngineCtx *de_ctx, const char if (negate) flag = DETECT_CONTENT_NEGATED; - res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber( + subject_parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } @@ -255,7 +256,7 @@ static DetectTlsData *DetectTlsSubjectParse (DetectEngineCtx *de_ctx, const char if (unlikely(orig == NULL)) { goto error; } - pcre_free_substring(str_ptr); + pcre2_substring_free((PCRE2_UCHAR *)str_ptr); tmp_str=orig; @@ -414,13 +415,13 @@ static DetectTlsData *DetectTlsIssuerDNParse(DetectEngineCtx *de_ctx, const char { DetectTlsData *tls = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; const char *str_ptr; char *orig = NULL; char *tmp_str; uint32_t flag = 0; - ret = DetectParsePcreExec(&issuerdn_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&issuerdn_parse_regex, str, 0, 0); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.issuerdn option"); goto error; @@ -429,9 +430,10 @@ static DetectTlsData *DetectTlsIssuerDNParse(DetectEngineCtx *de_ctx, const char if (negate) flag = DETECT_CONTENT_NEGATED; - res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber( + issuerdn_parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } @@ -446,7 +448,7 @@ static DetectTlsData *DetectTlsIssuerDNParse(DetectEngineCtx *de_ctx, const char if (unlikely(orig == NULL)) { goto error; } - pcre_free_substring(str_ptr); + pcre2_substring_free((PCRE2_UCHAR *)str_ptr); tmp_str=orig; @@ -546,13 +548,13 @@ static DetectTlsData *DetectTlsFingerprintParse (DetectEngineCtx *de_ctx, const { DetectTlsData *tls = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; const char *str_ptr; char *orig; char *tmp_str; uint32_t flag = 0; - ret = DetectParsePcreExec(&fingerprint_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&fingerprint_parse_regex, str, 0, 0); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.fingerprint option"); goto error; @@ -561,9 +563,10 @@ static DetectTlsData *DetectTlsFingerprintParse (DetectEngineCtx *de_ctx, const if (negate) flag = DETECT_CONTENT_NEGATED; - res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber( + fingerprint_parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } @@ -578,7 +581,7 @@ static DetectTlsData *DetectTlsFingerprintParse (DetectEngineCtx *de_ctx, const if (unlikely(orig == NULL)) { goto error; } - pcre_free_substring(str_ptr); + pcre2_substring_free((PCRE2_UCHAR *)str_ptr); tmp_str=orig; diff --git a/src/detect-tos.c b/src/detect-tos.c index fe37b1977a..a71aa969a2 100644 --- a/src/detect-tos.c +++ b/src/detect-tos.c @@ -112,9 +112,9 @@ static DetectTosData *DetectTosParse(const char *arg, bool negate) { DetectTosData *tosd = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; - ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, arg, 0, 0); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "invalid tos option - %s. " "The tos option value must be in the range " @@ -124,10 +124,11 @@ static DetectTosData *DetectTosParse(const char *arg, bool negate) /* For TOS value */ char tosbytes_str[64] = ""; - res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, 1, - tosbytes_str, sizeof(tosbytes_str)); + pcre2len = sizeof(tosbytes_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 1, (PCRE2_UCHAR8 *)tosbytes_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); goto error; } @@ -364,4 +365,4 @@ void DetectTosRegisterTests(void) UtRegisterTest("DetectTosTest12", DetectTosTest12); return; } -#endif \ No newline at end of file +#endif diff --git a/src/detect-ttl.c b/src/detect-ttl.c index 87e0289ede..a7469c233b 100644 --- a/src/detect-ttl.c +++ b/src/detect-ttl.c @@ -133,36 +133,40 @@ static int DetectTtlMatch (DetectEngineThreadCtx *det_ctx, Packet *p, static DetectTtlData *DetectTtlParse (const char *ttlstr) { - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char arg1[6] = ""; char arg2[6] = ""; char arg3[6] = ""; - int ret = DetectParsePcreExec(&parse_regex, ttlstr, 0, 0, ov, MAX_SUBSTRINGS); + int ret = DetectParsePcreExec(&parse_regex, ttlstr, 0, 0); if (ret < 2 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); return NULL; } - int res = pcre_copy_substring((char *) ttlstr, ov, MAX_SUBSTRINGS, 1, arg1, sizeof(arg1)); + pcre2len = sizeof(arg1); + int res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return NULL; } SCLogDebug("arg1 \"%s\"", arg1); if (ret >= 3) { - res = pcre_copy_substring((char *) ttlstr, ov, MAX_SUBSTRINGS, 2, arg2, sizeof(arg2)); + pcre2len = sizeof(arg2); + res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return NULL; } SCLogDebug("arg2 \"%s\"", arg2); if (ret >= 4) { - res = pcre_copy_substring((char *) ttlstr, ov, MAX_SUBSTRINGS, 3, arg3, sizeof(arg3)); + pcre2len = sizeof(arg3); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return NULL; } SCLogDebug("arg3 \"%s\"", arg3); diff --git a/src/detect-urilen.c b/src/detect-urilen.c index 8355ff4cb4..e407e0f71b 100644 --- a/src/detect-urilen.c +++ b/src/detect-urilen.c @@ -97,9 +97,9 @@ static DetectUrilenData *DetectUrilenParse (const char *urilenstr) char *arg4 = NULL; char *arg5 = NULL; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2_len; - ret = DetectParsePcreExec(&parse_regex, urilenstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, urilenstr, 0, 0); if (ret < 3 || ret > 6) { SCLogError(SC_ERR_PCRE_PARSE, "urilen option pcre parse error: \"%s\"", urilenstr); goto error; @@ -108,44 +108,47 @@ static DetectUrilenData *DetectUrilenParse (const char *urilenstr) SCLogDebug("ret %d", ret); - res = pcre_get_substring((char *)urilenstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg1 = (char *) str_ptr; SCLogDebug("Arg1 \"%s\"", arg1); - res = pcre_get_substring((char *)urilenstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); + res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg2 = (char *) str_ptr; SCLogDebug("Arg2 \"%s\"", arg2); if (ret > 3) { - res = pcre_get_substring((char *)urilenstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg3 = (char *) str_ptr; SCLogDebug("Arg3 \"%s\"", arg3); if (ret > 4) { - res = pcre_get_substring((char *)urilenstr, ov, MAX_SUBSTRINGS, 4, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 4, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg4 = (char *) str_ptr; SCLogDebug("Arg4 \"%s\"", arg4); } if (ret > 5) { - res = pcre_get_substring((char *)urilenstr, ov, MAX_SUBSTRINGS, 5, &str_ptr); + res = pcre2_substring_get_bynumber( + parse_regex.match, 5, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed"); goto error; } arg5 = (char *) str_ptr; @@ -206,29 +209,29 @@ static DetectUrilenData *DetectUrilenParse (const char *urilenstr) } } - pcre_free_substring(arg1); - pcre_free_substring(arg2); + pcre2_substring_free((PCRE2_UCHAR *)arg1); + pcre2_substring_free((PCRE2_UCHAR *)arg2); if (arg3 != NULL) - pcre_free_substring(arg3); + pcre2_substring_free((PCRE2_UCHAR *)arg3); if (arg4 != NULL) - pcre_free_substring(arg4); + pcre2_substring_free((PCRE2_UCHAR *)arg4); if (arg5 != NULL) - pcre_free_substring(arg5); + pcre2_substring_free((PCRE2_UCHAR *)arg5); return urilend; error: if (urilend) SCFree(urilend); if (arg1 != NULL) - pcre_free_substring(arg1); + pcre2_substring_free((PCRE2_UCHAR *)arg1); if (arg2 != NULL) - pcre_free_substring(arg2); + pcre2_substring_free((PCRE2_UCHAR *)arg2); if (arg3 != NULL) - pcre_free_substring(arg3); + pcre2_substring_free((PCRE2_UCHAR *)arg3); if (arg4 != NULL) - pcre_free_substring(arg4); + pcre2_substring_free((PCRE2_UCHAR *)arg4); if (arg5 != NULL) - pcre_free_substring(arg5); + pcre2_substring_free((PCRE2_UCHAR *)arg5); return NULL; } diff --git a/src/detect-xbits.c b/src/detect-xbits.c index 7236a5c48c..6cd397e7dd 100644 --- a/src/detect-xbits.c +++ b/src/detect-xbits.c @@ -197,34 +197,40 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx, uint8_t fb_cmd = 0; uint8_t hb_dir = 0; int ret = 0, res = 0; - int ov[MAX_SUBSTRINGS]; + size_t pcre2len; char fb_cmd_str[16] = "", fb_name[256] = ""; char hb_dir_str[16] = ""; enum VarTypes var_type = VAR_TYPE_NOT_SET; uint32_t expire = DETECT_XBITS_EXPIRE_DEFAULT; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); if (ret != 2 && ret != 3 && ret != 4 && ret != 5) { SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for xbits.", rawstr); return -1; } SCLogDebug("ret %d, %s", ret, rawstr); - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, fb_cmd_str, sizeof(fb_cmd_str)); + pcre2len = sizeof(fb_cmd_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 1, (PCRE2_UCHAR8 *)fb_cmd_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return -1; } if (ret >= 3) { - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, fb_name, sizeof(fb_name)); + pcre2len = sizeof(fb_name); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 2, (PCRE2_UCHAR8 *)fb_name, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return -1; } if (ret >= 4) { - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, hb_dir_str, sizeof(hb_dir_str)); + pcre2len = sizeof(hb_dir_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 3, (PCRE2_UCHAR8 *)hb_dir_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return -1; } SCLogDebug("hb_dir_str %s", hb_dir_str); @@ -246,9 +252,11 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx, if (ret >= 5) { char expire_str[16] = ""; - res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, expire_str, sizeof(expire_str)); + pcre2len = sizeof(expire_str); + res = pcre2_substring_copy_bynumber( + parse_regex.match, 4, (PCRE2_UCHAR8 *)expire_str, &pcre2len); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed"); return -1; } SCLogDebug("expire_str %s", expire_str);