byte-extract: switch to pcre_copy_substring

Fixes memory leaks (str_ptr was never freed).
Fixes cppcheck warning:
    [src/detect-byte-extract.c:268]: (error) Uninitialized variable: str_ptr

Bug #1046.

diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c
index d5976992a4da16d85dae95b81f716237f652b99e..8d0c1bffac77cb29dab517f65ba6d5c577c9dd1f 100644 (file)
--- a/src/detect-byte-extract.c
+++ b/src/detect-byte-extract.c
@@ -245,7 +245,6 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg)
 #define MAX_SUBSTRINGS 100
     int ret = 0, res = 0;
     int ov[MAX_SUBSTRINGS];
-    char *str_ptr;
     int i = 0;
 
     ret = pcre_exec(parse_regex, parse_regex_study, arg,
@@ -264,24 +263,26 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg)
     memset(bed, 0, sizeof(DetectByteExtractData));
 
     /* no of bytes to extract */
-    res = pcre_get_substring((char *)arg, ov,
-                             MAX_SUBSTRINGS, 1, (const char **)&str_ptr);
+    char nbytes_str[64] = "";
+    res = pcre_copy_substring((char *)arg, ov,
+                             MAX_SUBSTRINGS, 1, nbytes_str, sizeof(nbytes_str));
     if (res < 0) {
-        SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed "
+        SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
                    "for arg 1 for byte_extract");
         goto error;
     }
-    bed->nbytes = atoi(str_ptr);
+    bed->nbytes = atoi(nbytes_str);
 
     /* offset */
-    res = pcre_get_substring((char *)arg, ov,
-                             MAX_SUBSTRINGS, 2, (const char **)&str_ptr);
+    char offset_str[64] = "";
+    res = pcre_copy_substring((char *)arg, ov,
+                             MAX_SUBSTRINGS, 2, offset_str, sizeof(offset_str));
     if (res < 0) {
-        SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed "
+        SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
                    "for arg 2 for byte_extract");
         goto error;
     }
-    int offset = atoi(str_ptr);
+    int offset = atoi(offset_str);
     if (offset < -65535 || offset > 65535) {
         SCLogError(SC_ERR_INVALID_SIGNATURE, "byte_extract offset invalid - %d.  "
                    "The right offset range is -65535 to 65535", offset);
@@ -290,35 +291,37 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg)
     bed->offset = offset;
 
     /* var name */
-    res = pcre_get_substring((char *)arg, ov,
-                             MAX_SUBSTRINGS, 3, (const char **)&str_ptr);
+    char varname_str[256] = "";
+    res = pcre_copy_substring((char *)arg, ov,
+                             MAX_SUBSTRINGS, 3, varname_str, sizeof(varname_str));
     if (res < 0) {
-        SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed "
+        SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
                    "for arg 3 for byte_extract");
         goto error;
     }
-    bed->name = SCStrdup(str_ptr);
+    bed->name = SCStrdup(varname_str);
     if (bed->name == NULL)
         goto error;
 
     /* check out other optional args */
     for (i = 4; i < ret; i++) {
-        res = pcre_get_substring((char *)arg, ov,
-                                 MAX_SUBSTRINGS, i, (const char **)&str_ptr);
+        char opt_str[64] = "";
+        res = pcre_copy_substring((char *)arg, ov,
+                                 MAX_SUBSTRINGS, i, opt_str, sizeof(opt_str));
         if (res < 0) {
-            SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed "
+            SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
                        "for arg %d for byte_extract", i);
             goto error;
         }
 
-        if (strcmp("relative", str_ptr) == 0) {
+        if (strcmp("relative", opt_str) == 0) {
             if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
                 SCLogError(SC_ERR_INVALID_SIGNATURE, "relative specified more "
                            "than once for byte_extract");
                 goto error;
             }
             bed->flags |= DETECT_BYTE_EXTRACT_FLAG_RELATIVE;
-        } else if (strcmp("multiplier", str_ptr) == 0) {
+        } else if (strcmp("multiplier", opt_str) == 0) {
             if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER) {
                 SCLogError(SC_ERR_INVALID_SIGNATURE, "multiplier specified more "
                            "than once for byte_extract");
@@ -326,14 +329,16 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg)
             }
             bed->flags |= DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER;
             i++;
-            res = pcre_get_substring((char *)arg, ov,
-                                     MAX_SUBSTRINGS, i, (const char **)&str_ptr);
+
+            char multiplier_str[16] = "";
+            res = pcre_copy_substring((char *)arg, ov,
+                                     MAX_SUBSTRINGS, i, multiplier_str, sizeof(multiplier_str));
             if (res < 0) {
-                SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed "
+                SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
                            "for arg %d for byte_extract", i);
                 goto error;
             }
-            int multiplier = atoi(str_ptr);
+            int multiplier = atoi(multiplier_str);
             if (multiplier < DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT ||
                 multiplier > DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT) {
                 SCLogError(SC_ERR_INVALID_SIGNATURE, "multipiler_value invalid "
@@ -344,7 +349,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg)
                 goto error;
             }
             bed->multiplier_value = multiplier;
-        } else if (strcmp("big", str_ptr) == 0) {
+        } else if (strcmp("big", opt_str) == 0) {
             if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) {
                 SCLogError(SC_ERR_INVALID_SIGNATURE, "endian option specified "
                            "more than once for byte_extract");
@@ -352,7 +357,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg)
             }
             bed->flags |= DETECT_BYTE_EXTRACT_FLAG_ENDIAN;
             bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_BIG;
-        } else if (strcmp("little", str_ptr) == 0) {
+        } else if (strcmp("little", opt_str) == 0) {
             if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) {
                 SCLogError(SC_ERR_INVALID_SIGNATURE, "endian option specified "
                            "more than once for byte_extract");
@@ -360,7 +365,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg)
             }
             bed->flags |= DETECT_BYTE_EXTRACT_FLAG_ENDIAN;
             bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_LITTLE;
-        } else if (strcmp("dce", str_ptr) == 0) {
+        } else if (strcmp("dce", opt_str) == 0) {
             if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) {
                 SCLogError(SC_ERR_INVALID_SIGNATURE, "endian option specified "
                            "more than once for byte_extract");
@@ -368,7 +373,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg)
             }
             bed->flags |= DETECT_BYTE_EXTRACT_FLAG_ENDIAN;
             bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_DCE;
-        } else if (strcmp("string", str_ptr) == 0) {
+        } else if (strcmp("string", opt_str) == 0) {
             if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING) {
                 SCLogError(SC_ERR_INVALID_SIGNATURE, "string specified more "
                            "than once for byte_extract");
@@ -381,7 +386,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg)
                 goto error;
             }
             bed->flags |= DETECT_BYTE_EXTRACT_FLAG_STRING;
-        } else if (strcmp("hex", str_ptr) == 0) {
+        } else if (strcmp("hex", opt_str) == 0) {
             if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING)) {
                 SCLogError(SC_ERR_INVALID_SIGNATURE, "Base(hex) specified "
                            "without specifying string.  The right way is "
@@ -394,7 +399,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg)
                 goto error;
             }
             bed->base = DETECT_BYTE_EXTRACT_BASE_HEX;
-        } else if (strcmp("oct", str_ptr) == 0) {
+        } else if (strcmp("oct", opt_str) == 0) {
             if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING)) {
                 SCLogError(SC_ERR_INVALID_SIGNATURE, "Base(oct) specified "
                            "without specifying string.  The right way is "
@@ -407,7 +412,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg)
                 goto error;
             }
             bed->base = DETECT_BYTE_EXTRACT_BASE_OCT;
-        } else if (strcmp("dec", str_ptr) == 0) {
+        } else if (strcmp("dec", opt_str) == 0) {
             if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING)) {
                 SCLogError(SC_ERR_INVALID_SIGNATURE, "Base(dec) specified "
                            "without specifying string.  The right way is "
@@ -420,7 +425,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg)
                 goto error;
             }
             bed->base = DETECT_BYTE_EXTRACT_BASE_DEC;
-        } else if (strcmp("align", str_ptr) == 0) {
+        } else if (strcmp("align", opt_str) == 0) {
             if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ALIGN) {
                 SCLogError(SC_ERR_INVALID_SIGNATURE, "Align specified more "
                            "than once for byte_extract");
@@ -428,24 +433,26 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg)
             }
             bed->flags |= DETECT_BYTE_EXTRACT_FLAG_ALIGN;
             i++;
-            res = pcre_get_substring((char *)arg, ov,
-                                     MAX_SUBSTRINGS, i, (const char **)&str_ptr);
+
+            char align_str[16] = "";
+            res = pcre_copy_substring((char *)arg, ov,
+                                     MAX_SUBSTRINGS, i, align_str, sizeof(align_str));
             if (res < 0) {
-                SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed "
+                SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed "
                            "for arg %d in byte_extract", i);
                 goto error;
             }
-            bed->align_value = atoi(str_ptr);
+            bed->align_value = atoi(align_str);
             if (!(bed->align_value == 2 || bed->align_value == 4)) {
                 SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid align_value for "
                            "byte_extract - \"%d\"", bed->align_value);
                 goto error;
             }
-        } else if (strcmp("", str_ptr) == 0) {
+        } else if (strcmp("", opt_str) == 0) {
             ;
         } else {
             SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid option - \"%s\" "
-                       "specified in byte_extract", str_ptr);
+                       "specified in byte_extract", opt_str);
             goto error;
         }
     } /* for (i = 4; i < ret; i++) */