From: Mike Stepanek (mstepane) Date: Fri, 5 Jun 2020 18:43:30 +0000 (+0000) Subject: Merge pull request #2241 in SNORT/snort3 from ~KATHARVE/snort3:coverity_fixes to... X-Git-Tag: 3.0.1-5~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cfdc2bd553dc93557a4b225dfa5119b3e63868a2;p=thirdparty%2Fsnort3.git Merge pull request #2241 in SNORT/snort3 from ~KATHARVE/snort3:coverity_fixes to master Squashed commit of the following: commit 689610e78e3964183dd9743cc2b284cc78520e28 Author: Katura Harvey Date: Thu Jun 4 17:08:10 2020 -0400 service_inspectors: remove some redundant initializations and lookups, move some field initializations into the constructor --- diff --git a/src/service_inspectors/http2_inspect/http2_data_cutter.h b/src/service_inspectors/http2_inspect/http2_data_cutter.h index 12557aca5..22c743865 100644 --- a/src/service_inspectors/http2_inspect/http2_data_cutter.h +++ b/src/service_inspectors/http2_inspect/http2_data_cutter.h @@ -45,13 +45,13 @@ private: // total per frame - scan uint32_t frame_length; uint32_t data_len; - uint32_t padding_len = 0; + uint32_t padding_len; uint8_t frame_flags; // accumulating - scan uint32_t frame_bytes_seen = 0; uint32_t bytes_sent_http = 0; - uint32_t data_bytes_read = 0; - uint32_t padding_read = 0; + uint32_t data_bytes_read; + uint32_t padding_read; // leftover from previous scan call uint32_t leftover_bytes = 0; uint32_t leftover_padding = 0; diff --git a/src/service_inspectors/http2_inspect/http2_hpack.cc b/src/service_inspectors/http2_inspect/http2_hpack.cc index 9691261e5..5afa143c0 100644 --- a/src/service_inspectors/http2_inspect/http2_hpack.cc +++ b/src/service_inspectors/http2_inspect/http2_hpack.cc @@ -365,6 +365,7 @@ bool Http2HpackDecoder::decode_headers(const uint8_t* encoded_headers, events = stream_events; infractions = stream_infractions; pseudo_headers_fragment_size = 0; + decode_error = false; // A maximum of two table size updates are allowed, and must be at the start of the header block table_size_update_allowed = true; diff --git a/src/service_inspectors/http2_inspect/http2_hpack.h b/src/service_inspectors/http2_inspect/http2_hpack.h index f2d2e9407..54a56a6f4 100644 --- a/src/service_inspectors/http2_inspect/http2_hpack.h +++ b/src/service_inspectors/http2_inspect/http2_hpack.h @@ -72,10 +72,10 @@ public: HpackIndexTable* get_decode_table() { return &decode_table; } private: - Http2StartLine* start_line = nullptr; + Http2StartLine* start_line; uint32_t decoded_headers_size; - uint32_t pseudo_headers_fragment_size = 0; - bool decode_error = false; + uint32_t pseudo_headers_fragment_size; + bool decode_error; Http2EventGen* events; Http2Infractions* infractions; diff --git a/src/service_inspectors/http_inspect/http_msg_head_shared.cc b/src/service_inspectors/http_inspect/http_msg_head_shared.cc index 4a9f1abfa..4328a39c3 100644 --- a/src/service_inspectors/http_inspect/http_msg_head_shared.cc +++ b/src/service_inspectors/http_inspect/http_msg_head_shared.cc @@ -72,9 +72,7 @@ void HttpMsgHeadShared::create_norm_head_list() { headers_present[header_name_id[j]] = true; NormalizedHeader* tmp_ptr = norm_heads; - norm_heads = new NormalizedHeader(header_name_id[j]); - norm_heads->next = tmp_ptr; - norm_heads->count = 1; + norm_heads = new NormalizedHeader(tmp_ptr, 1, header_name_id[j]); } } } diff --git a/src/service_inspectors/http_inspect/http_msg_head_shared.h b/src/service_inspectors/http_inspect/http_msg_head_shared.h index 4dbbccaf4..6016b842c 100644 --- a/src/service_inspectors/http_inspect/http_msg_head_shared.h +++ b/src/service_inspectors/http_inspect/http_msg_head_shared.h @@ -107,7 +107,8 @@ private: struct NormalizedHeader { - NormalizedHeader(HttpEnums::HeaderId id_) : id(id_) {} + NormalizedHeader(NormalizedHeader* next_, int32_t count_, HttpEnums::HeaderId id_) : + next(next_), count(count_), id(id_) {} Field norm; NormalizedHeader* next; diff --git a/src/service_inspectors/modbus/modbus.cc b/src/service_inspectors/modbus/modbus.cc index 36a4b6280..a3918fc3d 100644 --- a/src/service_inspectors/modbus/modbus.cc +++ b/src/service_inspectors/modbus/modbus.cc @@ -114,7 +114,7 @@ void Modbus::eval(Packet* p) // evaluating on the first PDU. Setting this flag stops the caching. p->packet_flags |= PKT_ALLOW_MULTIPLE_DETECT; - if ( !ModbusDecode(p) ) + if ( !ModbusDecode(p, mfd) ) mfd->reset(); } diff --git a/src/service_inspectors/modbus/modbus_decode.cc b/src/service_inspectors/modbus/modbus_decode.cc index 82809bbfc..0f7bf2485 100644 --- a/src/service_inspectors/modbus/modbus_decode.cc +++ b/src/service_inspectors/modbus/modbus_decode.cc @@ -405,16 +405,13 @@ static void ModbusCheckReservedFuncs(const modbus_header_t* header, Packet* p) } } -bool ModbusDecode(Packet* p) +bool ModbusDecode(Packet* p, ModbusFlowData* mfd) { const modbus_header_t* header; if (p->dsize < MODBUS_MIN_LEN) return false; - ModbusFlowData* mfd = - (ModbusFlowData*)p->flow->get_flow_data(ModbusFlowData::inspector_id); - /* Lay the header struct over the payload */ header = (const modbus_header_t*)p->data; diff --git a/src/service_inspectors/modbus/modbus_decode.h b/src/service_inspectors/modbus/modbus_decode.h index a5a5cd91d..d00fec84b 100644 --- a/src/service_inspectors/modbus/modbus_decode.h +++ b/src/service_inspectors/modbus/modbus_decode.h @@ -27,10 +27,12 @@ namespace snort struct Packet; } +class ModbusFlowData; + /* Need 8 bytes for MBAP Header + Function Code */ #define MODBUS_MIN_LEN 8 -bool ModbusDecode(snort::Packet*); +bool ModbusDecode(snort::Packet*, ModbusFlowData* mfd); #endif diff --git a/src/service_inspectors/s7commplus/s7comm.cc b/src/service_inspectors/s7commplus/s7comm.cc index 82de7ed52..ad9c9da38 100644 --- a/src/service_inspectors/s7commplus/s7comm.cc +++ b/src/service_inspectors/s7commplus/s7comm.cc @@ -114,7 +114,7 @@ void S7commplus::eval(Packet* p) // evaluating on the first PDU. Setting this flag stops the caching. p->packet_flags |= PKT_ALLOW_MULTIPLE_DETECT; - if ( !S7commplusDecode(p) ) + if ( !S7commplusDecode(p, mfd)) mfd->reset(); } diff --git a/src/service_inspectors/s7commplus/s7comm_decode.cc b/src/service_inspectors/s7commplus/s7comm_decode.cc index f3adf4e72..284d99915 100644 --- a/src/service_inspectors/s7commplus/s7comm_decode.cc +++ b/src/service_inspectors/s7commplus/s7comm_decode.cc @@ -101,7 +101,7 @@ static bool S7commPlusProtocolDecode(S7commplusSessionData* session, Packet* p) return true; } -bool S7commplusDecode(Packet* p) +bool S7commplusDecode(Packet* p, S7commplusFlowData* mfd) { const TpktHeader* tpkt_header; const CotpHeader* cotp_header; @@ -111,8 +111,6 @@ bool S7commplusDecode(Packet* p) if (p->dsize < TPKT_MIN_HDR_LEN) return false; - S7commplusFlowData* mfd = - (S7commplusFlowData*)p->flow->get_flow_data(S7commplusFlowData::inspector_id); tpkt_header = (const TpktHeader*)p->data; cotp_header = (const CotpHeader*)(p->data + sizeof(TpktHeader)); tpkt_length = ntohs(tpkt_header->length); diff --git a/src/service_inspectors/s7commplus/s7comm_decode.h b/src/service_inspectors/s7commplus/s7comm_decode.h index 6513c3848..7fbdf7fc8 100644 --- a/src/service_inspectors/s7commplus/s7comm_decode.h +++ b/src/service_inspectors/s7commplus/s7comm_decode.h @@ -27,6 +27,8 @@ namespace snort struct Packet; } +class S7commplusFlowData; + /* S7comm defines */ #define S7COMMPLUS_PDUTYPE_CONNECT 0x01 #define S7COMMPLUS_PDUTYPE_DATA 0x02 @@ -59,7 +61,7 @@ struct Packet; #define S7COMMPLUS_RESERVED_FUNCTION_STR \ "(spp_s7commplus): Reserved S7commplus function code in use." -bool S7commplusDecode(snort::Packet*); +bool S7commplusDecode(snort::Packet*, S7commplusFlowData* mfd); #endif