Merge pull request #944 in SNORT/snort3 from warnings to master

Squashed commit of the following:

commit 8d2ef5c3a6b8061652e07e5b7609ce43fc5bfbae
Author: Michael Altizer <mialtize@cisco.com>
Date:   Wed Jul 5 20:50:40 2017 -0400

    build: Clean up some ICC 2017 warnings

commit d8dcbf92767750beae88263c7ce527cde8ef1a40
Author: Michael Altizer <mialtize@cisco.com>
Date:   Wed Jul 5 14:50:50 2017 -0400

    utils: Remove inet_ntoax since it doesn't add value over ntoa anymore

commit e930a3b3a8fc7cea965363d89b1f518c9c0d5c31
Author: Michael Altizer <mialtize@cisco.com>
Date:   Tue Jul 4 02:11:49 2017 -0400

    snort2lua: Fix removal of ignore_ports in stream_tcp.small_segments

commit 2c123de0e34458cc0c8f629494ad8e13b57e3486
Author: Michael Altizer <mialtize@cisco.com>
Date:   Tue Jul 4 02:10:20 2017 -0400

    file_decomp_pdf: Fix missing reset in PDF state machine transition

commit 68556c37a4824b41edddfcec5c4e7f6ce2a4d28d
Author: Michael Altizer <mialtize@cisco.com>
Date:   Tue Jul 4 02:09:32 2017 -0400

    snort: Fix leaking instance memory when DAQ configure fails

commit 4a051279a65c9f5e3dfcb170ccfd740f2f6bfd73
Author: Michael Altizer <mialtize@cisco.com>
Date:   Tue Jul 4 01:13:34 2017 -0400

    snort2lua: Fix heap-use-after-free for preprocessors and configs with no arguments

commit 07978c166304d72a5cacea3cb17bea934a7e7faf
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jul 3 20:45:17 2017 -0400

    appid: Fix thread-unsafe sharing of HTTP pattern tables

commit 34dd69e6d2f6c5c141ad4ae316102ccf73dfb11d
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jul 3 20:43:08 2017 -0400

    appid: Fix populating IP addresses in debug session ID

commit 9d5386c7467e278c46602bb564199a3b3de18258
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jul 3 16:10:21 2017 -0400

    build: Clean up some GCC 7 warnings

commit 78e5e904cb0cbfab2dec5e11c76cf0e2ab416154
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jul 3 15:58:34 2017 -0400

    appid/service_ssl: Compatibility update for OpenSSL 1.1.0 API

commit d858f2386b7a3158342f2aa2524a576467bc47ee
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jul 3 15:57:09 2017 -0400

    build: Clean up some cppcheck warnings

diff --git a/extra/src/inspectors/data_log/data_log.cc b/extra/src/inspectors/data_log/data_log.cc
index d9f5cd26c3945b88628c2195ca214f8f99a22669..abe1139a190674dff5d7c503171d8b7cbe4c0593 100644 (file)
--- a/extra/src/inspectors/data_log/data_log.cc
+++ b/extra/src/inspectors/data_log/data_log.cc
@@ -53,7 +53,7 @@ static void dl_tterm()
 class LogHandler : public DataHandler
 {
 public:
-    LogHandler(std::string s)
+    LogHandler(const std::string& s)
     { key = s; }
 
     void handle(DataEvent& e, Flow*);
@@ -85,7 +85,7 @@ void LogHandler::handle(DataEvent& e, Flow* f)
 class DataLog : public Inspector
 {
 public:
-    DataLog(std::string s) { key = s; }
+    DataLog(const std::string& s) { key = s; }
 
     void show(SnortConfig*) override;
     void eval(Packet*) override { }

diff --git a/src/codecs/ip/cd_tcp.cc b/src/codecs/ip/cd_tcp.cc
index ec77ea4747b23692c69611d656d263cd44558316..4dc12fd5f9ccd77ffe2ccd61b2fef677343c7684 100644 (file)
--- a/src/codecs/ip/cd_tcp.cc
+++ b/src/codecs/ip/cd_tcp.cc
@@ -365,7 +365,7 @@ void TcpCodec::DecodeTCPOptions(const uint8_t* start, uint32_t o_len, CodecData&
         case tcp::TcpOptCode::EOL:
             done = true;
             codec.invalid_bytes = o_len - tot_len;
-        /* fall through to the NOP case */
+            /* fallthrough */
         case tcp::TcpOptCode::NOP:
             code = 0;
             break;

diff --git a/src/codecs/ip/checksum.h b/src/codecs/ip/checksum.h
index 8e4afbd614108489ff006a80cf16c41c8283a422..027558743bb71256b76b9af7682e90b03fd4a5bf 100644 (file)
--- a/src/codecs/ip/checksum.h
+++ b/src/codecs/ip/checksum.h
@@ -101,35 +101,35 @@ inline uint16_t cksum_add(const uint16_t* buf, std::size_t len, uint32_t cksum)
         {
         case 0:
             sn = 16;
-            cksum += sp[15];
+            cksum += sp[15];    // fallthrough
         case 15:
-            cksum += sp[14];
+            cksum += sp[14];    // fallthrough
         case 14:
-            cksum += sp[13];
+            cksum += sp[13];    // fallthrough
         case 13:
-            cksum += sp[12];
+            cksum += sp[12];    // fallthrough
         case 12:
-            cksum += sp[11];
+            cksum += sp[11];    // fallthrough
         case 11:
-            cksum += sp[10];
+            cksum += sp[10];    // fallthrough
         case 10:
-            cksum += sp[9];
+            cksum += sp[9];     // fallthrough
         case 9:
-            cksum += sp[8];
+            cksum += sp[8];     // fallthrough
         case 8:
-            cksum  += sp[7];
+            cksum  += sp[7];    // fallthrough
         case 7:
-            cksum += sp[6];
+            cksum += sp[6];     // fallthrough
         case 6:
-            cksum += sp[5];
+            cksum += sp[5];     // fallthrough
         case 5:
-            cksum += sp[4];
+            cksum += sp[4];     // fallthrough
         case 4:
-            cksum += sp[3];
+            cksum += sp[3];     // fallthrough
         case 3:
-            cksum += sp[2];
+            cksum += sp[2];     // fallthrough
         case 2:
-            cksum += sp[1];
+            cksum += sp[1];     // fallthrough
         case 1:
             cksum += sp[0];
         }

diff --git a/src/decompress/file_decomp_pdf.cc b/src/decompress/file_decomp_pdf.cc
index f8a39391b64bdf380a2a4deb2274a1b44f3dbeeb..5489bafeb4a36d135702c0080a53fc1cc9fd2783 100644 (file)
--- a/src/decompress/file_decomp_pdf.cc
+++ b/src/decompress/file_decomp_pdf.cc
@@ -674,6 +674,7 @@ static inline fd_status_t Handle_State_IND_OBJ(fd_session_t* SessionPtr, uint8_t
             if ( TOK_STRM_CLOSE[p->Elem_Index] == '\0' )
             {
                 p->Sub_State = P_ENDOBJ_TOKEN;
+                p->Elem_Index = 0;  // reset for P_ENDOBJ_TOKEN to use
             }
         }
         else

diff --git a/src/flow/flow_key.h b/src/flow/flow_key.h
index 955e2c41c32330e61e4392991b229e7eeb032c01..b61970f74651b211c79e8923ed1bb6e2bb2208bc 100644 (file)
--- a/src/flow/flow_key.h
+++ b/src/flow/flow_key.h
@@ -66,7 +66,7 @@ struct FlowKey
     void init_address_space(uint16_t);
 
     // XXX If this data structure changes size, compare must be updated!
-    static uint32_t hash(SFHASHFCN* p, unsigned char* d, int);
+    static uint32_t hash(SFHASHFCN*, unsigned char* d, int);
     static int compare(const void* s1, const void* s2, size_t);
 
 private:

diff --git a/src/flow/test/ha_test.cc b/src/flow/test/ha_test.cc
index bcec899f1582a092c162e15db6f8a1d5db3121ed..373141a6a5dbdc8065e042ff46f2b144e42198fe 100644 (file)
--- a/src/flow/test/ha_test.cc
+++ b/src/flow/test/ha_test.cc
@@ -175,7 +175,7 @@ Connector::Direction SideChannel::get_direction()
 
 void SideChannel::set_default_port(SCPort) { }
 
-void SideChannel::register_receive_handler(std::function<void (SCMessage*)> handler)
+void SideChannel::register_receive_handler(const std::function<void (SCMessage*)>& handler)
 {
     s_handler = handler;
 }

diff --git a/src/framework/parameter.cc b/src/framework/parameter.cc
index f76d3ff07cc32b05f97ef9a06513c68d67a0912c..99100c9ad8d5fd44888578e984d5658663234fa9 100644 (file)
--- a/src/framework/parameter.cc
+++ b/src/framework/parameter.cc
@@ -359,7 +359,7 @@ bool Parameter::validate(Value& v) const
     case PT_PORT:
         if ( !range )
             return valid_int(v, "0:65535");
-    // if a range was given fall thru
+        // fall through
     case PT_INT:
         return valid_int(v, (const char*)range);
     case PT_REAL:

diff --git a/src/framework/value.cc b/src/framework/value.cc
index 7848b75cd07b598d8a868e11aa58002ea6e9d796..2033aceebe0a86910cbe8eaf31c560eade4ab8e2 100644 (file)
--- a/src/framework/value.cc
+++ b/src/framework/value.cc
@@ -381,7 +381,6 @@ TEST_CASE("token test", "[Value]")
 
 TEST_CASE("get as string", "[Value]")
 {
-    string test_str;
     char * str_val;
     bool bool_val = true;
     double num_val = 6;

diff --git a/src/helpers/process.cc b/src/helpers/process.cc
index db8dd321c8d93e6ee627d5d94789df7ad0c5d2b6..70125fcac647ae84e338a57c8464bc1be76cbb43 100644 (file)
--- a/src/helpers/process.cc
+++ b/src/helpers/process.cc
@@ -291,9 +291,7 @@ void help_signals()
 
 static void snuff_stdio()
 {
-    bool err = false;
-
-    err = close(STDIN_FILENO) != 0;
+    bool err = (close(STDIN_FILENO) != 0);
     err = err or (close(STDOUT_FILENO) != 0);
     err = err or (close(STDERR_FILENO) != 0);
 

diff --git a/src/ips_options/ips_byte_math.cc b/src/ips_options/ips_byte_math.cc
index ca18c54e4658156072c0277edd88e81ac606e589..62767ee1febe14671dc73f2e8e13aa64c473be69 100644 (file)
--- a/src/ips_options/ips_byte_math.cc
+++ b/src/ips_options/ips_byte_math.cc
@@ -429,7 +429,7 @@ static bool ByteMathVerify(ByteMathData* data)
     if ( ((data->oper == BM_LEFT_SHIFT) || (data->oper == BM_RIGHT_SHIFT)) &&
         (data->rvalue > 32))
     {
-        ParseError("Number of bits in rvalue input [%d] should be less than 32 "
+        ParseError("Number of bits in rvalue input [%u] should be less than 32 "
             "bits for operator", data->rvalue);
         return false;
     }

diff --git a/src/ips_options/ips_flags.cc b/src/ips_options/ips_flags.cc
index 9edebab9153ae1433353071cfe2e542e344074bd..00a96e163a7a9de7d8e1fe8665ec8d36a6753460 100644 (file)
--- a/src/ips_options/ips_flags.cc
+++ b/src/ips_options/ips_flags.cc
@@ -82,7 +82,7 @@ uint32_t TcpFlagOption::hash() const
     const TcpFlagCheckData* data = &config;
 
     a = data->mode;
-    b = data->tcp_flags || (data->tcp_mask << 8);
+    b = data->tcp_flags | (data->tcp_mask << 8);
     c = 0;
 
     mix_str(a,b,c,get_name());

diff --git a/src/ips_options/ips_flow.cc b/src/ips_options/ips_flow.cc
index 162a91ffeddcfb9dbe38653c688ff712d940f408..c05ebd67f01c4cdb2cda942ec89f2ebf8e459735 100644 (file)
--- a/src/ips_options/ips_flow.cc
+++ b/src/ips_options/ips_flow.cc
@@ -78,9 +78,9 @@ uint32_t FlowCheckOption::hash() const
     uint32_t a,b,c;
     const FlowCheckData* data = &config;
 
-    a = data->from_server || data->from_client << 16;
-    b = data->ignore_reassembled || data->only_reassembled << 16;
-    c = data->stateless || data->established << 16;
+    a = data->from_server | (data->from_client << 16);
+    b = data->ignore_reassembled | (data->only_reassembled << 16);
+    c = data->stateless | (data->established << 16);
 
     mix(a,b,c);
     mix_str(a,b,c,get_name());

diff --git a/src/log/log_text.cc b/src/log/log_text.cc
index d5d0ed3f64800c97c895b6e0bb7bef70db8a3262..3557638d118b7bd1cc22dfe26f5a7e849e579379 100644 (file)
--- a/src/log/log_text.cc
+++ b/src/log/log_text.cc
@@ -270,8 +270,8 @@ void LogIpAddrs(TextLog* log, Packet* p)
         else
         {
             TextLog_Print(log, ip_fmt,
-                inet_ntoax(p->ptrs.ip_api.get_src(), src),
-                inet_ntoax(p->ptrs.ip_api.get_dst(), dst));
+                sfip_ntop(p->ptrs.ip_api.get_src(), src, sizeof(src)),
+                sfip_ntop(p->ptrs.ip_api.get_dst(), dst, sizeof(dst)));
         }
     }
     else
@@ -292,8 +292,8 @@ void LogIpAddrs(TextLog* log, Packet* p)
         else
         {
             TextLog_Print(log, ip_fmt,
-                inet_ntoax(p->ptrs.ip_api.get_src(), src), p->ptrs.sp,
-                inet_ntoax(p->ptrs.ip_api.get_dst(), dst), p->ptrs.dp);
+                sfip_ntop(p->ptrs.ip_api.get_src(), src, sizeof(src)), p->ptrs.sp,
+                sfip_ntop(p->ptrs.ip_api.get_dst(), dst, sizeof(dst)), p->ptrs.dp);
         }
     }
 }

diff --git a/src/loggers/alert_syslog.cc b/src/loggers/alert_syslog.cc
index 821eed3840a07093aae023253006f19be131998c..24162926bbf946514ec8c3d8f71387825e7f482c 100644 (file)
--- a/src/loggers/alert_syslog.cc
+++ b/src/loggers/alert_syslog.cc
@@ -260,8 +260,8 @@ static void AlertSyslog(
             else
             {
                 SnortSnprintfAppend(event_string, sizeof(event_string), ip_fmt,
-                    inet_ntoax(p->ptrs.ip_api.get_src(), src),
-                    inet_ntoax(p->ptrs.ip_api.get_dst(), dst));
+                    sfip_ntop(p->ptrs.ip_api.get_src(), src, sizeof(src)),
+                    sfip_ntop(p->ptrs.ip_api.get_dst(), dst, sizeof(dst)));
             }
         }
         else
@@ -283,8 +283,8 @@ static void AlertSyslog(
             else
             {
                 SnortSnprintfAppend(event_string, sizeof(event_string), ip_fmt,
-                    inet_ntoax(p->ptrs.ip_api.get_src(), src), p->ptrs.sp,
-                    inet_ntoax(p->ptrs.ip_api.get_dst(), dst), p->ptrs.dp);
+                    sfip_ntop(p->ptrs.ip_api.get_src(), src, sizeof(src)), p->ptrs.sp,
+                    sfip_ntop(p->ptrs.ip_api.get_dst(), dst, sizeof(dst)), p->ptrs.dp);
             }
         }
 

diff --git a/src/main.cc b/src/main.cc
index 299d9bcbe2d89e799c6fdf7a62a458daa3037f84..d99bef1e80cf049339725c05449c69f45968e58d 100644 (file)
--- a/src/main.cc
+++ b/src/main.cc
@@ -71,10 +71,6 @@ static int main_exit_code = 0;
 static bool paused = false;
 static std::queue<AnalyzerCommand*> orphan_commands;
 
-#ifdef SHELL
-static bool shell_enabled = false;
-#endif
-
 static std::mutex poke_mutex;
 static Ring<unsigned>* pig_poke = nullptr;
 
@@ -414,7 +410,6 @@ int main_resume(lua_State* L)
 #ifdef SHELL
 int main_detach(lua_State*)
 {
-    shell_enabled = false;
     current_request->respond("== detaching\n");
     return 0;
 }
@@ -621,7 +616,6 @@ static bool set_mode()
     if ( use_shell(snort_conf) )
     {
         LogMessage("Entering command shell\n");
-        shell_enabled = true;
         ControlMgmt::add_control(STDOUT_FILENO, true);
     }
 #endif

diff --git a/src/main/snort.cc b/src/main/snort.cc
index f83c50cf74604ffb59edde45400f09207cf20728..d9cb48a71f04356b092157fda48d6f2abe67d09b 100644 (file)
--- a/src/main/snort.cc
+++ b/src/main/snort.cc
@@ -679,7 +679,11 @@ bool Snort::thread_init_privileged(const char* intf)
     SFDAQInstance *daq_instance = new SFDAQInstance(intf);
     SFDAQ::set_local_instance(daq_instance);
     if (!daq_instance->configure(snort_conf))
+    {
+        SFDAQ::set_local_instance(nullptr);
+        delete daq_instance;
         return false;
+    }
 
     return true;
 }

diff --git a/src/main/snort_debug.cc b/src/main/snort_debug.cc
index 44197695a809da78c89d8f5f626f79b9b6bf22b7..325e61b05a5d9f5ea8e5af8c8b057acdb3bb6707 100644 (file)
--- a/src/main/snort_debug.cc
+++ b/src/main/snort_debug.cc
@@ -169,8 +169,6 @@ static int test_fputs(const char* str, FILE*)
 
 TEST_CASE("macros", "[trace]")
 {
-    const Trace my_flags = TRACE_SECTION_1 | TRACE_SECTION_2 | TRACE_SECTION_3;
-
     TestCase cases[] =
     {
         {

diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc
index 2c1dd7da0bb4d860b67bc611b76ebf1d98b7bb28..03db03479bb7075f5e5e086b380167d4be3729bb 100644 (file)
--- a/src/network_inspectors/appid/appid_discovery.cc
+++ b/src/network_inspectors/appid/appid_discovery.cc
@@ -735,14 +735,14 @@ void AppIdDiscovery::do_application_discovery(Packet* p)
         case IpProtocol::TCP:
             if (asd->get_session_flags(APPID_SESSION_SYN_RST)) // TCP-specific exception
                 break;
-        // fall through to next test
+            // fallthrough
         case IpProtocol::UDP:
             // Both TCP and UDP need this test to be made
             //  against only the p->src_port of the response.
             // For all other cases the port parameter is never checked.
             if (direction != APP_ID_FROM_RESPONDER)
                 break;
-        // fall through to all other cases
+            // fallthrough
         // All protocols other than TCP and UDP come straight here.
         default:
         {

diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc
index 5eac558e6d70502a4ed97665aaccb0973a1ba046..e0728196cec191aa88821aa55310d04197f4f9f6 100644 (file)
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -91,12 +91,17 @@ void AppIdSession::set_session_logging_state(const Packet* pkt, int direction)
     }
 
     if (session_logging_enabled)
+    {
+        char src_ip_str[INET6_ADDRSTRLEN], dst_ip_str[INET6_ADDRSTRLEN];
+
+        pkt->ptrs.ip_api.get_src()->ntop(src_ip_str, sizeof(src_ip_str));
+        pkt->ptrs.ip_api.get_dst()->ntop(dst_ip_str, sizeof(dst_ip_str));
         snprintf(session_logging_id, MAX_SESSION_LOGGING_ID_LEN,
             "%s-%hu -> %s-%hu %u%s AS %u I %u",
-            pkt->ptrs.ip_api.get_src()->ntoa(), pkt->ptrs.sp,
-            pkt->ptrs.ip_api.get_dst()->ntoa(), pkt->ptrs.dp,
+            src_ip_str, pkt->ptrs.sp, dst_ip_str, pkt->ptrs.dp,
             (unsigned)pkt->ptrs.type, (direction == APP_ID_FROM_INITIATOR) ? "" : " R",
             (unsigned)pkt->pkth->address_space_id, get_instance_id());
+    }
 }
 
 AppIdSession* AppIdSession::allocate_session(const Packet* p, IpProtocol proto, int direction)

diff --git a/src/network_inspectors/appid/appid_stats.cc b/src/network_inspectors/appid/appid_stats.cc
index 1bdd27bd91a545cca0a9f2cff1ee8cb6751488d0..1d217599ba96a49cc67052d6c6beb1fdfbb4bd47 100644 (file)
--- a/src/network_inspectors/appid/appid_stats.cc
+++ b/src/network_inspectors/appid/appid_stats.cc
@@ -352,7 +352,7 @@ static void update_stats(AppIdSession* asd, AppId app_id, StatsBucket* bucket)
         }
         else
         {
-            WarningMessage("Error saving statistics record for app id: %u", app_id);
+            WarningMessage("Error saving statistics record for app id: %d", app_id);
             snort_free(record);
             record = nullptr;
         }

diff --git a/src/network_inspectors/appid/client_plugins/client_app_ssh.cc b/src/network_inspectors/appid/client_plugins/client_app_ssh.cc
index 6f242d73c0792228efb63026064928f096cd20d0..46c76cd4c036c25667e2bfb97a872f9b310b38df 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_ssh.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_ssh.cc
@@ -337,7 +337,7 @@ static inline int ssh_client_validate_pubkey(uint16_t offset, const uint8_t* dat
             else
                 fd->plen = 0;
             fd->oldhstate = SSH1_HEADER_FIND_CODE;
-        //  Fall through to SSH1_HEADER_FIND_CODE state.
+            // fallthrough
         case SSH1_HEADER_FIND_CODE:
             if (fd->pos == fd->plen + sizeof(ckx->len))
             {

diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.cc b/src/network_inspectors/appid/client_plugins/client_discovery.cc
index cce498342495a606460f721319c5a5f38e0f0730..c58059d1526ac1047e7c1dc270ac947df0d1a494 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_discovery.cc
+++ b/src/network_inspectors/appid/client_plugins/client_discovery.cc
@@ -164,7 +164,7 @@ static int pattern_match(void* id, void* /*unused_tree*/, int match_end_pos, voi
 
 static const ClientDetector* get_next_detector(ClientAppMatch** match_list)
 {
-    ClientAppMatch* curr = nullptr;
+    ClientAppMatch* curr;
     ClientAppMatch* prev = nullptr;
     ClientAppMatch* max_curr = nullptr;
     ClientAppMatch* max_prev = nullptr;

diff --git a/src/network_inspectors/appid/detector_plugins/detector_imap.cc b/src/network_inspectors/appid/detector_plugins/detector_imap.cc
index a2a36df7c0e5a4f6790ec25ad9c93df82c5d25d9..1ebce6fd3baacae1597d33acb7a4313dc1dec7c9 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_imap.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_imap.cc
@@ -621,7 +621,7 @@ int ImapClientDetector::validate(AppIdDiscoveryArgs& args)
             ;
 
         /*s is now at command beginning */
-        if ((length = (end - s)) <= 0)
+        if (s >= end)
         {
             dd->need_continue = 0;
             args.asd->set_client_detected();
@@ -630,6 +630,7 @@ int ImapClientDetector::validate(AppIdDiscoveryArgs& args)
         }
         cmd = nullptr;
         pattern_index = num_imap_client_patterns;
+        length = end - s;
         cmd_matcher->find_all((char*)s, (length > longest_pattern ? longest_pattern : length),
             &pattern_match, false, (void*)&pattern_index);
 

diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.cc b/src/network_inspectors/appid/detector_plugins/detector_sip.cc
index cb634b9731e10d6e837a5bb722427a29e2bc668a..560b23f33f0cbd78a9c6279ea2730e1992dd40cb 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_sip.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_sip.cc
@@ -78,7 +78,6 @@ struct ClientSIPData
 
 struct DetectorSipConfig
 {
-    bool enabled;
     void* sip_ua_matcher;
     DetectorAppSipPattern* sip_ua_list;
     void* sip_server_matcher;

diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc
index edf614aefd2de1338be88481ab00005434868f82..6c66bf68921a6e545a117c8e542d671f53df64e6 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc
+++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc
@@ -147,121 +147,121 @@ struct MatchedPatterns
     MatchedPatterns* next;
 };
 
-static DetectorHTTPPatterns content_type_patterns =
+static DetectorHTTPPatterns static_content_type_patterns =
 {
     { SINGLE, 0, APP_ID_QUICKTIME, 0,
-        APP_ID_QUICKTIME, sizeof(QUICKTIME_BANNER)-1, (uint8_t*)QUICKTIME_BANNER, false },
+        APP_ID_QUICKTIME, sizeof(QUICKTIME_BANNER)-1, (uint8_t*)QUICKTIME_BANNER },
     { SINGLE, 0, APP_ID_MPEG, 0,
-        APP_ID_MPEG, sizeof(MPEG_BANNER)-1, (uint8_t*)MPEG_BANNER, false },
+        APP_ID_MPEG, sizeof(MPEG_BANNER)-1, (uint8_t*)MPEG_BANNER },
     { SINGLE, 0, APP_ID_MPEG, 0,
-        APP_ID_MPEG, sizeof(MPA_BANNER)-1, (uint8_t*)MPA_BANNER, false },
+        APP_ID_MPEG, sizeof(MPA_BANNER)-1, (uint8_t*)MPA_BANNER },
     { SINGLE, 0, APP_ID_MPEG, 0,
-        APP_ID_MPEG, sizeof(MP4A_BANNER)-1, (uint8_t*)MP4A_BANNER, false },
+        APP_ID_MPEG, sizeof(MP4A_BANNER)-1, (uint8_t*)MP4A_BANNER },
     { SINGLE, 0, APP_ID_MPEG, 0,
-        APP_ID_MPEG, sizeof(ROBUST_MPA_BANNER)-1, (uint8_t*)ROBUST_MPA_BANNER, false },
+        APP_ID_MPEG, sizeof(ROBUST_MPA_BANNER)-1, (uint8_t*)ROBUST_MPA_BANNER },
     { SINGLE, 0, APP_ID_MPEG, 0,
-        APP_ID_MPEG, sizeof(XSCPLS_BANNER)-1, (uint8_t*)XSCPLS_BANNER, false },
+        APP_ID_MPEG, sizeof(XSCPLS_BANNER)-1, (uint8_t*)XSCPLS_BANNER },
     { SINGLE, 0, APP_ID_SHOCKWAVE, 0,
-        APP_ID_SHOCKWAVE, sizeof(SHOCKWAVE_BANNER)-1, (uint8_t*)SHOCKWAVE_BANNER, false },
+        APP_ID_SHOCKWAVE, sizeof(SHOCKWAVE_BANNER)-1, (uint8_t*)SHOCKWAVE_BANNER },
     { SINGLE, 0, APP_ID_RSS, 0,
-        APP_ID_RSS, sizeof(RSS_BANNER)-1, (uint8_t*)RSS_BANNER, false },
+        APP_ID_RSS, sizeof(RSS_BANNER)-1, (uint8_t*)RSS_BANNER },
     { SINGLE, 0, APP_ID_ATOM, 0,
-        APP_ID_ATOM, sizeof(ATOM_BANNER)-1, (uint8_t*)ATOM_BANNER, false },
+        APP_ID_ATOM, sizeof(ATOM_BANNER)-1, (uint8_t*)ATOM_BANNER },
     { SINGLE, 0, APP_ID_MP4, 0,
-        APP_ID_MP4, sizeof(MP4_BANNER)-1, (uint8_t*)MP4_BANNER, false },
+        APP_ID_MP4, sizeof(MP4_BANNER)-1, (uint8_t*)MP4_BANNER },
     { SINGLE, 0, APP_ID_WMV, 0,
-        APP_ID_WMV, sizeof(WMV_BANNER)-1, (uint8_t*)WMV_BANNER, false },
+        APP_ID_WMV, sizeof(WMV_BANNER)-1, (uint8_t*)WMV_BANNER },
     { SINGLE, 0, APP_ID_WMA, 0,
-        APP_ID_WMA, sizeof(WMA_BANNER)-1, (uint8_t*)WMA_BANNER, false },
+        APP_ID_WMA, sizeof(WMA_BANNER)-1, (uint8_t*)WMA_BANNER },
     { SINGLE, 0, APP_ID_WAV, 0,
-        APP_ID_WAV, sizeof(WAV_BANNER)-1, (uint8_t*)WAV_BANNER, false },
+        APP_ID_WAV, sizeof(WAV_BANNER)-1, (uint8_t*)WAV_BANNER },
     { SINGLE, 0, APP_ID_WAV, 0,
-        APP_ID_WAV, sizeof(X_WAV_BANNER)-1, (uint8_t*)X_WAV_BANNER, false },
+        APP_ID_WAV, sizeof(X_WAV_BANNER)-1, (uint8_t*)X_WAV_BANNER },
     { SINGLE, 0, APP_ID_WAV, 0,
-        APP_ID_WAV, sizeof(VND_WAV_BANNER)-1, (uint8_t*)VND_WAV_BANNER, false },
+        APP_ID_WAV, sizeof(VND_WAV_BANNER)-1, (uint8_t*)VND_WAV_BANNER },
     { SINGLE, 0, APP_ID_FLASH_VIDEO, 0,
-        APP_ID_FLASH_VIDEO, sizeof(FLV_BANNER)-1, (uint8_t*)FLV_BANNER, false },
+        APP_ID_FLASH_VIDEO, sizeof(FLV_BANNER)-1, (uint8_t*)FLV_BANNER },
     { SINGLE, 0, APP_ID_FLASH_VIDEO, 0,
-        APP_ID_FLASH_VIDEO, sizeof(M4V_BANNER)-1, (uint8_t*)M4V_BANNER, false },
+        APP_ID_FLASH_VIDEO, sizeof(M4V_BANNER)-1, (uint8_t*)M4V_BANNER },
     { SINGLE, 0, APP_ID_FLASH_VIDEO, 0,
-        APP_ID_FLASH_VIDEO, sizeof(GPP_BANNER)-1, (uint8_t*)GPP_BANNER, false },
+        APP_ID_FLASH_VIDEO, sizeof(GPP_BANNER)-1, (uint8_t*)GPP_BANNER },
     { SINGLE, 0, APP_ID_GENERIC, 0,
-        APP_ID_GENERIC, sizeof(VIDEO_BANNER)-1, (uint8_t*)VIDEO_BANNER, false },
+        APP_ID_GENERIC, sizeof(VIDEO_BANNER)-1, (uint8_t*)VIDEO_BANNER },
     { SINGLE, 0, APP_ID_GENERIC, 0,
-        APP_ID_GENERIC, sizeof(AUDIO_BANNER)-1, (uint8_t*)AUDIO_BANNER, false },
+        APP_ID_GENERIC, sizeof(AUDIO_BANNER)-1, (uint8_t*)AUDIO_BANNER },
 };
 
-static DetectorHTTPPatterns via_http_detector_patterns =
+static DetectorHTTPPatterns static_via_http_detector_patterns =
 {
-    { SINGLE, APP_ID_SQUID, 0, 0, APP_ID_SQUID, SQUID_PATTERN_SIZE, (uint8_t*)SQUID_PATTERN, false },
+    { SINGLE, APP_ID_SQUID, 0, 0, APP_ID_SQUID, SQUID_PATTERN_SIZE, (uint8_t*)SQUID_PATTERN },
 };
 
-static DetectorHTTPPatterns http_host_payload_patterns =
+static DetectorHTTPPatterns static_http_host_payload_patterns =
 {
     { SINGLE, 0, 0, APP_ID_MYSPACE,
-        APP_ID_MYSPACE, MYSPACE_PATTERN_SIZE, (uint8_t*)MYSPACE_PATTERN, false },
+        APP_ID_MYSPACE, MYSPACE_PATTERN_SIZE, (uint8_t*)MYSPACE_PATTERN },
     { SINGLE, 0, 0, APP_ID_GMAIL,
-        APP_ID_GMAIL, GMAIL_PATTERN_SIZE, (uint8_t*)GMAIL_PATTERN, false },
+        APP_ID_GMAIL, GMAIL_PATTERN_SIZE, (uint8_t*)GMAIL_PATTERN },
     { SINGLE, 0, 0, APP_ID_GMAIL,
-        APP_ID_GMAIL, GMAIL_PATTERN2_SIZE, (uint8_t*)GMAIL_PATTERN2, false },
+        APP_ID_GMAIL, GMAIL_PATTERN2_SIZE, (uint8_t*)GMAIL_PATTERN2 },
     { SINGLE, 0, 0, APP_ID_AOL_EMAIL,
-        APP_ID_AOL_EMAIL, AOL_PATTERN_SIZE, (uint8_t*)AOL_PATTERN, false },
+        APP_ID_AOL_EMAIL, AOL_PATTERN_SIZE, (uint8_t*)AOL_PATTERN },
     { SINGLE, 0, 0, APP_ID_MICROSOFT_UPDATE,
-        APP_ID_MICROSOFT_UPDATE, MSUP_PATTERN_SIZE, (uint8_t*)MSUP_PATTERN, false },
+        APP_ID_MICROSOFT_UPDATE, MSUP_PATTERN_SIZE, (uint8_t*)MSUP_PATTERN },
     { SINGLE, 0, 0, APP_ID_MICROSOFT_UPDATE,
-        APP_ID_MICROSOFT_UPDATE,MSUP_PATTERN2_SIZE, (uint8_t*)MSUP_PATTERN2, false },
+        APP_ID_MICROSOFT_UPDATE,MSUP_PATTERN2_SIZE, (uint8_t*)MSUP_PATTERN2 },
     { SINGLE, 0, 0, APP_ID_YAHOOMAIL,
-        APP_ID_YAHOOMAIL, YAHOO_MAIL_PATTERN_SIZE, (uint8_t*)YAHOO_MAIL_PATTERN, false },
+        APP_ID_YAHOOMAIL, YAHOO_MAIL_PATTERN_SIZE, (uint8_t*)YAHOO_MAIL_PATTERN },
     { SINGLE, 0, 0, APP_ID_YAHOO_TOOLBAR,
-        APP_ID_YAHOO_TOOLBAR, YAHOO_TB_PATTERN_SIZE, (uint8_t*)YAHOO_TB_PATTERN, false },
+        APP_ID_YAHOO_TOOLBAR, YAHOO_TB_PATTERN_SIZE, (uint8_t*)YAHOO_TB_PATTERN },
     { SINGLE, 0, 0, APP_ID_ADOBE_UPDATE,
-        APP_ID_ADOBE_UPDATE, ADOBE_UP_PATTERN_SIZE, (uint8_t*)ADOBE_UP_PATTERN, false },
+        APP_ID_ADOBE_UPDATE, ADOBE_UP_PATTERN_SIZE, (uint8_t*)ADOBE_UP_PATTERN },
     { SINGLE, 0, 0, APP_ID_HOTMAIL,
-        APP_ID_HOTMAIL, HOTMAIL_PATTERN1_SIZE, (uint8_t*)HOTMAIL_PATTERN1, false },
+        APP_ID_HOTMAIL, HOTMAIL_PATTERN1_SIZE, (uint8_t*)HOTMAIL_PATTERN1 },
     { SINGLE, 0, 0, APP_ID_HOTMAIL,
-        APP_ID_HOTMAIL, HOTMAIL_PATTERN2_SIZE, (uint8_t*)HOTMAIL_PATTERN2, false },
+        APP_ID_HOTMAIL, HOTMAIL_PATTERN2_SIZE, (uint8_t*)HOTMAIL_PATTERN2 },
     { SINGLE, 0, 0, APP_ID_GOOGLE_TOOLBAR,
-        APP_ID_GOOGLE_TOOLBAR, GOOGLE_TB_PATTERN_SIZE, (uint8_t*)GOOGLE_TB_PATTERN, false },
+        APP_ID_GOOGLE_TOOLBAR, GOOGLE_TB_PATTERN_SIZE, (uint8_t*)GOOGLE_TB_PATTERN },
 };
 
-static DetectorHTTPPatterns client_agent_patterns =
+static DetectorHTTPPatterns static_client_agent_patterns =
 {
     { USER_AGENT_HEADER, 0, FAKE_VERSION_APP_ID, 0,
-        FAKE_VERSION_APP_ID, VERSION_PATTERN_SIZE, (uint8_t*)VERSION_PATTERN, false },
+        FAKE_VERSION_APP_ID, VERSION_PATTERN_SIZE, (uint8_t*)VERSION_PATTERN },
     { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_INTERNET_EXPLORER, 0,
-        APP_ID_INTERNET_EXPLORER, sizeof(MSIE_PATTERN)-1, (uint8_t*)MSIE_PATTERN, false },
+        APP_ID_INTERNET_EXPLORER, sizeof(MSIE_PATTERN)-1, (uint8_t*)MSIE_PATTERN },
     { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_KONQUEROR, 0,
-        APP_ID_KONQUEROR, sizeof(KONQUEROR_PATTERN)-1, (uint8_t*)KONQUEROR_PATTERN, false },
+        APP_ID_KONQUEROR, sizeof(KONQUEROR_PATTERN)-1, (uint8_t*)KONQUEROR_PATTERN },
     { USER_AGENT_HEADER, APP_ID_SKYPE_AUTH, APP_ID_SKYPE, 0,
-        APP_ID_SKYPE, sizeof(SKYPE_PATTERN)-1, (uint8_t*)SKYPE_PATTERN, false },
+        APP_ID_SKYPE, sizeof(SKYPE_PATTERN)-1, (uint8_t*)SKYPE_PATTERN },
     { USER_AGENT_HEADER, APP_ID_BITTORRENT, APP_ID_BITTORRENT, 0,
-        APP_ID_BITTORRENT, sizeof(BITTORRENT_PATTERN)-1, (uint8_t*)BITTORRENT_PATTERN, false },
+        APP_ID_BITTORRENT, sizeof(BITTORRENT_PATTERN)-1, (uint8_t*)BITTORRENT_PATTERN },
     { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_FIREFOX, 0,
-        APP_ID_FIREFOX, sizeof(FIREFOX_PATTERN)-1, (uint8_t*)FIREFOX_PATTERN, false },
+        APP_ID_FIREFOX, sizeof(FIREFOX_PATTERN)-1, (uint8_t*)FIREFOX_PATTERN },
     { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_WGET, 0,
-        APP_ID_WGET, sizeof(WGET_PATTERN)-1, (uint8_t*)WGET_PATTERN, false },
+        APP_ID_WGET, sizeof(WGET_PATTERN)-1, (uint8_t*)WGET_PATTERN },
     { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_CURL, 0,
-        APP_ID_CURL, sizeof(CURL_PATTERN)-1, (uint8_t*)CURL_PATTERN, false },
+        APP_ID_CURL, sizeof(CURL_PATTERN)-1, (uint8_t*)CURL_PATTERN },
     { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_GOOGLE_DESKTOP, 0,
-        APP_ID_GOOGLE_DESKTOP, sizeof(GOOGLE_DESKTOP_PATTERN)-1, (uint8_t*)GOOGLE_DESKTOP_PATTERN, false },
+        APP_ID_GOOGLE_DESKTOP, sizeof(GOOGLE_DESKTOP_PATTERN)-1, (uint8_t*)GOOGLE_DESKTOP_PATTERN },
     { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_PICASA, 0,
-        APP_ID_PICASA, sizeof(PICASA_PATTERN)-1, (uint8_t*)PICASA_PATTERN, false },
+        APP_ID_PICASA, sizeof(PICASA_PATTERN)-1, (uint8_t*)PICASA_PATTERN },
     { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_SAFARI, 0,
-        APP_ID_SAFARI, sizeof(SAFARI_PATTERN)-1, (uint8_t*)SAFARI_PATTERN, false },
+        APP_ID_SAFARI, sizeof(SAFARI_PATTERN)-1, (uint8_t*)SAFARI_PATTERN },
     { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_OPERA, 0,
-        APP_ID_OPERA, sizeof(OPERA_PATTERN)-1, (uint8_t*)OPERA_PATTERN, false },
+        APP_ID_OPERA, sizeof(OPERA_PATTERN)-1, (uint8_t*)OPERA_PATTERN },
     { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_CHROME, 0,
-        APP_ID_CHROME, sizeof(CHROME_PATTERN)-1, (uint8_t*)CHROME_PATTERN, false },
+        APP_ID_CHROME, sizeof(CHROME_PATTERN)-1, (uint8_t*)CHROME_PATTERN },
     { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_SAFARI_MOBILE_DUMMY, 0,
-        APP_ID_SAFARI_MOBILE_DUMMY, sizeof(MOBILE_PATTERN)-1, (uint8_t*)MOBILE_PATTERN, false },
+        APP_ID_SAFARI_MOBILE_DUMMY, sizeof(MOBILE_PATTERN)-1, (uint8_t*)MOBILE_PATTERN },
     { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_BLACKBERRY_BROWSER, 0,
-        APP_ID_BLACKBERRY_BROWSER, sizeof(BLACKBERRY_PATTERN)-1, (uint8_t*)BLACKBERRY_PATTERN, false },
+        APP_ID_BLACKBERRY_BROWSER, sizeof(BLACKBERRY_PATTERN)-1, (uint8_t*)BLACKBERRY_PATTERN },
     { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_ANDROID_BROWSER, 0,
-        APP_ID_ANDROID_BROWSER, sizeof(ANDROID_PATTERN)-1, (uint8_t*)ANDROID_PATTERN, false },
+        APP_ID_ANDROID_BROWSER, sizeof(ANDROID_PATTERN)-1, (uint8_t*)ANDROID_PATTERN },
     { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_WINDOWS_MEDIA_PLAYER, 0,
-        APP_ID_WINDOWS_MEDIA_PLAYER, sizeof(MEDIAPLAYER_PATTERN)-1, (uint8_t*)MEDIAPLAYER_PATTERN, false },
+        APP_ID_WINDOWS_MEDIA_PLAYER, sizeof(MEDIAPLAYER_PATTERN)-1, (uint8_t*)MEDIAPLAYER_PATTERN },
     { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_APPLE_EMAIL, 0,
-        APP_ID_APPLE_EMAIL, sizeof(APPLE_EMAIL_PATTERN)-1, (uint8_t*)APPLE_EMAIL_PATTERN, false },
+        APP_ID_APPLE_EMAIL, sizeof(APPLE_EMAIL_PATTERN)-1, (uint8_t*)APPLE_EMAIL_PATTERN },
 };
 
 static int match_query_elements(tMlpPattern* packetData, tMlpPattern* userPattern,
@@ -332,7 +332,7 @@ static void free_app_url_patterns(std::vector<DetectorAppUrlPattern*>& url_patte
 static void free_http_patterns(DetectorHTTPPatterns& patterns)
 {
     for (auto& pat: patterns)
-        if (pat.free_pattern && pat.pattern)
+        if (pat.pattern)
             snort_free(pat.pattern);
 }
 
@@ -717,23 +717,26 @@ static SearchTool* process_http_field_patterns(FieldPattern* patternList, size_t
     return patternMatcher;
 }
 
-static void process_patterns(SearchTool& matcher, DetectorHTTPPatterns& patterns)
+static void process_patterns(SearchTool& matcher, DetectorHTTPPatterns& patterns, bool last = true)
 {
     for (auto& pat: patterns)
         matcher.add(pat.pattern, pat.pattern_size, &pat, false);
 
-    matcher.prep();
+    if (last)
+        matcher.prep();
 }
 
 int HttpPatternMatchers::finalize()
 {
-    process_patterns(via_matcher, via_http_detector_patterns);
+    process_patterns(via_matcher, static_via_http_detector_patterns);
     process_patterns(url_matcher, url_patterns);
+    process_patterns(client_agent_matcher, static_client_agent_patterns, false);
     process_patterns(client_agent_matcher, client_agent_patterns);
 
-    if (process_host_patterns(http_host_payload_patterns) < 0)
+    if (process_host_patterns(static_http_host_payload_patterns) < 0)
         return -1;
 
+    process_patterns(content_type_matcher, static_content_type_patterns, false);
     process_patterns(content_type_matcher, content_type_patterns);
 
     uint32_t numPatterns = sizeof(http_field_patterns) / sizeof(*http_field_patterns);

diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h
index 8070e0611be1efd68e2fd1e6509215c2a2c650d0..746230281ceab4abf8dc9eccd1e97c1fdb824779 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h
+++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h
@@ -101,7 +101,6 @@ struct DetectorHTTPPattern
 
         pattern_size = len;
         pattern = (uint8_t*)snort_strdup((const char*)pat);
-        free_pattern = true;
         sequence = seq;
         service_id = service;
         client_id = client;
@@ -118,7 +117,6 @@ struct DetectorHTTPPattern
     AppId app_id;
     unsigned pattern_size;
     uint8_t* pattern;
-    bool free_pattern;
 };
 typedef std::vector<DetectorHTTPPattern> DetectorHTTPPatterns;
 
@@ -324,6 +322,8 @@ public:
         uint32_t numPartLimit, int level);
 
 private:
+    DetectorHTTPPatterns client_agent_patterns;
+    DetectorHTTPPatterns content_type_patterns;
     DetectorHTTPPatterns host_payload_patterns;
     DetectorHTTPPatterns url_patterns;
     std::vector<DetectorAppUrlPattern*> app_url_patterns;

diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc
index 62bf5890b10e498c2dea54efa85ccd573caff320..c34ae66e829888a7c29adb8028792fda198c29e4 100644 (file)
--- a/src/network_inspectors/appid/lua_detector_api.cc
+++ b/src/network_inspectors/appid/lua_detector_api.cc
@@ -1108,7 +1108,6 @@ static int detector_add_content_type_pattern(lua_State* L)
     detector.pattern = pattern;
     detector.pattern_size = strlen((char*)pattern);
     detector.app_id = appId;
-    detector.free_pattern = true;
     HttpPatternMatchers::get_instance()->insert_content_type_pattern(detector);
     AppInfoManager::get_instance().set_app_info_active(appId);
 

diff --git a/src/network_inspectors/appid/lua_detector_api.h b/src/network_inspectors/appid/lua_detector_api.h
index b45998b28b24fd745493aee6a541bef61d75e5b9..dd23540117a0c21e436af745140b8581a6b4a043 100644 (file)
--- a/src/network_inspectors/appid/lua_detector_api.h
+++ b/src/network_inspectors/appid/lua_detector_api.h
@@ -77,7 +77,7 @@ public:
 class LuaServiceDetector : public LuaDetector, public ServiceDetector
 {
 public:
-    LuaServiceDetector(AppIdDiscovery* sdm, std::string detector_name, IpProtocol protocol)
+    LuaServiceDetector(AppIdDiscovery* sdm, const std::string& detector_name, IpProtocol protocol)
     {
         handler = sdm;
         name = detector_name;
@@ -93,7 +93,7 @@ public:
 class LuaClientDetector : public LuaDetector, public ClientDetector
 {
 public:
-    LuaClientDetector(AppIdDiscovery* cdm, std::string detector_name, IpProtocol protocol)
+    LuaClientDetector(AppIdDiscovery* cdm, const std::string& detector_name, IpProtocol protocol)
     {
         handler = cdm;
         name = detector_name;

diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc
index 80a9854d54724ac04b36295c354ae81a023ea983..6cbf16040fe129404858b8822e989d706a398f41 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_ssl.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc
@@ -111,6 +111,7 @@ struct ServiceSSLData
 struct ServiceSSLCertificate
 {
     X509* cert;
+    char* cert_name;
     uint8_t* common_name_ptr;
     int common_name_len;
     uint8_t* org_name_ptr;
@@ -493,7 +494,8 @@ static bool parse_certificates(ServiceSSLData* ss)
             certs_head       = certs_curr;
             num_certs++;
 
-            char* start = strstr(cert->name, COMMON_NAME_STR);
+            certs_curr->cert_name = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
+            char* start = strstr(certs_curr->cert_name, COMMON_NAME_STR);
             if (start)
             {
                 int length;
@@ -510,7 +512,7 @@ static bool parse_certificates(ServiceSSLData* ss)
                 common_name_tot_len += length;
             }
 
-            start = strstr(cert->name, ORG_NAME_STR);
+            start = strstr(certs_curr->cert_name, ORG_NAME_STR);
             if (start)
             {
                 int length;
@@ -594,6 +596,7 @@ static bool parse_certificates(ServiceSSLData* ss)
             certs_head = certs_head->next;
             crypto_lib_mutex.lock();
             X509_free(certs_curr->cert);
+            OPENSSL_free(certs_curr->cert_name);
             crypto_lib_mutex.unlock();
             snort_free(certs_curr);
         }

diff --git a/src/network_inspectors/packet_capture/packet_capture.cc b/src/network_inspectors/packet_capture/packet_capture.cc
index ff981f2bcfe9ffd2fc699eb6de2b16d36024a845..b0d43617474f9530224eedb6d8d24c1e21dfdbdd 100644 (file)
--- a/src/network_inspectors/packet_capture/packet_capture.cc
+++ b/src/network_inspectors/packet_capture/packet_capture.cc
@@ -51,7 +51,7 @@ static THREAD_LOCAL struct sfbpf_program bpf;
 static inline bool capture_initialized()
 { return dumper != nullptr; }
 
-void packet_capture_enable(string f)
+void packet_capture_enable(const string& f)
 {
     if ( !config.enabled )
     {

diff --git a/src/network_inspectors/packet_capture/packet_capture.h b/src/network_inspectors/packet_capture/packet_capture.h
index 508e6cb3ee90757b48215b429ccd3ca5400e41b2..272d67c9f6bf03260bb431a058963d9a343a332c 100644 (file)
--- a/src/network_inspectors/packet_capture/packet_capture.h
+++ b/src/network_inspectors/packet_capture/packet_capture.h
@@ -22,7 +22,7 @@
 
 #include <string>
 
-void packet_capture_enable(std::string);
+void packet_capture_enable(const std::string&);
 void packet_capture_disable();
 
 #endif

diff --git a/src/network_inspectors/perf_monitor/csv_formatter.h b/src/network_inspectors/perf_monitor/csv_formatter.h
index c02ed905f832691fbf8197cb57c63b26a8bc2aa4..913c875c9621c381f947ab42eb3d5cc64d9818af 100644 (file)
--- a/src/network_inspectors/perf_monitor/csv_formatter.h
+++ b/src/network_inspectors/perf_monitor/csv_formatter.h
@@ -28,7 +28,7 @@
 class CSVFormatter : public PerfFormatter
 {
 public:
-    CSVFormatter(std::string tracker_name) : PerfFormatter(tracker_name) {}
+    CSVFormatter(const std::string& tracker_name) : PerfFormatter(tracker_name) {}
 
     const char* get_extension() override
     { return ".csv"; }

diff --git a/src/network_inspectors/perf_monitor/fbs_formatter.h b/src/network_inspectors/perf_monitor/fbs_formatter.h
index 6b150f7e9bbc48feb9185c70ae597a5d455f846f..9c57d105a50d3ccd4dd1f03b16c05f440726a319 100644 (file)
--- a/src/network_inspectors/perf_monitor/fbs_formatter.h
+++ b/src/network_inspectors/perf_monitor/fbs_formatter.h
@@ -28,7 +28,7 @@
 class FbsFormatter : public PerfFormatter
 {
 public:
-    FbsFormatter(std::string tracker_name) : PerfFormatter(tracker_name) {}
+    FbsFormatter(const std::string& tracker_name) : PerfFormatter(tracker_name) {}
 
     const char* get_extension() override
     { return ".bfbs"; }

diff --git a/src/network_inspectors/perf_monitor/perf_formatter.h b/src/network_inspectors/perf_monitor/perf_formatter.h
index 9c136b30b65234e56b9ca19dc205079a10e26adb..c0cfb1d048e8a84d9a68bfe8d7bdc55ebf16d06d 100644 (file)
--- a/src/network_inspectors/perf_monitor/perf_formatter.h
+++ b/src/network_inspectors/perf_monitor/perf_formatter.h
@@ -66,7 +66,7 @@ enum FormatterType : uint8_t
 class PerfFormatter
 {
 public:
-    PerfFormatter(std::string tracker_name)
+    PerfFormatter(const std::string& tracker_name)
     { this->tracker_name = tracker_name; }
     virtual ~PerfFormatter() {}
 
@@ -109,7 +109,7 @@ class MockFormatter : public PerfFormatter
 public:
     std::map<std::string, FormatterValue> public_values;
 
-    MockFormatter(std::string tracker_name) : PerfFormatter(tracker_name) {}
+    MockFormatter(const std::string& tracker_name) : PerfFormatter(tracker_name) {}
 
     void write(FILE*, time_t) override
     {

diff --git a/src/network_inspectors/perf_monitor/perf_monitor.cc b/src/network_inspectors/perf_monitor/perf_monitor.cc
index 1da7ff6aa11c9689628724dde159457b7c816dfe..029c468f02bce2fb941e79fd2ce7d6bd4d27c5cd 100644 (file)
--- a/src/network_inspectors/perf_monitor/perf_monitor.cc
+++ b/src/network_inspectors/perf_monitor/perf_monitor.cc
@@ -85,25 +85,25 @@ void PerfMonitor::show(SnortConfig*)
     LogMessage("  Packet Count:     %d\n", config.pkt_cnt);
     LogMessage("  Max File Size:    " STDu64 "\n", config.max_file_size);
     LogMessage("  Summary Mode:     %s\n",
-        config.perf_flags & PERF_SUMMARY ? "ACTIVE" : "INACTIVE");
+        (config.perf_flags & PERF_SUMMARY) ? "ACTIVE" : "INACTIVE");
     LogMessage("  Base Stats:       %s\n",
-        config.perf_flags & PERF_BASE ? "ACTIVE" : "INACTIVE");
+        (config.perf_flags & PERF_BASE) ? "ACTIVE" : "INACTIVE");
     LogMessage("  Flow Stats:       %s\n",
-        config.perf_flags & PERF_FLOW ? "ACTIVE" : "INACTIVE");
+        (config.perf_flags & PERF_FLOW) ? "ACTIVE" : "INACTIVE");
     if (config.perf_flags & PERF_FLOW)
     {
         LogMessage("    Max Flow Port:    %u\n", config.flow_max_port_to_track);
     }
     LogMessage("  Event Stats:      %s\n",
-        config.perf_flags & PERF_EVENT ? "ACTIVE" : "INACTIVE");
+        (config.perf_flags & PERF_EVENT) ? "ACTIVE" : "INACTIVE");
     LogMessage("  Flow IP Stats:    %s\n",
-        config.perf_flags & PERF_FLOWIP ? "ACTIVE" : "INACTIVE");
+        (config.perf_flags & PERF_FLOWIP) ? "ACTIVE" : "INACTIVE");
     if (config.perf_flags & PERF_FLOWIP)
     {
         LogMessage("    Flow IP Memcap:   %u\n", config.flowip_memcap);
     }
     LogMessage("  CPU Stats:    %s\n",
-        config.perf_flags & PERF_CPU ? "ACTIVE" : "INACTIVE");
+        (config.perf_flags & PERF_CPU) ? "ACTIVE" : "INACTIVE");
     switch(config.output)
     {
         case PERF_CONSOLE:

diff --git a/src/network_inspectors/perf_monitor/text_formatter.h b/src/network_inspectors/perf_monitor/text_formatter.h
index 7698efb06303f8f5a99a61cf057d25f2e38f5106..7a8127088fb6c6300bc0d804a35a5f240b0b2feb 100644 (file)
--- a/src/network_inspectors/perf_monitor/text_formatter.h
+++ b/src/network_inspectors/perf_monitor/text_formatter.h
@@ -26,7 +26,7 @@
 class TextFormatter : public PerfFormatter
 {
 public:
-    TextFormatter(std::string tracker_name) : PerfFormatter(tracker_name) {}
+    TextFormatter(const std::string& tracker_name) : PerfFormatter(tracker_name) {}
 
     const char* get_extension() override
     { return ".txt"; }

diff --git a/src/piglet/piglet_api.h b/src/piglet/piglet_api.h
index 2a356d07fbf123bd1be38c866e00054674c90d6b..2c9dda5eae40a34a934b3c2161ffdacc8b378cbc 100644 (file)
--- a/src/piglet/piglet_api.h
+++ b/src/piglet/piglet_api.h
@@ -74,7 +74,7 @@ protected:
 
     std::string error;  // FIXIT-L unused
 
-    void set_error(std::string s)  // FIXIT-L unused
+    void set_error(const std::string& s)  // FIXIT-L unused
     { error = s; }
 
 private:

diff --git a/src/profiler/profiler_nodes.cc b/src/profiler/profiler_nodes.cc
index 3741f9e6aa5fb095dc3b08b00f0b9b23c1f3d9d5..ee183571b36516e95f710346858946ecc2e37d0a 100644 (file)
--- a/src/profiler/profiler_nodes.cc
+++ b/src/profiler/profiler_nodes.cc
@@ -41,7 +41,7 @@
 
 struct GetProfileFunctor
 {
-    GetProfileFunctor(std::string name) : name(name) { }
+    GetProfileFunctor(const std::string& name) : name(name) { }
 
     virtual ~GetProfileFunctor() = default;
     virtual const ProfileStats* operator()() = 0;
@@ -51,7 +51,7 @@ struct GetProfileFunctor
 
 struct GetProfileFromModule : public GetProfileFunctor
 {
-    GetProfileFromModule(std::string name, Module* m) :
+    GetProfileFromModule(const std::string& name, Module* m) :
         GetProfileFunctor(name), m(m) { }
 
     const ProfileStats* operator()() override
@@ -74,7 +74,7 @@ struct GetProfileFromModule : public GetProfileFunctor
 
 struct GetProfileFromFunction : public GetProfileFunctor
 {
-    GetProfileFromFunction(std::string name, get_profile_stats_fn fn) :
+    GetProfileFromFunction(const std::string& name, get_profile_stats_fn fn) :
         GetProfileFunctor(name), fn(fn) { }
 
     const ProfileStats* operator()() override
@@ -120,10 +120,10 @@ void ProfilerNode::accumulate()
     }
 }
 
-void ProfilerNodeMap::register_node(std::string n, const char* pn, Module* m)
+void ProfilerNodeMap::register_node(const std::string &n, const char* pn, Module* m)
 { setup_node(get_node(n), get_node(pn ? pn : ROOT_NODE), m); }
 
-void ProfilerNodeMap::register_node(std::string n, const char* pn, get_profile_stats_fn fn)
+void ProfilerNodeMap::register_node(const std::string& n, const char* pn, get_profile_stats_fn fn)
 { setup_node(get_node(n), get_node(pn ? pn : ROOT_NODE), fn); }
 
 void ProfilerNodeMap::accumulate_nodes()
@@ -144,7 +144,7 @@ void ProfilerNodeMap::reset_nodes()
 const ProfilerNode& ProfilerNodeMap::get_root()
 { return get_node(ROOT_NODE); }
 
-ProfilerNode& ProfilerNodeMap::get_node(std::string key)
+ProfilerNode& ProfilerNodeMap::get_node(const std::string& key)
 {
     auto node = nodes.emplace(key, key);
     return node.first->second;
@@ -163,7 +163,7 @@ static ProfileStats* s_profiler_stats_getter(const char* name)
     return nullptr;
 }
 
-static ProfilerNode find_node(const ProfilerNodeMap& tree, std::string name)
+static ProfilerNode find_node(const ProfilerNodeMap& tree, const std::string& name)
 {
     for ( const auto& it : tree )
         if ( it.first == name )
@@ -224,7 +224,6 @@ TEST_CASE( "get profile functor for module", "[profiler]" )
     ProfileStats the_stats;
     SpyModule m("foo", &the_stats, false);
     GetProfileFromModule functor("foo", &m);
-    auto& ref = functor;
 
     SECTION( "one" )
     {
@@ -245,7 +244,6 @@ TEST_CASE( "get profile functor for function", "[profiler]" )
     s_profiler_name = "foo";
 
     GetProfileFromFunction functor("foo", s_profiler_stats_getter);
-    auto& ref = functor;
     CHECK( functor() == &the_stats );
 }
 

diff --git a/src/profiler/profiler_nodes.h b/src/profiler/profiler_nodes.h
index 308714c8ad9676907d963aa498d2b94f3fa6fc17..3f915735f1d103d29d736715905c3c9080802441 100644 (file)
--- a/src/profiler/profiler_nodes.h
+++ b/src/profiler/profiler_nodes.h
@@ -86,8 +86,8 @@ public:
     map_type::const_iterator end() const
     { return nodes.end(); }
 
-    void register_node(std::string, const char*, Module*);
-    void register_node(std::string, const char*, get_profile_stats_fn);
+    void register_node(const std::string&, const char*, Module*);
+    void register_node(const std::string&, const char*, get_profile_stats_fn);
 
     void accumulate_nodes();
     void reset_nodes();
@@ -95,7 +95,7 @@ public:
     const ProfilerNode& get_root();
 
 private:
-    ProfilerNode& get_node(std::string);
+    ProfilerNode& get_node(const std::string&);
 
     map_type nodes;
 };

diff --git a/src/profiler/profiler_stats_table.cc b/src/profiler/profiler_stats_table.cc
index 3eb71dcb5873f7a3c8adf4fd5fb3ce784da69ab7..a39d19afdd78dbbbca528296aa83e69aec5a57b5 100644 (file)
--- a/src/profiler/profiler_stats_table.cc
+++ b/src/profiler/profiler_stats_table.cc
@@ -62,7 +62,7 @@ void StatsTable::header(char c)
 
     if ( c )
     {
-        const auto* field = fields;
+        field = fields;
         while ( field->name )
         {
             format(*field);

diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc
index a81013c54ec3c1235c00356b5311667486ef4e2a..bc7212a7423bc038e5ea5a1ecfa0601d953827dc 100644 (file)
--- a/src/service_inspectors/dce_rpc/smb_message.cc
+++ b/src/service_inspectors/dce_rpc/smb_message.cc
@@ -1607,7 +1607,7 @@ static void DCE2_Smb1Process(DCE2_SmbSsnData* ssd)
             }
         }
 
-        // Fall through for DCE2_SMB_DATA_STATE__SMB_HEADER
+        // Fall through
         // This is the normal progression without segmentation.
 
         // This state is to do validation checks on the SMB header and

diff --git a/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc b/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc
index 69136bdf4471bb14d3b8027fa8d9db8343e33d1d..905780349bb92d9eee9fa1440e6f091fdb5e5145 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc
+++ b/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc
@@ -31,7 +31,7 @@ void FtpDataSplitter::restart_scan()
     bytes = segs = 0;
 }
 
-void set_ftp_flush_flag(Flow* flow)
+static void set_ftp_flush_flag(Flow* flow)
 {
     FtpDataFlowData* fdfd = (FtpDataFlowData*)flow->get_flow_data(FtpDataFlowData::flow_id);
     if ( fdfd )

diff --git a/src/service_inspectors/pop/pop_paf.cc b/src/service_inspectors/pop/pop_paf.cc
index 7a873136c2c158eb88c5fef862fe8b24a0ca67a8..c91fdf3f44a694373764599758b647cc72110681 100644 (file)
--- a/src/service_inspectors/pop/pop_paf.cc
+++ b/src/service_inspectors/pop/pop_paf.cc
@@ -332,7 +332,8 @@ static StreamSplitter::Status pop_paf_client(Flow* ssn, PopPafData* pfdata,
                 set_server_state(ssn, pfdata->pop_state);
             }
 
-        //break;  DO NOT UNCOMMENT!!  both cases should check for a LF.
+            // both cases should check for a LF.
+            // fallthrough
 
         case POP_CMD_FIN:
             if (find_data_end_single_line(pfdata, ch, true) )

diff --git a/src/service_inspectors/ssl/ssl_inspector.cc b/src/service_inspectors/ssl/ssl_inspector.cc
index 4060e3385698088cd902f36119af7282cc8c162f..85176afbf72f1082a0b01255918aa64ae92757fe 100644 (file)
--- a/src/service_inspectors/ssl/ssl_inspector.cc
+++ b/src/service_inspectors/ssl/ssl_inspector.cc
@@ -413,7 +413,7 @@ public:
     void show(SnortConfig*) override;
     void eval(Packet*) override;
 
-    StreamSplitter* get_splitter(bool c2s)
+    StreamSplitter* get_splitter(bool c2s) override
     { return new SslSplitter(c2s); }
 
 private:

diff --git a/src/sfip/sf_ip.cc b/src/sfip/sf_ip.cc
index 540b7bf583bfc1e5d0ad8534d12da997aa046afc..09eb9aaf4ef921fde812e2d274f000f07491c079 100644 (file)
--- a/src/sfip/sf_ip.cc
+++ b/src/sfip/sf_ip.cc
@@ -376,9 +376,9 @@ void SfIp::obfuscate(SfCidr* ob)
     ip32[3] |= ob_p[3];
 }
 
-void SfIp::ntop(char* buf, int bufsize) const
+const char* SfIp::ntop(char* buf, int bufsize) const
 {
-    snort_inet_ntop(family, get_ptr(), buf, bufsize);
+    return snort_inet_ntop(family, get_ptr(), buf, bufsize);
 }
 
 /* Uses a static buffer to return a string representation of the IP */
@@ -391,7 +391,7 @@ const char* SfIp::ntoa() const
     return buf;
 }
 
-void snort_inet_ntop(int family, const void* ip_raw, char* buf, int bufsize)
+const char* snort_inet_ntop(int family, const void* ip_raw, char* buf, int bufsize)
 {
     if (!ip_raw || !buf ||
         (family != AF_INET && family != AF_INET6) ||
@@ -405,7 +405,7 @@ void snort_inet_ntop(int family, const void* ip_raw, char* buf, int bufsize)
     {
         if (buf && bufsize > 0)
             buf[0] = 0;
-        return;
+        return buf;
     }
 
 #if defined(HAVE_INET_NTOP) && !defined(REG_TEST)
@@ -448,17 +448,20 @@ void snort_inet_ntop(int family, const void* ip_raw, char* buf, int bufsize)
         }
     }
 #endif
+    return buf;
 }
 
-void sfip_ntop(const SfIp* ip, char* buf, int bufsize)
+const char* sfip_ntop(const SfIp* ip, char* buf, int bufsize)
 {
     if (!ip)
     {
         if (buf && bufsize > 0)
             buf[0] = 0;
-        return;
     }
-    ip->ntop(buf, bufsize);
+    else
+        ip->ntop(buf, bufsize);
+
+    return buf;
 }
 
 bool SfIp::is_mapped() const

diff --git a/src/sfip/sf_ip.h b/src/sfip/sf_ip.h
index dac4eacde78b70af2cd6d4089d9d2af8a00faf27..39442f3b8cf79b52db3cf55ced3ee2d78e30341a 100644 (file)
--- a/src/sfip/sf_ip.h
+++ b/src/sfip/sf_ip.h
@@ -78,7 +78,7 @@ struct SO_PUBLIC SfIp
     bool is_loopback() const;
        bool is_private() const;
 
-    void ntop(char* buf, int bufsize) const;
+    const char* ntop(char* buf, int bufsize) const;
     const char* ntoa() const;
 
     void obfuscate(SfCidr* ob);
@@ -449,7 +449,7 @@ inline bool SfIp::fast_equals_raw(const SfIp& ip2) const
 
 /* End of member function definitions */
 
-SO_PUBLIC void sfip_ntop(const SfIp* ip, char* buf, int bufsize);
+SO_PUBLIC const char* sfip_ntop(const SfIp* ip, char* buf, int bufsize);
 
 inline std::ostream& operator<<(std::ostream& os, const SfIp* addr)
 {
@@ -460,7 +460,7 @@ inline std::ostream& operator<<(std::ostream& os, const SfIp* addr)
 }
 
 // FIXIT-L X This should be in utils_net if anywhere, but that makes it way harder to link into unit tests
-SO_PUBLIC void snort_inet_ntop(int family, const void* ip_raw, char* buf, int bufsize);
+SO_PUBLIC const char* snort_inet_ntop(int family, const void* ip_raw, char* buf, int bufsize);
 
 #endif
 

diff --git a/src/sfrt/sfrt.cc b/src/sfrt/sfrt.cc
index cfecb72e02ac511c34ca43f36ad6994159fe1838..b4cc8f9d6dddc3fb8dc21068d791478be509355b 100644 (file)
--- a/src/sfrt/sfrt.cc
+++ b/src/sfrt/sfrt.cc
@@ -748,14 +748,14 @@ int main()
             return 1;
         }
 
-        printf("%d\t %x: %c -> %c\n", index, ip_list[index],
+        printf("%u\t %x: %c -> %c\n", index, ip_list[index],
             data[index%NUM_DATA], *(uint32_t*)sfrt_lookup(&ip_list[index], dir));
     }
 
     for (index=0; index < NUM_IPS; index++)
     {
         val = *(uint32_t*)sfrt_lookup(&ip_list[index], dir);
-        printf("\t@%d\t%x: %c.  originally:\t%c\n",
+        printf("\t@%u\t%x: %c.  originally:\t%c\n",
             index, ip_list[index], val, data[index%NUM_DATA]);
     }
 

diff --git a/src/side_channel/side_channel.cc b/src/side_channel/side_channel.cc
index 0369ab8cb442be804a0daa868e1d0490e3b89e09..ca292ccdab2d338e0a4a704c5626429f22fb22ab 100644 (file)
--- a/src/side_channel/side_channel.cc
+++ b/src/side_channel/side_channel.cc
@@ -247,7 +247,7 @@ bool SideChannel::process(int max_messages)
     return received_message;
 }
 
-void SideChannel::register_receive_handler(SCProcessMsgFunc handler)
+void SideChannel::register_receive_handler(const SCProcessMsgFunc& handler)
 {
     DebugMessage(DEBUG_SIDE_CHANNEL,"SideChannelManager::register_receive_handler()\n");
     receive_handler = handler;

diff --git a/src/side_channel/side_channel.h b/src/side_channel/side_channel.h
index e1238d21efa10b39d3b66584bd20f496b93e7ff4..3fe2f87d3374df56922c1d0e4501d728e9494f6f 100644 (file)
--- a/src/side_channel/side_channel.h
+++ b/src/side_channel/side_channel.h
@@ -61,7 +61,7 @@ public:
     SideChannel();
     ~SideChannel();
 
-    void register_receive_handler(SCProcessMsgFunc handler);
+    void register_receive_handler(const SCProcessMsgFunc& handler);
     void unregister_receive_handler();
 
     bool process(int max_messages);

diff --git a/src/stream/ip/ip_defrag.cc b/src/stream/ip/ip_defrag.cc
index 3595bb49b5c3ba17338fc6cb6738703e34d523cb..e6f74a0e34e5fe1ba1cb95139173b2d7c38e6532 100644 (file)
--- a/src/stream/ip/ip_defrag.cc
+++ b/src/stream/ip/ip_defrag.cc
@@ -1122,7 +1122,7 @@ int Defrag::insert(Packet* p, FragTracker* ft, FragEngine* fe)
     /* Reset the offset to handle the weird Solaris case */
     if (firstLastOk == FRAG_LAST_OFFSET_ADJUST)
         frag_offset = (uint16_t)ft->calculated_size;
-       
+
     if (IP_MAXPACKET - frag_offset < fragLength)
     {
         trace_log(stream_ip, "[..] Oversize frag!\n");
@@ -1613,7 +1613,7 @@ left_overlap_last:
             /* Otherwise, treat it as a POLICY_FIRST,
              * and trim accordingly. */
 
-            /* ie, fall through to the next case */
+            /* fallthrough */
 
             /*
              * overlap is rejected

diff --git a/src/stream/tcp/tcp_event_logger.cc b/src/stream/tcp/tcp_event_logger.cc
index 283a4ff32a0ec98844eeb8440bfd4fae459f947c..340bcd86b8efbe9446f4a2c1251e7aefac1a7558 100644 (file)
--- a/src/stream/tcp/tcp_event_logger.cc
+++ b/src/stream/tcp/tcp_event_logger.cc
@@ -94,7 +94,7 @@ void TcpEventLogger::log_internal_event(uint32_t eventSid)
     {
         tcpStats.internalEvents++;
         DetectionEngine::queue_event(GENERATOR_INTERNAL, eventSid);
-        DebugFormat(DEBUG_STREAM, "Stream raised internal event %d\n", eventSid);
+        DebugFormat(DEBUG_STREAM, "Stream raised internal event %u\n", eventSid);
     }
 }
 

diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc
index af5417e2c1487ecc211d7ec89906c48187c2150b..5856038ee53c036e2e7ca4827248adddff509ccf 100644 (file)
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -96,6 +96,7 @@ bool TcpSession::setup(Packet* p)
 void TcpSession::restart(Packet* p)
 {
     // sanity check since this is called externally
+    assert(p);
     assert(p->ptrs.tcph);
     assert(p->flow == flow);
 

diff --git a/src/utils/util_cstring.cc b/src/utils/util_cstring.cc
index 8fb5ac17b953e1f728b31b8aa1c8ba5e75ce8c47..a7049290c13ad994c6f9f9ba132b98aae7d917d6 100644 (file)
--- a/src/utils/util_cstring.cc
+++ b/src/utils/util_cstring.cc
@@ -40,7 +40,7 @@ int SnortSnprintf(char* buf, size_t buf_size, const char* format, ...)
     va_list ap;
     int ret;
 
-    if (buf == NULL || buf_size <= 0 || format == NULL)
+    if (buf == NULL || buf_size == 0 || format == NULL)
         return SNORT_SNPRINTF_ERROR;
 
     /* zero first byte in case an error occurs with
@@ -81,7 +81,7 @@ int SnortSnprintfAppend(char* buf, size_t buf_size, const char* format, ...)
     int ret;
     va_list ap;
 
-    if (buf == NULL || buf_size <= 0 || format == NULL)
+    if (buf == NULL || buf_size == 0 || format == NULL)
         return SNORT_SNPRINTF_ERROR;
 
     str_len = SnortStrnlen(buf, buf_size);
@@ -135,7 +135,7 @@ int SnortStrncpy(char* dst, const char* src, size_t dst_size)
 {
     char* ret = NULL;
 
-    if (dst == NULL || src == NULL || dst_size <= 0)
+    if (dst == NULL || src == NULL || dst_size == 0)
         return SNORT_STRNCPY_ERROR;
 
     dst[dst_size - 1] = '\0';

diff --git a/src/utils/util_net.cc b/src/utils/util_net.cc
index bd4b7432035dceed5125fc6d2d010b9ca5244997..c91ac0239c2a98dd7b27a26f60a49f77fedd8635 100644 (file)
--- a/src/utils/util_net.cc
+++ b/src/utils/util_net.cc
@@ -26,16 +26,6 @@
 #include "sfip/sf_cidr.h"
 #include "util_cstring.h"
 
-char* inet_ntoax(const SfIp* ip, InetBuf& ab)
-{
-    ab[0] = 0;
-
-    if (ip)
-        SnortSnprintf(ab, sizeof(ab), "%s", ip->ntoa());
-
-    return ab;
-}
-
 char* ObfuscateIpToText(const SfIp* ip, SfCidr& homenet, SfCidr& obfunet, InetBuf& ab)
 {
     ab[0] = 0;

diff --git a/src/utils/util_net.h b/src/utils/util_net.h
index 3f57877ade19d5135eaebe35d03c9a540cde358d..0b0bca2f205eaf45c1420f3a3d97bcd0cc54f04a 100644 (file)
--- a/src/utils/util_net.h
+++ b/src/utils/util_net.h
@@ -26,8 +26,6 @@
 struct SfCidr;
 typedef char InetBuf[INET6_ADDRSTRLEN];
 
-SO_PUBLIC char* inet_ntoax(const struct SfIp*, InetBuf&);
-
 SO_PUBLIC char* ObfuscateIpToText(
     const struct SfIp*, SfCidr& homenet, SfCidr& obfuscate_net, InetBuf&);
 

diff --git a/tools/snort2lua/helpers/converter.cc b/tools/snort2lua/helpers/converter.cc
index 008c1c3b9b1e22826e62df6d28aa76d3d9cf4ccf..a5c18bb5fb20b20e6c8c095ed53c168b9ca46496 100644 (file)
--- a/tools/snort2lua/helpers/converter.cc
+++ b/tools/snort2lua/helpers/converter.cc
@@ -389,10 +389,10 @@ int Converter::convert(std::string input,
         if (data_api.failed_conversions())
             data_api.print_errors(rejects);
 
-            if (rule_api.failed_conversions())
-                rule_api.print_rejects(rejects);
+        if (rule_api.failed_conversions())
+            rule_api.print_rejects(rejects);
 
-         rejects.close();
+        rejects.close();
     }
     return rc;
 }

diff --git a/tools/snort2lua/keyword_states/kws_config.cc b/tools/snort2lua/keyword_states/kws_config.cc
index 8a92f745ab9422997046993ddff36058ea18b128..415179c358403a11645e341264c8ed147e1c7b55 100644 (file)
--- a/tools/snort2lua/keyword_states/kws_config.cc
+++ b/tools/snort2lua/keyword_states/kws_config.cc
@@ -50,9 +50,10 @@ bool Config::convert(std::istringstream& data_stream)
         const ConvertMap* map = util::find_map(config::config_api, keyword);
         if (map)
         {
-            cv.set_state(map->ctor(cv));
-            if(data_stream.peek() == EOF)
+            if (data_stream.peek() == EOF)
                 cv.set_empty_args(true);
+            /* cv.set_state() deletes this ConversionState object, so must return immediately after */
+            cv.set_state(map->ctor(cv));
             return true;
         }
 

diff --git a/tools/snort2lua/keyword_states/kws_preprocessor.cc b/tools/snort2lua/keyword_states/kws_preprocessor.cc
index b3d9708c8d213983da60c1e4a9ce99ad5db053d8..330b61e5114c5ee81907a75683b2285f5d919d9c 100644 (file)
--- a/tools/snort2lua/keyword_states/kws_preprocessor.cc
+++ b/tools/snort2lua/keyword_states/kws_preprocessor.cc
@@ -49,9 +49,10 @@ bool Preprocessor::convert(std::istringstream& data_stream)
 
         if (map)
         {
-            cv.set_state(map->ctor(cv));
-            if(data_stream.peek() == EOF)
+            if (data_stream.peek() == EOF)
                 cv.set_empty_args(true);
+            /* cv.set_state() deletes this ConversionState object, so must return immediately after */
+            cv.set_state(map->ctor(cv));
             return true;
         }
         data_api.failed_conversion(data_stream, "preprocessor " + keyword + ":");

diff --git a/tools/snort2lua/preprocessor_states/pps_stream5_tcp.cc b/tools/snort2lua/preprocessor_states/pps_stream5_tcp.cc
index 0e48bfec4fb0e6355df0b13c960a003e03d679c1..ca215aa1cb1730221351b7765dc2dd9e203ede74 100644 (file)
--- a/tools/snort2lua/preprocessor_states/pps_stream5_tcp.cc
+++ b/tools/snort2lua/preprocessor_states/pps_stream5_tcp.cc
@@ -91,9 +91,14 @@ bool StreamTcp::parse_small_segments(std::istringstream& stream)
     table_api.add_option("maximum_size", min_bytes);
     table_api.close_table();
 
-    if (!(stream >> ignore_ports))
-        table_api.add_deleted_comment("ignore_ports");
-        return true;
+    if ((stream >> ignore_ports) && !ignore_ports.compare("ignore_ports"))
+    {
+        uint16_t port;
+
+        while (stream >> port)
+            ignore_ports += " " + std::to_string(port);
+        table_api.add_deleted_comment(ignore_ports);
+    }
 
     if (!stream.eof())
         return false;