From c5cf2967b3bc7fc074052279fe35d29fae283f43 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 18 Jan 2022 16:11:37 +0100 Subject: [PATCH] detect: fix integer warnings Ticket: #4516 --- src/decode-icmpv4.h | 2 +- src/detect-byte-extract.c | 14 ++--- src/detect-byte-extract.h | 2 +- src/detect-bytejump.c | 23 ++++--- src/detect-cipservice.c | 8 +-- src/detect-csum.c | 2 +- src/detect-dnp3.c | 10 +-- src/detect-engine-address.c | 3 +- src/detect-engine-alert.c | 4 +- src/detect-engine-analyzer.c | 7 ++- src/detect-engine-analyzer.h | 1 - src/detect-engine-build.c | 5 +- src/detect-engine-content-inspection.c | 16 ++--- src/detect-engine-event.c | 4 +- src/detect-engine-iponly.c | 28 ++++----- src/detect-engine-mpm.c | 23 +++---- src/detect-engine-port.c | 8 +-- src/detect-engine-prefilter.c | 6 +- src/detect-engine.c | 86 +++++++++++++------------- src/detect-file-hash-common.c | 4 +- src/detect-file-hash-common.h | 2 +- src/detect-flow.c | 15 ++--- src/detect-flowvar.h | 4 +- src/detect-ftpbounce.c | 6 +- src/detect-http2.c | 10 +-- src/detect-id.c | 5 +- src/detect-ipproto.c | 6 +- src/detect-metadata.c | 8 ++- src/detect-pcre.c | 17 +++-- src/detect-pktvar.h | 2 +- src/detect-ssh-proto-version.c | 2 +- src/detect-ssh-software-version.c | 2 +- src/detect-ssl-version.c | 2 +- src/detect-tag.h | 2 +- src/detect-transform-urldecode.c | 4 +- src/detect-transform-xor.c | 8 +-- src/detect-urilen.c | 5 +- src/detect.c | 12 ++-- src/detect.h | 4 +- 39 files changed, 184 insertions(+), 188 deletions(-) diff --git a/src/decode-icmpv4.h b/src/decode-icmpv4.h index ed1f657013..ed24fce066 100644 --- a/src/decode-icmpv4.h +++ b/src/decode-icmpv4.h @@ -187,7 +187,7 @@ typedef struct ICMPV4Vars_ uint16_t seq; /** Actual header length **/ - uint32_t hlen; + uint16_t hlen; /** Pointers to the embedded packet headers */ IPV4Hdr *emb_ipv4h; diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c index 7c1ba2182a..b96c43b225 100644 --- a/src/detect-byte-extract.c +++ b/src/detect-byte-extract.c @@ -112,9 +112,8 @@ void DetectByteExtractRegister(void) } int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatchData *smd, - const Signature *s, const uint8_t *payload, - uint16_t payload_len, uint64_t *value, - uint8_t endian) + const Signature *s, const uint8_t *payload, uint32_t payload_len, uint64_t *value, + uint8_t endian) { DetectByteExtractData *data = (DetectByteExtractData *)smd->ctx; const uint8_t *ptr = NULL; @@ -320,11 +319,10 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ i); goto error; } - int32_t multiplier; - if (StringParseI32RangeCheck(&multiplier, 10, 0, - (const char *)multiplier_str, - DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT, - DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT) < 0) { + uint16_t multiplier; + if (StringParseU16RangeCheck(&multiplier, 10, 0, (const char *)multiplier_str, + DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT, + DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT) < 0) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid value for" "multiplier: \"%s\".", multiplier_str); goto error; diff --git a/src/detect-byte-extract.h b/src/detect-byte-extract.h index 7fff95a59e..71b433d340 100644 --- a/src/detect-byte-extract.h +++ b/src/detect-byte-extract.h @@ -63,6 +63,6 @@ void DetectByteExtractRegister(void); SigMatch *DetectByteExtractRetrieveSMVar(const char *, const Signature *); int DetectByteExtractDoMatch(DetectEngineThreadCtx *, const SigMatchData *, const Signature *, - const uint8_t *, uint16_t, uint64_t *, uint8_t); + const uint8_t *, uint32_t, uint64_t *, uint8_t); #endif /* __DETECT_BYTEEXTRACT_H__ */ diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c index 0d3694f25a..02072bab57 100644 --- a/src/detect-bytejump.c +++ b/src/detect-bytejump.c @@ -40,6 +40,7 @@ #include "util-byte.h" #include "util-unittest.h" #include "util-debug.h" +#include "util-validate.h" #include "detect-pcre.h" /** @@ -221,7 +222,8 @@ static int DetectBytejumpMatch(DetectEngineThreadCtx *det_ctx, */ if (data->flags & DETECT_BYTEJUMP_RELATIVE) { ptr = p->payload + det_ctx->buffer_offset; - len = p->payload_len - det_ctx->buffer_offset; + DEBUG_VALIDATE_BUG_ON(p->payload_len - det_ctx->buffer_offset > UINT16_MAX); + len = (uint16_t)(p->payload_len - det_ctx->buffer_offset); /* No match if there is no relative base */ if (ptr == NULL || len == 0) { @@ -233,7 +235,8 @@ static int DetectBytejumpMatch(DetectEngineThreadCtx *det_ctx, } else { ptr = p->payload + data->offset; - len = p->payload_len - data->offset; + DEBUG_VALIDATE_BUG_ON(p->payload_len - data->offset > UINT16_MAX); + len = (uint16_t)(p->payload_len - data->offset); } /* Verify the to-be-extracted data is within the packet */ @@ -395,7 +398,7 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch */ /* Number of bytes */ - if (StringParseUint32(&nbytes, 10, strlen(args[0]), args[0]) <= 0) { + if (StringParseUint32(&nbytes, 10, (uint16_t)strlen(args[0]), args[0]) <= 0) { SCLogError(SC_ERR_INVALID_VALUE, "Malformed number of bytes: %s", optstr); goto error; } @@ -412,7 +415,7 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch if (*offset == NULL) goto error; } else { - if (StringParseInt32(&data->offset, 0, strlen(args[1]), args[1]) <= 0) { + if (StringParseInt32(&data->offset, 0, (uint16_t)strlen(args[1]), args[1]) <= 0) { SCLogError(SC_ERR_INVALID_VALUE, "Malformed offset: %s", optstr); goto error; } @@ -445,18 +448,14 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch } else if (strcasecmp("align", args[i]) == 0) { data->flags |= DETECT_BYTEJUMP_ALIGN; } else if (strncasecmp("multiplier ", args[i], 11) == 0) { - if (StringParseUint32(&data->multiplier, 10, - strlen(args[i]) - 11, - args[i] + 11) <= 0) - { + if (StringParseUint32( + &data->multiplier, 10, (uint16_t)strlen(args[i]) - 11, args[i] + 11) <= 0) { SCLogError(SC_ERR_INVALID_VALUE, "Malformed multiplier: %s", optstr); goto error; } } else if (strncasecmp("post_offset ", args[i], 12) == 0) { - if (StringParseInt32(&data->post_offset, 10, - strlen(args[i]) - 12, - args[i] + 12) <= 0) - { + if (StringParseInt32(&data->post_offset, 10, (uint16_t)strlen(args[i]) - 12, + args[i] + 12) <= 0) { SCLogError(SC_ERR_INVALID_VALUE, "Malformed post_offset: %s", optstr); goto error; } diff --git a/src/detect-cipservice.c b/src/detect-cipservice.c index 482fc56fa2..1841bfc06b 100644 --- a/src/detect-cipservice.c +++ b/src/detect-cipservice.c @@ -104,9 +104,9 @@ static DetectCipServiceData *DetectCipServiceParse(const char *rulestrc) char* token; char *save; - int var; - int input[3] = { 0, 0, 0 }; - int i = 0; + uint8_t var; + uint8_t input[3] = { 0, 0, 0 }; + uint8_t i = 0; token = strtok_r(rulestr, delims, &save); while (token != NULL) @@ -156,7 +156,7 @@ static DetectCipServiceData *DetectCipServiceParse(const char *rulestrc) goto error; } - sscanf(token, "%d", &var); + sscanf(token, "%2" SCNu8, &var); input[i++] = var; token = strtok_r(NULL, delims, &save); diff --git a/src/detect-csum.c b/src/detect-csum.c index bc765cd7eb..ed4e58d854 100644 --- a/src/detect-csum.c +++ b/src/detect-csum.c @@ -819,7 +819,7 @@ static int DetectICMPV6CsumMatch(DetectEngineThreadCtx *det_ctx, if (p->level4_comp_csum == -1) { uint16_t len = IPV6_GET_RAW_PLEN(p->ip6h) - - ((uint8_t *)p->icmpv6h - (uint8_t *)p->ip6h - IPV6_HEADER_LEN); + (uint16_t)((uint8_t *)p->icmpv6h - (uint8_t *)p->ip6h - IPV6_HEADER_LEN); p->level4_comp_csum = ICMPV6CalculateChecksum(p->ip6h->s_ip6_addrs, (uint16_t *)p->icmpv6h, len); diff --git a/src/detect-dnp3.c b/src/detect-dnp3.c index be256b34b1..fa54c8d42f 100644 --- a/src/detect-dnp3.c +++ b/src/detect-dnp3.c @@ -196,7 +196,7 @@ static int DetectEngineInspectDNP3(DetectEngineCtx *de_ctx, DetectEngineThreadCt */ static int DetectDNP3FuncParseFunctionCode(const char *str, uint8_t *fc) { - if (StringParseUint8(fc, 10, strlen(str), str) >= 0) { + if (StringParseUint8(fc, 10, (uint16_t)strlen(str), str) >= 0) { return 1; } @@ -204,7 +204,7 @@ static int DetectDNP3FuncParseFunctionCode(const char *str, uint8_t *fc) for (size_t i = 0; i < sizeof(DNP3FunctionNameMap) / sizeof(DNP3Mapping); i++) { if (strcasecmp(str, DNP3FunctionNameMap[i].name) == 0) { - *fc = DNP3FunctionNameMap[i].value; + *fc = (uint8_t)(DNP3FunctionNameMap[i].value); return 1; } } @@ -288,7 +288,7 @@ static int DetectDNP3IndParse(const char *str, uint16_t *flags) { *flags = 0; - if (StringParseUint16(flags, 0, strlen(str), str) > 0) { + if (StringParseUint16(flags, 0, (uint16_t)strlen(str), str) > 0) { return 1; } @@ -363,11 +363,11 @@ static int DetectDNP3ObjParse(const char *str, uint8_t *group, uint8_t *var) *sep = '\0'; varstr = sep + 1; - if (StringParseUint8(group, 0, strlen(groupstr), groupstr) < 0) { + if (StringParseUint8(group, 0, (uint16_t)strlen(groupstr), groupstr) < 0) { return 0; } - if (StringParseUint8(var, 0, strlen(varstr), varstr) < 0) { + if (StringParseUint8(var, 0, (uint16_t)strlen(varstr), varstr) < 0) { return 0; } diff --git a/src/detect-engine-address.c b/src/detect-engine-address.c index 1dc6bcfaca..4d5bc434f0 100644 --- a/src/detect-engine-address.c +++ b/src/detect-engine-address.c @@ -1330,8 +1330,7 @@ static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2, DetectAddressMap *map1 = (DetectAddressMap *)data1; DetectAddressMap *map2 = (DetectAddressMap *)data2; - - int r = (strcmp(map1->string, map2->string) == 0); + char r = (strcmp(map1->string, map2->string) == 0); return r; } diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c index 273604e4bd..1e5c712730 100644 --- a/src/detect-engine-alert.c +++ b/src/detect-engine-alert.c @@ -336,12 +336,12 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx qsort(det_ctx->alert_queue, det_ctx->alert_queue_size, sizeof(PacketAlert), AlertQueueSortHelper); - int i = 0; + uint16_t i = 0; uint16_t max_pos = det_ctx->alert_queue_size; while (i < max_pos) { const Signature *s = de_ctx->sig_array[det_ctx->alert_queue[i].num]; - uint8_t res = PacketAlertHandle(de_ctx, det_ctx, s, p, &det_ctx->alert_queue[i]); + int res = PacketAlertHandle(de_ctx, det_ctx, s, p, &det_ctx->alert_queue[i]); if (res > 0) { /* Now, if we have an alert, we have to check if we want diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c index 5bfe46cd2f..103bbc8f71 100644 --- a/src/detect-engine-analyzer.c +++ b/src/detect-engine-analyzer.c @@ -38,6 +38,7 @@ #include "detect-tcp-flags.h" #include "feature.h" #include "util-print.h" +#include "util-validate.h" static int rule_warnings_only = 0; static FILE *rule_engine_analysis_FD = NULL; @@ -457,7 +458,7 @@ int PerCentEncodingSetup () * \retval 0 if it doesn't have % encoding * \retval -1 on error */ -int PerCentEncodingMatch (uint8_t *content, uint8_t content_len) +static int PerCentEncodingMatch(uint8_t *content, uint16_t content_len) { int ret = 0; @@ -1073,7 +1074,9 @@ static void EngineAnalysisItemsInit(void) for (size_t i = 0; i < ARRAY_SIZE(analyzer_items); i++) { DetectEngineAnalyzerItems *analyzer_item = &analyzer_items[i]; - analyzer_item->item_id = DetectBufferTypeGetByName(analyzer_item->item_name); + int item_id = DetectBufferTypeGetByName(analyzer_item->item_name); + DEBUG_VALIDATE_BUG_ON(item_id < 0 || item_id > UINT16_MAX); + analyzer_item->item_id = (uint16_t)item_id; if (analyzer_item->item_id == -1) { /* Mismatch between the analyzer_items array and what's supported */ FatalError(SC_ERR_INITIALIZATION, diff --git a/src/detect-engine-analyzer.h b/src/detect-engine-analyzer.h index 7b8af5deba..7bf5225823 100644 --- a/src/detect-engine-analyzer.h +++ b/src/detect-engine-analyzer.h @@ -33,7 +33,6 @@ int SetupRuleAnalyzer(void); void CleanupRuleAnalyzer (void); int PerCentEncodingSetup (void); -int PerCentEncodingMatch (uint8_t *content, uint8_t content_len); void EngineAnalysisFP(const DetectEngineCtx *de_ctx, const Signature *s, char *line); diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c index 0367cf64bc..b9fb4ca6c7 100644 --- a/src/detect-engine-build.c +++ b/src/detect-engine-build.c @@ -830,7 +830,7 @@ static json_t *RulesGroupPrintSghStats(const DetectEngineCtx *de_ctx, const SigG json_object_set_new(types, "any5", json_integer(any5_cnt)); json_object_set_new(stats, "types", types); - for (int i = 0; i < ALPROTO_MAX; i++) { + for (AppProto i = 0; i < ALPROTO_MAX; i++) { if (alstats[i] > 0) { json_t *app = json_object(); json_object_set_new(app, "total", json_integer(alstats[i])); @@ -1178,7 +1178,8 @@ static int RuleSetWhitelist(Signature *s) int CreateGroupedPortList(DetectEngineCtx *de_ctx, DetectPort *port_list, DetectPort **newhead, uint32_t unique_groups, int (*CompareFunc)(DetectPort *, DetectPort *), uint32_t max_idx); int CreateGroupedPortListCmpCnt(DetectPort *a, DetectPort *b); -static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, int ipproto, uint32_t direction) { +static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, uint8_t ipproto, uint32_t direction) +{ /* step 1: create a hash of 'DetectPort' objects based on all the * rules. Each object will have a SGH with the sigs added * that belong to the SGH. */ diff --git a/src/detect-engine-content-inspection.c b/src/detect-engine-content-inspection.c index ba2d43f8a3..a34b492222 100644 --- a/src/detect-engine-content-inspection.c +++ b/src/detect-engine-content-inspection.c @@ -52,6 +52,7 @@ #include "util-spm.h" #include "util-debug.h" #include "util-print.h" +#include "util-validate.h" #include "util-unittest.h" #include "util-unittest-helper.h" @@ -527,10 +528,8 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx DETECT_BYTE_EXTRACT_ENDIAN_LITTLE : DETECT_BYTE_EXTRACT_ENDIAN_BIG); } - if (DetectByteExtractDoMatch(det_ctx, smd, s, buffer, - buffer_len, - &det_ctx->byte_values[bed->local_id], - endian) != 1) { + if (DetectByteExtractDoMatch(det_ctx, smd, s, buffer, buffer_len, + &det_ctx->byte_values[bed->local_id], endian) != 1) { goto no_match; } @@ -561,12 +560,9 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx rvalue = bmd->rvalue; } - - if (DetectByteMathDoMatch(det_ctx, smd, s, buffer, - buffer_len, - rvalue, - &det_ctx->byte_values[bmd->local_id], - endian) != 1) { + DEBUG_VALIDATE_BUG_ON(buffer_len > UINT16_MAX); + if (DetectByteMathDoMatch(det_ctx, smd, s, buffer, (uint16_t)buffer_len, rvalue, + &det_ctx->byte_values[bmd->local_id], endian) != 1) { goto no_match; } diff --git a/src/detect-engine-event.c b/src/detect-engine-event.c index 191fecb40f..fb9e98b59e 100644 --- a/src/detect-engine-event.c +++ b/src/detect-engine-event.c @@ -181,8 +181,8 @@ error: * \retval 0 on Success * \retval -1 on Failure */ -static int DetectEngineEventSetupDo (DetectEngineCtx *de_ctx, Signature *s, - const char *rawstr, int smtype) +static int DetectEngineEventSetupDo( + DetectEngineCtx *de_ctx, Signature *s, const char *rawstr, uint16_t smtype) { DetectEngineEventData *de = DetectEngineEventParse(rawstr); if (de == NULL) diff --git a/src/detect-engine-iponly.c b/src/detect-engine-iponly.c index ee81c2688f..29c98cc802 100644 --- a/src/detect-engine-iponly.c +++ b/src/detect-engine-iponly.c @@ -216,8 +216,8 @@ static int IPOnlyCIDRItemParseSingle(IPOnlyCIDRItem **pdd, const char *str) goto error; } - int cidr; - if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0) + uint8_t cidr; + if (StringParseU8RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0) goto error; dd->netmask = cidr; @@ -1170,7 +1170,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) SigNumArray *sna = SigNumArrayNew(de_ctx, &de_ctx->io_ctx); /* Update the sig */ - uint8_t tmp = 1 << (src->signum % 8); + uint8_t tmp = (uint8_t)(1 << (src->signum % 8)); if (src->negated > 0) /* Unset it */ @@ -1198,7 +1198,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) sna = SigNumArrayCopy((SigNumArray *) user_data); /* Update the sig */ - uint8_t tmp = 1 << (src->signum % 8); + uint8_t tmp = (uint8_t)(1 << (src->signum % 8)); if (src->negated > 0) /* Unset it */ @@ -1231,7 +1231,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) SigNumArray *sna = (SigNumArray *)user_data; /* Update the sig */ - uint8_t tmp = 1 << (src->signum % 8); + uint8_t tmp = (uint8_t)(1 << (src->signum % 8)); if (src->negated > 0) /* Unset it */ @@ -1264,7 +1264,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) SigNumArray *sna = SigNumArrayNew(de_ctx, &de_ctx->io_ctx); /* Update the sig */ - uint8_t tmp = 1 << (src->signum % 8); + uint8_t tmp = (uint8_t)(1 << (src->signum % 8)); if (src->negated > 0) /* Unset it */ @@ -1289,7 +1289,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) sna = SigNumArrayCopy((SigNumArray *)user_data); /* Update the sig */ - uint8_t tmp = 1 << (src->signum % 8); + uint8_t tmp = (uint8_t)(1 << (src->signum % 8)); if (src->negated > 0) /* Unset it */ sna->array[src->signum / 8] &= ~tmp; @@ -1313,7 +1313,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) SigNumArray *sna = (SigNumArray *)user_data; /* Update the sig */ - uint8_t tmp = 1 << (src->signum % 8); + uint8_t tmp = (uint8_t)(1 << (src->signum % 8)); if (src->negated > 0) /* Unset it */ sna->array[src->signum / 8] &= ~tmp; @@ -1366,7 +1366,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) SigNumArray *sna = SigNumArrayNew(de_ctx, &de_ctx->io_ctx); /** Update the sig */ - uint8_t tmp = 1 << (dst->signum % 8); + uint8_t tmp = (uint8_t)(1 << (dst->signum % 8)); if (dst->negated > 0) /** Unset it */ sna->array[dst->signum / 8] &= ~tmp; @@ -1393,7 +1393,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) sna = SigNumArrayCopy((SigNumArray *) user_data); /* Update the sig */ - uint8_t tmp = 1 << (dst->signum % 8); + uint8_t tmp = (uint8_t)(1 << (dst->signum % 8)); if (dst->negated > 0) /* Unset it */ sna->array[dst->signum / 8] &= ~tmp; @@ -1420,7 +1420,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) SigNumArray *sna = (SigNumArray *)user_data; /* Update the sig */ - uint8_t tmp = 1 << (dst->signum % 8); + uint8_t tmp = (uint8_t)(1 << (dst->signum % 8)); if (dst->negated > 0) /* Unset it */ sna->array[dst->signum / 8] &= ~tmp; @@ -1454,7 +1454,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) SigNumArray *sna = SigNumArrayNew(de_ctx, &de_ctx->io_ctx); /* Update the sig */ - uint8_t tmp = 1 << (dst->signum % 8); + uint8_t tmp = (uint8_t)(1 << (dst->signum % 8)); if (dst->negated > 0) /* Unset it */ sna->array[dst->signum / 8] &= ~tmp; @@ -1479,7 +1479,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) sna = SigNumArrayCopy((SigNumArray *)user_data); /* Update the sig */ - uint8_t tmp = 1 << (dst->signum % 8); + uint8_t tmp = (uint8_t)(1 << (dst->signum % 8)); if (dst->negated > 0) /* Unset it */ sna->array[dst->signum / 8] &= ~tmp; @@ -1504,7 +1504,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) SigNumArray *sna = (SigNumArray *)user_data; /* Update the sig */ - uint8_t tmp = 1 << (dst->signum % 8); + uint8_t tmp = (uint8_t)(1 << (dst->signum % 8)); if (dst->negated > 0) /* Unset it */ sna->array[dst->signum / 8] &= ~tmp; diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index 9d126c7ed6..c6abe94173 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -118,8 +118,8 @@ void DetectAppLayerMpmRegister2(const char *name, snprintf(am->pname, sizeof(am->pname), "%s", am->name); am->direction = direction; DEBUG_VALIDATE_BUG_ON(sm_list < 0 || sm_list > INT16_MAX); - am->sm_list = sm_list; - am->sm_list_base = sm_list; + am->sm_list = (int16_t)sm_list; + am->sm_list_base = (int16_t)sm_list; am->priority = priority; am->type = DETECT_BUFFER_MPM_TYPE_APP; @@ -159,7 +159,7 @@ void DetectAppLayerMpmRegisterByParentId(DetectEngineCtx *de_ctx, am->name = t->name; am->direction = t->direction; DEBUG_VALIDATE_BUG_ON(id < 0 || id > INT16_MAX); - am->sm_list = id; // use new id + am->sm_list = (uint16_t)id; // use new id am->sm_list_base = t->sm_list; am->type = DETECT_BUFFER_MPM_TYPE_APP; am->PrefilterRegisterWithListId = t->PrefilterRegisterWithListId; @@ -302,7 +302,7 @@ void DetectFrameMpmRegister(const char *name, int direction, int priority, DetectBufferTypeSupportsFrames(name); DetectBufferTypeSupportsTransformations(name); int sm_list = DetectBufferTypeGetByName(name); - if (sm_list == -1) { + if (sm_list < 0 || sm_list > UINT16_MAX) { FatalError(SC_ERR_INITIALIZATION, "MPM engine registration for %s failed", name); } @@ -310,7 +310,7 @@ void DetectFrameMpmRegister(const char *name, int direction, int priority, BUG_ON(am == NULL); am->name = name; snprintf(am->pname, sizeof(am->pname), "%s", am->name); - am->sm_list = sm_list; + am->sm_list = (uint16_t)sm_list; am->direction = direction; am->priority = priority; am->type = DETECT_BUFFER_MPM_TYPE_FRAME; @@ -350,7 +350,8 @@ void DetectFrameMpmRegisterByParentId(DetectEngineCtx *de_ctx, const int id, con BUG_ON(am == NULL); am->name = t->name; snprintf(am->pname, sizeof(am->pname), "%s#%d", am->name, id); - am->sm_list = id; // use new id + DEBUG_VALIDATE_BUG_ON(id < 0 || id > UINT16_MAX); + am->sm_list = (uint16_t)id; // use new id am->sm_list_base = t->sm_list; am->type = DETECT_BUFFER_MPM_TYPE_FRAME; am->PrefilterRegisterWithListId = t->PrefilterRegisterWithListId; @@ -386,7 +387,7 @@ void DetectEngineFrameMpmRegister(DetectEngineCtx *de_ctx, const char *name, int AppProtoToString(alproto), type); const int sm_list = DetectEngineBufferTypeRegister(de_ctx, name); - if (sm_list < 0) { + if (sm_list < 0 || sm_list > UINT16_MAX) { FatalError(SC_ERR_INITIALIZATION, "MPM engine registration for %s failed", name); } @@ -398,7 +399,7 @@ void DetectEngineFrameMpmRegister(DetectEngineCtx *de_ctx, const char *name, int BUG_ON(am == NULL); am->name = name; snprintf(am->pname, sizeof(am->pname), "%s", am->name); - am->sm_list = sm_list; + am->sm_list = (uint16_t)sm_list; am->direction = direction; am->priority = priority; am->type = DETECT_BUFFER_MPM_TYPE_FRAME; @@ -549,7 +550,7 @@ void DetectPktMpmRegister(const char *name, am->name = name; snprintf(am->pname, sizeof(am->pname), "%s", am->name); DEBUG_VALIDATE_BUG_ON(sm_list < 0 || sm_list > INT16_MAX); - am->sm_list = sm_list; + am->sm_list = (uint16_t)sm_list; am->priority = priority; am->type = DETECT_BUFFER_MPM_TYPE_PKT; @@ -587,7 +588,7 @@ void DetectPktMpmRegisterByParentId(DetectEngineCtx *de_ctx, am->name = t->name; snprintf(am->pname, sizeof(am->pname), "%s#%d", am->name, id); DEBUG_VALIDATE_BUG_ON(id < 0 || id > INT16_MAX); - am->sm_list = id; // use new id + am->sm_list = (uint16_t)id; // use new id am->sm_list_base = t->sm_list; am->type = DETECT_BUFFER_MPM_TYPE_PKT; am->PrefilterRegisterWithListId = t->PrefilterRegisterWithListId; @@ -869,7 +870,7 @@ uint8_t PatternMatchDefaultMatcher(void) if (strcmp("auto", mpm_algo) == 0) { goto done; } - for (uint16_t u = 0; u < MPM_TABLE_SIZE; u++) { + for (uint8_t u = 0; u < MPM_TABLE_SIZE; u++) { if (mpm_table[u].name == NULL) continue; diff --git a/src/detect-engine-port.c b/src/detect-engine-port.c index c1e1cec3ef..29d649b8f1 100644 --- a/src/detect-engine-port.c +++ b/src/detect-engine-port.c @@ -260,10 +260,10 @@ error: static int DetectPortCut(DetectEngineCtx *de_ctx, DetectPort *a, DetectPort *b, DetectPort **c) { - uint32_t a_port1 = a->port; - uint32_t a_port2 = a->port2; - uint32_t b_port1 = b->port; - uint32_t b_port2 = b->port2; + uint16_t a_port1 = a->port; + uint16_t a_port2 = a->port2; + uint16_t b_port1 = b->port; + uint16_t b_port2 = b->port2; /* default to NULL */ *c = NULL; diff --git a/src/detect-engine-prefilter.c b/src/detect-engine-prefilter.c index 3173287731..54e2a241f8 100644 --- a/src/detect-engine-prefilter.c +++ b/src/detect-engine-prefilter.c @@ -286,7 +286,9 @@ int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, e->PrefilterTx = PrefilterTxFunc; e->pectx = pectx; e->alproto = alproto; - e->tx_min_progress = tx_min_progress; + // TODO change function prototype ? + DEBUG_VALIDATE_BUG_ON(tx_min_progress > UINT8_MAX); + e->tx_min_progress = (uint8_t)tx_min_progress; e->Free = FreeFunc; if (sgh->init->tx_engines == NULL) { @@ -498,7 +500,7 @@ void PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh) } memset(sgh->tx_engines, 0x00, (cnt * sizeof(PrefilterEngine))); - uint32_t local_id = 0; + uint16_t local_id = 0; PrefilterEngine *e = sgh->tx_engines; for (el = sgh->init->tx_engines ; el != NULL; el = el->next) { e->local_id = local_id++; diff --git a/src/detect-engine.c b/src/detect-engine.c index 07181181d9..b969db79b4 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -154,8 +154,8 @@ void DetectPktInspectEngineRegister(const char *name, FatalError(SC_ERR_INITIALIZATION, "failed to register inspect engine %s: %s", name, strerror(errno)); } - new_engine->sm_list = sm_list; - new_engine->sm_list_base = sm_list; + new_engine->sm_list = (uint16_t)sm_list; + new_engine->sm_list_base = (uint16_t)sm_list; new_engine->v1.Callback = Callback; new_engine->v1.GetData = GetPktData; @@ -188,7 +188,7 @@ void DetectFrameInspectEngineRegister(const char *name, int dir, BUG_ON(1); } - int direction; + uint8_t direction; if (dir == SIG_FLAG_TOSERVER) { direction = 0; } else { @@ -200,8 +200,8 @@ void DetectFrameInspectEngineRegister(const char *name, int dir, FatalError(SC_ERR_INITIALIZATION, "failed to register inspect engine %s: %s", name, strerror(errno)); } - new_engine->sm_list = sm_list; - new_engine->sm_list_base = sm_list; + new_engine->sm_list = (uint16_t)sm_list; + new_engine->sm_list_base = (uint16_t)sm_list; new_engine->dir = direction; new_engine->v1.Callback = Callback; new_engine->alproto = alproto; @@ -250,7 +250,7 @@ void DetectAppLayerInspectEngineRegister2(const char *name, BUG_ON(1); } - int direction; + uint8_t direction; if (dir == SIG_FLAG_TOSERVER) { direction = 0; } else { @@ -264,9 +264,9 @@ void DetectAppLayerInspectEngineRegister2(const char *name, memset(new_engine, 0, sizeof(*new_engine)); new_engine->alproto = alproto; new_engine->dir = direction; - new_engine->sm_list = sm_list; - new_engine->sm_list_base = sm_list; - new_engine->progress = progress; + new_engine->sm_list = (uint16_t)sm_list; + new_engine->sm_list_base = (uint16_t)sm_list; + new_engine->progress = (int16_t)progress; new_engine->v2.Callback = Callback2; new_engine->v2.GetData = GetData; @@ -297,8 +297,10 @@ static void DetectAppLayerInspectEngineCopy( } new_engine->alproto = t->alproto; new_engine->dir = t->dir; - new_engine->sm_list = new_list; /* use new list id */ - new_engine->sm_list_base = sm_list; + DEBUG_VALIDATE_BUG_ON(new_list < 0 || new_list > UINT16_MAX); + new_engine->sm_list = (uint16_t)new_list; /* use new list id */ + DEBUG_VALIDATE_BUG_ON(sm_list < 0 || sm_list > UINT16_MAX); + new_engine->sm_list_base = (uint16_t)sm_list; new_engine->progress = t->progress; new_engine->v2 = t->v2; new_engine->v2.transforms = transforms; /* assign transforms */ @@ -359,8 +361,10 @@ static void DetectPktInspectEngineCopy( if (unlikely(new_engine == NULL)) { exit(EXIT_FAILURE); } - new_engine->sm_list = new_list; /* use new list id */ - new_engine->sm_list_base = sm_list; + DEBUG_VALIDATE_BUG_ON(new_list < 0 || new_list > UINT16_MAX); + new_engine->sm_list = (uint16_t)new_list; /* use new list id */ + DEBUG_VALIDATE_BUG_ON(sm_list < 0 || sm_list > UINT16_MAX); + new_engine->sm_list_base = (uint16_t)sm_list; new_engine->v1 = t->v1; new_engine->v1.transforms = transforms; /* assign transforms */ @@ -424,7 +428,7 @@ void DetectEngineFrameInspectEngineRegister(DetectEngineCtx *de_ctx, const char BUG_ON(1); } - int direction; + uint8_t direction; if (dir == SIG_FLAG_TOSERVER) { direction = 0; } else { @@ -436,8 +440,8 @@ void DetectEngineFrameInspectEngineRegister(DetectEngineCtx *de_ctx, const char FatalError(SC_ERR_INITIALIZATION, "failed to register inspect engine %s: %s", name, strerror(errno)); } - new_engine->sm_list = sm_list; - new_engine->sm_list_base = sm_list; + new_engine->sm_list = (uint16_t)sm_list; + new_engine->sm_list_base = (uint16_t)sm_list; new_engine->dir = direction; new_engine->v1.Callback = Callback; new_engine->alproto = alproto; @@ -469,8 +473,10 @@ static void DetectFrameInspectEngineCopy(DetectEngineCtx *de_ctx, int sm_list, i if (unlikely(new_engine == NULL)) { exit(EXIT_FAILURE); } - new_engine->sm_list = new_list; /* use new list id */ - new_engine->sm_list_base = sm_list; + DEBUG_VALIDATE_BUG_ON(new_list < 0 || new_list > UINT16_MAX); + new_engine->sm_list = (uint16_t)new_list; /* use new list id */ + DEBUG_VALIDATE_BUG_ON(sm_list < 0 || sm_list > UINT16_MAX); + new_engine->sm_list_base = (uint16_t)sm_list; new_engine->dir = t->dir; new_engine->alproto = t->alproto; new_engine->type = t->type; @@ -528,7 +534,8 @@ static void DetectFrameInspectEngineCopyListToDetectCtx(DetectEngineCtx *de_ctx) * * If stream inspection is MPM, then prepend it. */ -static void AppendStreamInspectEngine(Signature *s, SigMatchData *stream, int direction, uint32_t id) +static void AppendStreamInspectEngine( + Signature *s, SigMatchData *stream, uint8_t direction, uint8_t id) { bool prepend = false; @@ -695,7 +702,7 @@ int DetectEngineAppInspectionEngine2Signature(DetectEngineCtx *de_ctx, Signature } bool head_is_mpm = false; - uint32_t last_id = DE_STATE_FLAG_BASE; + uint8_t last_id = DE_STATE_FLAG_BASE; const DetectEngineAppInspectionEngine *t = de_ctx->app_inspect_engines; while (t != NULL) { bool prepend = false; @@ -937,7 +944,7 @@ static char DetectBufferTypeCompareNameFunc(void *data1, uint16_t len1, void *da DetectBufferType *map1 = (DetectBufferType *)data1; DetectBufferType *map2 = (DetectBufferType *)data2; - int r = (strcmp(map1->name, map2->name) == 0); + char r = (strcmp(map1->name, map2->name) == 0); r &= (memcmp((uint8_t *)&map1->transforms, (uint8_t *)&map2->transforms, sizeof(map2->transforms)) == 0); return r; } @@ -1827,8 +1834,9 @@ static int DetectEnginePktInspectionAppend(Signature *s, InspectionBufferPktInsp return -1; e->mpm = s->init_data->mpm_sm_list == list_id; - e->sm_list = list_id; - e->sm_list_base = list_id; + DEBUG_VALIDATE_BUG_ON(list_id < 0 || list_id > UINT16_MAX); + e->sm_list = (uint16_t)list_id; + e->sm_list_base = (uint16_t)list_id; e->v1.Callback = Callback; e->smd = data; @@ -2638,9 +2646,8 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx) } if (max_uniq_toclient_groups_str != NULL) { if (StringParseUint16(&de_ctx->max_uniq_toclient_groups, 10, - strlen(max_uniq_toclient_groups_str), - (const char *)max_uniq_toclient_groups_str) <= 0) - { + (uint16_t)strlen(max_uniq_toclient_groups_str), + (const char *)max_uniq_toclient_groups_str) <= 0) { de_ctx->max_uniq_toclient_groups = 20; SCLogWarning(SC_ERR_SIZE_PARSE, "parsing '%s' for " @@ -2655,9 +2662,8 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx) if (max_uniq_toserver_groups_str != NULL) { if (StringParseUint16(&de_ctx->max_uniq_toserver_groups, 10, - strlen(max_uniq_toserver_groups_str), - (const char *)max_uniq_toserver_groups_str) <= 0) - { + (uint16_t)strlen(max_uniq_toserver_groups_str), + (const char *)max_uniq_toserver_groups_str) <= 0) { de_ctx->max_uniq_toserver_groups = 40; SCLogWarning(SC_ERR_SIZE_PARSE, "parsing '%s' for " @@ -3862,9 +3868,8 @@ static int DetectEngineMultiTenantSetupLoadLivedevMappings(const ConfNode *mappi goto bad_mapping; uint32_t tenant_id = 0; - if (StringParseUint32(&tenant_id, 10, strlen(tenant_id_node->val), - tenant_id_node->val) < 0) - { + if (StringParseUint32(&tenant_id, 10, (uint16_t)strlen(tenant_id_node->val), + tenant_id_node->val) < 0) { SCLogError(SC_ERR_INVALID_ARGUMENT, "tenant-id " "of %s is invalid", tenant_id_node->val); goto bad_mapping; @@ -3922,18 +3927,16 @@ static int DetectEngineMultiTenantSetupLoadVlanMappings(const ConfNode *mappings goto bad_mapping; uint32_t tenant_id = 0; - if (StringParseUint32(&tenant_id, 10, strlen(tenant_id_node->val), - tenant_id_node->val) < 0) - { + if (StringParseUint32(&tenant_id, 10, (uint16_t)strlen(tenant_id_node->val), + tenant_id_node->val) < 0) { SCLogError(SC_ERR_INVALID_ARGUMENT, "tenant-id " "of %s is invalid", tenant_id_node->val); goto bad_mapping; } uint16_t vlan_id = 0; - if (StringParseUint16(&vlan_id, 10, strlen(vlan_id_node->val), - vlan_id_node->val) < 0) - { + if (StringParseUint16( + &vlan_id, 10, (uint16_t)strlen(vlan_id_node->val), vlan_id_node->val) < 0) { SCLogError(SC_ERR_INVALID_ARGUMENT, "vlan-id " "of %s is invalid", vlan_id_node->val); goto bad_mapping; @@ -3944,7 +3947,7 @@ static int DetectEngineMultiTenantSetupLoadVlanMappings(const ConfNode *mappings goto bad_mapping; } - if (DetectEngineTentantRegisterVlanId(tenant_id, (uint32_t)vlan_id) != 0) { + if (DetectEngineTentantRegisterVlanId(tenant_id, vlan_id) != 0) { goto error; } SCLogConfig("vlan %u connected to tenant-id %u", vlan_id, tenant_id); @@ -4078,9 +4081,8 @@ int DetectEngineMultiTenantSetup(void) } uint32_t tenant_id = 0; - if (StringParseUint32(&tenant_id, 10, strlen(id_node->val), - id_node->val) < 0) - { + if (StringParseUint32( + &tenant_id, 10, (uint16_t)strlen(id_node->val), id_node->val) < 0) { SCLogError(SC_ERR_INVALID_ARGUMENT, "tenant_id " "of %s is invalid", id_node->val); goto bad_tenant; diff --git a/src/detect-file-hash-common.c b/src/detect-file-hash-common.c index 27636618a1..5e217b915a 100644 --- a/src/detect-file-hash-common.c +++ b/src/detect-file-hash-common.c @@ -320,8 +320,8 @@ error: * \retval 0 on Success * \retval -1 on Failure */ -int DetectFileHashSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str, - uint32_t type, int list) +int DetectFileHashSetup( + DetectEngineCtx *de_ctx, Signature *s, const char *str, uint16_t type, int list) { DetectFileHashData *filehash = NULL; SigMatch *sm = NULL; diff --git a/src/detect-file-hash-common.h b/src/detect-file-hash-common.h index 4e8e5ad021..b547e03677 100644 --- a/src/detect-file-hash-common.h +++ b/src/detect-file-hash-common.h @@ -39,7 +39,7 @@ int LoadHashTable(ROHashTable *, const char *, const char *, int, uint32_t); int DetectFileHashMatch(DetectEngineThreadCtx *, Flow *, uint8_t, File *, const Signature *, const SigMatchCtx *); -int DetectFileHashSetup(DetectEngineCtx *, Signature *, const char *, uint32_t, int); +int DetectFileHashSetup(DetectEngineCtx *, Signature *, const char *, uint16_t, int); void DetectFileHashFree(DetectEngineCtx *, void *); #endif /* __UTIL_DETECT_FILE_HASH_H__ */ diff --git a/src/detect-flow.c b/src/detect-flow.c index d4e095f9d1..897d5d3ac3 100644 --- a/src/detect-flow.c +++ b/src/detect-flow.c @@ -86,8 +86,8 @@ void DetectFlowRegister (void) * \param dflags detect flow flags * \param match_cnt number of matches to trigger */ -static inline int FlowMatch(const uint32_t pflags, const uint8_t pflowflags, - const uint16_t tflags, const uint16_t dflags, const uint8_t match_cnt) +static inline int FlowMatch(const uint32_t pflags, const uint8_t pflowflags, const uint16_t tflags, + const uint16_t dflags, const uint16_t match_cnt) { uint8_t cnt = 0; @@ -439,8 +439,7 @@ PrefilterPacketFlowMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void * if (!PrefilterPacketHeaderExtraMatch(ctx, p)) return; - if (FlowMatch(p->flags, p->flowflags, det_ctx->flags, ctx->v1.u8[0], ctx->v1.u8[1])) - { + if (FlowMatch(p->flags, p->flowflags, det_ctx->flags, ctx->v1.u16[0], ctx->v1.u16[1])) { PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt); } } @@ -449,17 +448,15 @@ static void PrefilterPacketFlowSet(PrefilterPacketHeaderValue *v, void *smctx) { const DetectFlowData *fb = smctx; - v->u8[0] = fb->flags; - v->u8[1] = fb->match_cnt; + v->u16[0] = fb->flags; + v->u16[1] = fb->match_cnt; } static bool PrefilterPacketFlowCompare(PrefilterPacketHeaderValue v, void *smctx) { const DetectFlowData *fb = smctx; - if (v.u8[0] == fb->flags && - v.u8[1] == fb->match_cnt) - { + if (v.u16[0] == fb->flags && v.u16[1] == fb->match_cnt) { return true; } return false; diff --git a/src/detect-flowvar.h b/src/detect-flowvar.h index f9af869216..ef26057daf 100644 --- a/src/detect-flowvar.h +++ b/src/detect-flowvar.h @@ -28,8 +28,8 @@ typedef struct DetectFlowvarData_ { char *name; uint32_t idx; uint8_t *content; - uint8_t content_len; - uint8_t flags; + uint16_t content_len; + uint32_t flags; } DetectFlowvarData; /* prototypes */ diff --git a/src/detect-ftpbounce.c b/src/detect-ftpbounce.c index bdb3397427..fd09968320 100644 --- a/src/detect-ftpbounce.c +++ b/src/detect-ftpbounce.c @@ -101,13 +101,13 @@ static int InspectFtpRequest(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det * * \retval 1 if ftpbounce detected, 0 if not */ -static int DetectFtpbounceMatchArgs(uint8_t *payload, uint16_t payload_len, - uint32_t ip_orig, uint16_t offset) +static int DetectFtpbounceMatchArgs( + uint8_t *payload, uint32_t payload_len, uint32_t ip_orig, uint32_t offset) { SCEnter(); SCLogDebug("Checking ftpbounce condition"); char *c = NULL; - uint16_t i = 0; + uint32_t i = 0; int octet = 0; int octet_ascii_len = 0; int noctet = 0; diff --git a/src/detect-http2.c b/src/detect-http2.c index 5e4a41724b..e0682e05b1 100644 --- a/src/detect-http2.c +++ b/src/detect-http2.c @@ -266,14 +266,14 @@ static int DetectHTTP2frametypeMatch(DetectEngineThreadCtx *det_ctx, static int DetectHTTP2FuncParseFrameType(const char *str, uint8_t *ft) { // first parse numeric value - if (ByteExtractStringUint8(ft, 10, strlen(str), str) >= 0) { + if (ByteExtractStringUint8(ft, 10, (uint16_t)strlen(str), str) >= 0) { return 1; } // it it failed so far, parse string value from enumeration int r = rs_http2_parse_frametype(str); - if (r >= 0) { - *ft = r; + if (r >= 0 && r <= UINT8_MAX) { + *ft = (uint8_t)r; return 1; } @@ -352,7 +352,7 @@ static int DetectHTTP2errorcodeMatch(DetectEngineThreadCtx *det_ctx, static int DetectHTTP2FuncParseErrorCode(const char *str, uint32_t *ec) { // first parse numeric value - if (ByteExtractStringUint32(ec, 10, strlen(str), str) >= 0) { + if (ByteExtractStringUint32(ec, 10, (uint16_t)strlen(str), str) >= 0) { return 1; } @@ -433,7 +433,7 @@ static int DetectHTTP2priorityMatch(DetectEngineThreadCtx *det_ctx, int value = rs_http2_tx_get_next_priority(txv, flags, nb); const DetectU8Data *du8 = (const DetectU8Data *)ctx; while (value >= 0) { - if (DetectU8Match(value, du8)) { + if (DetectU8Match((uint8_t)value, du8)) { return 1; } nb++; diff --git a/src/detect-id.c b/src/detect-id.c index 8005560e83..bdf0ef5a69 100644 --- a/src/detect-id.c +++ b/src/detect-id.c @@ -122,7 +122,7 @@ static int DetectIdMatch (DetectEngineThreadCtx *det_ctx, Packet *p, */ static DetectIdData *DetectIdParse (const char *idstr) { - uint32_t temp; + uint16_t temp; DetectIdData *id_d = NULL; int ret = 0, res = 0; size_t pcre2len; @@ -154,8 +154,7 @@ static DetectIdData *DetectIdParse (const char *idstr) } /* ok, fill the id data */ - if (StringParseU32RangeCheck(&temp, 10, 0, (const char *)tmp_str, - DETECT_IPID_MIN, DETECT_IPID_MAX) < 0) { + if (StringParseUint16(&temp, 10, 0, (const char *)tmp_str) < 0) { SCLogError(SC_ERR_INVALID_VALUE, "invalid id option '%s'", tmp_str); return NULL; } diff --git a/src/detect-ipproto.c b/src/detect-ipproto.c index 09cbfe8790..f8174194de 100644 --- a/src/detect-ipproto.c +++ b/src/detect-ipproto.c @@ -241,7 +241,7 @@ static int DetectIPProtoSetup(DetectEngineCtx *de_ctx, Signature *s, const char goto error; } if (!lt_set && !not_set) { - s->proto.proto[data->proto / 8] = 0xfe << (data->proto % 8); + s->proto.proto[data->proto / 8] = (uint8_t)(0xfe << (data->proto % 8)); for (i = (data->proto / 8) + 1; i < (256 / 8); i++) { s->proto.proto[i] = 0xff; } @@ -319,7 +319,7 @@ static int DetectIPProtoSetup(DetectEngineCtx *de_ctx, Signature *s, const char for (i = 0; i < (data->proto / 8); i++) { s->proto.proto[i] = 0xff; } - s->proto.proto[data->proto / 8] = ~(0xff << (data->proto % 8)); + s->proto.proto[data->proto / 8] = (uint8_t)(~(0xff << (data->proto % 8))); } else if (gt_set && !not_set) { SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH]; while (temp_sm != NULL) { @@ -394,7 +394,7 @@ static int DetectIPProtoSetup(DetectEngineCtx *de_ctx, Signature *s, const char for (i = 0; i < (data->proto / 8); i++) { s->proto.proto[i] = 0xff; } - s->proto.proto[data->proto / 8] = ~(1 << (data->proto % 8)); + s->proto.proto[data->proto / 8] = (uint8_t)(~(1 << (data->proto % 8))); for (i = (data->proto / 8) + 1; i < (256 / 8); i++) { s->proto.proto[i] = 0xff; } diff --git a/src/detect-metadata.c b/src/detect-metadata.c index eec83ab30d..c311c1a155 100644 --- a/src/detect-metadata.c +++ b/src/detect-metadata.c @@ -85,7 +85,8 @@ void DetectMetadataHashFree(DetectEngineCtx *de_ctx) static const char *DetectMedatataHashAdd(DetectEngineCtx *de_ctx, const char *string) { - const char * hstring = (char *)HashTableLookup(de_ctx->metadata_table, (void *)string, strlen(string)); + const char *hstring = (char *)HashTableLookup( + de_ctx->metadata_table, (void *)string, (uint16_t)strlen(string)); if (hstring) { return hstring; } @@ -95,8 +96,9 @@ static const char *DetectMedatataHashAdd(DetectEngineCtx *de_ctx, const char *st return NULL; } - if (HashTableAdd(de_ctx->metadata_table, (void *)astring, strlen(astring)) == 0) { - return (char *)HashTableLookup(de_ctx->metadata_table, (void *)astring, strlen(astring)); + if (HashTableAdd(de_ctx->metadata_table, (void *)astring, (uint16_t)strlen(astring)) == 0) { + return (char *)HashTableLookup( + de_ctx->metadata_table, (void *)astring, (uint16_t)strlen(astring)); } else { SCFree((void *)astring); } diff --git a/src/detect-pcre.c b/src/detect-pcre.c index d7df02b367..8a15defabf 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -181,7 +181,7 @@ int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, const Signature *s, SCEnter(); int ret = 0; const uint8_t *ptr = NULL; - uint16_t len = 0; + uint32_t len = 0; PCRE2_SIZE capture_len = 0; DetectPcreData *pe = (DetectPcreData *)smd->ctx; @@ -273,20 +273,17 @@ int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, const Signature *s, memcpy(str_ptr2, pcre2_str_ptr2, capture_len); pcre2_substring_free((PCRE2_UCHAR8 *)pcre2_str_ptr2); - (void)DetectVarStoreMatchKeyValue(det_ctx, - (uint8_t *)str_ptr, key_len, - (uint8_t *)str_ptr2, capture_len, + (void)DetectVarStoreMatchKeyValue(det_ctx, (uint8_t *)str_ptr, key_len, + (uint8_t *)str_ptr2, (uint16_t)capture_len, DETECT_VAR_TYPE_PKT_POSTMATCH); } else if (pe->captypes[x] == VAR_TYPE_PKT_VAR) { - (void)DetectVarStoreMatch(det_ctx, pe->capids[x], - (uint8_t *)str_ptr, capture_len, - DETECT_VAR_TYPE_PKT_POSTMATCH); + (void)DetectVarStoreMatch(det_ctx, pe->capids[x], (uint8_t *)str_ptr, + (uint16_t)capture_len, DETECT_VAR_TYPE_PKT_POSTMATCH); } else if (pe->captypes[x] == VAR_TYPE_FLOW_VAR && f != NULL) { - (void)DetectVarStoreMatch(det_ctx, pe->capids[x], - (uint8_t *)str_ptr, capture_len, - DETECT_VAR_TYPE_FLOW_POSTMATCH); + (void)DetectVarStoreMatch(det_ctx, pe->capids[x], (uint8_t *)str_ptr, + (uint16_t)capture_len, DETECT_VAR_TYPE_FLOW_POSTMATCH); } else { BUG_ON(1); // Impossible captype SCFree(str_ptr); diff --git a/src/detect-pktvar.h b/src/detect-pktvar.h index e6e5211dd6..ecd0243904 100644 --- a/src/detect-pktvar.h +++ b/src/detect-pktvar.h @@ -26,7 +26,7 @@ typedef struct DetectPktvarData_ { uint32_t id; - uint8_t content_len; + uint16_t content_len; uint8_t flags; uint8_t *content; } DetectPktvarData; diff --git a/src/detect-ssh-proto-version.c b/src/detect-ssh-proto-version.c index 98fe82d30b..d1e9eda845 100644 --- a/src/detect-ssh-proto-version.c +++ b/src/detect-ssh-proto-version.c @@ -200,7 +200,7 @@ static DetectSshVersionData *DetectSshVersionParse (DetectEngineCtx *de_ctx, con pcre2_substring_free((PCRE2_UCHAR *)str_ptr); goto error; } - ssh->len = strlen((char *) ssh->ver); + ssh->len = (uint16_t)strlen((char *)ssh->ver); pcre2_substring_free((PCRE2_UCHAR *)str_ptr); SCLogDebug("will look for ssh %s", ssh->ver); diff --git a/src/detect-ssh-software-version.c b/src/detect-ssh-software-version.c index 653b8c3f30..da6708fe72 100644 --- a/src/detect-ssh-software-version.c +++ b/src/detect-ssh-software-version.c @@ -193,7 +193,7 @@ static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (DetectEngine } pcre2_substring_free((PCRE2_UCHAR *)str_ptr); - ssh->len = strlen((char *)ssh->software_ver); + ssh->len = (uint16_t)strlen((char *)ssh->software_ver); SCLogDebug("will look for ssh %s", ssh->software_ver); } diff --git a/src/detect-ssl-version.c b/src/detect-ssl-version.c index efcd09dee5..6eb0af27e6 100644 --- a/src/detect-ssl-version.c +++ b/src/detect-ssl-version.c @@ -177,7 +177,7 @@ static int DetectSslVersionMatch(DetectEngineThreadCtx *det_ctx, struct SSLVersionKeywords { const char *word; int index; - int value; + uint16_t value; }; struct SSLVersionKeywords ssl_version_keywords[TLS_SIZE] = { diff --git a/src/detect-tag.h b/src/detect-tag.h index 6774f49549..6db80e4096 100644 --- a/src/detect-tag.h +++ b/src/detect-tag.h @@ -66,7 +66,7 @@ typedef struct DetectTagData_ { uint8_t type; /**< tag type */ uint8_t direction; /**< host direction */ uint32_t count; /**< count */ - uint32_t metric; /**< metric */ + uint8_t metric; /**< metric */ } DetectTagData; /** This is the installed data at the session/global or host table */ diff --git a/src/detect-transform-urldecode.c b/src/detect-transform-urldecode.c index 526561f2f9..70717aac73 100644 --- a/src/detect-transform-urldecode.c +++ b/src/detect-transform-urldecode.c @@ -86,7 +86,9 @@ static bool BufferUrlDecode(const uint8_t *input, const uint32_t input_len, uint if (i + 2 < input_len) { if ((isxdigit(input[i+1])) && (isxdigit(input[i+2]))) { // Decode %HH encoding. - *oi = (input[i+1] >= 'A' ? ((input[i+1] & 0xdf) - 'A') + 10 : (input[i+1] - '0')) << 4; + *oi = (uint8_t)((input[i + 1] >= 'A' ? ((input[i + 1] & 0xdf) - 'A') + 10 + : (input[i + 1] - '0')) + << 4); *oi |= (input[i+2] >= 'A' ? ((input[i+2] & 0xdf) - 'A') + 10 : (input[i+2] - '0')); oi++; // one more increment before looping diff --git a/src/detect-transform-xor.c b/src/detect-transform-xor.c index 7fbae5239b..7fbf7fb3cd 100644 --- a/src/detect-transform-xor.c +++ b/src/detect-transform-xor.c @@ -96,7 +96,7 @@ static int DetectTransformXorSetup(DetectEngineCtx *de_ctx, Signature *s, const DetectTransformXorFree(de_ctx, pxd); SCReturnInt(-1); } - pxd->length = keylen / 2; + pxd->length = (uint8_t)(keylen / 2); pxd->key = SCMalloc(keylen / 2); if (pxd->key == NULL) { SCLogError(SC_ERR_MEM_ALLOC, "memory allocation failed"); @@ -105,9 +105,9 @@ static int DetectTransformXorSetup(DetectEngineCtx *de_ctx, Signature *s, const } for (size_t i = 0; i < keylen / 2; i++) { if ((isxdigit(optstr[2 * i])) && (isxdigit(optstr[2 * i + 1]))) { - pxd->key[i] = (optstr[2 * i] >= 'A' ? ((optstr[2 * i] & 0xdf) - 'A') + 10 - : (optstr[2 * i] - '0')) - << 4; + pxd->key[i] = (uint8_t)((optstr[2 * i] >= 'A' ? ((optstr[2 * i] & 0xdf) - 'A') + 10 + : (optstr[2 * i] - '0')) + << 4); pxd->key[i] |= (optstr[2 * i + 1] >= 'A' ? ((optstr[2 * i + 1] & 0xdf) - 'A') + 10 : (optstr[2 * i + 1] - '0')); } else { diff --git a/src/detect-urilen.c b/src/detect-urilen.c index ba44ef66ed..202fbb0585 100644 --- a/src/detect-urilen.c +++ b/src/detect-urilen.c @@ -175,7 +175,7 @@ static DetectUrilenData *DetectUrilenParse (const char *urilenstr) } /** set the first urilen value */ - if (StringParseUint16(&urilend->urilen1,10,strlen(arg2),arg2) <= 0){ + if (StringParseUint16(&urilend->urilen1, 10, (uint16_t)strlen(arg2), arg2) <= 0) { SCLogError(SC_ERR_INVALID_ARGUMENT,"Invalid size :\"%s\"",arg2); goto error; } @@ -188,8 +188,7 @@ static DetectUrilenData *DetectUrilenParse (const char *urilenstr) goto error; } - if(StringParseUint16(&urilend->urilen2,10,strlen(arg4),arg4) <= 0) - { + if (StringParseUint16(&urilend->urilen2, 10, (uint16_t)strlen(arg4), arg4) <= 0) { SCLogError(SC_ERR_INVALID_ARGUMENT,"Invalid size :\"%s\"",arg4); goto error; } diff --git a/src/detect.c b/src/detect.c index fdc2bd7c5b..71ee309bb0 100644 --- a/src/detect.c +++ b/src/detect.c @@ -369,15 +369,14 @@ static inline void DetectPrefilterMergeSort(DetectEngineCtx *de_ctx, /** \internal * \brief build non-prefilter list based on the rule group list we've set. */ -static inline void -DetectPrefilterBuildNonPrefilterList(DetectEngineThreadCtx *det_ctx, - const SignatureMask mask, const uint8_t alproto) +static inline void DetectPrefilterBuildNonPrefilterList( + DetectEngineThreadCtx *det_ctx, const SignatureMask mask, const AppProto alproto) { for (uint32_t x = 0; x < det_ctx->non_pf_store_cnt; x++) { /* only if the mask matches this rule can possibly match, * so build the non_mpm array only for match candidates */ const SignatureMask rule_mask = det_ctx->non_pf_store_ptr[x].mask; - const uint8_t rule_alproto = det_ctx->non_pf_store_ptr[x].alproto; + const AppProto rule_alproto = det_ctx->non_pf_store_ptr[x].alproto; if ((rule_mask & mask) == rule_mask && (rule_alproto == 0 || AppProtoEquals(rule_alproto, alproto))) { det_ctx->non_pf_id_array[det_ctx->non_pf_id_cnt++] = det_ctx->non_pf_store_ptr[x].id; @@ -1070,7 +1069,7 @@ static bool DetectRunTxInspectRule(ThreadVars *tv, const int direction = (flow_flags & STREAM_TOSERVER) ? 0 : 1; uint32_t inspect_flags = stored_flags ? *stored_flags : 0; int total_matches = 0; - int file_no_match = 0; + uint16_t file_no_match = 0; bool retval = false; bool mpm_before_progress = false; // is mpm engine before progress? bool mpm_in_progress = false; // is mpm engine in a buffer we will revisit? @@ -1150,7 +1149,8 @@ static bool DetectRunTxInspectRule(ThreadVars *tv, TRACE_SID_TXS(s->id, tx, "engine %p match %d", engine, match); if (engine->stream) { can->stream_stored = true; - can->stream_result = match; + // TODO change Callback prototype ? + can->stream_result = (uint8_t)match; TRACE_SID_TXS(s->id, tx, "stream ran, store result %d for next tx (if any)", match); } } diff --git a/src/detect.h b/src/detect.h index 37f40b9d6b..b01c6edf91 100644 --- a/src/detect.h +++ b/src/detect.h @@ -843,7 +843,7 @@ typedef struct DetectEngineCtx_ { DetectEngineIPOnlyCtx io_ctx; ThresholdCtx ths_ctx; - uint16_t mpm_matcher; /**< mpm matcher this ctx uses */ + uint8_t mpm_matcher; /**< mpm matcher this ctx uses */ uint16_t spm_matcher; /**< spm matcher this ctx uses */ /* spm thread context prototype, built as spm matchers are constructed and @@ -1021,7 +1021,7 @@ typedef struct HttpReassembledBody_ { typedef struct SignatureNonPrefilterStore_ { SigIntId id; SignatureMask mask; - uint8_t alproto; + AppProto alproto; } SignatureNonPrefilterStore; /** array of TX inspect rule candidates */ -- 2.47.2