From: Victor Julien Date: Mon, 21 Apr 2014 16:23:31 +0000 (+0200) Subject: byte-extract: switch to pcre_copy_substring X-Git-Tag: suricata-2.0.1rc1~38 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1de9256b18aba620fab00a5d39864ad1564c6d9c;p=thirdparty%2Fsuricata.git byte-extract: switch to pcre_copy_substring Fixes memory leaks (str_ptr was never freed). Fixes cppcheck warning: [src/detect-byte-extract.c:268]: (error) Uninitialized variable: str_ptr Bug #1046. --- diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c index d5976992a4..8d0c1bffac 100644 --- a/src/detect-byte-extract.c +++ b/src/detect-byte-extract.c @@ -245,7 +245,6 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg) #define MAX_SUBSTRINGS 100 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - char *str_ptr; int i = 0; ret = pcre_exec(parse_regex, parse_regex_study, arg, @@ -264,24 +263,26 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg) memset(bed, 0, sizeof(DetectByteExtractData)); /* no of bytes to extract */ - res = pcre_get_substring((char *)arg, ov, - MAX_SUBSTRINGS, 1, (const char **)&str_ptr); + char nbytes_str[64] = ""; + res = pcre_copy_substring((char *)arg, ov, + MAX_SUBSTRINGS, 1, nbytes_str, sizeof(nbytes_str)); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed " + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " "for arg 1 for byte_extract"); goto error; } - bed->nbytes = atoi(str_ptr); + bed->nbytes = atoi(nbytes_str); /* offset */ - res = pcre_get_substring((char *)arg, ov, - MAX_SUBSTRINGS, 2, (const char **)&str_ptr); + char offset_str[64] = ""; + res = pcre_copy_substring((char *)arg, ov, + MAX_SUBSTRINGS, 2, offset_str, sizeof(offset_str)); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed " + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " "for arg 2 for byte_extract"); goto error; } - int offset = atoi(str_ptr); + int offset = atoi(offset_str); if (offset < -65535 || offset > 65535) { SCLogError(SC_ERR_INVALID_SIGNATURE, "byte_extract offset invalid - %d. " "The right offset range is -65535 to 65535", offset); @@ -290,35 +291,37 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg) bed->offset = offset; /* var name */ - res = pcre_get_substring((char *)arg, ov, - MAX_SUBSTRINGS, 3, (const char **)&str_ptr); + char varname_str[256] = ""; + res = pcre_copy_substring((char *)arg, ov, + MAX_SUBSTRINGS, 3, varname_str, sizeof(varname_str)); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed " + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " "for arg 3 for byte_extract"); goto error; } - bed->name = SCStrdup(str_ptr); + bed->name = SCStrdup(varname_str); if (bed->name == NULL) goto error; /* check out other optional args */ for (i = 4; i < ret; i++) { - res = pcre_get_substring((char *)arg, ov, - MAX_SUBSTRINGS, i, (const char **)&str_ptr); + char opt_str[64] = ""; + res = pcre_copy_substring((char *)arg, ov, + MAX_SUBSTRINGS, i, opt_str, sizeof(opt_str)); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed " + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " "for arg %d for byte_extract", i); goto error; } - if (strcmp("relative", str_ptr) == 0) { + if (strcmp("relative", opt_str) == 0) { if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) { SCLogError(SC_ERR_INVALID_SIGNATURE, "relative specified more " "than once for byte_extract"); goto error; } bed->flags |= DETECT_BYTE_EXTRACT_FLAG_RELATIVE; - } else if (strcmp("multiplier", str_ptr) == 0) { + } else if (strcmp("multiplier", opt_str) == 0) { if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER) { SCLogError(SC_ERR_INVALID_SIGNATURE, "multiplier specified more " "than once for byte_extract"); @@ -326,14 +329,16 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg) } bed->flags |= DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER; i++; - res = pcre_get_substring((char *)arg, ov, - MAX_SUBSTRINGS, i, (const char **)&str_ptr); + + char multiplier_str[16] = ""; + res = pcre_copy_substring((char *)arg, ov, + MAX_SUBSTRINGS, i, multiplier_str, sizeof(multiplier_str)); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed " + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " "for arg %d for byte_extract", i); goto error; } - int multiplier = atoi(str_ptr); + int multiplier = atoi(multiplier_str); if (multiplier < DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT || multiplier > DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT) { SCLogError(SC_ERR_INVALID_SIGNATURE, "multipiler_value invalid " @@ -344,7 +349,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg) goto error; } bed->multiplier_value = multiplier; - } else if (strcmp("big", str_ptr) == 0) { + } else if (strcmp("big", opt_str) == 0) { if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) { SCLogError(SC_ERR_INVALID_SIGNATURE, "endian option specified " "more than once for byte_extract"); @@ -352,7 +357,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg) } bed->flags |= DETECT_BYTE_EXTRACT_FLAG_ENDIAN; bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_BIG; - } else if (strcmp("little", str_ptr) == 0) { + } else if (strcmp("little", opt_str) == 0) { if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) { SCLogError(SC_ERR_INVALID_SIGNATURE, "endian option specified " "more than once for byte_extract"); @@ -360,7 +365,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg) } bed->flags |= DETECT_BYTE_EXTRACT_FLAG_ENDIAN; bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_LITTLE; - } else if (strcmp("dce", str_ptr) == 0) { + } else if (strcmp("dce", opt_str) == 0) { if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) { SCLogError(SC_ERR_INVALID_SIGNATURE, "endian option specified " "more than once for byte_extract"); @@ -368,7 +373,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg) } bed->flags |= DETECT_BYTE_EXTRACT_FLAG_ENDIAN; bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_DCE; - } else if (strcmp("string", str_ptr) == 0) { + } else if (strcmp("string", opt_str) == 0) { if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING) { SCLogError(SC_ERR_INVALID_SIGNATURE, "string specified more " "than once for byte_extract"); @@ -381,7 +386,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg) goto error; } bed->flags |= DETECT_BYTE_EXTRACT_FLAG_STRING; - } else if (strcmp("hex", str_ptr) == 0) { + } else if (strcmp("hex", opt_str) == 0) { if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING)) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Base(hex) specified " "without specifying string. The right way is " @@ -394,7 +399,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg) goto error; } bed->base = DETECT_BYTE_EXTRACT_BASE_HEX; - } else if (strcmp("oct", str_ptr) == 0) { + } else if (strcmp("oct", opt_str) == 0) { if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING)) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Base(oct) specified " "without specifying string. The right way is " @@ -407,7 +412,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg) goto error; } bed->base = DETECT_BYTE_EXTRACT_BASE_OCT; - } else if (strcmp("dec", str_ptr) == 0) { + } else if (strcmp("dec", opt_str) == 0) { if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING)) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Base(dec) specified " "without specifying string. The right way is " @@ -420,7 +425,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg) goto error; } bed->base = DETECT_BYTE_EXTRACT_BASE_DEC; - } else if (strcmp("align", str_ptr) == 0) { + } else if (strcmp("align", opt_str) == 0) { if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ALIGN) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Align specified more " "than once for byte_extract"); @@ -428,24 +433,26 @@ static inline DetectByteExtractData *DetectByteExtractParse(char *arg) } bed->flags |= DETECT_BYTE_EXTRACT_FLAG_ALIGN; i++; - res = pcre_get_substring((char *)arg, ov, - MAX_SUBSTRINGS, i, (const char **)&str_ptr); + + char align_str[16] = ""; + res = pcre_copy_substring((char *)arg, ov, + MAX_SUBSTRINGS, i, align_str, sizeof(align_str)); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed " + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed " "for arg %d in byte_extract", i); goto error; } - bed->align_value = atoi(str_ptr); + bed->align_value = atoi(align_str); if (!(bed->align_value == 2 || bed->align_value == 4)) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid align_value for " "byte_extract - \"%d\"", bed->align_value); goto error; } - } else if (strcmp("", str_ptr) == 0) { + } else if (strcmp("", opt_str) == 0) { ; } else { SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid option - \"%s\" " - "specified in byte_extract", str_ptr); + "specified in byte_extract", opt_str); goto error; } } /* for (i = 4; i < ret; i++) */