From 3b1a29e4ba2793e39d72c7dac03e8d82ee6e0138 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 13 May 2021 07:50:12 +0200 Subject: [PATCH] detect: fix multi inspect buffer issue; clean up Fix multi inspect buffer API causing cleanup logic in the single inspect buffer paths. This could lead to a buffer overrun in the "to clear" logic. Multi buffers now use InspectionBufferSetupMulti instead of InspectionBuffer. This is enforced by a check in debug validation. Simplify the multi inspect buffer setup code and update the callers. (cherry picked from commit 3dc50322db0efb92683b9578c7dccd1fae4b5cb2) --- src/detect-dce-stub-data.c | 4 +- src/detect-dnp3.c | 2 +- src/detect-dns-query.c | 6 +- src/detect-engine.c | 78 +++++++++++++++------- src/detect-engine.h | 14 ++-- src/detect-file-data.c | 36 ++++++++-- src/detect-filemagic.c | 7 +- src/detect-filename.c | 7 +- src/detect-http-client-body.c | 2 +- src/detect-http-cookie.c | 4 +- src/detect-http-header-names.c | 6 +- src/detect-http-header.c | 4 +- src/detect-http-headers-stub.h | 4 +- src/detect-http-host.c | 4 +- src/detect-http-method.c | 2 +- src/detect-http-protocol.c | 2 +- src/detect-http-raw-header.c | 2 +- src/detect-http-request-line.c | 2 +- src/detect-http-response-line.c | 2 +- src/detect-http-start.c | 6 +- src/detect-http-stat-code.c | 2 +- src/detect-http-stat-msg.c | 2 +- src/detect-http-ua.c | 2 +- src/detect-http-uri.c | 4 +- src/detect-ipv4hdr.c | 2 +- src/detect-ipv6hdr.c | 2 +- src/detect-krb5-cname.c | 7 +- src/detect-krb5-sname.c | 7 +- src/detect-sip-method.c | 2 +- src/detect-sip-protocol.c | 2 +- src/detect-sip-request-line.c | 2 +- src/detect-sip-response-line.c | 2 +- src/detect-sip-stat-code.c | 2 +- src/detect-sip-stat-msg.c | 2 +- src/detect-sip-uri.c | 2 +- src/detect-smb-share.c | 4 +- src/detect-snmp-community.c | 2 +- src/detect-ssh-proto.c | 2 +- src/detect-ssh-software.c | 2 +- src/detect-tcphdr.c | 2 +- src/detect-template-buffer.c | 2 +- src/detect-tls-cert-fingerprint.c | 2 +- src/detect-tls-cert-issuer.c | 2 +- src/detect-tls-cert-serial.c | 2 +- src/detect-tls-cert-subject.c | 2 +- src/detect-tls-certs.c | 12 ++-- src/detect-tls-ja3-hash.c | 2 +- src/detect-tls-ja3-string.c | 2 +- src/detect-tls-ja3s-hash.c | 2 +- src/detect-tls-ja3s-string.c | 2 +- src/detect-tls-sni.c | 2 +- src/detect-transform-compress-whitespace.c | 4 +- src/detect-transform-dotprefix.c | 4 +- src/detect-transform-md5.c | 2 +- src/detect-transform-sha1.c | 2 +- src/detect-transform-sha256.c | 2 +- src/detect-transform-strip-whitespace.c | 4 +- src/detect-udphdr.c | 2 +- src/detect.h | 4 +- 59 files changed, 181 insertions(+), 123 deletions(-) diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c index f190f9cafe..f6a19c69ec 100644 --- a/src/detect-dce-stub-data.c +++ b/src/detect-dce-stub-data.c @@ -78,7 +78,7 @@ static InspectionBuffer *GetSMBData(DetectEngineThreadCtx *det_ctx, return NULL; SCLogDebug("have data!"); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } return buffer; @@ -110,7 +110,7 @@ static InspectionBuffer *GetDCEData(DetectEngineThreadCtx *det_ctx, } else { buffer->flags |= DETECT_CI_FLAGS_DCE_BE; } - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } return buffer; diff --git a/src/detect-dnp3.c b/src/detect-dnp3.c index 6ad0532b76..686dbaefac 100644 --- a/src/detect-dnp3.c +++ b/src/detect-dnp3.c @@ -168,7 +168,7 @@ static InspectionBuffer *GetDNP3Data(DetectEngineThreadCtx *det_ctx, return NULL; SCLogDebug("tx %p data %p data_len %u", tx, data, data_len); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } return buffer; diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index 49df7b7d2e..4008e39532 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -77,8 +77,8 @@ static InspectionBuffer *DnsQueryGetData(DetectEngineThreadCtx *det_ctx, { SCEnter(); - InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id); - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(fb, cbdata->local_id); + InspectionBuffer *buffer = + InspectionBufferMultipleForListGet(det_ctx, list_id, cbdata->local_id); if (buffer == NULL) return NULL; if (!first && buffer->inspect != NULL) @@ -90,7 +90,7 @@ static InspectionBuffer *DnsQueryGetData(DetectEngineThreadCtx *det_ctx, &data, &data_len) == 0) { return NULL; } - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); SCReturnPtr(buffer, "InspectionBuffer"); diff --git a/src/detect-engine.c b/src/detect-engine.c index a572df0047..721943c4d0 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -60,21 +60,22 @@ #include "detect-engine-loader.h" +#include "util-action.h" +#include "util-byte.h" #include "util-classification-config.h" -#include "util-reference-config.h" -#include "util-threshold-config.h" +#include "util-debug.h" +#include "util-device.h" #include "util-error.h" #include "util-hash.h" -#include "util-byte.h" -#include "util-debug.h" -#include "util-unittest.h" -#include "util-action.h" #include "util-magic.h" +#include "util-profiling.h" +#include "util-reference-config.h" #include "util-signal.h" #include "util-spm.h" -#include "util-device.h" +#include "util-threshold-config.h" +#include "util-unittest.h" +#include "util-validate.h" #include "util-var-name.h" -#include "util-profiling.h" #include "tm-threads.h" #include "runmodes.h" @@ -1051,12 +1052,25 @@ InspectionBuffer *InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int return buffer; } +static InspectionBufferMultipleForList * +InspectionBufferGetMulti(DetectEngineThreadCtx *det_ctx, const int list_id) { + InspectionBufferMultipleForList *buffer = + &det_ctx->multi_inspect.buffers[list_id]; + if (!buffer->init) { + det_ctx->multi_inspect + .to_clear_queue[det_ctx->multi_inspect.to_clear_idx++] = list_id; + buffer->init = 1; + } + return buffer; +} + /** \brief for a InspectionBufferMultipleForList get a InspectionBuffer * \param fb the multiple buffer array * \param local_id the index to get a buffer * \param buffer the inspect buffer or NULL in case of error */ -InspectionBuffer *InspectionBufferMultipleForListGet(InspectionBufferMultipleForList *fb, uint32_t local_id) -{ +InspectionBuffer * +InspectionBufferMultipleForListGet(DetectEngineThreadCtx *det_ctx, + const int list_id, const uint32_t local_id) { if (unlikely(local_id >= 1024)) { DetectEngineSetEvent(det_ctx, DETECT_EVENT_TOO_MANY_BUFFERS); return NULL; @@ -1088,16 +1102,9 @@ InspectionBuffer *InspectionBufferMultipleForListGet(InspectionBufferMultipleFor fb->max = MAX(fb->max, local_id); InspectionBuffer *buffer = &fb->inspection_buffers[local_id]; SCLogDebug("using file_data buffer %p", buffer); - return buffer; -} - -InspectionBufferMultipleForList *InspectionBufferGetMulti(DetectEngineThreadCtx *det_ctx, const int list_id) -{ - InspectionBufferMultipleForList *buffer = &det_ctx->multi_inspect.buffers[list_id]; - if (!buffer->init) { - det_ctx->multi_inspect.to_clear_queue[det_ctx->multi_inspect.to_clear_idx++] = list_id; - buffer->init = 1; - } +#ifdef DEBUG_VALIDATION + buffer->multi = true; +#endif return buffer; } @@ -1111,11 +1118,32 @@ void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size) } /** \brief setup the buffer with our initial data */ -void InspectionBufferSetup(InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len) -{ - buffer->inspect = buffer->orig = data; - buffer->inspect_len = buffer->orig_len = data_len; - buffer->len = 0; +void InspectionBufferSetupMulti(InspectionBuffer *buffer, + const DetectEngineTransforms *transforms, + const uint8_t *data, const uint32_t data_len) { + DEBUG_VALIDATE_BUG_ON(!buffer->multi); + buffer->inspect = buffer->orig = data; + buffer->inspect_len = buffer->orig_len = data_len; + buffer->len = 0; + + InspectionBufferApplyTransforms(buffer, transforms); +} + +/** \brief setup the buffer with our initial data */ +void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id, + InspectionBuffer *buffer, const uint8_t *data, + const uint32_t data_len) { + DEBUG_VALIDATE_BUG_ON(buffer->multi); + if (buffer->inspect == NULL) { +#ifdef UNITTESTS + if (det_ctx && list_id != -1) +#endif + det_ctx->inspect.to_clear_queue[det_ctx->inspect.to_clear_idx++] = + list_id; + } + buffer->inspect = buffer->orig = data; + buffer->inspect_len = buffer->orig_len = data_len; + buffer->len = 0; } void InspectionBufferFree(InspectionBuffer *buffer) diff --git a/src/detect-engine.h b/src/detect-engine.h index 515394ae76..87cdb9951e 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation +/* Copyright (C) 2007-2021 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -29,7 +29,9 @@ #include "flow-private.h" void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size); -void InspectionBufferSetup(InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len); +void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id, + InspectionBuffer *buffer, const uint8_t *data, + const uint32_t data_len); void InspectionBufferFree(InspectionBuffer *buffer); void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size); void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len); @@ -39,8 +41,12 @@ bool DetectBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list, const uint8_t *content, uint16_t content_len, const char **namestr); void InspectionBufferClean(DetectEngineThreadCtx *det_ctx); InspectionBuffer *InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id); -InspectionBuffer *InspectionBufferMultipleForListGet(InspectionBufferMultipleForList *fb, uint32_t local_id); -InspectionBufferMultipleForList *InspectionBufferGetMulti(DetectEngineThreadCtx *det_ctx, const int list_id); +void InspectionBufferSetupMulti(InspectionBuffer *buffer, + const DetectEngineTransforms *transforms, + const uint8_t *data, const uint32_t data_len); +InspectionBuffer * +InspectionBufferMultipleForListGet(DetectEngineThreadCtx *det_ctx, + const int list_id, uint32_t local_id); int DetectBufferTypeRegister(const char *name); int DetectBufferTypeGetByName(const char *name); diff --git a/src/detect-file-data.c b/src/detect-file-data.c index a72fb56cca..1ff6602c01 100644 --- a/src/detect-file-data.c +++ b/src/detect-file-data.c @@ -303,7 +303,7 @@ static InspectionBuffer *HttpServerBodyGetDataCallback(DetectEngineThreadCtx *de StreamingBufferGetDataAtOffset(body->sb, &data, &data_len, offset); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); buffer->inspect_offset = offset; /* built-in 'transformation' */ @@ -331,6 +331,28 @@ static InspectionBuffer *HttpServerBodyGetDataCallback(DetectEngineThreadCtx *de /* file API based inspection */ +static inline InspectionBuffer *FiledataWithXformsGetDataCallback( + DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, + const int list_id, int local_file_id, InspectionBuffer *base_buffer, + const bool first) { + InspectionBuffer *buffer = + InspectionBufferMultipleForListGet(det_ctx, list_id, local_file_id); + if (buffer == NULL) { + SCLogDebug("list_id: %d: no buffer", list_id); + return NULL; + } + if (!first && buffer->inspect != NULL) { + SCLogDebug("list_id: %d: returning %p", list_id, buffer); + return buffer; + } + + InspectionBufferSetupMulti(buffer, transforms, base_buffer->inspect, + base_buffer->inspect_len); + buffer->inspect_offset = base_buffer->inspect_offset; + SCLogDebug("xformed buffer %p size %u", buffer, buffer->inspect_len); + SCReturnPtr(buffer, "InspectionBuffer"); +} + static InspectionBuffer *FiledataGetDataCallback(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *f, uint8_t flow_flags, File *cur_file, @@ -338,8 +360,9 @@ static InspectionBuffer *FiledataGetDataCallback(DetectEngineThreadCtx *det_ctx, { SCEnter(); - InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id); - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(fb, local_file_id); + InspectionBuffer *buffer = + InspectionBufferMultipleForListGet(det_ctx, list_id, local_file_id); + SCLogDebug("base: buffer %p", buffer); if (buffer == NULL) return NULL; if (!first && buffer->inspect != NULL) @@ -383,7 +406,12 @@ static InspectionBuffer *FiledataGetDataCallback(DetectEngineThreadCtx *det_ctx, StreamingBufferGetDataAtOffset(cur_file->sb, &data, &data_len, cur_file->content_inspected); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetupMulti(buffer, NULL, data, data_len); + SCLogDebug("[list %d] [before] buffer offset %" PRIu64 + "; buffer len %" PRIu32 "; data_len %" PRIu32 + "; file_size %" PRIu64, + list_id, buffer->inspect_offset, buffer->inspect_len, data_len, + file_size); buffer->inspect_offset = cur_file->content_inspected; InspectionBufferApplyTransforms(buffer, transforms); diff --git a/src/detect-filemagic.c b/src/detect-filemagic.c index 3590c79787..e3cf6615ae 100644 --- a/src/detect-filemagic.c +++ b/src/detect-filemagic.c @@ -492,8 +492,8 @@ static InspectionBuffer *FilemagicGetDataCallback(DetectEngineThreadCtx *det_ctx { SCEnter(); - InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id); - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(fb, local_file_id); + InspectionBuffer *buffer = + InspectionBufferMultipleForListGet(det_ctx, list_id, local_file_id); if (buffer == NULL) return NULL; if (!first && buffer->inspect != NULL) @@ -515,8 +515,7 @@ static InspectionBuffer *FilemagicGetDataCallback(DetectEngineThreadCtx *det_ctx const uint8_t *data = (const uint8_t *)cur_file->magic; uint32_t data_len = (uint32_t)strlen(cur_file->magic); - InspectionBufferSetup(buffer, data, data_len); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferSetupMulti(buffer, transforms, data, data_len); SCReturnPtr(buffer, "InspectionBuffer"); } diff --git a/src/detect-filename.c b/src/detect-filename.c index 22125ee14d..05c1c378c5 100644 --- a/src/detect-filename.c +++ b/src/detect-filename.c @@ -355,8 +355,8 @@ static InspectionBuffer *FilenameGetDataCallback(DetectEngineThreadCtx *det_ctx, { SCEnter(); - InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id); - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(fb, local_file_id); + InspectionBuffer *buffer = + InspectionBufferMultipleForListGet(det_ctx, list_id, local_file_id); if (buffer == NULL) return NULL; if (!first && buffer->inspect != NULL) @@ -365,8 +365,7 @@ static InspectionBuffer *FilenameGetDataCallback(DetectEngineThreadCtx *det_ctx, const uint8_t *data = cur_file->name; uint32_t data_len = cur_file->name_len; - InspectionBufferSetup(buffer, data, data_len); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferSetupMulti(buffer, transforms, data, data_len); SCReturnPtr(buffer, "InspectionBuffer"); } diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c index 1894c0e0ea..ac5f4bf627 100644 --- a/src/detect-http-client-body.c +++ b/src/detect-http-client-body.c @@ -257,7 +257,7 @@ static InspectionBuffer *HttpClientBodyGetDataCallback(DetectEngineThreadCtx *de StreamingBufferGetDataAtOffset(body->sb, &data, &data_len, offset); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); buffer->inspect_offset = offset; /* move inspected tracker to end of the data. HtpBodyPrune will consider diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c index 74fc9f98a4..a1068da0f0 100644 --- a/src/detect-http-cookie.c +++ b/src/detect-http-cookie.c @@ -182,7 +182,7 @@ static InspectionBuffer *GetRequestData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = bstr_len(h->value); const uint8_t *data = bstr_ptr(h->value); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } @@ -210,7 +210,7 @@ static InspectionBuffer *GetResponseData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = bstr_len(h->value); const uint8_t *data = bstr_ptr(h->value); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-http-header-names.c b/src/detect-http-header-names.c index dde59f9597..989a24c3e5 100644 --- a/src/detect-http-header-names.c +++ b/src/detect-http-header-names.c @@ -189,7 +189,7 @@ static void PrefilterTxHttpRequestHeaderNames(DetectEngineThreadCtx *det_ctx, return; /* setup buffer and apply transforms */ - InspectionBufferSetup(buffer, rawdata, rawdata_len); + InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len); InspectionBufferApplyTransforms(buffer, ctx->transforms); } @@ -267,7 +267,7 @@ static void PrefilterTxHttpResponseHeaderNames(DetectEngineThreadCtx *det_ctx, return; /* setup buffer and apply transforms */ - InspectionBufferSetup(buffer, rawdata, rawdata_len); + InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len); InspectionBufferApplyTransforms(buffer, ctx->transforms); } @@ -332,7 +332,7 @@ static int InspectEngineHttpHeaderNames( goto end; } /* setup buffer and apply transforms */ - InspectionBufferSetup(buffer, rawdata, rawdata_len); + InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-http-header.c b/src/detect-http-header.c index e2b1904ede..8eabfebecf 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -176,7 +176,7 @@ static int DetectEngineInspectBufferHttpHeader( goto end; } /* setup buffer and apply transforms */ - InspectionBufferSetup(buffer, rawdata, rawdata_len); + InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len); InspectionBufferApplyTransforms(buffer, transforms); } @@ -243,7 +243,7 @@ static void PrefilterMpmHttpHeader(DetectEngineThreadCtx *det_ctx, return; /* setup buffer and apply transforms */ - InspectionBufferSetup(buffer, rawdata, rawdata_len); + InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len); InspectionBufferApplyTransforms(buffer, ctx->transforms); } diff --git a/src/detect-http-headers-stub.h b/src/detect-http-headers-stub.h index 07e18e7aae..33fea36533 100644 --- a/src/detect-http-headers-stub.h +++ b/src/detect-http-headers-stub.h @@ -74,7 +74,7 @@ static InspectionBuffer *GetRequestData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = bstr_len(h->value); const uint8_t *data = bstr_ptr(h->value); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } @@ -107,7 +107,7 @@ static InspectionBuffer *GetResponseData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = bstr_len(h->value); const uint8_t *data = bstr_ptr(h->value); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-http-host.c b/src/detect-http-host.c index f615bc9e5a..9cb55fc91e 100644 --- a/src/detect-http-host.c +++ b/src/detect-http-host.c @@ -233,7 +233,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = bstr_len(tx->request_hostname); const uint8_t *data = bstr_ptr(tx->request_hostname); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } @@ -306,7 +306,7 @@ static InspectionBuffer *GetRawData(DetectEngineThreadCtx *det_ctx, data_len = bstr_len(tx->parsed_uri->hostname); } - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-http-method.c b/src/detect-http-method.c index ff5cd2ef57..e8f2314327 100644 --- a/src/detect-http-method.c +++ b/src/detect-http-method.c @@ -201,7 +201,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = bstr_len(tx->request_method); const uint8_t *data = bstr_ptr(tx->request_method); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-http-protocol.c b/src/detect-http-protocol.c index 1cae37e2d7..6a35ac7e9b 100644 --- a/src/detect-http-protocol.c +++ b/src/detect-http-protocol.c @@ -109,7 +109,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, return NULL; } - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-http-raw-header.c b/src/detect-http-raw-header.c index 718fcd8356..66d19158c5 100644 --- a/src/detect-http-raw-header.c +++ b/src/detect-http-raw-header.c @@ -189,7 +189,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = ts ? tx_ud->request_headers_raw_len : tx_ud->response_headers_raw_len; - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-http-request-line.c b/src/detect-http-request-line.c index 101aa4a950..c421839fca 100644 --- a/src/detect-http-request-line.c +++ b/src/detect-http-request-line.c @@ -136,7 +136,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = bstr_len(tx->request_line); const uint8_t *data = bstr_ptr(tx->request_line); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } return buffer; diff --git a/src/detect-http-response-line.c b/src/detect-http-response-line.c index 4fe43da52c..54f91c962f 100644 --- a/src/detect-http-response-line.c +++ b/src/detect-http-response-line.c @@ -135,7 +135,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = bstr_len(tx->response_line); const uint8_t *data = bstr_ptr(tx->response_line); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } return buffer; diff --git a/src/detect-http-start.c b/src/detect-http-start.c index 4e6decc03f..1a42e088b1 100644 --- a/src/detect-http-start.c +++ b/src/detect-http-start.c @@ -190,7 +190,7 @@ static void PrefilterTxHttpRequestStart(DetectEngineThreadCtx *det_ctx, return; /* setup buffer and apply transforms */ - InspectionBufferSetup(buffer, rawdata, rawdata_len); + InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len); InspectionBufferApplyTransforms(buffer, ctx->transforms); } @@ -264,7 +264,7 @@ static void PrefilterTxHttpResponseStart(DetectEngineThreadCtx *det_ctx, return; /* setup buffer and apply transforms */ - InspectionBufferSetup(buffer, rawdata, rawdata_len); + InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len); InspectionBufferApplyTransforms(buffer, ctx->transforms); } @@ -329,7 +329,7 @@ static int InspectEngineHttpStart( goto end; } /* setup buffer and apply transforms */ - InspectionBufferSetup(buffer, rawdata, rawdata_len); + InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-http-stat-code.c b/src/detect-http-stat-code.c index 22433a6b8e..bd0405508e 100644 --- a/src/detect-http-stat-code.c +++ b/src/detect-http-stat-code.c @@ -163,7 +163,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = bstr_len(tx->response_status); const uint8_t *data = bstr_ptr(tx->response_status); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-http-stat-msg.c b/src/detect-http-stat-msg.c index c59f9c2671..6eeb5685cc 100644 --- a/src/detect-http-stat-msg.c +++ b/src/detect-http-stat-msg.c @@ -163,7 +163,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = bstr_len(tx->response_message); const uint8_t *data = bstr_ptr(tx->response_message); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-http-ua.c b/src/detect-http-ua.c index a4d9f39ccf..f7be34d055 100644 --- a/src/detect-http-ua.c +++ b/src/detect-http-ua.c @@ -169,7 +169,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = bstr_len(h->value); const uint8_t *data = bstr_ptr(h->value); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-http-uri.c b/src/detect-http-uri.c index cd002dd0cf..3264f93861 100644 --- a/src/detect-http-uri.c +++ b/src/detect-http-uri.c @@ -228,7 +228,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = bstr_len(tx_ud->request_uri_normalized); const uint8_t *data = bstr_ptr(tx_ud->request_uri_normalized); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } @@ -298,7 +298,7 @@ static InspectionBuffer *GetRawData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = bstr_len(tx->request_uri); const uint8_t *data = bstr_ptr(tx->request_uri); - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-ipv4hdr.c b/src/detect-ipv4hdr.c index 87b29c5aef..e39dddea05 100644 --- a/src/detect-ipv4hdr.c +++ b/src/detect-ipv4hdr.c @@ -117,7 +117,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = hlen; const uint8_t *data = (const uint8_t *)p->ip4h; - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-ipv6hdr.c b/src/detect-ipv6hdr.c index ea88b589ad..da67404ca3 100644 --- a/src/detect-ipv6hdr.c +++ b/src/detect-ipv6hdr.c @@ -118,7 +118,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = hlen; const uint8_t *data = (const uint8_t *)p->ip6h; - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-krb5-cname.c b/src/detect-krb5-cname.c index 5910d1a5ec..28226f7b4d 100644 --- a/src/detect-krb5-cname.c +++ b/src/detect-krb5-cname.c @@ -62,8 +62,8 @@ static InspectionBuffer *GetKrb5CNameData(DetectEngineThreadCtx *det_ctx, { SCEnter(); - InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id); - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(fb, cbdata->local_id); + InspectionBuffer *buffer = + InspectionBufferMultipleForListGet(det_ctx, list_id, cbdata->local_id); if (buffer == NULL) return NULL; if (!first && buffer->inspect != NULL) @@ -77,8 +77,7 @@ static InspectionBuffer *GetKrb5CNameData(DetectEngineThreadCtx *det_ctx, if (b == NULL || b_len == 0) return NULL; - InspectionBufferSetup(buffer, b, b_len); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferSetupMulti(buffer, transforms, b, b_len); SCReturnPtr(buffer, "InspectionBuffer"); } diff --git a/src/detect-krb5-sname.c b/src/detect-krb5-sname.c index 62f80df754..aaa85c6fe9 100644 --- a/src/detect-krb5-sname.c +++ b/src/detect-krb5-sname.c @@ -62,8 +62,8 @@ static InspectionBuffer *GetKrb5SNameData(DetectEngineThreadCtx *det_ctx, { SCEnter(); - InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id); - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(fb, cbdata->local_id); + InspectionBuffer *buffer = + InspectionBufferMultipleForListGet(det_ctx, list_id, cbdata->local_id); if (buffer == NULL) return NULL; if (!first && buffer->inspect != NULL) @@ -77,8 +77,7 @@ static InspectionBuffer *GetKrb5SNameData(DetectEngineThreadCtx *det_ctx, if (b == NULL || b_len == 0) return NULL; - InspectionBufferSetup(buffer, b, b_len); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferSetupMulti(buffer, transforms, b, b_len); SCReturnPtr(buffer, "InspectionBuffer"); } diff --git a/src/detect-sip-method.c b/src/detect-sip-method.c index 71c4a08ece..0d4c73a649 100644 --- a/src/detect-sip-method.c +++ b/src/detect-sip-method.c @@ -116,7 +116,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, if (b == NULL || b_len == 0) return NULL; - InspectionBufferSetup(buffer, b, b_len); + InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-sip-protocol.c b/src/detect-sip-protocol.c index 32da66d674..d6e06bc85c 100644 --- a/src/detect-sip-protocol.c +++ b/src/detect-sip-protocol.c @@ -86,7 +86,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, return NULL; if (b == NULL || b_len == 0) return NULL; - InspectionBufferSetup(buffer, b, b_len); + InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-sip-request-line.c b/src/detect-sip-request-line.c index 828f3187fe..0d3e994588 100644 --- a/src/detect-sip-request-line.c +++ b/src/detect-sip-request-line.c @@ -87,7 +87,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, if (b == NULL || b_len == 0) return NULL; - InspectionBufferSetup(buffer, b, b_len); + InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len); InspectionBufferApplyTransforms(buffer, transforms); } return buffer; diff --git a/src/detect-sip-response-line.c b/src/detect-sip-response-line.c index 2b793519ca..fae7813a66 100644 --- a/src/detect-sip-response-line.c +++ b/src/detect-sip-response-line.c @@ -87,7 +87,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, if (b == NULL || b_len == 0) return NULL; - InspectionBufferSetup(buffer, b, b_len); + InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len); InspectionBufferApplyTransforms(buffer, transforms); } return buffer; diff --git a/src/detect-sip-stat-code.c b/src/detect-sip-stat-code.c index 163ab3dcff..99a684fd68 100644 --- a/src/detect-sip-stat-code.c +++ b/src/detect-sip-stat-code.c @@ -89,7 +89,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, if (b == NULL || b_len == 0) return NULL; - InspectionBufferSetup(buffer, b, b_len); + InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-sip-stat-msg.c b/src/detect-sip-stat-msg.c index aa9a52255b..3526f1d038 100644 --- a/src/detect-sip-stat-msg.c +++ b/src/detect-sip-stat-msg.c @@ -89,7 +89,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, if (b == NULL || b_len == 0) return NULL; - InspectionBufferSetup(buffer, b, b_len); + InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-sip-uri.c b/src/detect-sip-uri.c index 172d75a04b..261adc01bc 100644 --- a/src/detect-sip-uri.c +++ b/src/detect-sip-uri.c @@ -99,7 +99,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, if (b == NULL || b_len == 0) return NULL; - InspectionBufferSetup(buffer, b, b_len); + InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-smb-share.c b/src/detect-smb-share.c index f2a21d9033..b9a7fddc3d 100644 --- a/src/detect-smb-share.c +++ b/src/detect-smb-share.c @@ -70,7 +70,7 @@ static InspectionBuffer *GetNamedPipeData(DetectEngineThreadCtx *det_ctx, if (b == NULL || b_len == 0) return NULL; - InspectionBufferSetup(buffer, b, b_len); + InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len); InspectionBufferApplyTransforms(buffer, transforms); } return buffer; @@ -133,7 +133,7 @@ static InspectionBuffer *GetShareData(DetectEngineThreadCtx *det_ctx, if (b == NULL || b_len == 0) return NULL; - InspectionBufferSetup(buffer, b, b_len); + InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len); InspectionBufferApplyTransforms(buffer, transforms); } return buffer; diff --git a/src/detect-snmp-community.c b/src/detect-snmp-community.c index ea5f66af25..181c45e9b7 100644 --- a/src/detect-snmp-community.c +++ b/src/detect-snmp-community.c @@ -106,7 +106,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, return NULL; } - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-ssh-proto.c b/src/detect-ssh-proto.c index 2f0de667fc..6c0102f83f 100644 --- a/src/detect-ssh-proto.c +++ b/src/detect-ssh-proto.c @@ -83,7 +83,7 @@ static InspectionBuffer *GetSshData(DetectEngineThreadCtx *det_ctx, return NULL; } - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-ssh-software.c b/src/detect-ssh-software.c index 4d1b8d9eb1..2d2999d803 100644 --- a/src/detect-ssh-software.c +++ b/src/detect-ssh-software.c @@ -83,7 +83,7 @@ static InspectionBuffer *GetSshData(DetectEngineThreadCtx *det_ctx, return NULL; } - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-tcphdr.c b/src/detect-tcphdr.c index 3b0cde3f31..4b6a65986d 100644 --- a/src/detect-tcphdr.c +++ b/src/detect-tcphdr.c @@ -119,7 +119,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = hlen; const uint8_t *data = (const uint8_t *)p->tcph; - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-template-buffer.c b/src/detect-template-buffer.c index 6264f81b58..e988255b9e 100644 --- a/src/detect-template-buffer.c +++ b/src/detect-template-buffer.c @@ -133,7 +133,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, return NULL; /* no buffer */ } - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-tls-cert-fingerprint.c b/src/detect-tls-cert-fingerprint.c index 19bef3dd63..8b44d6505d 100644 --- a/src/detect-tls-cert-fingerprint.c +++ b/src/detect-tls-cert-fingerprint.c @@ -141,7 +141,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = strlen(ssl_state->server_connp.cert0_fingerprint); const uint8_t *data = (uint8_t *)ssl_state->server_connp.cert0_fingerprint; - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-tls-cert-issuer.c b/src/detect-tls-cert-issuer.c index 18591661dd..bf89e6550a 100644 --- a/src/detect-tls-cert-issuer.c +++ b/src/detect-tls-cert-issuer.c @@ -131,7 +131,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = strlen(ssl_state->server_connp.cert0_issuerdn); const uint8_t *data = (uint8_t *)ssl_state->server_connp.cert0_issuerdn; - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-tls-cert-serial.c b/src/detect-tls-cert-serial.c index 79d2337d96..7c6e74b4ca 100644 --- a/src/detect-tls-cert-serial.c +++ b/src/detect-tls-cert-serial.c @@ -140,7 +140,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = strlen(ssl_state->server_connp.cert0_serial); const uint8_t *data = (uint8_t *)ssl_state->server_connp.cert0_serial; - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-tls-cert-subject.c b/src/detect-tls-cert-subject.c index d22a686cbe..0e43a45a1a 100644 --- a/src/detect-tls-cert-subject.c +++ b/src/detect-tls-cert-subject.c @@ -130,7 +130,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = strlen(ssl_state->server_connp.cert0_subject); const uint8_t *data = (uint8_t *)ssl_state->server_connp.cert0_subject; - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-tls-certs.c b/src/detect-tls-certs.c index 01244d1657..7bebaa5ed5 100644 --- a/src/detect-tls-certs.c +++ b/src/detect-tls-certs.c @@ -137,8 +137,8 @@ static InspectionBuffer *TlsCertsGetData(DetectEngineThreadCtx *det_ctx, { SCEnter(); - InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id); - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(fb, cbdata->local_id); + InspectionBuffer *buffer = + InspectionBufferMultipleForListGet(det_ctx, list_id, cbdata->local_id); if (buffer == NULL) return NULL; @@ -151,16 +151,14 @@ static InspectionBuffer *TlsCertsGetData(DetectEngineThreadCtx *det_ctx, if (cbdata->cert == NULL) { cbdata->cert = TAILQ_FIRST(&ssl_state->server_connp.certs); } else { - cbdata->cert = TAILQ_NEXT(cbdata->cert, next); + cbdata->cert = TAILQ_NEXT(cbdata->cert, next); } - if (cbdata->cert == NULL) { return NULL; } - InspectionBufferSetup(buffer, cbdata->cert->cert_data, - cbdata->cert->cert_len); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferSetupMulti(buffer, transforms, cbdata->cert->cert_data, + cbdata->cert->cert_len); SCReturnPtr(buffer, "InspectionBuffer"); } diff --git a/src/detect-tls-ja3-hash.c b/src/detect-tls-ja3-hash.c index 9a202b7647..26a1c4526d 100644 --- a/src/detect-tls-ja3-hash.c +++ b/src/detect-tls-ja3-hash.c @@ -153,7 +153,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = strlen(ssl_state->client_connp.ja3_hash); const uint8_t *data = (uint8_t *)ssl_state->client_connp.ja3_hash; - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-tls-ja3-string.c b/src/detect-tls-ja3-string.c index 6869ea9604..76c44c8c0d 100644 --- a/src/detect-tls-ja3-string.c +++ b/src/detect-tls-ja3-string.c @@ -143,7 +143,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = strlen(ssl_state->client_connp.ja3_str->data); const uint8_t *data = (uint8_t *)ssl_state->client_connp.ja3_str->data; - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-tls-ja3s-hash.c b/src/detect-tls-ja3s-hash.c index d26c5c09f4..b186291c1f 100644 --- a/src/detect-tls-ja3s-hash.c +++ b/src/detect-tls-ja3s-hash.c @@ -151,7 +151,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = strlen(ssl_state->server_connp.ja3_hash); const uint8_t *data = (uint8_t *)ssl_state->server_connp.ja3_hash; - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-tls-ja3s-string.c b/src/detect-tls-ja3s-string.c index ea4c9aa5e4..7b22fce6c2 100644 --- a/src/detect-tls-ja3s-string.c +++ b/src/detect-tls-ja3s-string.c @@ -142,7 +142,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = strlen(ssl_state->server_connp.ja3_str->data); const uint8_t *data = (uint8_t *)ssl_state->server_connp.ja3_str->data; - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-tls-sni.c b/src/detect-tls-sni.c index 0fe36c0208..5bcb4172a7 100644 --- a/src/detect-tls-sni.c +++ b/src/detect-tls-sni.c @@ -129,7 +129,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = strlen(ssl_state->client_connp.sni); const uint8_t *data = (uint8_t *)ssl_state->client_connp.sni; - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect-transform-compress-whitespace.c b/src/detect-transform-compress-whitespace.c index 5b54c00b30..b9be6e2d7b 100644 --- a/src/detect-transform-compress-whitespace.c +++ b/src/detect-transform-compress-whitespace.c @@ -131,7 +131,7 @@ static int DetectTransformCompressWhitespaceTest01(void) InspectionBuffer buffer; InspectionBufferInit(&buffer, 8); - InspectionBufferSetup(&buffer, input, input_len); + InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); TransformCompressWhitespace(&buffer); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); @@ -146,7 +146,7 @@ static int DetectTransformCompressWhitespaceTest02(void) InspectionBuffer buffer; InspectionBufferInit(&buffer, 8); - InspectionBufferSetup(&buffer, input, input_len); + InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); TransformDoubleWhitespace(&buffer); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); diff --git a/src/detect-transform-dotprefix.c b/src/detect-transform-dotprefix.c index 3c18b19a92..a9e0cbaeee 100644 --- a/src/detect-transform-dotprefix.c +++ b/src/detect-transform-dotprefix.c @@ -126,7 +126,7 @@ static int DetectTransformDotPrefixTest01(void) InspectionBuffer buffer; InspectionBufferInit(&buffer, input_len); - InspectionBufferSetup(&buffer, input, input_len); + InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); TransformDotPrefix(&buffer); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); @@ -146,7 +146,7 @@ static int DetectTransformDotPrefixTest02(void) InspectionBuffer buffer; InspectionBufferInit(&buffer, input_len); - InspectionBufferSetup(&buffer, input, input_len); + InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); TransformDotPrefix(&buffer); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); diff --git a/src/detect-transform-md5.c b/src/detect-transform-md5.c index 78d99f8615..da7a9e0e3f 100644 --- a/src/detect-transform-md5.c +++ b/src/detect-transform-md5.c @@ -110,7 +110,7 @@ static int DetectTransformToMd5Test01(void) InspectionBuffer buffer; InspectionBufferInit(&buffer, 8); - InspectionBufferSetup(&buffer, input, input_len); + InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); TransformToMd5(&buffer); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); diff --git a/src/detect-transform-sha1.c b/src/detect-transform-sha1.c index 2d7fde9297..b16bdbd1f7 100644 --- a/src/detect-transform-sha1.c +++ b/src/detect-transform-sha1.c @@ -110,7 +110,7 @@ static int DetectTransformToSha1Test01(void) InspectionBuffer buffer; InspectionBufferInit(&buffer, 8); - InspectionBufferSetup(&buffer, input, input_len); + InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); TransformToSha1(&buffer); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); diff --git a/src/detect-transform-sha256.c b/src/detect-transform-sha256.c index 9ab6755625..426893df11 100644 --- a/src/detect-transform-sha256.c +++ b/src/detect-transform-sha256.c @@ -110,7 +110,7 @@ static int DetectTransformToSha256Test01(void) InspectionBuffer buffer; InspectionBufferInit(&buffer, 8); - InspectionBufferSetup(&buffer, input, input_len); + InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); TransformToSha256(&buffer); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); diff --git a/src/detect-transform-strip-whitespace.c b/src/detect-transform-strip-whitespace.c index 33c006a615..e2193477cf 100644 --- a/src/detect-transform-strip-whitespace.c +++ b/src/detect-transform-strip-whitespace.c @@ -145,7 +145,7 @@ static int DetectTransformStripWhitespaceTest01(void) InspectionBuffer buffer; InspectionBufferInit(&buffer, 8); - InspectionBufferSetup(&buffer, input, input_len); + InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); TransformStripWhitespace(&buffer); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); @@ -160,7 +160,7 @@ static int DetectTransformStripWhitespaceTest02(void) InspectionBuffer buffer; InspectionBufferInit(&buffer, 8); - InspectionBufferSetup(&buffer, input, input_len); + InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); TransformDoubleWhitespace(&buffer); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); diff --git a/src/detect-udphdr.c b/src/detect-udphdr.c index a8900048be..6c58a8883c 100644 --- a/src/detect-udphdr.c +++ b/src/detect-udphdr.c @@ -114,7 +114,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const uint32_t data_len = UDP_HEADER_LEN; const uint8_t *data = (const uint8_t *)p->udph; - InspectionBufferSetup(buffer, data, data_len); + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } diff --git a/src/detect.h b/src/detect.h index 7de39ec7d1..db1daa0615 100644 --- a/src/detect.h +++ b/src/detect.h @@ -346,7 +346,9 @@ typedef struct InspectionBuffer { uint64_t inspect_offset; uint32_t inspect_len; /**< size of active data. See to ::len or ::orig_len */ uint8_t flags; /**< DETECT_CI_FLAGS_* for use with DetectEngineContentInspection */ - +#ifdef DEBUG_VALIDATION + bool multi; +#endif uint32_t len; /**< how much is in use */ uint8_t *buf; uint32_t size; /**< size of the memory allocation */ -- 2.47.2