From: russ Date: Thu, 25 Apr 2019 03:32:11 +0000 (-0400) Subject: Squashed commit of the following: X-Git-Tag: 3.0.0-254~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf5fc84fa6b6aaf191c785761770a26e1531ce57;p=thirdparty%2Fsnort3.git Squashed commit of the following: commit 552e1aa03b669531521d01ce40fa8fbb0a1215ae Author: russ Date: Wed Apr 24 11:14:17 2019 -0400 build: remove unused cruft; clean up KMap commit f69abdece93f196911a01ea7cae502cea2d49874 Author: russ Date: Mon Apr 22 13:02:28 2019 -0400 file_type: remove redundant error message commit cae5d0ddbe8b94bace3de56929e2ff14834f3a29 Author: russ Date: Fri Apr 19 21:33:03 2019 -0400 config: replace working dir overrides with --include-path --- diff --git a/src/ips_options/ips_file_type.cc b/src/ips_options/ips_file_type.cc index 134cb5fa6..ef3e8c58b 100644 --- a/src/ips_options/ips_file_type.cc +++ b/src/ips_options/ips_file_type.cc @@ -196,35 +196,27 @@ bool FileTypeModule::parse_type_and_version(std::string& token, SnortConfig* sc) { // Match all versions of this type. get_magic_rule_ids_from_type(type_name, "", ids_set, sc); + if (ids_set.none()) - { - ParseError("Invalid file_type type '%s'. Not found in file_rules.", type_name.c_str()); return false; - } types |= ids_set; return true; } get_magic_rule_ids_from_type(type_name, version, ids_set, sc); + if (ids_set.none()) - { - ParseError("Invalid file_type type '%s' or version '%s'. Not found in file_rules.", - type_name.c_str(), version.c_str()); return false; - } types |= ids_set; while (std::getline(stream, version, ',')) { get_magic_rule_ids_from_type(type_name, version, ids_set, sc); + if (ids_set.none()) - { - ParseError("Invalid file_type type '%s' or version '%s'. Not found in file_rules.", - type_name.c_str(), version.c_str()); return false; - } types |= ids_set; } diff --git a/src/main.cc b/src/main.cc index 2b56bdd73..004c07a4e 100644 --- a/src/main.cc +++ b/src/main.cc @@ -462,7 +462,7 @@ int main_reload_hosts(lua_State* L) } Shell sh = Shell(fname); - sh.configure(SnortConfig::get_conf()); + sh.configure(SnortConfig::get_conf(), false, true); tTargetBasedConfig* old = SFAT_GetConfig(); tTargetBasedConfig* tc = SFAT_Swap(); diff --git a/src/main/policy.cc b/src/main/policy.cc index 9154f4219..de627555f 100644 --- a/src/main/policy.cc +++ b/src/main/policy.cc @@ -26,6 +26,7 @@ #include "detection/detection_engine.h" #include "log/messages.h" #include "managers/inspector_manager.h" +#include "parser/parse_conf.h" #include "parser/vars.h" #include "ports/port_var_table.h" @@ -112,6 +113,7 @@ IpsPolicy::IpsPolicy(PolicyId id) policy_mode = POLICY_MODE__MAX; var_table = nullptr; + parse_from = get_parse_file(); var_id = 1; ip_vartable = sfvt_alloc_table(); diff --git a/src/main/shell.cc b/src/main/shell.cc index d553c30ad..3a8515225 100644 --- a/src/main/shell.cc +++ b/src/main/shell.cc @@ -188,7 +188,7 @@ void Shell::set_overrides(Shell* sh) overrides += sh->overrides; } -bool Shell::configure(SnortConfig* sc, bool is_fatal) +bool Shell::configure(SnortConfig* sc, bool is_fatal, bool is_root) { assert(file.size()); ModuleManager::set_config(sc); @@ -206,7 +206,15 @@ bool Shell::configure(SnortConfig* sc, bool is_fatal) } std::string path = parse_from; - const char* code = get_config_file(file.c_str(), path); + const char* code; + + if ( !is_root ) + code = get_config_file(file.c_str(), path); + else + { + code = "W"; + path = file; + } if ( !code ) { diff --git a/src/main/shell.h b/src/main/shell.h index 64d5dbed4..2bbf2c351 100644 --- a/src/main/shell.h +++ b/src/main/shell.h @@ -41,7 +41,7 @@ public: void set_overrides(const char*); void set_overrides(Shell*); - bool configure(snort::SnortConfig*, bool is_fatal = true); + bool configure(snort::SnortConfig*, bool is_fatal = true, bool is_root = false); void install(const char*, const struct luaL_Reg*); void execute(const char*, std::string&); diff --git a/src/main/snort.cc b/src/main/snort.cc index 3e43d7707..fe8e4397f 100644 --- a/src/main/snort.cc +++ b/src/main/snort.cc @@ -84,7 +84,6 @@ #include "target_based/sftarget_reader.h" #include "time/packet_time.h" #include "time/periodic.h" -#include "utils/kmap.h" #include "utils/util.h" #include "utils/util_utf.h" #include "utils/util_jsnorm.h" @@ -256,7 +255,6 @@ void Snort::init(int argc, char** argv) load_network_inspectors(); load_service_inspectors(); - /* chew up the command line */ snort_cmd_line_conf = parse_cmd_line(argc, argv); SnortConfig::set_conf(snort_cmd_line_conf); @@ -658,7 +656,7 @@ SnortConfig* Snort::get_updated_policy(SnortConfig* other_conf, const char* fnam if ( fname ) { Shell sh = Shell(fname); - sh.configure(sc); + sh.configure(sc, false, true); if ( ModuleManager::get_errors() || !sc->verify() ) { diff --git a/src/main/snort_config.cc b/src/main/snort_config.cc index d55dc64a2..a0017c374 100644 --- a/src/main/snort_config.cc +++ b/src/main/snort_config.cc @@ -383,6 +383,7 @@ void SnortConfig::merge(SnortConfig* cmd_line) output_flags |= cmd_line->output_flags; logging_flags |= cmd_line->logging_flags; + include_path = cmd_line->include_path; stdin_rules = cmd_line->stdin_rules; // only set by cmd_line to override other conf output settings @@ -971,6 +972,14 @@ void SnortConfig::set_tunnel_verdicts(const char* args) snort_free(tmp); } +void SnortConfig::set_include_path(const char* path) +{ + if (path) + include_path = path; + else + include_path.clear(); +} + void SnortConfig::set_plugin_path(const char* path) { if (path) diff --git a/src/main/snort_config.h b/src/main/snort_config.h index 6aca555eb..1463e8e0d 100644 --- a/src/main/snort_config.h +++ b/src/main/snort_config.h @@ -38,7 +38,7 @@ enum RunFlag RUN_FLAG__READ = 0x00000001, RUN_FLAG__DAEMON = 0x00000002, RUN_FLAG__NO_PROMISCUOUS = 0x00000004, - RUN_FLAG__NO_OVERRIDES = 0x00000008, + // unused = 0x00000008, RUN_FLAG__INLINE = 0x00000010, RUN_FLAG__STATIC_HASH = 0x00000020, @@ -229,6 +229,7 @@ public: bool dirty_pig = false; std::string chroot_dir; /* -t or config chroot */ + std::string include_path; std::string plugin_path; std::vector script_paths; @@ -412,6 +413,7 @@ public: void set_no_logging_timestamps(bool); void set_obfuscate(bool); void set_obfuscation_mask(const char*); + void set_include_path(const char*); void set_plugin_path(const char*); void set_process_all_events(bool); void set_quiet(bool); @@ -477,9 +479,6 @@ public: static bool show_file_codes() { return get_conf()->run_flags & RUN_FLAG__SHOW_FILE_CODES; } - static bool allow_overrides() - { return !(get_conf()->run_flags & RUN_FLAG__NO_OVERRIDES); } - static bool adaptor_inline_mode() { return get_conf()->run_flags & RUN_FLAG__INLINE; } diff --git a/src/main/snort_module.cc b/src/main/snort_module.cc index f25bff1e7..dc8462a6f 100644 --- a/src/main/snort_module.cc +++ b/src/main/snort_module.cc @@ -315,9 +315,6 @@ static const Parameter s_params[] = { "--dirty-pig", Parameter::PT_IMPLIED, nullptr, nullptr, "don't flush packets on shutdown" }, - { "--disable-overrides", Parameter::PT_IMPLIED, nullptr, nullptr, - "do not first look for files relative to the working directory" }, - { "--dump-builtin-rules", Parameter::PT_STRING, "(optional)", nullptr, "[] output stub rules for selected modules" }, @@ -376,6 +373,10 @@ static const Parameter s_params[] = { "--id-zero", Parameter::PT_IMPLIED, nullptr, nullptr, "use id prefix / subdirectory even with one packet thread" }, + { "--include-path", Parameter::PT_STRING, nullptr, nullptr, + " where to find Lua and rule included files; " + "searched before current or config directories" }, + { "--list-buffers", Parameter::PT_IMPLIED, nullptr, nullptr, "output available inspection buffers" }, @@ -803,9 +804,6 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc) else if ( v.is("--enable-inline-test") ) sc->run_flags |= RUN_FLAG__INLINE_TEST; - else if ( v.is("--disable-overrides") ) - sc->run_flags |= RUN_FLAG__NO_OVERRIDES; - else if ( v.is("--gen-msg-map") ) dump_msg_map(sc, v.get_string()); @@ -848,6 +846,9 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc) else if ( v.is("--id-zero") ) sc->id_zero = true; + else if ( v.is("--include-path") ) + sc->set_include_path(v.get_string()); + else if ( v.is("--list-buffers") ) help_buffers(sc, v.get_string()); diff --git a/src/managers/bootstrap.lua b/src/managers/bootstrap.lua index 828343833..3340e94c2 100644 --- a/src/managers/bootstrap.lua +++ b/src/managers/bootstrap.lua @@ -30,14 +30,14 @@ bool set_bool(const char*, bool); bool set_number(const char*, double); bool set_string(const char*, const char*); bool set_alias(const char*, const char*); -const char* push_relative_path(const char*); -void pop_relative_path(); +const char* push_include_path(const char*); +void pop_include_path(); ]] function include(file) - local base_name = ffi.C.push_relative_path(file) + local base_name = ffi.C.push_include_path(file) dofile(ffi.string(base_name)) - ffi.C.pop_relative_path() + ffi.C.pop_include_path() end function snort_traverse(tab, fqn) diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc index 4ac1f2d97..60a9e9c71 100644 --- a/src/managers/module_manager.cc +++ b/src/managers/module_manager.cc @@ -93,8 +93,8 @@ extern "C" bool set_string(const char* fqn, const char* val); bool set_alias(const char* from, const char* to); - const char* push_relative_path(const char* file); - void pop_relative_path(); + const char* push_include_path(const char* file); + void pop_include_path(); } //------------------------------------------------------------------------- @@ -818,7 +818,7 @@ SO_PUBLIC bool set_string(const char* fqn, const char* s) return set_value(fqn, v); } -SO_PUBLIC const char* push_relative_path(const char* file) +SO_PUBLIC const char* push_include_path(const char* file) { static std::string path; path = ""; @@ -827,7 +827,7 @@ SO_PUBLIC const char* push_relative_path(const char* file) return path.c_str(); } -SO_PUBLIC void pop_relative_path() +SO_PUBLIC void pop_include_path() { pop_parse_location(); } diff --git a/src/network_inspectors/port_scan/ipobj.cc b/src/network_inspectors/port_scan/ipobj.cc index cc947b326..20549decf 100644 --- a/src/network_inspectors/port_scan/ipobj.cc +++ b/src/network_inspectors/port_scan/ipobj.cc @@ -54,21 +54,6 @@ IPSET* ipset_new() return p; } -IPSET* ipset_copy(IPSET* ipsp) -{ - IPSET* newset = ipset_new(); - IP_PORT* ip_port; - SF_LNODE* cursor; - - for (ip_port =(IP_PORT*)sflist_first(&ipsp->ip_list, &cursor); - ip_port; - ip_port =(IP_PORT*)sflist_next(&cursor) ) - { - ipset_add(newset, &ip_port->ip, &ip_port->portset, ip_port->notflag); - } - return newset; -} - void ipset_free(IPSET* ipc) { if (ipc) @@ -153,38 +138,6 @@ int ipset_contains(IPSET* ipc, const SfIp* ip, void* port) return 0; } -int ipset_print(IPSET* ipc) -{ - if ( !ipc ) - return 0; - - { - IP_PORT* p; - printf("IPSET\n"); - SF_LNODE* cur_ip; - - for ( p =(IP_PORT*)sflist_first(&ipc->ip_list, &cur_ip); - p!=nullptr; - p =(IP_PORT*)sflist_next(&cur_ip) ) - { - SfIpString ip_str; - printf("CIDR BLOCK: %c%s", p->notflag ? '!' : ' ', p->ip.get_addr()->ntop(ip_str)); - SF_LNODE* cur_port; - - for ( PORTRANGE* pr=(PORTRANGE*)sflist_first(&p->portset.port_list, &cur_port); - pr != nullptr; - pr=(PORTRANGE*)sflist_next(&cur_port) ) - { - printf(" %u", pr->port_lo); - if ( pr->port_hi != pr->port_lo ) - printf("-%u", pr->port_hi); - } - printf("\n"); - } - } - return 0; -} - static void portset_init(PORTSET* portset) { sflist_init(&portset->port_list); diff --git a/src/network_inspectors/port_scan/ipobj.h b/src/network_inspectors/port_scan/ipobj.h index c8ad1587b..6717fdfea 100644 --- a/src/network_inspectors/port_scan/ipobj.h +++ b/src/network_inspectors/port_scan/ipobj.h @@ -77,9 +77,7 @@ struct IPSET IPSET* ipset_new(); int ipset_add(IPSET* ipset, snort::SfCidr* ip, void* port, int notflag); int ipset_contains(IPSET* ipset, const snort::SfIp* ip, void* port); -IPSET* ipset_copy(IPSET* ipset); void ipset_free(IPSET* ipset); -int ipset_print(IPSET* ipset); // helper functions -- all the sets work in host order int ipset_parse(IPSET* ipset, const char* ipstr); diff --git a/src/parser/parse_conf.cc b/src/parser/parse_conf.cc index 500b9e974..3268098bf 100644 --- a/src/parser/parse_conf.cc +++ b/src/parser/parse_conf.cc @@ -65,12 +65,7 @@ const char* get_parse_file() if ( !files.empty() ) return files.top().path.c_str(); - static char dir[PATH_MAX]; - - if ( !getcwd(dir, sizeof(dir)) ) - return ""; - - return dir; + return get_snort_conf(); } void get_parse_location(const char*& file, unsigned& line) @@ -153,12 +148,11 @@ static bool relative_to_config_dir(const char* file, std::string& path) return valid_file(file, path); } -static bool relative_to_working_dir(const char* file, std::string& path) +static bool relative_to_include_dir(const char* file, std::string& path) { - char dir[PATH_MAX]; - if ( !getcwd(dir, sizeof(dir)) ) + path = SnortConfig::get_conf()->include_path; + if ( !path.length() ) return false; - path = dir; return valid_file(file, path); } @@ -173,8 +167,8 @@ const char* get_config_file(const char* arg, std::string& file) } std::string hint = file; - if ( SnortConfig::allow_overrides() and relative_to_working_dir(arg, file) ) - return "W"; + if ( relative_to_include_dir(arg, file) ) + return "I"; file = hint; diff --git a/src/parser/parser.cc b/src/parser/parser.cc index ad16c3434..ace9940f5 100644 --- a/src/parser/parser.cc +++ b/src/parser/parser.cc @@ -217,14 +217,14 @@ static RuleListNode* addNodeToOrderedList(RuleListNode* ordered_list, return ordered_list; } -static bool parse_file(SnortConfig* sc, Shell* sh, bool is_fatal) +static bool parse_file(SnortConfig* sc, Shell* sh, bool is_fatal, bool is_root) { const char* fname = sh->get_file(); if ( !fname || !*fname ) return false; - bool success = sh->configure(sc, is_fatal); + bool success = sh->configure(sc, is_fatal, is_root); return success; } @@ -305,7 +305,7 @@ SnortConfig* ParseSnortConf(const SnortConfig* boot_conf, const char* fname, boo set_policies(sc, sh); - if (!parse_file(sc, sh, is_fatal)) + if (!parse_file(sc, sh, is_fatal, (i == 0))) return sc; } @@ -365,19 +365,24 @@ void ParseRules(SnortConfig* sc) pop_parse_location(); } - if ( !idx ) - p->rules += s_aux_rules; - if ( !p->rules.empty() ) { - push_parse_location("C", file.c_str(), "rules"); + push_parse_location("C", file.c_str(), "ips.rules"); ParseConfigString(sc, p->rules.c_str()); pop_parse_location(); } - if ( !idx && sc->stdin_rules ) + + if ( !idx and !s_aux_rules.empty() ) + { + push_parse_location("W", "./", "rule args"); + ParseConfigString(sc, s_aux_rules.c_str()); + pop_parse_location(); + } + + if ( !idx and sc->stdin_rules ) { LogMessage("Reading rules until EOF or a line starting with END\n"); - push_parse_location("C", get_snort_conf_dir(), "stdin"); + push_parse_location("W", "./", "stdin"); parse_stream(std::cin, sc); pop_parse_location(); } diff --git a/src/search_engines/bnfa_search.cc b/src/search_engines/bnfa_search.cc index 8d100de66..7528d447b 100644 --- a/src/search_engines/bnfa_search.cc +++ b/src/search_engines/bnfa_search.cc @@ -1464,237 +1464,6 @@ int bnfaCompile(snort::SnortConfig* sc, bnfa_struct_t* bnfa) return 0; } -#ifdef ALLOW_NFA_FULL - -/* -* Full Matrix Format Search -*/ -static inline unsigned _bnfa_search_full_nfa( - bnfa_struct_t* bnfa, uint8_t* Tx, int n, MpseMatch match, - void* context, bnfa_state_t state, int* current_state) -{ - bnfa_state_t** NextState= bnfa->bnfaNextState; - bnfa_state_t* FailState= bnfa->bnfaFailState; - bnfa_match_node_t** MatchList= bnfa->bnfaMatchList; - - unsigned nfound = 0; - unsigned last_match=LAST_STATE_INIT; - unsigned last_match_saved=LAST_STATE_INIT; - - uint8_t* T = Tx; - uint8_t* Tend = T + n; - - for (; T < Tend; T++ ) - { - uint8_t Tchar = xlatcase[ *T ]; - - for (;; ) - { - bnfa_state_t* pcs = NextState[state]; - - if ( pcs[Tchar] == 0 && state > 0 ) - { - state = FailState[state]; - } - else - { - state = pcs[Tchar]; - break; - } - } - - if ( state ) - { - if ( state == last_match ) - continue; - - last_match_saved=last_match; - last_match = state; - - { - bnfa_match_node_t* mlist = MatchList[state]; - - if (!mlist) - continue; - - bnfa_pattern_t* patrn = (bnfa_pattern_t*)mlist->data; - unsigned index = T - Tx + 1; - nfound++; - /* Don't do anything specific for case sensitive patterns and not, - * since that will be covered by the rule tree itself. Each tree - * might have both case sensitive & case insensitive patterns. - */ - int res = match(patrn->userdata, mlist->rule_option_tree, index, context, - mlist->neg_list); - if ( res > 0 ) - { - *current_state = state; - return nfound; - } - else if ( res < 0 ) - { - last_match = last_match_saved; - } - } - } - } - *current_state = state; - return nfound; -} - -/* -* Full Matrix Format Search - Exact matching patterns only -*/ -static inline unsigned _bnfa_search_full_nfa_case( - bnfa_struct_t* bnfa, uint8_t* Tx, int n, MpseMatch match, - void* context, bnfa_state_t state, int* current_state) -{ - bnfa_state_t** NextState= bnfa->bnfaNextState; - bnfa_state_t* FailState= bnfa->bnfaFailState; - bnfa_match_node_t** MatchList= bnfa->bnfaMatchList; - - unsigned nfound = 0; - unsigned last_match=LAST_STATE_INIT; - unsigned last_match_saved=LAST_STATE_INIT; - - uint8_t* T = Tx; - uint8_t* Tend = T + n; - - for (; T < Tend; T++ ) - { - uint8_t Tchar = *T; - - for (;; ) - { - bnfa_state_t* pcs = NextState[state]; - if ( pcs[Tchar] == 0 && state > 0 ) - { - state = FailState[state]; - } - else - { - state = pcs[Tchar]; - break; - } - } - - if ( state ) - { - if ( state == last_match ) - continue; - - last_match_saved=last_match; - last_match = state; - - { - bnfa_match_node_t* mlist = MatchList[state]; - - if (!mlist) - continue; - - bnfa_pattern_t* patrn = (bnfa_pattern_t*)mlist->data; - unsigned index = T - Tx + 1; - nfound++; - /* Don't do anything specific for case (in)sensitive patterns - * since that will be covered by the rule tree itself. Each - * tree might have both case sensitive & case insensitive patterns. - */ - int res = match(patrn->userdata, mlist->rule_option_tree, index, context, - mlist->neg_list); - if ( res > 0 ) - { - *current_state = state; - return nfound; - } - else if ( res < 0 ) - { - last_match = last_match_saved; - } - } - } - } - *current_state = state; - return nfound; -} - -/* -* Full Matrix Format Search - no case -*/ -static inline unsigned _bnfa_search_full_nfa_nocase( - bnfa_struct_t* bnfa, uint8_t* Tx, int n, MpseMatch match, - void* context, bnfa_state_t state, int* current_state) -{ - bnfa_state_t** NextState = bnfa->bnfaNextState; - bnfa_state_t* FailState = bnfa->bnfaFailState; - bnfa_match_node_t** MatchList = bnfa->bnfaMatchList; - - unsigned nfound = 0; - unsigned last_match=LAST_STATE_INIT; - unsigned last_match_saved=LAST_STATE_INIT; - - uint8_t* T = Tx; - uint8_t* Tend = T + n; - - for (; T < Tend; T++ ) - { - uint8_t Tchar = xlatcase[ *T ]; - - for (;; ) - { - bnfa_state_t* pcs = NextState[state]; - - if ( pcs[Tchar] == 0 && state > 0 ) - { - state = FailState[state]; - } - else - { - state = pcs[Tchar]; - break; - } - } - - if ( state ) - { - if ( state == last_match ) - continue; - - last_match_saved=last_match; - last_match = state; - - { - bnfa_match_node_t* mlist = MatchList[state]; - - if (!mlist) - continue; - - bnfa_pattern_t* patrn = (bnfa_pattern_t*)mlist->data; - unsigned index = T - Tx + 1; - - /* Don't do anything specific for case sensitive patterns and not, - * since that will be covered by the rule tree itself. Each tree - * might have both case sensitive & case insensitive patterns. - */ - int res = match(patrn->userdata, mlist->rule_option_tree, index, context, - mlist->neg_list); - if ( res > 0 ) - { - *current_state = state; - return nfound; - } - else if ( res < 0 ) - { - last_match = last_match_saved; - } - } - } - } - *current_state = state; - return nfound; -} - -#endif - /* binary array search on sparse transition array @@ -1802,11 +1571,6 @@ static inline unsigned _bnfa_get_next_state_csparse_nfa( } } -/* - * Per Pattern case search, case is on per pattern basis standard snort - * search note: index is not used by snort, so it's commented - */ - /* * Per Pattern case search, case is on per pattern basis * standard snort search @@ -1873,143 +1637,11 @@ unsigned _bnfa_search_csparse_nfa( return nfound; } -#ifdef BNFA_MAIN -/* - * Case specific search, global to all patterns - * - * note: index is not used by snort, so it's commented - */ -static inline unsigned _bnfa_search_csparse_nfa_case( - bnfa_struct_t* bnfa, uint8_t* Tx, int n, MpseMatch match, - void* context, unsigned sindex, int* current_state) -{ - bnfa_match_node_t* mlist; - uint8_t* Tend; - uint8_t* T; - unsigned index; - bnfa_match_node_t** MatchList = bnfa->bnfaMatchList; - bnfa_pattern_t* patrn; - bnfa_state_t* transList = bnfa->bnfaTransList; - unsigned nfound = 0; - unsigned last_match=LAST_STATE_INIT; - unsigned last_match_saved=LAST_STATE_INIT; - int res; - - T = Tx; - Tend = T + n; - - for (; Tdata; - index = T - Tx + 1; - nfound++; - /* Don't do anything specific for case sensitive patterns and not, - * since that will be covered by the rule tree itself. Each tree - * might have both case sensitive & case insensitive patterns. - */ - res = match(patrn->userdata, mlist->rule_option_tree, index, - context, mlist->neg_list); - if ( res > 0 ) - { - *current_state = sindex; - return nfound; - } - else if ( res < 0 ) - { - last_match = last_match_saved; - } - } - } - } - *current_state = sindex; - return nfound; -} - -/* - * NoCase search - global to all patterns - * - * note: index is not used by snort, so it's commented - */ -static inline unsigned _bnfa_search_csparse_nfa_nocase( - bnfa_struct_t* bnfa, uint8_t* Tx, int n, MpseMatch match, - void* context, unsigned sindex, int* current_state) -{ - bnfa_match_node_t** MatchList = bnfa->bnfaMatchList; - bnfa_state_t* transList = bnfa->bnfaTransList; - - unsigned nfound = 0; - unsigned last_match=LAST_STATE_INIT; - unsigned last_match_saved=LAST_STATE_INIT; - - uint8_t* T = Tx; - uint8_t* Tend = T + n; - - for (; Tdata; - unsigned index = T - Tx + 1; - nfound++; - /* Don't do anything specific for case sensitive patterns and not, - * since that will be covered by the rule tree itself. Each tree - * might have both case sensitive & case insensitive patterns. - */ - int res = match(patrn->userdata, mlist->rule_option_tree, index, - context, mlist->neg_list); - if ( res > 0 ) - { - *current_state = sindex; - return nfound; - } - else if ( res < 0 ) - { - last_match = last_match_saved; - } - } - } - } - *current_state = sindex; - return nfound; -} -#endif - int bnfaPatternCount(bnfa_struct_t* p) { return p->bnfaPatternCnt; } -/* - * Summary Info Data - */ static bnfa_struct_t summary; static int summary_cnt = 0; diff --git a/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc b/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc index fcf0c853e..a084390cf 100644 --- a/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc +++ b/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc @@ -41,67 +41,28 @@ #include "ftp_bounce_lookup.h" +#include + #include "ft_main.h" #include "ftpp_return_codes.h" using namespace snort; -/* - * Function: ftp_bounce_lookup_init(BOUNCE_LOOKUP **BounceLookup) - * - * Purpose: Initialize the bounce_lookup structure. - * - * We need to initialize the bounce_lookup structure for - * the FTP bounce configuration. Don't want a NULL pointer - * flying around, when we have to look for allowable bounces. - * - * Arguments: BounceLookup => pointer to the pointer of the bounce - * lookup structure. - * - * Returns: int => return code indicating error or success - * - */ int ftp_bounce_lookup_init(BOUNCE_LOOKUP** BounceLookup) { - KMAP* km = KMapNew((KMapUserFreeFunc)CleanupFTPBounceTo); - *BounceLookup = km; - if (*BounceLookup == nullptr) - { - return FTPP_MEM_ALLOC_FAIL; - } - - km->nocase = 1; - + *BounceLookup = KMapNew((KMapUserFreeFunc)CleanupFTPBounceTo, true); return FTPP_SUCCESS; } -/* - * Function: ftp_bounce_lookup_cleanup(BOUNCE_LOOKUP **BounceLookup) - * - * Purpose: Free the bounce_lookup structure. - * We need to free the bounce_lookup structure. - * - * Arguments: BounceLookup => pointer to the pointer of the bounce - * lookup structure. - * - * Returns: int => return code indicating error or success - * - */ int ftp_bounce_lookup_cleanup(BOUNCE_LOOKUP** BounceLookup) { - KMAP* km; - - if (BounceLookup == nullptr) - return FTPP_INVALID_ARG; - - km = *BounceLookup; + assert(BounceLookup); - if (km) + if ( *BounceLookup ) { - KMapDelete(km); + KMapDelete(*BounceLookup); *BounceLookup = nullptr; } - return FTPP_SUCCESS; } diff --git a/src/service_inspectors/ftp_telnet/ftp_cmd_lookup.cc b/src/service_inspectors/ftp_telnet/ftp_cmd_lookup.cc index e4c5cbd5b..266b12e3a 100644 --- a/src/service_inspectors/ftp_telnet/ftp_cmd_lookup.cc +++ b/src/service_inspectors/ftp_telnet/ftp_cmd_lookup.cc @@ -40,67 +40,28 @@ #include "ftp_cmd_lookup.h" +#include + #include "ft_main.h" #include "ftpp_return_codes.h" using namespace snort; -/* - * Function: ftp_cmd_lookup_init(CMD_LOOKUP **CmdLookup) - * - * Purpose: Initialize the cmd_lookup structure. - * - * We need to initialize the cmd_lookup structure for - * the FTP command configuration. Don't want a NULL pointer - * flying around, when we have to look for FTP commands. - * - * Arguments: CmdLookup => pointer to the pointer of the cmd - * lookup structure. - * - * Returns: int => return code indicating error or success - * - */ int ftp_cmd_lookup_init(CMD_LOOKUP** CmdLookup) { - KMAP* km = KMapNew((KMapUserFreeFunc)CleanupFTPCMDConf); - *CmdLookup = km; - if (*CmdLookup == nullptr) - { - return FTPP_MEM_ALLOC_FAIL; - } - - km->nocase = 1; - + *CmdLookup = KMapNew((KMapUserFreeFunc)CleanupFTPCMDConf, true); return FTPP_SUCCESS; } -/* - * Function: ftp_cmd_lookup_cleanup(CMD_LOOKUP **CmdLookup) - * - * Purpose: Free the cmd_lookup structure. - * We need to free the cmd_lookup structure. - * - * Arguments: CmdLookup => pointer to the pointer of the cmd - * lookup structure. - * - * Returns: int => return code indicating error or success - * - */ int ftp_cmd_lookup_cleanup(CMD_LOOKUP** CmdLookup) { - KMAP* km; - - if (CmdLookup == nullptr) - return FTPP_INVALID_ARG; - - km = *CmdLookup; + assert(CmdLookup); - if (km) + if ( *CmdLookup ) { - KMapDelete(km); + KMapDelete(*CmdLookup); *CmdLookup = nullptr; } - return FTPP_SUCCESS; } diff --git a/src/utils/kmap.cc b/src/utils/kmap.cc index f25481a92..b4b545efe 100644 --- a/src/utils/kmap.cc +++ b/src/utils/kmap.cc @@ -26,43 +26,31 @@ #include "kmap.h" -#include +#include #include #include "util.h" namespace snort { -KMAP* KMapNew(KMapUserFreeFunc userfree) +KMAP* KMapNew(KMapUserFreeFunc userfree, bool nc) { KMAP* km = (KMAP*)snort_calloc(sizeof(KMAP)); km->userfree = userfree; + km->nocase = nc; return km; } -/* -* -*/ -void KMapSetNoCase(KMAP* km, int flag) -{ - km->nocase = flag; -} - -/* -* Free the list of key+data pair nodes - used by findfirst/next -*/ static int KMapFreeNodeList(KMAP* km) { for ( KEYNODE* k=km->keylist; k; ) { if ( k->key ) - { snort_free(k->key); - } + if ( km->userfree && k->userdata ) - { km->userfree(k->userdata); - } + KEYNODE* kold = k; k = k->next; snort_free(kold); @@ -71,30 +59,19 @@ static int KMapFreeNodeList(KMAP* km) return 0; } -/* -* Recursively walk and free nodes -*/ static void KMapFreeNode(KMAP* km, KMAPNODE* r) { if ( r->sibling ) - { KMapFreeNode(km, r->sibling); - } if ( r->child ) - { KMapFreeNode(km, r->child); - } snort_free(r); } -/* -* Free the KMAP and all of it's memory and nodes -*/ void KMapDelete(KMAP* km) { - /* Free the tree - one root node at a time */ for (int i=0; i<256; i++) { KMAPNODE* r = km->root[i]; @@ -109,9 +86,6 @@ void KMapDelete(KMAP* km) snort_free(km); } -/* -* Add key + data pair to the linked list of nodes -*/ static KEYNODE* KMapAddKeyNode(KMAP* km,void* key, int n, void* userdata) { KEYNODE* knode; @@ -120,13 +94,13 @@ static KEYNODE* KMapAddKeyNode(KMAP* km,void* key, int n, void* userdata) return nullptr; knode = (KEYNODE*)snort_calloc(sizeof(KEYNODE)); - knode->key = (unsigned char*)snort_calloc(n); // Alloc the key space + knode->key = (unsigned char*)snort_calloc(n); - memcpy(knode->key,key,n); // Copy the key - knode->nkey = n; + memcpy(knode->key, key, n); + knode->nkey = n; knode->userdata = userdata; - if ( km->keylist ) // Insert at front of list + if ( km->keylist ) { knode->next = km->keylist; km->keylist = knode; @@ -139,9 +113,6 @@ static KEYNODE* KMapAddKeyNode(KMAP* km,void* key, int n, void* userdata) return knode; } -/* -* Create a character node -*/ static KMAPNODE* KMapCreateNode(KMAP* km) { KMAPNODE* mn=(KMAPNODE*)snort_calloc(sizeof(KMAPNODE)); @@ -153,7 +124,6 @@ static KMAPNODE* KMapCreateNode(KMAP* km) * key : ptr to bytes of data used to identify this item * may be text string, or binary character sequence. * n : > 0 number of bytes in the key -* <=0 key is a null terminated ascii string * userdata - ptr to data to associate with this key * * returns: @@ -163,19 +133,12 @@ static KMAPNODE* KMapCreateNode(KMAP* km) */ int KMapAdd(KMAP* km, void* key, int n, void* userdata) { + assert(n > 0); + int type = 0; const unsigned char* P = (unsigned char*)key; std::string xkey; - if ( n <= 0 ) - { - const std::size_t tmp_len = strlen( (char*)key); - if (tmp_len > std::numeric_limits::max()) - return -99; - - n = (int)tmp_len; - } - if ( km->nocase ) { xkey.resize(n); @@ -186,7 +149,6 @@ int KMapAdd(KMAP* km, void* key, int n, void* userdata) P = (const unsigned char*)xkey.c_str(); } - /* Save key size */ int ksize = n; KMAPNODE* root; @@ -196,8 +158,6 @@ int KMapAdd(KMAP* km, void* key, int n, void* userdata) if ( !km->root[ *P ] ) { root = KMapCreateNode(km); - if ( !root ) - return -1; km->root[ *P ] = root; root->nodechar = *P; } @@ -250,8 +210,6 @@ int KMapAdd(KMAP* km, void* key, int n, void* userdata) */ //printf("added child branch nodechar = %c \n",*P); root->child= KMapCreateNode(km); - if ( !root->child ) - return -1; root=root->child; root->nodechar = *P; P++; @@ -264,8 +222,6 @@ int KMapAdd(KMAP* km, void* key, int n, void* userdata) */ //printf("added sibling branch nodechar = %c \n",*P); root->sibling= KMapCreateNode(km); - if ( !root->sibling ) - return -1; root=root->sibling; root->nodechar = *P; P++; @@ -280,8 +236,6 @@ int KMapAdd(KMAP* km, void* key, int n, void* userdata) { //printf("added child nodechar = %c \n",*P); root->child = KMapCreateNode(km); - if ( !root->child ) - return -1; root=root->child; root->nodechar = *P; P++; @@ -297,8 +251,6 @@ int KMapAdd(KMAP* km, void* key, int n, void* userdata) return 1; root->knode = KMapAddKeyNode(km, key, ksize, userdata); - if ( !root->knode ) - return -1; return 0; } @@ -310,18 +262,11 @@ int KMapAdd(KMAP* km, void* key, int n, void* userdata) */ void* KMapFind(KMAP* ks, void* key, int n) { + assert(n > 0); + std::string xkey; const unsigned char* T = (unsigned char*)key; - if ( n <= 0 ) - { - const std::size_t tmp_len = strlen( (char*)key); - if (tmp_len > std::numeric_limits::max()) - return nullptr; - - n = (int)tmp_len; - } - if ( ks->nocase ) { xkey.resize(n); @@ -375,24 +320,16 @@ void* KMapFind(KMAP* ks, void* key, int n) return nullptr; } -/* -* -*/ void* KMapFindFirst(KMAP* km) { km->keynext = km->keylist; if (!km->keynext) - { return nullptr; - } return km->keynext->userdata; } -/* -* -*/ void* KMapFindNext(KMAP* km) { if ( !km->keynext ) diff --git a/src/utils/kmap.h b/src/utils/kmap.h index 2b7bd4aad..2b020c28f 100644 --- a/src/utils/kmap.h +++ b/src/utils/kmap.h @@ -68,21 +68,20 @@ typedef struct _kmap KMapUserFreeFunc userfree; int nchars; // # character nodes + bool nocase; - int nocase; } KMAP; namespace snort { -SO_PUBLIC KMAP* KMapNew(KMapUserFreeFunc userfree); -SO_PUBLIC void KMapDelete(KMAP* km); +SO_PUBLIC KMAP* KMapNew(KMapUserFreeFunc, bool nocase); +SO_PUBLIC void KMapDelete(KMAP*); -SO_PUBLIC void KMapSetNoCase(KMAP* km, int flag); -SO_PUBLIC int KMapAdd(KMAP* km, void* key, int ksize, void* userdata); +SO_PUBLIC int KMapAdd(KMAP*, void* key, int ksize, void* userdata); -SO_PUBLIC void* KMapFind(KMAP* km, void* key, int ksize); -SO_PUBLIC void* KMapFindFirst(KMAP* km); -SO_PUBLIC void* KMapFindNext(KMAP* km); +SO_PUBLIC void* KMapFind(KMAP*, void* key, int ksize); +SO_PUBLIC void* KMapFindFirst(KMAP*); +SO_PUBLIC void* KMapFindNext(KMAP*); } #endif