From: Eric Leblond Date: Fri, 15 Jul 2022 10:33:09 +0000 (+0200) Subject: datasets: don't exit on invalid data X-Git-Tag: suricata-7.0.0-rc1~460 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94664ef56515952fd4e0f59b8697d622e11f032b;p=thirdparty%2Fsuricata.git datasets: don't exit on invalid data --- diff --git a/src/datasets.c b/src/datasets.c index 6ee1a3e8ba..e61456b198 100644 --- a/src/datasets.c +++ b/src/datasets.c @@ -22,6 +22,7 @@ */ #include "suricata-common.h" +#include "suricata.h" #include "conf.h" #include "datasets.h" #include "datasets-string.h" @@ -191,12 +192,17 @@ static int DatasetLoadIPv4(Dataset *set) SCLogDebug("line: '%s'", line); struct in_addr in; - if (inet_pton(AF_INET, line, &in) != 1) - FatalError(SC_ERR_FATAL, "dataset data parse failed %s/%s: %s", set->name, + if (inet_pton(AF_INET, line, &in) != 1) { + FatalErrorOnInit(SC_ERR_DATASET, "dataset data parse failed %s/%s: %s", set->name, set->load, line); + continue; + } - if (DatasetAdd(set, (const uint8_t *)&in.s_addr, 4) < 0) - FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s", set->name, set->load); + if (DatasetAdd(set, (const uint8_t *)&in.s_addr, 4) < 0) { + FatalErrorOnInit( + SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load); + continue; + } cnt++; /* list with rep data */ @@ -207,19 +213,26 @@ static int DatasetLoadIPv4(Dataset *set) *r = '\0'; struct in_addr in; - if (inet_pton(AF_INET, line, &in) != 1) - FatalError(SC_ERR_FATAL, "dataset data parse failed %s/%s: %s", set->name, + if (inet_pton(AF_INET, line, &in) != 1) { + FatalErrorOnInit(SC_ERR_DATASET, "dataset data parse failed %s/%s: %s", set->name, set->load, line); + continue; + } r++; DataRepType rep = { .value = 0 }; - if (ParseRepLine(r, strlen(r), &rep) < 0) - FatalError(SC_ERR_FATAL, "bad rep for dataset %s/%s", set->name, set->load); + if (ParseRepLine(r, strlen(r), &rep) < 0) { + FatalErrorOnInit(SC_ERR_DATASET, "bad rep for dataset %s/%s", set->name, set->load); + continue; + } SCLogDebug("rep v:%u", rep.value); - if (DatasetAddwRep(set, (const uint8_t *)&in.s_addr, 4, &rep) < 0) - FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s", set->name, set->load); + if (DatasetAddwRep(set, (const uint8_t *)&in.s_addr, 4, &rep) < 0) { + FatalErrorOnInit( + SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load); + continue; + } cnt++; } @@ -238,8 +251,8 @@ static int ParseIpv6String(Dataset *set, char *line, struct in6_addr *in6) if (got_colon) { uint32_t ip6addr[4]; if (inet_pton(AF_INET6, line, in6) != 1) { - FatalError(SC_ERR_FATAL, "dataset data parse failed %s/%s: %s", set->name, set->load, - line); + FatalErrorOnInit(SC_ERR_DATASET, "dataset data parse failed %s/%s: %s", set->name, + set->load, line); return -1; } memcpy(&ip6addr, in6->s6_addr, sizeof(ip6addr)); @@ -254,8 +267,8 @@ static int ParseIpv6String(Dataset *set, char *line, struct in6_addr *in6) /* IPv4 case */ struct in_addr in; if (inet_pton(AF_INET, line, &in) != 1) { - FatalError(SC_ERR_FATAL, "dataset data parse failed %s/%s: %s", set->name, set->load, - line); + FatalErrorOnInit(SC_ERR_DATASET, "dataset data parse failed %s/%s: %s", set->name, + set->load, line); return -1; } memset(in6, 0, sizeof(struct in6_addr)); @@ -291,11 +304,16 @@ static int DatasetLoadIPv6(Dataset *set) struct in6_addr in6; int ret = ParseIpv6String(set, line, &in6); - if (ret < 0) - FatalError(SC_ERR_FATAL, "unable to parse IP address"); + if (ret < 0) { + FatalErrorOnInit(SC_ERR_DATASET, "unable to parse IP address"); + continue; + } - if (DatasetAdd(set, (const uint8_t *)&in6.s6_addr, 16) < 0) - FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s", set->name, set->load); + if (DatasetAdd(set, (const uint8_t *)&in6.s6_addr, 16) < 0) { + FatalErrorOnInit( + SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load); + continue; + } cnt++; /* list with rep data */ @@ -307,18 +325,25 @@ static int DatasetLoadIPv6(Dataset *set) struct in6_addr in6; int ret = ParseIpv6String(set, line, &in6); - if (ret < 0) - FatalError(SC_ERR_FATAL, "unable to parse IP address"); + if (ret < 0) { + FatalErrorOnInit(SC_ERR_DATASET, "unable to parse IP address"); + continue; + } r++; DataRepType rep = { .value = 0 }; - if (ParseRepLine(r, strlen(r), &rep) < 0) - FatalError(SC_ERR_FATAL, "bad rep for dataset %s/%s", set->name, set->load); + if (ParseRepLine(r, strlen(r), &rep) < 0) { + FatalErrorOnInit(SC_ERR_DATASET, "bad rep for dataset %s/%s", set->name, set->load); + continue; + } SCLogDebug("rep v:%u", rep.value); - if (DatasetAddwRep(set, (const uint8_t *)&in6.s6_addr, 16, &rep) < 0) - FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s", set->name, set->load); + if (DatasetAddwRep(set, (const uint8_t *)&in6.s6_addr, 16, &rep) < 0) { + FatalErrorOnInit( + SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load); + continue; + } cnt++; } @@ -357,13 +382,17 @@ static int DatasetLoadMd5(Dataset *set) SCLogDebug("line: '%s'", line); uint8_t hash[16]; - if (HexToRaw((const uint8_t *)line, 32, hash, sizeof(hash)) < 0) - FatalError(SC_ERR_FATAL, "bad hash for dataset %s/%s", - set->name, set->load); + if (HexToRaw((const uint8_t *)line, 32, hash, sizeof(hash)) < 0) { + FatalErrorOnInit( + SC_ERR_DATASET, "bad hash for dataset %s/%s", set->name, set->load); + continue; + } - if (DatasetAdd(set, (const uint8_t *)hash, 16) < 0) - FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s", - set->name, set->load); + if (DatasetAdd(set, (const uint8_t *)hash, 16) < 0) { + FatalErrorOnInit( + SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load); + continue; + } cnt++; /* list with rep data */ @@ -372,25 +401,31 @@ static int DatasetLoadMd5(Dataset *set) SCLogDebug("MD5 with REP line: '%s'", line); uint8_t hash[16]; - if (HexToRaw((const uint8_t *)line, 32, hash, sizeof(hash)) < 0) - FatalError(SC_ERR_FATAL, "bad hash for dataset %s/%s", - set->name, set->load); + if (HexToRaw((const uint8_t *)line, 32, hash, sizeof(hash)) < 0) { + FatalErrorOnInit( + SC_ERR_DATASET, "bad hash for dataset %s/%s", set->name, set->load); + continue; + } DataRepType rep = { .value = 0}; - if (ParseRepLine(line+33, strlen(line)-33, &rep) < 0) - FatalError(SC_ERR_FATAL, "bad rep for dataset %s/%s", - set->name, set->load); + if (ParseRepLine(line + 33, strlen(line) - 33, &rep) < 0) { + FatalErrorOnInit(SC_ERR_DATASET, "bad rep for dataset %s/%s", set->name, set->load); + continue; + } SCLogDebug("rep v:%u", rep.value); - if (DatasetAddwRep(set, hash, 16, &rep) < 0) - FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s", - set->name, set->load); + if (DatasetAddwRep(set, hash, 16, &rep) < 0) { + FatalErrorOnInit( + SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load); + continue; + } cnt++; } else { - FatalError(SC_ERR_FATAL, "MD5 bad line len %u: '%s'", - (uint32_t)strlen(line), line); + FatalErrorOnInit( + SC_ERR_DATASET, "MD5 bad line len %u: '%s'", (uint32_t)strlen(line), line); + continue; } } THashConsolidateMemcap(set->hash); @@ -427,13 +462,17 @@ static int DatasetLoadSha256(Dataset *set) SCLogDebug("line: '%s'", line); uint8_t hash[32]; - if (HexToRaw((const uint8_t *)line, 64, hash, sizeof(hash)) < 0) - FatalError(SC_ERR_FATAL, "bad hash for dataset %s/%s", - set->name, set->load); + if (HexToRaw((const uint8_t *)line, 64, hash, sizeof(hash)) < 0) { + FatalErrorOnInit( + SC_ERR_DATASET, "bad hash for dataset %s/%s", set->name, set->load); + continue; + } - if (DatasetAdd(set, (const uint8_t *)hash, (uint32_t)32) < 0) - FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s", - set->name, set->load); + if (DatasetAdd(set, (const uint8_t *)hash, (uint32_t)32) < 0) { + FatalErrorOnInit( + SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load); + continue; + } cnt++; /* list with rep data */ @@ -442,20 +481,25 @@ static int DatasetLoadSha256(Dataset *set) SCLogDebug("SHA-256 with REP line: '%s'", line); uint8_t hash[32]; - if (HexToRaw((const uint8_t *)line, 64, hash, sizeof(hash)) < 0) - FatalError(SC_ERR_FATAL, "bad hash for dataset %s/%s", - set->name, set->load); + if (HexToRaw((const uint8_t *)line, 64, hash, sizeof(hash)) < 0) { + FatalErrorOnInit( + SC_ERR_DATASET, "bad hash for dataset %s/%s", set->name, set->load); + continue; + } DataRepType rep = { .value = 0 }; - if (ParseRepLine(line+65, strlen(line)-65, &rep) < 0) - FatalError(SC_ERR_FATAL, "bad rep for dataset %s/%s", - set->name, set->load); + if (ParseRepLine(line + 65, strlen(line) - 65, &rep) < 0) { + FatalErrorOnInit(SC_ERR_DATASET, "bad rep for dataset %s/%s", set->name, set->load); + continue; + } SCLogDebug("rep %u", rep.value); - if (DatasetAddwRep(set, hash, 32, &rep) < 0) - FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s", - set->name, set->load); + if (DatasetAddwRep(set, hash, 32, &rep) < 0) { + FatalErrorOnInit( + SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load); + continue; + } cnt++; } } @@ -500,13 +544,16 @@ static int DatasetLoadString(Dataset *set) uint32_t consumed = 0, num_decoded = 0; Base64Ecode code = DecodeBase64(decoded, strlen(line), (const uint8_t *)line, strlen(line), &consumed, &num_decoded, BASE64_MODE_STRICT); - if (code == BASE64_ECODE_ERR) - FatalError(SC_ERR_FATAL, "bad base64 encoding %s/%s", - set->name, set->load); + if (code == BASE64_ECODE_ERR) { + FatalErrorOnInit(SC_ERR_DATASET, "bad base64 encoding %s/%s", set->name, set->load); + continue; + } - if (DatasetAdd(set, (const uint8_t *)decoded, num_decoded) < 0) - FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s", - set->name, set->load); + if (DatasetAdd(set, (const uint8_t *)decoded, num_decoded) < 0) { + FatalErrorOnInit( + SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load); + continue; + } cnt++; } else { line[strlen(line) - 1] = '\0'; @@ -519,21 +566,26 @@ static int DatasetLoadString(Dataset *set) uint32_t consumed = 0, num_decoded = 0; Base64Ecode code = DecodeBase64(decoded, strlen(line), (const uint8_t *)line, strlen(line), &consumed, &num_decoded, BASE64_MODE_STRICT); - if (code == BASE64_ECODE_ERR) - FatalError(SC_ERR_FATAL, "bad base64 encoding %s/%s", - set->name, set->load); + if (code == BASE64_ECODE_ERR) { + FatalErrorOnInit(SC_ERR_DATASET, "bad base64 encoding %s/%s", set->name, set->load); + continue; + } r++; SCLogDebug("r '%s'", r); DataRepType rep = { .value = 0 }; - if (ParseRepLine(r, strlen(r), &rep) < 0) - FatalError(SC_ERR_FATAL, "die: bad rep"); + if (ParseRepLine(r, strlen(r), &rep) < 0) { + FatalErrorOnInit(SC_ERR_DATASET, "die: bad rep"); + continue; + } SCLogDebug("rep %u", rep.value); - if (DatasetAddwRep(set, (const uint8_t *)decoded, num_decoded, &rep) < 0) - FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s", - set->name, set->load); + if (DatasetAddwRep(set, (const uint8_t *)decoded, num_decoded, &rep) < 0) { + FatalErrorOnInit( + SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load); + continue; + } cnt++; SCLogDebug("line with rep %s, %s", line, r); @@ -845,8 +897,9 @@ int DatasetsInit(void) const char *set_name = iter->name; if (strlen(set_name) > DATASET_NAME_MAX_LEN) { - FatalError(SC_ERR_CONF_NAME_TOO_LONG, "set name '%s' too long, max %d chars", + FatalErrorOnInit(SC_ERR_CONF_NAME_TOO_LONG, "set name '%s' too long, max %d chars", set_name, DATASET_NAME_MAX_LEN); + continue; } ConfNode *set_type = @@ -898,8 +951,10 @@ int DatasetsInit(void) Dataset *dset = DatasetGet(set_name, DATASET_TYPE_MD5, save, load, memcap > 0 ? memcap : default_memcap, hashsize > 0 ? hashsize : default_hashsize); - if (dset == NULL) - FatalError(SC_ERR_FATAL, "failed to setup dataset for %s", set_name); + if (dset == NULL) { + FatalErrorOnInit(SC_ERR_DATASET, "failed to setup dataset for %s", set_name); + continue; + } SCLogDebug("dataset %s: id %d type %s", set_name, n, set_type->val); dset->from_yaml = true; n++; @@ -908,8 +963,10 @@ int DatasetsInit(void) Dataset *dset = DatasetGet(set_name, DATASET_TYPE_SHA256, save, load, memcap > 0 ? memcap : default_memcap, hashsize > 0 ? hashsize : default_hashsize); - if (dset == NULL) - FatalError(SC_ERR_FATAL, "failed to setup dataset for %s", set_name); + if (dset == NULL) { + FatalErrorOnInit(SC_ERR_DATASET, "failed to setup dataset for %s", set_name); + continue; + } SCLogDebug("dataset %s: id %d type %s", set_name, n, set_type->val); dset->from_yaml = true; n++; @@ -918,8 +975,10 @@ int DatasetsInit(void) Dataset *dset = DatasetGet(set_name, DATASET_TYPE_STRING, save, load, memcap > 0 ? memcap : default_memcap, hashsize > 0 ? hashsize : default_hashsize); - if (dset == NULL) - FatalError(SC_ERR_FATAL, "failed to setup dataset for %s", set_name); + if (dset == NULL) { + FatalErrorOnInit(SC_ERR_DATASET, "failed to setup dataset for %s", set_name); + continue; + } SCLogDebug("dataset %s: id %d type %s", set_name, n, set_type->val); dset->from_yaml = true; n++;