From: Victor Julien Date: Tue, 7 Feb 2023 11:23:57 +0000 (+0100) Subject: detect: initialize empty buffers X-Git-Tag: suricata-7.0.0-rc2~592 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=977c5ea71901db3b0108f00d9c865af71fb803df;p=thirdparty%2Fsuricata.git detect: initialize empty buffers --- diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index a183132279..05a0e1c536 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -88,6 +88,7 @@ static InspectionBuffer *DnsQueryGetData(DetectEngineThreadCtx *det_ctx, const uint8_t *data; uint32_t data_len; if (rs_dns_tx_get_query_name(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) { + InspectionBufferSetupMultiEmpty(buffer); return NULL; } InspectionBufferSetupMulti(buffer, transforms, data, data_len); diff --git a/src/detect-engine-frame.c b/src/detect-engine-frame.c index ee86387a44..f987a8799c 100644 --- a/src/detect-engine-frame.c +++ b/src/detect-engine-frame.c @@ -366,6 +366,7 @@ static bool BufferSetup(struct FrameStreamData *fsd, InspectionBuffer *buffer, c if (fo_inspect_offset >= (uint64_t)frame->len) { SCLogDebug("data entirely past frame (%" PRIu64 " > %" PRIi64 ")", fo_inspect_offset, frame->len); + InspectionBufferSetupMultiEmpty(buffer); return false; } diff --git a/src/detect-engine.c b/src/detect-engine.c index d47f4afc9e..485d691c11 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -1427,6 +1427,19 @@ void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size) } } +/** \brief setup the buffer empty */ +void InspectionBufferSetupMultiEmpty(InspectionBuffer *buffer) +{ +#ifdef DEBUG_VALIDATION + DEBUG_VALIDATE_BUG_ON(buffer->initialized); + DEBUG_VALIDATE_BUG_ON(!buffer->multi); +#endif + buffer->inspect = NULL; + buffer->inspect_len = 0; + buffer->len = 0; + buffer->initialized = true; +} + /** \brief setup the buffer with our initial data */ void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms, const uint8_t *data, const uint32_t data_len) diff --git a/src/detect-engine.h b/src/detect-engine.h index 1f93aabf1f..2980f0dac6 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -37,6 +37,7 @@ void InspectionBufferApplyTransforms(InspectionBuffer *buffer, const DetectEngineTransforms *transforms); void InspectionBufferClean(DetectEngineThreadCtx *det_ctx); InspectionBuffer *InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id); +void InspectionBufferSetupMultiEmpty(InspectionBuffer *buffer); void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms, const uint8_t *data, const uint32_t data_len); InspectionBuffer *InspectionBufferMultipleForListGet( diff --git a/src/detect-file-data.c b/src/detect-file-data.c index 540b29791b..2d3cc1561d 100644 --- a/src/detect-file-data.c +++ b/src/detect-file-data.c @@ -540,11 +540,13 @@ static InspectionBuffer *FiledataGetDataCallback(DetectEngineThreadCtx *det_ctx, /* no new data */ if (cur_file->content_inspected == file_size) { SCLogDebug("no new data"); + InspectionBufferSetupMultiEmpty(buffer); return NULL; } if (file_size == 0) { SCLogDebug("no data to inspect for this transaction"); + InspectionBufferSetupMultiEmpty(buffer); return NULL; } @@ -554,6 +556,7 @@ static InspectionBuffer *FiledataGetDataCallback(DetectEngineThreadCtx *det_ctx, SCLogDebug("we still haven't seen the entire content. " "Let's defer content inspection till we see the " "entire content."); + InspectionBufferSetupMultiEmpty(buffer); return NULL; } diff --git a/src/detect-filemagic.c b/src/detect-filemagic.c index 3da9b6f2d6..29ecde687c 100644 --- a/src/detect-filemagic.c +++ b/src/detect-filemagic.c @@ -457,6 +457,7 @@ static InspectionBuffer *FilemagicGetDataCallback(DetectEngineThreadCtx *det_ctx DetectFilemagicThreadData *tfilemagic = (DetectFilemagicThreadData *)DetectThreadCtxGetKeywordThreadCtx(det_ctx, g_magic_thread_ctx_id); if (tfilemagic == NULL) { + InspectionBufferSetupMultiEmpty(buffer); return NULL; } diff --git a/src/detect-http2.c b/src/detect-http2.c index 611fb41d35..83b9aeb864 100644 --- a/src/detect-http2.c +++ b/src/detect-http2.c @@ -818,10 +818,14 @@ static InspectionBuffer *GetHttp2HeaderData(DetectEngineThreadCtx *det_ctx, cons uint32_t b_len = 0; const uint8_t *b = NULL; - if (rs_http2_tx_get_header(cbdata->txv, flags, cbdata->local_id, &b, &b_len) != 1) + if (rs_http2_tx_get_header(cbdata->txv, flags, cbdata->local_id, &b, &b_len) != 1) { + InspectionBufferSetupMultiEmpty(buffer); return NULL; - if (b == NULL || b_len == 0) + } + if (b == NULL || b_len == 0) { + InspectionBufferSetupMultiEmpty(buffer); return NULL; + } InspectionBufferSetupMulti(buffer, transforms, b, b_len); diff --git a/src/detect-ike-vendor.c b/src/detect-ike-vendor.c index c0d57de346..4dcc9c71b8 100644 --- a/src/detect-ike-vendor.c +++ b/src/detect-ike-vendor.c @@ -70,6 +70,7 @@ static InspectionBuffer *IkeVendorGetData(DetectEngineThreadCtx *det_ctx, const uint8_t *data; uint32_t data_len; if (rs_ike_tx_get_vendor(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) { + InspectionBufferSetupMultiEmpty(buffer); return NULL; } diff --git a/src/detect-krb5-cname.c b/src/detect-krb5-cname.c index d6ca24f519..6054ccc5c6 100644 --- a/src/detect-krb5-cname.c +++ b/src/detect-krb5-cname.c @@ -71,10 +71,14 @@ static InspectionBuffer *GetKrb5CNameData(DetectEngineThreadCtx *det_ctx, uint32_t b_len = 0; const uint8_t *b = NULL; - if (rs_krb5_tx_get_cname(cbdata->txv, cbdata->local_id, &b, &b_len) != 1) + if (rs_krb5_tx_get_cname(cbdata->txv, cbdata->local_id, &b, &b_len) != 1) { + InspectionBufferSetupMultiEmpty(buffer); return NULL; - if (b == NULL || b_len == 0) + } + if (b == NULL || b_len == 0) { + InspectionBufferSetupMultiEmpty(buffer); return NULL; + } InspectionBufferSetupMulti(buffer, transforms, b, b_len); diff --git a/src/detect-krb5-sname.c b/src/detect-krb5-sname.c index 391c82d71a..eb281af2a2 100644 --- a/src/detect-krb5-sname.c +++ b/src/detect-krb5-sname.c @@ -71,10 +71,14 @@ static InspectionBuffer *GetKrb5SNameData(DetectEngineThreadCtx *det_ctx, uint32_t b_len = 0; const uint8_t *b = NULL; - if (rs_krb5_tx_get_sname(cbdata->txv, cbdata->local_id, &b, &b_len) != 1) + if (rs_krb5_tx_get_sname(cbdata->txv, cbdata->local_id, &b, &b_len) != 1) { + InspectionBufferSetupMultiEmpty(buffer); return NULL; - if (b == NULL || b_len == 0) + } + if (b == NULL || b_len == 0) { + InspectionBufferSetupMultiEmpty(buffer); return NULL; + } InspectionBufferSetupMulti(buffer, transforms, b, b_len); diff --git a/src/detect-mqtt-subscribe-topic.c b/src/detect-mqtt-subscribe-topic.c index 62b2018a3d..34b813023f 100644 --- a/src/detect-mqtt-subscribe-topic.c +++ b/src/detect-mqtt-subscribe-topic.c @@ -80,6 +80,7 @@ static InspectionBuffer *MQTTSubscribeTopicGetData(DetectEngineThreadCtx *det_ct const uint8_t *data; uint32_t data_len; if (rs_mqtt_tx_get_subscribe_topic(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) { + InspectionBufferSetupMultiEmpty(buffer); return NULL; } diff --git a/src/detect-mqtt-unsubscribe-topic.c b/src/detect-mqtt-unsubscribe-topic.c index 70ba5af857..b6b113942f 100644 --- a/src/detect-mqtt-unsubscribe-topic.c +++ b/src/detect-mqtt-unsubscribe-topic.c @@ -80,6 +80,7 @@ static InspectionBuffer *MQTTUnsubscribeTopicGetData(DetectEngineThreadCtx *det_ const uint8_t *data; uint32_t data_len; if (rs_mqtt_tx_get_unsubscribe_topic(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) { + InspectionBufferSetupMultiEmpty(buffer); return NULL; } diff --git a/src/detect-quic-cyu-hash.c b/src/detect-quic-cyu-hash.c index 519c3bd5c1..193f2fc395 100644 --- a/src/detect-quic-cyu-hash.c +++ b/src/detect-quic-cyu-hash.c @@ -76,6 +76,7 @@ static InspectionBuffer *QuicHashGetData(DetectEngineThreadCtx *det_ctx, const uint8_t *data; uint32_t data_len; if (rs_quic_tx_get_cyu_hash(cbdata->txv, (uint16_t)cbdata->local_id, &data, &data_len) == 0) { + InspectionBufferSetupMultiEmpty(buffer); return NULL; } diff --git a/src/detect-quic-cyu-string.c b/src/detect-quic-cyu-string.c index 3c2f8ef241..9e4f65887b 100644 --- a/src/detect-quic-cyu-string.c +++ b/src/detect-quic-cyu-string.c @@ -74,6 +74,7 @@ static InspectionBuffer *QuicStringGetData(DetectEngineThreadCtx *det_ctx, const uint8_t *data; uint32_t data_len; if (rs_quic_tx_get_cyu_string(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) { + InspectionBufferSetupMultiEmpty(buffer); return NULL; } diff --git a/src/detect-tls-certs.c b/src/detect-tls-certs.c index 21fb5c8baa..08bf6af2bd 100644 --- a/src/detect-tls-certs.c +++ b/src/detect-tls-certs.c @@ -156,6 +156,7 @@ static InspectionBuffer *TlsCertsGetData(DetectEngineThreadCtx *det_ctx, } if (TAILQ_EMPTY(&connp->certs)) { + InspectionBufferSetupMultiEmpty(buffer); return NULL; } @@ -165,6 +166,7 @@ static InspectionBuffer *TlsCertsGetData(DetectEngineThreadCtx *det_ctx, cbdata->cert = TAILQ_NEXT(cbdata->cert, next); } if (cbdata->cert == NULL) { + InspectionBufferSetupMultiEmpty(buffer); return NULL; }