From: Michael Altizer (mialtize) Date: Thu, 6 Jul 2017 19:42:43 +0000 (-0400) Subject: Merge pull request #944 in SNORT/snort3 from warnings to master X-Git-Tag: 3.0.0-239~29 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d78bacf8087e31d9e5330b91ba306ef7aae84188;p=thirdparty%2Fsnort3.git Merge pull request #944 in SNORT/snort3 from warnings to master Squashed commit of the following: commit 8d2ef5c3a6b8061652e07e5b7609ce43fc5bfbae Author: Michael Altizer Date: Wed Jul 5 20:50:40 2017 -0400 build: Clean up some ICC 2017 warnings commit d8dcbf92767750beae88263c7ce527cde8ef1a40 Author: Michael Altizer Date: Wed Jul 5 14:50:50 2017 -0400 utils: Remove inet_ntoax since it doesn't add value over ntoa anymore commit e930a3b3a8fc7cea965363d89b1f518c9c0d5c31 Author: Michael Altizer Date: Tue Jul 4 02:11:49 2017 -0400 snort2lua: Fix removal of ignore_ports in stream_tcp.small_segments commit 2c123de0e34458cc0c8f629494ad8e13b57e3486 Author: Michael Altizer Date: Tue Jul 4 02:10:20 2017 -0400 file_decomp_pdf: Fix missing reset in PDF state machine transition commit 68556c37a4824b41edddfcec5c4e7f6ce2a4d28d Author: Michael Altizer Date: Tue Jul 4 02:09:32 2017 -0400 snort: Fix leaking instance memory when DAQ configure fails commit 4a051279a65c9f5e3dfcb170ccfd740f2f6bfd73 Author: Michael Altizer Date: Tue Jul 4 01:13:34 2017 -0400 snort2lua: Fix heap-use-after-free for preprocessors and configs with no arguments commit 07978c166304d72a5cacea3cb17bea934a7e7faf Author: Michael Altizer Date: Mon Jul 3 20:45:17 2017 -0400 appid: Fix thread-unsafe sharing of HTTP pattern tables commit 34dd69e6d2f6c5c141ad4ae316102ccf73dfb11d Author: Michael Altizer Date: Mon Jul 3 20:43:08 2017 -0400 appid: Fix populating IP addresses in debug session ID commit 9d5386c7467e278c46602bb564199a3b3de18258 Author: Michael Altizer Date: Mon Jul 3 16:10:21 2017 -0400 build: Clean up some GCC 7 warnings commit 78e5e904cb0cbfab2dec5e11c76cf0e2ab416154 Author: Michael Altizer Date: Mon Jul 3 15:58:34 2017 -0400 appid/service_ssl: Compatibility update for OpenSSL 1.1.0 API commit d858f2386b7a3158342f2aa2524a576467bc47ee Author: Michael Altizer Date: Mon Jul 3 15:57:09 2017 -0400 build: Clean up some cppcheck warnings --- diff --git a/extra/src/inspectors/data_log/data_log.cc b/extra/src/inspectors/data_log/data_log.cc index d9f5cd26c..abe1139a1 100644 --- a/extra/src/inspectors/data_log/data_log.cc +++ b/extra/src/inspectors/data_log/data_log.cc @@ -53,7 +53,7 @@ static void dl_tterm() class LogHandler : public DataHandler { public: - LogHandler(std::string s) + LogHandler(const std::string& s) { key = s; } void handle(DataEvent& e, Flow*); @@ -85,7 +85,7 @@ void LogHandler::handle(DataEvent& e, Flow* f) class DataLog : public Inspector { public: - DataLog(std::string s) { key = s; } + DataLog(const std::string& s) { key = s; } void show(SnortConfig*) override; void eval(Packet*) override { } diff --git a/src/codecs/ip/cd_tcp.cc b/src/codecs/ip/cd_tcp.cc index ec77ea474..4dc12fd5f 100644 --- a/src/codecs/ip/cd_tcp.cc +++ b/src/codecs/ip/cd_tcp.cc @@ -365,7 +365,7 @@ void TcpCodec::DecodeTCPOptions(const uint8_t* start, uint32_t o_len, CodecData& case tcp::TcpOptCode::EOL: done = true; codec.invalid_bytes = o_len - tot_len; - /* fall through to the NOP case */ + /* fallthrough */ case tcp::TcpOptCode::NOP: code = 0; break; diff --git a/src/codecs/ip/checksum.h b/src/codecs/ip/checksum.h index 8e4afbd61..027558743 100644 --- a/src/codecs/ip/checksum.h +++ b/src/codecs/ip/checksum.h @@ -101,35 +101,35 @@ inline uint16_t cksum_add(const uint16_t* buf, std::size_t len, uint32_t cksum) { case 0: sn = 16; - cksum += sp[15]; + cksum += sp[15]; // fallthrough case 15: - cksum += sp[14]; + cksum += sp[14]; // fallthrough case 14: - cksum += sp[13]; + cksum += sp[13]; // fallthrough case 13: - cksum += sp[12]; + cksum += sp[12]; // fallthrough case 12: - cksum += sp[11]; + cksum += sp[11]; // fallthrough case 11: - cksum += sp[10]; + cksum += sp[10]; // fallthrough case 10: - cksum += sp[9]; + cksum += sp[9]; // fallthrough case 9: - cksum += sp[8]; + cksum += sp[8]; // fallthrough case 8: - cksum += sp[7]; + cksum += sp[7]; // fallthrough case 7: - cksum += sp[6]; + cksum += sp[6]; // fallthrough case 6: - cksum += sp[5]; + cksum += sp[5]; // fallthrough case 5: - cksum += sp[4]; + cksum += sp[4]; // fallthrough case 4: - cksum += sp[3]; + cksum += sp[3]; // fallthrough case 3: - cksum += sp[2]; + cksum += sp[2]; // fallthrough case 2: - cksum += sp[1]; + cksum += sp[1]; // fallthrough case 1: cksum += sp[0]; } diff --git a/src/decompress/file_decomp_pdf.cc b/src/decompress/file_decomp_pdf.cc index f8a39391b..5489bafeb 100644 --- a/src/decompress/file_decomp_pdf.cc +++ b/src/decompress/file_decomp_pdf.cc @@ -674,6 +674,7 @@ static inline fd_status_t Handle_State_IND_OBJ(fd_session_t* SessionPtr, uint8_t if ( TOK_STRM_CLOSE[p->Elem_Index] == '\0' ) { p->Sub_State = P_ENDOBJ_TOKEN; + p->Elem_Index = 0; // reset for P_ENDOBJ_TOKEN to use } } else diff --git a/src/flow/flow_key.h b/src/flow/flow_key.h index 955e2c41c..b61970f74 100644 --- a/src/flow/flow_key.h +++ b/src/flow/flow_key.h @@ -66,7 +66,7 @@ struct FlowKey void init_address_space(uint16_t); // XXX If this data structure changes size, compare must be updated! - static uint32_t hash(SFHASHFCN* p, unsigned char* d, int); + static uint32_t hash(SFHASHFCN*, unsigned char* d, int); static int compare(const void* s1, const void* s2, size_t); private: diff --git a/src/flow/test/ha_test.cc b/src/flow/test/ha_test.cc index bcec899f1..373141a6a 100644 --- a/src/flow/test/ha_test.cc +++ b/src/flow/test/ha_test.cc @@ -175,7 +175,7 @@ Connector::Direction SideChannel::get_direction() void SideChannel::set_default_port(SCPort) { } -void SideChannel::register_receive_handler(std::function handler) +void SideChannel::register_receive_handler(const std::function& handler) { s_handler = handler; } diff --git a/src/framework/parameter.cc b/src/framework/parameter.cc index f76d3ff07..99100c9ad 100644 --- a/src/framework/parameter.cc +++ b/src/framework/parameter.cc @@ -359,7 +359,7 @@ bool Parameter::validate(Value& v) const case PT_PORT: if ( !range ) return valid_int(v, "0:65535"); - // if a range was given fall thru + // fall through case PT_INT: return valid_int(v, (const char*)range); case PT_REAL: diff --git a/src/framework/value.cc b/src/framework/value.cc index 7848b75cd..2033aceeb 100644 --- a/src/framework/value.cc +++ b/src/framework/value.cc @@ -381,7 +381,6 @@ TEST_CASE("token test", "[Value]") TEST_CASE("get as string", "[Value]") { - string test_str; char * str_val; bool bool_val = true; double num_val = 6; diff --git a/src/helpers/process.cc b/src/helpers/process.cc index db8dd321c..70125fcac 100644 --- a/src/helpers/process.cc +++ b/src/helpers/process.cc @@ -291,9 +291,7 @@ void help_signals() static void snuff_stdio() { - bool err = false; - - err = close(STDIN_FILENO) != 0; + bool err = (close(STDIN_FILENO) != 0); err = err or (close(STDOUT_FILENO) != 0); err = err or (close(STDERR_FILENO) != 0); diff --git a/src/ips_options/ips_byte_math.cc b/src/ips_options/ips_byte_math.cc index ca18c54e4..62767ee1f 100644 --- a/src/ips_options/ips_byte_math.cc +++ b/src/ips_options/ips_byte_math.cc @@ -429,7 +429,7 @@ static bool ByteMathVerify(ByteMathData* data) if ( ((data->oper == BM_LEFT_SHIFT) || (data->oper == BM_RIGHT_SHIFT)) && (data->rvalue > 32)) { - ParseError("Number of bits in rvalue input [%d] should be less than 32 " + ParseError("Number of bits in rvalue input [%u] should be less than 32 " "bits for operator", data->rvalue); return false; } diff --git a/src/ips_options/ips_flags.cc b/src/ips_options/ips_flags.cc index 9edebab91..00a96e163 100644 --- a/src/ips_options/ips_flags.cc +++ b/src/ips_options/ips_flags.cc @@ -82,7 +82,7 @@ uint32_t TcpFlagOption::hash() const const TcpFlagCheckData* data = &config; a = data->mode; - b = data->tcp_flags || (data->tcp_mask << 8); + b = data->tcp_flags | (data->tcp_mask << 8); c = 0; mix_str(a,b,c,get_name()); diff --git a/src/ips_options/ips_flow.cc b/src/ips_options/ips_flow.cc index 162a91ffe..c05ebd67f 100644 --- a/src/ips_options/ips_flow.cc +++ b/src/ips_options/ips_flow.cc @@ -78,9 +78,9 @@ uint32_t FlowCheckOption::hash() const uint32_t a,b,c; const FlowCheckData* data = &config; - a = data->from_server || data->from_client << 16; - b = data->ignore_reassembled || data->only_reassembled << 16; - c = data->stateless || data->established << 16; + a = data->from_server | (data->from_client << 16); + b = data->ignore_reassembled | (data->only_reassembled << 16); + c = data->stateless | (data->established << 16); mix(a,b,c); mix_str(a,b,c,get_name()); diff --git a/src/log/log_text.cc b/src/log/log_text.cc index d5d0ed3f6..3557638d1 100644 --- a/src/log/log_text.cc +++ b/src/log/log_text.cc @@ -270,8 +270,8 @@ void LogIpAddrs(TextLog* log, Packet* p) else { TextLog_Print(log, ip_fmt, - inet_ntoax(p->ptrs.ip_api.get_src(), src), - inet_ntoax(p->ptrs.ip_api.get_dst(), dst)); + sfip_ntop(p->ptrs.ip_api.get_src(), src, sizeof(src)), + sfip_ntop(p->ptrs.ip_api.get_dst(), dst, sizeof(dst))); } } else @@ -292,8 +292,8 @@ void LogIpAddrs(TextLog* log, Packet* p) else { TextLog_Print(log, ip_fmt, - inet_ntoax(p->ptrs.ip_api.get_src(), src), p->ptrs.sp, - inet_ntoax(p->ptrs.ip_api.get_dst(), dst), p->ptrs.dp); + sfip_ntop(p->ptrs.ip_api.get_src(), src, sizeof(src)), p->ptrs.sp, + sfip_ntop(p->ptrs.ip_api.get_dst(), dst, sizeof(dst)), p->ptrs.dp); } } } diff --git a/src/loggers/alert_syslog.cc b/src/loggers/alert_syslog.cc index 821eed384..24162926b 100644 --- a/src/loggers/alert_syslog.cc +++ b/src/loggers/alert_syslog.cc @@ -260,8 +260,8 @@ static void AlertSyslog( else { SnortSnprintfAppend(event_string, sizeof(event_string), ip_fmt, - inet_ntoax(p->ptrs.ip_api.get_src(), src), - inet_ntoax(p->ptrs.ip_api.get_dst(), dst)); + sfip_ntop(p->ptrs.ip_api.get_src(), src, sizeof(src)), + sfip_ntop(p->ptrs.ip_api.get_dst(), dst, sizeof(dst))); } } else @@ -283,8 +283,8 @@ static void AlertSyslog( else { SnortSnprintfAppend(event_string, sizeof(event_string), ip_fmt, - inet_ntoax(p->ptrs.ip_api.get_src(), src), p->ptrs.sp, - inet_ntoax(p->ptrs.ip_api.get_dst(), dst), p->ptrs.dp); + sfip_ntop(p->ptrs.ip_api.get_src(), src, sizeof(src)), p->ptrs.sp, + sfip_ntop(p->ptrs.ip_api.get_dst(), dst, sizeof(dst)), p->ptrs.dp); } } diff --git a/src/main.cc b/src/main.cc index 299d9bcbe..d99bef1e8 100644 --- a/src/main.cc +++ b/src/main.cc @@ -71,10 +71,6 @@ static int main_exit_code = 0; static bool paused = false; static std::queue orphan_commands; -#ifdef SHELL -static bool shell_enabled = false; -#endif - static std::mutex poke_mutex; static Ring* pig_poke = nullptr; @@ -414,7 +410,6 @@ int main_resume(lua_State* L) #ifdef SHELL int main_detach(lua_State*) { - shell_enabled = false; current_request->respond("== detaching\n"); return 0; } @@ -621,7 +616,6 @@ static bool set_mode() if ( use_shell(snort_conf) ) { LogMessage("Entering command shell\n"); - shell_enabled = true; ControlMgmt::add_control(STDOUT_FILENO, true); } #endif diff --git a/src/main/snort.cc b/src/main/snort.cc index f83c50cf7..d9cb48a71 100644 --- a/src/main/snort.cc +++ b/src/main/snort.cc @@ -679,7 +679,11 @@ bool Snort::thread_init_privileged(const char* intf) SFDAQInstance *daq_instance = new SFDAQInstance(intf); SFDAQ::set_local_instance(daq_instance); if (!daq_instance->configure(snort_conf)) + { + SFDAQ::set_local_instance(nullptr); + delete daq_instance; return false; + } return true; } diff --git a/src/main/snort_debug.cc b/src/main/snort_debug.cc index 44197695a..325e61b05 100644 --- a/src/main/snort_debug.cc +++ b/src/main/snort_debug.cc @@ -169,8 +169,6 @@ static int test_fputs(const char* str, FILE*) TEST_CASE("macros", "[trace]") { - const Trace my_flags = TRACE_SECTION_1 | TRACE_SECTION_2 | TRACE_SECTION_3; - TestCase cases[] = { { diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index 2c1dd7da0..03db03479 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -735,14 +735,14 @@ void AppIdDiscovery::do_application_discovery(Packet* p) case IpProtocol::TCP: if (asd->get_session_flags(APPID_SESSION_SYN_RST)) // TCP-specific exception break; - // fall through to next test + // fallthrough case IpProtocol::UDP: // Both TCP and UDP need this test to be made // against only the p->src_port of the response. // For all other cases the port parameter is never checked. if (direction != APP_ID_FROM_RESPONDER) break; - // fall through to all other cases + // fallthrough // All protocols other than TCP and UDP come straight here. default: { diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index 5eac558e6..e0728196c 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -91,12 +91,17 @@ void AppIdSession::set_session_logging_state(const Packet* pkt, int direction) } if (session_logging_enabled) + { + char src_ip_str[INET6_ADDRSTRLEN], dst_ip_str[INET6_ADDRSTRLEN]; + + pkt->ptrs.ip_api.get_src()->ntop(src_ip_str, sizeof(src_ip_str)); + pkt->ptrs.ip_api.get_dst()->ntop(dst_ip_str, sizeof(dst_ip_str)); snprintf(session_logging_id, MAX_SESSION_LOGGING_ID_LEN, "%s-%hu -> %s-%hu %u%s AS %u I %u", - pkt->ptrs.ip_api.get_src()->ntoa(), pkt->ptrs.sp, - pkt->ptrs.ip_api.get_dst()->ntoa(), pkt->ptrs.dp, + src_ip_str, pkt->ptrs.sp, dst_ip_str, pkt->ptrs.dp, (unsigned)pkt->ptrs.type, (direction == APP_ID_FROM_INITIATOR) ? "" : " R", (unsigned)pkt->pkth->address_space_id, get_instance_id()); + } } AppIdSession* AppIdSession::allocate_session(const Packet* p, IpProtocol proto, int direction) diff --git a/src/network_inspectors/appid/appid_stats.cc b/src/network_inspectors/appid/appid_stats.cc index 1bdd27bd9..1d217599b 100644 --- a/src/network_inspectors/appid/appid_stats.cc +++ b/src/network_inspectors/appid/appid_stats.cc @@ -352,7 +352,7 @@ static void update_stats(AppIdSession* asd, AppId app_id, StatsBucket* bucket) } else { - WarningMessage("Error saving statistics record for app id: %u", app_id); + WarningMessage("Error saving statistics record for app id: %d", app_id); snort_free(record); record = nullptr; } diff --git a/src/network_inspectors/appid/client_plugins/client_app_ssh.cc b/src/network_inspectors/appid/client_plugins/client_app_ssh.cc index 6f242d73c..46c76cd4c 100644 --- a/src/network_inspectors/appid/client_plugins/client_app_ssh.cc +++ b/src/network_inspectors/appid/client_plugins/client_app_ssh.cc @@ -337,7 +337,7 @@ static inline int ssh_client_validate_pubkey(uint16_t offset, const uint8_t* dat else fd->plen = 0; fd->oldhstate = SSH1_HEADER_FIND_CODE; - // Fall through to SSH1_HEADER_FIND_CODE state. + // fallthrough case SSH1_HEADER_FIND_CODE: if (fd->pos == fd->plen + sizeof(ckx->len)) { diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.cc b/src/network_inspectors/appid/client_plugins/client_discovery.cc index cce498342..c58059d15 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.cc +++ b/src/network_inspectors/appid/client_plugins/client_discovery.cc @@ -164,7 +164,7 @@ static int pattern_match(void* id, void* /*unused_tree*/, int match_end_pos, voi static const ClientDetector* get_next_detector(ClientAppMatch** match_list) { - ClientAppMatch* curr = nullptr; + ClientAppMatch* curr; ClientAppMatch* prev = nullptr; ClientAppMatch* max_curr = nullptr; ClientAppMatch* max_prev = nullptr; diff --git a/src/network_inspectors/appid/detector_plugins/detector_imap.cc b/src/network_inspectors/appid/detector_plugins/detector_imap.cc index a2a36df7c..1ebce6fd3 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_imap.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_imap.cc @@ -621,7 +621,7 @@ int ImapClientDetector::validate(AppIdDiscoveryArgs& args) ; /*s is now at command beginning */ - if ((length = (end - s)) <= 0) + if (s >= end) { dd->need_continue = 0; args.asd->set_client_detected(); @@ -630,6 +630,7 @@ int ImapClientDetector::validate(AppIdDiscoveryArgs& args) } cmd = nullptr; pattern_index = num_imap_client_patterns; + length = end - s; cmd_matcher->find_all((char*)s, (length > longest_pattern ? longest_pattern : length), &pattern_match, false, (void*)&pattern_index); diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.cc b/src/network_inspectors/appid/detector_plugins/detector_sip.cc index cb634b973..560b23f33 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_sip.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_sip.cc @@ -78,7 +78,6 @@ struct ClientSIPData struct DetectorSipConfig { - bool enabled; void* sip_ua_matcher; DetectorAppSipPattern* sip_ua_list; void* sip_server_matcher; diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc index edf614aef..6c66bf689 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc @@ -147,121 +147,121 @@ struct MatchedPatterns MatchedPatterns* next; }; -static DetectorHTTPPatterns content_type_patterns = +static DetectorHTTPPatterns static_content_type_patterns = { { SINGLE, 0, APP_ID_QUICKTIME, 0, - APP_ID_QUICKTIME, sizeof(QUICKTIME_BANNER)-1, (uint8_t*)QUICKTIME_BANNER, false }, + APP_ID_QUICKTIME, sizeof(QUICKTIME_BANNER)-1, (uint8_t*)QUICKTIME_BANNER }, { SINGLE, 0, APP_ID_MPEG, 0, - APP_ID_MPEG, sizeof(MPEG_BANNER)-1, (uint8_t*)MPEG_BANNER, false }, + APP_ID_MPEG, sizeof(MPEG_BANNER)-1, (uint8_t*)MPEG_BANNER }, { SINGLE, 0, APP_ID_MPEG, 0, - APP_ID_MPEG, sizeof(MPA_BANNER)-1, (uint8_t*)MPA_BANNER, false }, + APP_ID_MPEG, sizeof(MPA_BANNER)-1, (uint8_t*)MPA_BANNER }, { SINGLE, 0, APP_ID_MPEG, 0, - APP_ID_MPEG, sizeof(MP4A_BANNER)-1, (uint8_t*)MP4A_BANNER, false }, + APP_ID_MPEG, sizeof(MP4A_BANNER)-1, (uint8_t*)MP4A_BANNER }, { SINGLE, 0, APP_ID_MPEG, 0, - APP_ID_MPEG, sizeof(ROBUST_MPA_BANNER)-1, (uint8_t*)ROBUST_MPA_BANNER, false }, + APP_ID_MPEG, sizeof(ROBUST_MPA_BANNER)-1, (uint8_t*)ROBUST_MPA_BANNER }, { SINGLE, 0, APP_ID_MPEG, 0, - APP_ID_MPEG, sizeof(XSCPLS_BANNER)-1, (uint8_t*)XSCPLS_BANNER, false }, + APP_ID_MPEG, sizeof(XSCPLS_BANNER)-1, (uint8_t*)XSCPLS_BANNER }, { SINGLE, 0, APP_ID_SHOCKWAVE, 0, - APP_ID_SHOCKWAVE, sizeof(SHOCKWAVE_BANNER)-1, (uint8_t*)SHOCKWAVE_BANNER, false }, + APP_ID_SHOCKWAVE, sizeof(SHOCKWAVE_BANNER)-1, (uint8_t*)SHOCKWAVE_BANNER }, { SINGLE, 0, APP_ID_RSS, 0, - APP_ID_RSS, sizeof(RSS_BANNER)-1, (uint8_t*)RSS_BANNER, false }, + APP_ID_RSS, sizeof(RSS_BANNER)-1, (uint8_t*)RSS_BANNER }, { SINGLE, 0, APP_ID_ATOM, 0, - APP_ID_ATOM, sizeof(ATOM_BANNER)-1, (uint8_t*)ATOM_BANNER, false }, + APP_ID_ATOM, sizeof(ATOM_BANNER)-1, (uint8_t*)ATOM_BANNER }, { SINGLE, 0, APP_ID_MP4, 0, - APP_ID_MP4, sizeof(MP4_BANNER)-1, (uint8_t*)MP4_BANNER, false }, + APP_ID_MP4, sizeof(MP4_BANNER)-1, (uint8_t*)MP4_BANNER }, { SINGLE, 0, APP_ID_WMV, 0, - APP_ID_WMV, sizeof(WMV_BANNER)-1, (uint8_t*)WMV_BANNER, false }, + APP_ID_WMV, sizeof(WMV_BANNER)-1, (uint8_t*)WMV_BANNER }, { SINGLE, 0, APP_ID_WMA, 0, - APP_ID_WMA, sizeof(WMA_BANNER)-1, (uint8_t*)WMA_BANNER, false }, + APP_ID_WMA, sizeof(WMA_BANNER)-1, (uint8_t*)WMA_BANNER }, { SINGLE, 0, APP_ID_WAV, 0, - APP_ID_WAV, sizeof(WAV_BANNER)-1, (uint8_t*)WAV_BANNER, false }, + APP_ID_WAV, sizeof(WAV_BANNER)-1, (uint8_t*)WAV_BANNER }, { SINGLE, 0, APP_ID_WAV, 0, - APP_ID_WAV, sizeof(X_WAV_BANNER)-1, (uint8_t*)X_WAV_BANNER, false }, + APP_ID_WAV, sizeof(X_WAV_BANNER)-1, (uint8_t*)X_WAV_BANNER }, { SINGLE, 0, APP_ID_WAV, 0, - APP_ID_WAV, sizeof(VND_WAV_BANNER)-1, (uint8_t*)VND_WAV_BANNER, false }, + APP_ID_WAV, sizeof(VND_WAV_BANNER)-1, (uint8_t*)VND_WAV_BANNER }, { SINGLE, 0, APP_ID_FLASH_VIDEO, 0, - APP_ID_FLASH_VIDEO, sizeof(FLV_BANNER)-1, (uint8_t*)FLV_BANNER, false }, + APP_ID_FLASH_VIDEO, sizeof(FLV_BANNER)-1, (uint8_t*)FLV_BANNER }, { SINGLE, 0, APP_ID_FLASH_VIDEO, 0, - APP_ID_FLASH_VIDEO, sizeof(M4V_BANNER)-1, (uint8_t*)M4V_BANNER, false }, + APP_ID_FLASH_VIDEO, sizeof(M4V_BANNER)-1, (uint8_t*)M4V_BANNER }, { SINGLE, 0, APP_ID_FLASH_VIDEO, 0, - APP_ID_FLASH_VIDEO, sizeof(GPP_BANNER)-1, (uint8_t*)GPP_BANNER, false }, + APP_ID_FLASH_VIDEO, sizeof(GPP_BANNER)-1, (uint8_t*)GPP_BANNER }, { SINGLE, 0, APP_ID_GENERIC, 0, - APP_ID_GENERIC, sizeof(VIDEO_BANNER)-1, (uint8_t*)VIDEO_BANNER, false }, + APP_ID_GENERIC, sizeof(VIDEO_BANNER)-1, (uint8_t*)VIDEO_BANNER }, { SINGLE, 0, APP_ID_GENERIC, 0, - APP_ID_GENERIC, sizeof(AUDIO_BANNER)-1, (uint8_t*)AUDIO_BANNER, false }, + APP_ID_GENERIC, sizeof(AUDIO_BANNER)-1, (uint8_t*)AUDIO_BANNER }, }; -static DetectorHTTPPatterns via_http_detector_patterns = +static DetectorHTTPPatterns static_via_http_detector_patterns = { - { SINGLE, APP_ID_SQUID, 0, 0, APP_ID_SQUID, SQUID_PATTERN_SIZE, (uint8_t*)SQUID_PATTERN, false }, + { SINGLE, APP_ID_SQUID, 0, 0, APP_ID_SQUID, SQUID_PATTERN_SIZE, (uint8_t*)SQUID_PATTERN }, }; -static DetectorHTTPPatterns http_host_payload_patterns = +static DetectorHTTPPatterns static_http_host_payload_patterns = { { SINGLE, 0, 0, APP_ID_MYSPACE, - APP_ID_MYSPACE, MYSPACE_PATTERN_SIZE, (uint8_t*)MYSPACE_PATTERN, false }, + APP_ID_MYSPACE, MYSPACE_PATTERN_SIZE, (uint8_t*)MYSPACE_PATTERN }, { SINGLE, 0, 0, APP_ID_GMAIL, - APP_ID_GMAIL, GMAIL_PATTERN_SIZE, (uint8_t*)GMAIL_PATTERN, false }, + APP_ID_GMAIL, GMAIL_PATTERN_SIZE, (uint8_t*)GMAIL_PATTERN }, { SINGLE, 0, 0, APP_ID_GMAIL, - APP_ID_GMAIL, GMAIL_PATTERN2_SIZE, (uint8_t*)GMAIL_PATTERN2, false }, + APP_ID_GMAIL, GMAIL_PATTERN2_SIZE, (uint8_t*)GMAIL_PATTERN2 }, { SINGLE, 0, 0, APP_ID_AOL_EMAIL, - APP_ID_AOL_EMAIL, AOL_PATTERN_SIZE, (uint8_t*)AOL_PATTERN, false }, + APP_ID_AOL_EMAIL, AOL_PATTERN_SIZE, (uint8_t*)AOL_PATTERN }, { SINGLE, 0, 0, APP_ID_MICROSOFT_UPDATE, - APP_ID_MICROSOFT_UPDATE, MSUP_PATTERN_SIZE, (uint8_t*)MSUP_PATTERN, false }, + APP_ID_MICROSOFT_UPDATE, MSUP_PATTERN_SIZE, (uint8_t*)MSUP_PATTERN }, { SINGLE, 0, 0, APP_ID_MICROSOFT_UPDATE, - APP_ID_MICROSOFT_UPDATE,MSUP_PATTERN2_SIZE, (uint8_t*)MSUP_PATTERN2, false }, + APP_ID_MICROSOFT_UPDATE,MSUP_PATTERN2_SIZE, (uint8_t*)MSUP_PATTERN2 }, { SINGLE, 0, 0, APP_ID_YAHOOMAIL, - APP_ID_YAHOOMAIL, YAHOO_MAIL_PATTERN_SIZE, (uint8_t*)YAHOO_MAIL_PATTERN, false }, + APP_ID_YAHOOMAIL, YAHOO_MAIL_PATTERN_SIZE, (uint8_t*)YAHOO_MAIL_PATTERN }, { SINGLE, 0, 0, APP_ID_YAHOO_TOOLBAR, - APP_ID_YAHOO_TOOLBAR, YAHOO_TB_PATTERN_SIZE, (uint8_t*)YAHOO_TB_PATTERN, false }, + APP_ID_YAHOO_TOOLBAR, YAHOO_TB_PATTERN_SIZE, (uint8_t*)YAHOO_TB_PATTERN }, { SINGLE, 0, 0, APP_ID_ADOBE_UPDATE, - APP_ID_ADOBE_UPDATE, ADOBE_UP_PATTERN_SIZE, (uint8_t*)ADOBE_UP_PATTERN, false }, + APP_ID_ADOBE_UPDATE, ADOBE_UP_PATTERN_SIZE, (uint8_t*)ADOBE_UP_PATTERN }, { SINGLE, 0, 0, APP_ID_HOTMAIL, - APP_ID_HOTMAIL, HOTMAIL_PATTERN1_SIZE, (uint8_t*)HOTMAIL_PATTERN1, false }, + APP_ID_HOTMAIL, HOTMAIL_PATTERN1_SIZE, (uint8_t*)HOTMAIL_PATTERN1 }, { SINGLE, 0, 0, APP_ID_HOTMAIL, - APP_ID_HOTMAIL, HOTMAIL_PATTERN2_SIZE, (uint8_t*)HOTMAIL_PATTERN2, false }, + APP_ID_HOTMAIL, HOTMAIL_PATTERN2_SIZE, (uint8_t*)HOTMAIL_PATTERN2 }, { SINGLE, 0, 0, APP_ID_GOOGLE_TOOLBAR, - APP_ID_GOOGLE_TOOLBAR, GOOGLE_TB_PATTERN_SIZE, (uint8_t*)GOOGLE_TB_PATTERN, false }, + APP_ID_GOOGLE_TOOLBAR, GOOGLE_TB_PATTERN_SIZE, (uint8_t*)GOOGLE_TB_PATTERN }, }; -static DetectorHTTPPatterns client_agent_patterns = +static DetectorHTTPPatterns static_client_agent_patterns = { { USER_AGENT_HEADER, 0, FAKE_VERSION_APP_ID, 0, - FAKE_VERSION_APP_ID, VERSION_PATTERN_SIZE, (uint8_t*)VERSION_PATTERN, false }, + FAKE_VERSION_APP_ID, VERSION_PATTERN_SIZE, (uint8_t*)VERSION_PATTERN }, { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_INTERNET_EXPLORER, 0, - APP_ID_INTERNET_EXPLORER, sizeof(MSIE_PATTERN)-1, (uint8_t*)MSIE_PATTERN, false }, + APP_ID_INTERNET_EXPLORER, sizeof(MSIE_PATTERN)-1, (uint8_t*)MSIE_PATTERN }, { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_KONQUEROR, 0, - APP_ID_KONQUEROR, sizeof(KONQUEROR_PATTERN)-1, (uint8_t*)KONQUEROR_PATTERN, false }, + APP_ID_KONQUEROR, sizeof(KONQUEROR_PATTERN)-1, (uint8_t*)KONQUEROR_PATTERN }, { USER_AGENT_HEADER, APP_ID_SKYPE_AUTH, APP_ID_SKYPE, 0, - APP_ID_SKYPE, sizeof(SKYPE_PATTERN)-1, (uint8_t*)SKYPE_PATTERN, false }, + APP_ID_SKYPE, sizeof(SKYPE_PATTERN)-1, (uint8_t*)SKYPE_PATTERN }, { USER_AGENT_HEADER, APP_ID_BITTORRENT, APP_ID_BITTORRENT, 0, - APP_ID_BITTORRENT, sizeof(BITTORRENT_PATTERN)-1, (uint8_t*)BITTORRENT_PATTERN, false }, + APP_ID_BITTORRENT, sizeof(BITTORRENT_PATTERN)-1, (uint8_t*)BITTORRENT_PATTERN }, { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_FIREFOX, 0, - APP_ID_FIREFOX, sizeof(FIREFOX_PATTERN)-1, (uint8_t*)FIREFOX_PATTERN, false }, + APP_ID_FIREFOX, sizeof(FIREFOX_PATTERN)-1, (uint8_t*)FIREFOX_PATTERN }, { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_WGET, 0, - APP_ID_WGET, sizeof(WGET_PATTERN)-1, (uint8_t*)WGET_PATTERN, false }, + APP_ID_WGET, sizeof(WGET_PATTERN)-1, (uint8_t*)WGET_PATTERN }, { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_CURL, 0, - APP_ID_CURL, sizeof(CURL_PATTERN)-1, (uint8_t*)CURL_PATTERN, false }, + APP_ID_CURL, sizeof(CURL_PATTERN)-1, (uint8_t*)CURL_PATTERN }, { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_GOOGLE_DESKTOP, 0, - APP_ID_GOOGLE_DESKTOP, sizeof(GOOGLE_DESKTOP_PATTERN)-1, (uint8_t*)GOOGLE_DESKTOP_PATTERN, false }, + APP_ID_GOOGLE_DESKTOP, sizeof(GOOGLE_DESKTOP_PATTERN)-1, (uint8_t*)GOOGLE_DESKTOP_PATTERN }, { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_PICASA, 0, - APP_ID_PICASA, sizeof(PICASA_PATTERN)-1, (uint8_t*)PICASA_PATTERN, false }, + APP_ID_PICASA, sizeof(PICASA_PATTERN)-1, (uint8_t*)PICASA_PATTERN }, { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_SAFARI, 0, - APP_ID_SAFARI, sizeof(SAFARI_PATTERN)-1, (uint8_t*)SAFARI_PATTERN, false }, + APP_ID_SAFARI, sizeof(SAFARI_PATTERN)-1, (uint8_t*)SAFARI_PATTERN }, { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_OPERA, 0, - APP_ID_OPERA, sizeof(OPERA_PATTERN)-1, (uint8_t*)OPERA_PATTERN, false }, + APP_ID_OPERA, sizeof(OPERA_PATTERN)-1, (uint8_t*)OPERA_PATTERN }, { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_CHROME, 0, - APP_ID_CHROME, sizeof(CHROME_PATTERN)-1, (uint8_t*)CHROME_PATTERN, false }, + APP_ID_CHROME, sizeof(CHROME_PATTERN)-1, (uint8_t*)CHROME_PATTERN }, { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_SAFARI_MOBILE_DUMMY, 0, - APP_ID_SAFARI_MOBILE_DUMMY, sizeof(MOBILE_PATTERN)-1, (uint8_t*)MOBILE_PATTERN, false }, + APP_ID_SAFARI_MOBILE_DUMMY, sizeof(MOBILE_PATTERN)-1, (uint8_t*)MOBILE_PATTERN }, { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_BLACKBERRY_BROWSER, 0, - APP_ID_BLACKBERRY_BROWSER, sizeof(BLACKBERRY_PATTERN)-1, (uint8_t*)BLACKBERRY_PATTERN, false }, + APP_ID_BLACKBERRY_BROWSER, sizeof(BLACKBERRY_PATTERN)-1, (uint8_t*)BLACKBERRY_PATTERN }, { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_ANDROID_BROWSER, 0, - APP_ID_ANDROID_BROWSER, sizeof(ANDROID_PATTERN)-1, (uint8_t*)ANDROID_PATTERN, false }, + APP_ID_ANDROID_BROWSER, sizeof(ANDROID_PATTERN)-1, (uint8_t*)ANDROID_PATTERN }, { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_WINDOWS_MEDIA_PLAYER, 0, - APP_ID_WINDOWS_MEDIA_PLAYER, sizeof(MEDIAPLAYER_PATTERN)-1, (uint8_t*)MEDIAPLAYER_PATTERN, false }, + APP_ID_WINDOWS_MEDIA_PLAYER, sizeof(MEDIAPLAYER_PATTERN)-1, (uint8_t*)MEDIAPLAYER_PATTERN }, { USER_AGENT_HEADER, APP_ID_HTTP, APP_ID_APPLE_EMAIL, 0, - APP_ID_APPLE_EMAIL, sizeof(APPLE_EMAIL_PATTERN)-1, (uint8_t*)APPLE_EMAIL_PATTERN, false }, + APP_ID_APPLE_EMAIL, sizeof(APPLE_EMAIL_PATTERN)-1, (uint8_t*)APPLE_EMAIL_PATTERN }, }; static int match_query_elements(tMlpPattern* packetData, tMlpPattern* userPattern, @@ -332,7 +332,7 @@ static void free_app_url_patterns(std::vector& url_patte static void free_http_patterns(DetectorHTTPPatterns& patterns) { for (auto& pat: patterns) - if (pat.free_pattern && pat.pattern) + if (pat.pattern) snort_free(pat.pattern); } @@ -717,23 +717,26 @@ static SearchTool* process_http_field_patterns(FieldPattern* patternList, size_t return patternMatcher; } -static void process_patterns(SearchTool& matcher, DetectorHTTPPatterns& patterns) +static void process_patterns(SearchTool& matcher, DetectorHTTPPatterns& patterns, bool last = true) { for (auto& pat: patterns) matcher.add(pat.pattern, pat.pattern_size, &pat, false); - matcher.prep(); + if (last) + matcher.prep(); } int HttpPatternMatchers::finalize() { - process_patterns(via_matcher, via_http_detector_patterns); + process_patterns(via_matcher, static_via_http_detector_patterns); process_patterns(url_matcher, url_patterns); + process_patterns(client_agent_matcher, static_client_agent_patterns, false); process_patterns(client_agent_matcher, client_agent_patterns); - if (process_host_patterns(http_host_payload_patterns) < 0) + if (process_host_patterns(static_http_host_payload_patterns) < 0) return -1; + process_patterns(content_type_matcher, static_content_type_patterns, false); process_patterns(content_type_matcher, content_type_patterns); uint32_t numPatterns = sizeof(http_field_patterns) / sizeof(*http_field_patterns); diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h index 8070e0611..746230281 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h @@ -101,7 +101,6 @@ struct DetectorHTTPPattern pattern_size = len; pattern = (uint8_t*)snort_strdup((const char*)pat); - free_pattern = true; sequence = seq; service_id = service; client_id = client; @@ -118,7 +117,6 @@ struct DetectorHTTPPattern AppId app_id; unsigned pattern_size; uint8_t* pattern; - bool free_pattern; }; typedef std::vector DetectorHTTPPatterns; @@ -324,6 +322,8 @@ public: uint32_t numPartLimit, int level); private: + DetectorHTTPPatterns client_agent_patterns; + DetectorHTTPPatterns content_type_patterns; DetectorHTTPPatterns host_payload_patterns; DetectorHTTPPatterns url_patterns; std::vector app_url_patterns; diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index 62bf5890b..c34ae66e8 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -1108,7 +1108,6 @@ static int detector_add_content_type_pattern(lua_State* L) detector.pattern = pattern; detector.pattern_size = strlen((char*)pattern); detector.app_id = appId; - detector.free_pattern = true; HttpPatternMatchers::get_instance()->insert_content_type_pattern(detector); AppInfoManager::get_instance().set_app_info_active(appId); diff --git a/src/network_inspectors/appid/lua_detector_api.h b/src/network_inspectors/appid/lua_detector_api.h index b45998b28..dd2354011 100644 --- a/src/network_inspectors/appid/lua_detector_api.h +++ b/src/network_inspectors/appid/lua_detector_api.h @@ -77,7 +77,7 @@ public: class LuaServiceDetector : public LuaDetector, public ServiceDetector { public: - LuaServiceDetector(AppIdDiscovery* sdm, std::string detector_name, IpProtocol protocol) + LuaServiceDetector(AppIdDiscovery* sdm, const std::string& detector_name, IpProtocol protocol) { handler = sdm; name = detector_name; @@ -93,7 +93,7 @@ public: class LuaClientDetector : public LuaDetector, public ClientDetector { public: - LuaClientDetector(AppIdDiscovery* cdm, std::string detector_name, IpProtocol protocol) + LuaClientDetector(AppIdDiscovery* cdm, const std::string& detector_name, IpProtocol protocol) { handler = cdm; name = detector_name; diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc index 80a9854d5..6cbf16040 100644 --- a/src/network_inspectors/appid/service_plugins/service_ssl.cc +++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc @@ -111,6 +111,7 @@ struct ServiceSSLData struct ServiceSSLCertificate { X509* cert; + char* cert_name; uint8_t* common_name_ptr; int common_name_len; uint8_t* org_name_ptr; @@ -493,7 +494,8 @@ static bool parse_certificates(ServiceSSLData* ss) certs_head = certs_curr; num_certs++; - char* start = strstr(cert->name, COMMON_NAME_STR); + certs_curr->cert_name = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); + char* start = strstr(certs_curr->cert_name, COMMON_NAME_STR); if (start) { int length; @@ -510,7 +512,7 @@ static bool parse_certificates(ServiceSSLData* ss) common_name_tot_len += length; } - start = strstr(cert->name, ORG_NAME_STR); + start = strstr(certs_curr->cert_name, ORG_NAME_STR); if (start) { int length; @@ -594,6 +596,7 @@ static bool parse_certificates(ServiceSSLData* ss) certs_head = certs_head->next; crypto_lib_mutex.lock(); X509_free(certs_curr->cert); + OPENSSL_free(certs_curr->cert_name); crypto_lib_mutex.unlock(); snort_free(certs_curr); } diff --git a/src/network_inspectors/packet_capture/packet_capture.cc b/src/network_inspectors/packet_capture/packet_capture.cc index ff981f2bc..b0d436174 100644 --- a/src/network_inspectors/packet_capture/packet_capture.cc +++ b/src/network_inspectors/packet_capture/packet_capture.cc @@ -51,7 +51,7 @@ static THREAD_LOCAL struct sfbpf_program bpf; static inline bool capture_initialized() { return dumper != nullptr; } -void packet_capture_enable(string f) +void packet_capture_enable(const string& f) { if ( !config.enabled ) { diff --git a/src/network_inspectors/packet_capture/packet_capture.h b/src/network_inspectors/packet_capture/packet_capture.h index 508e6cb3e..272d67c9f 100644 --- a/src/network_inspectors/packet_capture/packet_capture.h +++ b/src/network_inspectors/packet_capture/packet_capture.h @@ -22,7 +22,7 @@ #include -void packet_capture_enable(std::string); +void packet_capture_enable(const std::string&); void packet_capture_disable(); #endif diff --git a/src/network_inspectors/perf_monitor/csv_formatter.h b/src/network_inspectors/perf_monitor/csv_formatter.h index c02ed905f..913c875c9 100644 --- a/src/network_inspectors/perf_monitor/csv_formatter.h +++ b/src/network_inspectors/perf_monitor/csv_formatter.h @@ -28,7 +28,7 @@ class CSVFormatter : public PerfFormatter { public: - CSVFormatter(std::string tracker_name) : PerfFormatter(tracker_name) {} + CSVFormatter(const std::string& tracker_name) : PerfFormatter(tracker_name) {} const char* get_extension() override { return ".csv"; } diff --git a/src/network_inspectors/perf_monitor/fbs_formatter.h b/src/network_inspectors/perf_monitor/fbs_formatter.h index 6b150f7e9..9c57d105a 100644 --- a/src/network_inspectors/perf_monitor/fbs_formatter.h +++ b/src/network_inspectors/perf_monitor/fbs_formatter.h @@ -28,7 +28,7 @@ class FbsFormatter : public PerfFormatter { public: - FbsFormatter(std::string tracker_name) : PerfFormatter(tracker_name) {} + FbsFormatter(const std::string& tracker_name) : PerfFormatter(tracker_name) {} const char* get_extension() override { return ".bfbs"; } diff --git a/src/network_inspectors/perf_monitor/perf_formatter.h b/src/network_inspectors/perf_monitor/perf_formatter.h index 9c136b30b..c0cfb1d04 100644 --- a/src/network_inspectors/perf_monitor/perf_formatter.h +++ b/src/network_inspectors/perf_monitor/perf_formatter.h @@ -66,7 +66,7 @@ enum FormatterType : uint8_t class PerfFormatter { public: - PerfFormatter(std::string tracker_name) + PerfFormatter(const std::string& tracker_name) { this->tracker_name = tracker_name; } virtual ~PerfFormatter() {} @@ -109,7 +109,7 @@ class MockFormatter : public PerfFormatter public: std::map public_values; - MockFormatter(std::string tracker_name) : PerfFormatter(tracker_name) {} + MockFormatter(const std::string& tracker_name) : PerfFormatter(tracker_name) {} void write(FILE*, time_t) override { diff --git a/src/network_inspectors/perf_monitor/perf_monitor.cc b/src/network_inspectors/perf_monitor/perf_monitor.cc index 1da7ff6aa..029c468f0 100644 --- a/src/network_inspectors/perf_monitor/perf_monitor.cc +++ b/src/network_inspectors/perf_monitor/perf_monitor.cc @@ -85,25 +85,25 @@ void PerfMonitor::show(SnortConfig*) LogMessage(" Packet Count: %d\n", config.pkt_cnt); LogMessage(" Max File Size: " STDu64 "\n", config.max_file_size); LogMessage(" Summary Mode: %s\n", - config.perf_flags & PERF_SUMMARY ? "ACTIVE" : "INACTIVE"); + (config.perf_flags & PERF_SUMMARY) ? "ACTIVE" : "INACTIVE"); LogMessage(" Base Stats: %s\n", - config.perf_flags & PERF_BASE ? "ACTIVE" : "INACTIVE"); + (config.perf_flags & PERF_BASE) ? "ACTIVE" : "INACTIVE"); LogMessage(" Flow Stats: %s\n", - config.perf_flags & PERF_FLOW ? "ACTIVE" : "INACTIVE"); + (config.perf_flags & PERF_FLOW) ? "ACTIVE" : "INACTIVE"); if (config.perf_flags & PERF_FLOW) { LogMessage(" Max Flow Port: %u\n", config.flow_max_port_to_track); } LogMessage(" Event Stats: %s\n", - config.perf_flags & PERF_EVENT ? "ACTIVE" : "INACTIVE"); + (config.perf_flags & PERF_EVENT) ? "ACTIVE" : "INACTIVE"); LogMessage(" Flow IP Stats: %s\n", - config.perf_flags & PERF_FLOWIP ? "ACTIVE" : "INACTIVE"); + (config.perf_flags & PERF_FLOWIP) ? "ACTIVE" : "INACTIVE"); if (config.perf_flags & PERF_FLOWIP) { LogMessage(" Flow IP Memcap: %u\n", config.flowip_memcap); } LogMessage(" CPU Stats: %s\n", - config.perf_flags & PERF_CPU ? "ACTIVE" : "INACTIVE"); + (config.perf_flags & PERF_CPU) ? "ACTIVE" : "INACTIVE"); switch(config.output) { case PERF_CONSOLE: diff --git a/src/network_inspectors/perf_monitor/text_formatter.h b/src/network_inspectors/perf_monitor/text_formatter.h index 7698efb06..7a8127088 100644 --- a/src/network_inspectors/perf_monitor/text_formatter.h +++ b/src/network_inspectors/perf_monitor/text_formatter.h @@ -26,7 +26,7 @@ class TextFormatter : public PerfFormatter { public: - TextFormatter(std::string tracker_name) : PerfFormatter(tracker_name) {} + TextFormatter(const std::string& tracker_name) : PerfFormatter(tracker_name) {} const char* get_extension() override { return ".txt"; } diff --git a/src/piglet/piglet_api.h b/src/piglet/piglet_api.h index 2a356d07f..2c9dda5ea 100644 --- a/src/piglet/piglet_api.h +++ b/src/piglet/piglet_api.h @@ -74,7 +74,7 @@ protected: std::string error; // FIXIT-L unused - void set_error(std::string s) // FIXIT-L unused + void set_error(const std::string& s) // FIXIT-L unused { error = s; } private: diff --git a/src/profiler/profiler_nodes.cc b/src/profiler/profiler_nodes.cc index 3741f9e6a..ee183571b 100644 --- a/src/profiler/profiler_nodes.cc +++ b/src/profiler/profiler_nodes.cc @@ -41,7 +41,7 @@ struct GetProfileFunctor { - GetProfileFunctor(std::string name) : name(name) { } + GetProfileFunctor(const std::string& name) : name(name) { } virtual ~GetProfileFunctor() = default; virtual const ProfileStats* operator()() = 0; @@ -51,7 +51,7 @@ struct GetProfileFunctor struct GetProfileFromModule : public GetProfileFunctor { - GetProfileFromModule(std::string name, Module* m) : + GetProfileFromModule(const std::string& name, Module* m) : GetProfileFunctor(name), m(m) { } const ProfileStats* operator()() override @@ -74,7 +74,7 @@ struct GetProfileFromModule : public GetProfileFunctor struct GetProfileFromFunction : public GetProfileFunctor { - GetProfileFromFunction(std::string name, get_profile_stats_fn fn) : + GetProfileFromFunction(const std::string& name, get_profile_stats_fn fn) : GetProfileFunctor(name), fn(fn) { } const ProfileStats* operator()() override @@ -120,10 +120,10 @@ void ProfilerNode::accumulate() } } -void ProfilerNodeMap::register_node(std::string n, const char* pn, Module* m) +void ProfilerNodeMap::register_node(const std::string &n, const char* pn, Module* m) { setup_node(get_node(n), get_node(pn ? pn : ROOT_NODE), m); } -void ProfilerNodeMap::register_node(std::string n, const char* pn, get_profile_stats_fn fn) +void ProfilerNodeMap::register_node(const std::string& n, const char* pn, get_profile_stats_fn fn) { setup_node(get_node(n), get_node(pn ? pn : ROOT_NODE), fn); } void ProfilerNodeMap::accumulate_nodes() @@ -144,7 +144,7 @@ void ProfilerNodeMap::reset_nodes() const ProfilerNode& ProfilerNodeMap::get_root() { return get_node(ROOT_NODE); } -ProfilerNode& ProfilerNodeMap::get_node(std::string key) +ProfilerNode& ProfilerNodeMap::get_node(const std::string& key) { auto node = nodes.emplace(key, key); return node.first->second; @@ -163,7 +163,7 @@ static ProfileStats* s_profiler_stats_getter(const char* name) return nullptr; } -static ProfilerNode find_node(const ProfilerNodeMap& tree, std::string name) +static ProfilerNode find_node(const ProfilerNodeMap& tree, const std::string& name) { for ( const auto& it : tree ) if ( it.first == name ) @@ -224,7 +224,6 @@ TEST_CASE( "get profile functor for module", "[profiler]" ) ProfileStats the_stats; SpyModule m("foo", &the_stats, false); GetProfileFromModule functor("foo", &m); - auto& ref = functor; SECTION( "one" ) { @@ -245,7 +244,6 @@ TEST_CASE( "get profile functor for function", "[profiler]" ) s_profiler_name = "foo"; GetProfileFromFunction functor("foo", s_profiler_stats_getter); - auto& ref = functor; CHECK( functor() == &the_stats ); } diff --git a/src/profiler/profiler_nodes.h b/src/profiler/profiler_nodes.h index 308714c8a..3f915735f 100644 --- a/src/profiler/profiler_nodes.h +++ b/src/profiler/profiler_nodes.h @@ -86,8 +86,8 @@ public: map_type::const_iterator end() const { return nodes.end(); } - void register_node(std::string, const char*, Module*); - void register_node(std::string, const char*, get_profile_stats_fn); + void register_node(const std::string&, const char*, Module*); + void register_node(const std::string&, const char*, get_profile_stats_fn); void accumulate_nodes(); void reset_nodes(); @@ -95,7 +95,7 @@ public: const ProfilerNode& get_root(); private: - ProfilerNode& get_node(std::string); + ProfilerNode& get_node(const std::string&); map_type nodes; }; diff --git a/src/profiler/profiler_stats_table.cc b/src/profiler/profiler_stats_table.cc index 3eb71dcb5..a39d19afd 100644 --- a/src/profiler/profiler_stats_table.cc +++ b/src/profiler/profiler_stats_table.cc @@ -62,7 +62,7 @@ void StatsTable::header(char c) if ( c ) { - const auto* field = fields; + field = fields; while ( field->name ) { format(*field); diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc index a81013c54..bc7212a74 100644 --- a/src/service_inspectors/dce_rpc/smb_message.cc +++ b/src/service_inspectors/dce_rpc/smb_message.cc @@ -1607,7 +1607,7 @@ static void DCE2_Smb1Process(DCE2_SmbSsnData* ssd) } } - // Fall through for DCE2_SMB_DATA_STATE__SMB_HEADER + // Fall through // This is the normal progression without segmentation. // This state is to do validation checks on the SMB header and diff --git a/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc b/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc index 69136bdf4..905780349 100644 --- a/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc +++ b/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc @@ -31,7 +31,7 @@ void FtpDataSplitter::restart_scan() bytes = segs = 0; } -void set_ftp_flush_flag(Flow* flow) +static void set_ftp_flush_flag(Flow* flow) { FtpDataFlowData* fdfd = (FtpDataFlowData*)flow->get_flow_data(FtpDataFlowData::flow_id); if ( fdfd ) diff --git a/src/service_inspectors/pop/pop_paf.cc b/src/service_inspectors/pop/pop_paf.cc index 7a873136c..c91fdf3f4 100644 --- a/src/service_inspectors/pop/pop_paf.cc +++ b/src/service_inspectors/pop/pop_paf.cc @@ -332,7 +332,8 @@ static StreamSplitter::Status pop_paf_client(Flow* ssn, PopPafData* pfdata, set_server_state(ssn, pfdata->pop_state); } - //break; DO NOT UNCOMMENT!! both cases should check for a LF. + // both cases should check for a LF. + // fallthrough case POP_CMD_FIN: if (find_data_end_single_line(pfdata, ch, true) ) diff --git a/src/service_inspectors/ssl/ssl_inspector.cc b/src/service_inspectors/ssl/ssl_inspector.cc index 4060e3385..85176afbf 100644 --- a/src/service_inspectors/ssl/ssl_inspector.cc +++ b/src/service_inspectors/ssl/ssl_inspector.cc @@ -413,7 +413,7 @@ public: void show(SnortConfig*) override; void eval(Packet*) override; - StreamSplitter* get_splitter(bool c2s) + StreamSplitter* get_splitter(bool c2s) override { return new SslSplitter(c2s); } private: diff --git a/src/sfip/sf_ip.cc b/src/sfip/sf_ip.cc index 540b7bf58..09eb9aaf4 100644 --- a/src/sfip/sf_ip.cc +++ b/src/sfip/sf_ip.cc @@ -376,9 +376,9 @@ void SfIp::obfuscate(SfCidr* ob) ip32[3] |= ob_p[3]; } -void SfIp::ntop(char* buf, int bufsize) const +const char* SfIp::ntop(char* buf, int bufsize) const { - snort_inet_ntop(family, get_ptr(), buf, bufsize); + return snort_inet_ntop(family, get_ptr(), buf, bufsize); } /* Uses a static buffer to return a string representation of the IP */ @@ -391,7 +391,7 @@ const char* SfIp::ntoa() const return buf; } -void snort_inet_ntop(int family, const void* ip_raw, char* buf, int bufsize) +const char* snort_inet_ntop(int family, const void* ip_raw, char* buf, int bufsize) { if (!ip_raw || !buf || (family != AF_INET && family != AF_INET6) || @@ -405,7 +405,7 @@ void snort_inet_ntop(int family, const void* ip_raw, char* buf, int bufsize) { if (buf && bufsize > 0) buf[0] = 0; - return; + return buf; } #if defined(HAVE_INET_NTOP) && !defined(REG_TEST) @@ -448,17 +448,20 @@ void snort_inet_ntop(int family, const void* ip_raw, char* buf, int bufsize) } } #endif + return buf; } -void sfip_ntop(const SfIp* ip, char* buf, int bufsize) +const char* sfip_ntop(const SfIp* ip, char* buf, int bufsize) { if (!ip) { if (buf && bufsize > 0) buf[0] = 0; - return; } - ip->ntop(buf, bufsize); + else + ip->ntop(buf, bufsize); + + return buf; } bool SfIp::is_mapped() const diff --git a/src/sfip/sf_ip.h b/src/sfip/sf_ip.h index dac4eacde..39442f3b8 100644 --- a/src/sfip/sf_ip.h +++ b/src/sfip/sf_ip.h @@ -78,7 +78,7 @@ struct SO_PUBLIC SfIp bool is_loopback() const; bool is_private() const; - void ntop(char* buf, int bufsize) const; + const char* ntop(char* buf, int bufsize) const; const char* ntoa() const; void obfuscate(SfCidr* ob); @@ -449,7 +449,7 @@ inline bool SfIp::fast_equals_raw(const SfIp& ip2) const /* End of member function definitions */ -SO_PUBLIC void sfip_ntop(const SfIp* ip, char* buf, int bufsize); +SO_PUBLIC const char* sfip_ntop(const SfIp* ip, char* buf, int bufsize); inline std::ostream& operator<<(std::ostream& os, const SfIp* addr) { @@ -460,7 +460,7 @@ inline std::ostream& operator<<(std::ostream& os, const SfIp* addr) } // FIXIT-L X This should be in utils_net if anywhere, but that makes it way harder to link into unit tests -SO_PUBLIC void snort_inet_ntop(int family, const void* ip_raw, char* buf, int bufsize); +SO_PUBLIC const char* snort_inet_ntop(int family, const void* ip_raw, char* buf, int bufsize); #endif diff --git a/src/sfrt/sfrt.cc b/src/sfrt/sfrt.cc index cfecb72e0..b4cc8f9d6 100644 --- a/src/sfrt/sfrt.cc +++ b/src/sfrt/sfrt.cc @@ -748,14 +748,14 @@ int main() return 1; } - printf("%d\t %x: %c -> %c\n", index, ip_list[index], + printf("%u\t %x: %c -> %c\n", index, ip_list[index], data[index%NUM_DATA], *(uint32_t*)sfrt_lookup(&ip_list[index], dir)); } for (index=0; index < NUM_IPS; index++) { val = *(uint32_t*)sfrt_lookup(&ip_list[index], dir); - printf("\t@%d\t%x: %c. originally:\t%c\n", + printf("\t@%u\t%x: %c. originally:\t%c\n", index, ip_list[index], val, data[index%NUM_DATA]); } diff --git a/src/side_channel/side_channel.cc b/src/side_channel/side_channel.cc index 0369ab8cb..ca292ccda 100644 --- a/src/side_channel/side_channel.cc +++ b/src/side_channel/side_channel.cc @@ -247,7 +247,7 @@ bool SideChannel::process(int max_messages) return received_message; } -void SideChannel::register_receive_handler(SCProcessMsgFunc handler) +void SideChannel::register_receive_handler(const SCProcessMsgFunc& handler) { DebugMessage(DEBUG_SIDE_CHANNEL,"SideChannelManager::register_receive_handler()\n"); receive_handler = handler; diff --git a/src/side_channel/side_channel.h b/src/side_channel/side_channel.h index e1238d21e..3fe2f87d3 100644 --- a/src/side_channel/side_channel.h +++ b/src/side_channel/side_channel.h @@ -61,7 +61,7 @@ public: SideChannel(); ~SideChannel(); - void register_receive_handler(SCProcessMsgFunc handler); + void register_receive_handler(const SCProcessMsgFunc& handler); void unregister_receive_handler(); bool process(int max_messages); diff --git a/src/stream/ip/ip_defrag.cc b/src/stream/ip/ip_defrag.cc index 3595bb49b..e6f74a0e3 100644 --- a/src/stream/ip/ip_defrag.cc +++ b/src/stream/ip/ip_defrag.cc @@ -1122,7 +1122,7 @@ int Defrag::insert(Packet* p, FragTracker* ft, FragEngine* fe) /* Reset the offset to handle the weird Solaris case */ if (firstLastOk == FRAG_LAST_OFFSET_ADJUST) frag_offset = (uint16_t)ft->calculated_size; - + if (IP_MAXPACKET - frag_offset < fragLength) { trace_log(stream_ip, "[..] Oversize frag!\n"); @@ -1613,7 +1613,7 @@ left_overlap_last: /* Otherwise, treat it as a POLICY_FIRST, * and trim accordingly. */ - /* ie, fall through to the next case */ + /* fallthrough */ /* * overlap is rejected diff --git a/src/stream/tcp/tcp_event_logger.cc b/src/stream/tcp/tcp_event_logger.cc index 283a4ff32..340bcd86b 100644 --- a/src/stream/tcp/tcp_event_logger.cc +++ b/src/stream/tcp/tcp_event_logger.cc @@ -94,7 +94,7 @@ void TcpEventLogger::log_internal_event(uint32_t eventSid) { tcpStats.internalEvents++; DetectionEngine::queue_event(GENERATOR_INTERNAL, eventSid); - DebugFormat(DEBUG_STREAM, "Stream raised internal event %d\n", eventSid); + DebugFormat(DEBUG_STREAM, "Stream raised internal event %u\n", eventSid); } } diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc index af5417e2c..5856038ee 100644 --- a/src/stream/tcp/tcp_session.cc +++ b/src/stream/tcp/tcp_session.cc @@ -96,6 +96,7 @@ bool TcpSession::setup(Packet* p) void TcpSession::restart(Packet* p) { // sanity check since this is called externally + assert(p); assert(p->ptrs.tcph); assert(p->flow == flow); diff --git a/src/utils/util_cstring.cc b/src/utils/util_cstring.cc index 8fb5ac17b..a7049290c 100644 --- a/src/utils/util_cstring.cc +++ b/src/utils/util_cstring.cc @@ -40,7 +40,7 @@ int SnortSnprintf(char* buf, size_t buf_size, const char* format, ...) va_list ap; int ret; - if (buf == NULL || buf_size <= 0 || format == NULL) + if (buf == NULL || buf_size == 0 || format == NULL) return SNORT_SNPRINTF_ERROR; /* zero first byte in case an error occurs with @@ -81,7 +81,7 @@ int SnortSnprintfAppend(char* buf, size_t buf_size, const char* format, ...) int ret; va_list ap; - if (buf == NULL || buf_size <= 0 || format == NULL) + if (buf == NULL || buf_size == 0 || format == NULL) return SNORT_SNPRINTF_ERROR; str_len = SnortStrnlen(buf, buf_size); @@ -135,7 +135,7 @@ int SnortStrncpy(char* dst, const char* src, size_t dst_size) { char* ret = NULL; - if (dst == NULL || src == NULL || dst_size <= 0) + if (dst == NULL || src == NULL || dst_size == 0) return SNORT_STRNCPY_ERROR; dst[dst_size - 1] = '\0'; diff --git a/src/utils/util_net.cc b/src/utils/util_net.cc index bd4b74320..c91ac0239 100644 --- a/src/utils/util_net.cc +++ b/src/utils/util_net.cc @@ -26,16 +26,6 @@ #include "sfip/sf_cidr.h" #include "util_cstring.h" -char* inet_ntoax(const SfIp* ip, InetBuf& ab) -{ - ab[0] = 0; - - if (ip) - SnortSnprintf(ab, sizeof(ab), "%s", ip->ntoa()); - - return ab; -} - char* ObfuscateIpToText(const SfIp* ip, SfCidr& homenet, SfCidr& obfunet, InetBuf& ab) { ab[0] = 0; diff --git a/src/utils/util_net.h b/src/utils/util_net.h index 3f57877ad..0b0bca2f2 100644 --- a/src/utils/util_net.h +++ b/src/utils/util_net.h @@ -26,8 +26,6 @@ struct SfCidr; typedef char InetBuf[INET6_ADDRSTRLEN]; -SO_PUBLIC char* inet_ntoax(const struct SfIp*, InetBuf&); - SO_PUBLIC char* ObfuscateIpToText( const struct SfIp*, SfCidr& homenet, SfCidr& obfuscate_net, InetBuf&); diff --git a/tools/snort2lua/helpers/converter.cc b/tools/snort2lua/helpers/converter.cc index 008c1c3b9..a5c18bb5f 100644 --- a/tools/snort2lua/helpers/converter.cc +++ b/tools/snort2lua/helpers/converter.cc @@ -389,10 +389,10 @@ int Converter::convert(std::string input, if (data_api.failed_conversions()) data_api.print_errors(rejects); - if (rule_api.failed_conversions()) - rule_api.print_rejects(rejects); + if (rule_api.failed_conversions()) + rule_api.print_rejects(rejects); - rejects.close(); + rejects.close(); } return rc; } diff --git a/tools/snort2lua/keyword_states/kws_config.cc b/tools/snort2lua/keyword_states/kws_config.cc index 8a92f745a..415179c35 100644 --- a/tools/snort2lua/keyword_states/kws_config.cc +++ b/tools/snort2lua/keyword_states/kws_config.cc @@ -50,9 +50,10 @@ bool Config::convert(std::istringstream& data_stream) const ConvertMap* map = util::find_map(config::config_api, keyword); if (map) { - cv.set_state(map->ctor(cv)); - if(data_stream.peek() == EOF) + if (data_stream.peek() == EOF) cv.set_empty_args(true); + /* cv.set_state() deletes this ConversionState object, so must return immediately after */ + cv.set_state(map->ctor(cv)); return true; } diff --git a/tools/snort2lua/keyword_states/kws_preprocessor.cc b/tools/snort2lua/keyword_states/kws_preprocessor.cc index b3d9708c8..330b61e51 100644 --- a/tools/snort2lua/keyword_states/kws_preprocessor.cc +++ b/tools/snort2lua/keyword_states/kws_preprocessor.cc @@ -49,9 +49,10 @@ bool Preprocessor::convert(std::istringstream& data_stream) if (map) { - cv.set_state(map->ctor(cv)); - if(data_stream.peek() == EOF) + if (data_stream.peek() == EOF) cv.set_empty_args(true); + /* cv.set_state() deletes this ConversionState object, so must return immediately after */ + cv.set_state(map->ctor(cv)); return true; } data_api.failed_conversion(data_stream, "preprocessor " + keyword + ":"); diff --git a/tools/snort2lua/preprocessor_states/pps_stream5_tcp.cc b/tools/snort2lua/preprocessor_states/pps_stream5_tcp.cc index 0e48bfec4..ca215aa1c 100644 --- a/tools/snort2lua/preprocessor_states/pps_stream5_tcp.cc +++ b/tools/snort2lua/preprocessor_states/pps_stream5_tcp.cc @@ -91,9 +91,14 @@ bool StreamTcp::parse_small_segments(std::istringstream& stream) table_api.add_option("maximum_size", min_bytes); table_api.close_table(); - if (!(stream >> ignore_ports)) - table_api.add_deleted_comment("ignore_ports"); - return true; + if ((stream >> ignore_ports) && !ignore_ports.compare("ignore_ports")) + { + uint16_t port; + + while (stream >> port) + ignore_ports += " " + std::to_string(port); + table_api.add_deleted_comment(ignore_ports); + } if (!stream.eof()) return false;