From: Victor Julien <vjulien@oisf.net>
Date: Tue, 26 Apr 2022 18:06:43 +0000 (+0200)
Subject: detect/content-inspect: code cleanup
X-Git-Tag: suricata-5.0.10~66
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3e371b3e980cf93365c640b29d1b6814cfc05ef;p=thirdparty%2Fsuricata.git

detect/content-inspect: code cleanup

Rearrange code slightly to make it more clear that `found` cannot
be NULL further down the loop.

cppcheck:

src/detect-engine-content-inspection.c:316:50: warning: Either the condition 'found!=NULL' is redundant or there is overflow in pointer subtraction. [nullPointerArithmeticRedundantCheck]
                match_offset = (uint32_t)((found - buffer) + cd->content_len);
                                                 ^
src/detect-engine-content-inspection.c:308:30: note: Assuming that condition 'found!=NULL' is not redundant
            } else if (found != NULL && (cd->flags & DETECT_CONTENT_NEGATED)) {
                             ^
src/detect-engine-content-inspection.c:316:50: note: Null pointer subtraction
                match_offset = (uint32_t)((found - buffer) + cd->content_len);
                                                 ^

Bug: #5291.
(cherry picked from commit 27e9a871d0f7feeafb8fff266b2bb4d97abd39f3)
---

diff --git a/src/detect-engine-content-inspection.c b/src/detect-engine-content-inspection.c
index 61ed9f52b0..7854466e96 100644
--- a/src/detect-engine-content-inspection.c
+++ b/src/detect-engine-content-inspection.c
@@ -297,16 +297,18 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
              * negation flag. */
             SCLogDebug("found %p cd negated %s", found, cd->flags & DETECT_CONTENT_NEGATED ? "true" : "false");
 
-            if (found == NULL && !(cd->flags & DETECT_CONTENT_NEGATED)) {
-                if ((cd->flags & (DETECT_CONTENT_DISTANCE|DETECT_CONTENT_WITHIN)) == 0) {
-                    /* independent match from previous matches, so failure is fatal */
-                    det_ctx->discontinue_matching = 1;
-                }
+            if (found == NULL) {
+                if (!(cd->flags & DETECT_CONTENT_NEGATED)) {
+                    if ((cd->flags & (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_WITHIN)) == 0) {
+                        /* independent match from previous matches, so failure is fatal */
+                        det_ctx->discontinue_matching = 1;
+                    }
 
-                goto no_match;
-            } else if (found == NULL && (cd->flags & DETECT_CONTENT_NEGATED)) {
-                goto match;
-            } else if (found != NULL && (cd->flags & DETECT_CONTENT_NEGATED)) {
+                    goto no_match;
+                } else {
+                    goto match;
+                }
+            } else if (cd->flags & DETECT_CONTENT_NEGATED) {
                 SCLogDebug("content %"PRIu32" matched at offset %"PRIu32", but negated so no match", cd->id, match_offset);
                 /* don't bother carrying recursive matches now, for preceding
                  * relative keywords */