From: Shivani Bhardwaj Date: Fri, 31 Oct 2025 10:52:38 +0000 (+0530) Subject: src: check retval of VarNameStoreRegister X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F14262%2Fhead;p=thirdparty%2Fsuricata.git src: check retval of VarNameStoreRegister VarNameStoreRegister can return 0 in case of any error conditions. Handle this case in all the users of this function. It is an unlikely event so add branch assistance accordingly. Bug 8054 --- diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c index 6df7e37922..deb4197a2a 100644 --- a/src/detect-flowbits.c +++ b/src/detect-flowbits.c @@ -134,7 +134,10 @@ static int FlowbitOrAddData(DetectEngineCtx *de_ctx, DetectFlowbitsData *cd, cha if (unlikely(cd->or_list == NULL)) return -1; for (uint8_t j = 0; j < cd->or_list_size ; j++) { - cd->or_list[j] = VarNameStoreRegister(strarr[j], VAR_TYPE_FLOW_BIT); + uint32_t varname_id = VarNameStoreRegister(strarr[j], VAR_TYPE_FLOW_BIT); + if (unlikely(varname_id == 0)) + return -1; + cd->or_list[j] = varname_id; de_ctx->max_fb_id = MAX(cd->or_list[j], de_ctx->max_fb_id); } @@ -349,7 +352,10 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst } cd->cmd = fb_cmd; } else { - cd->idx = VarNameStoreRegister(fb_name, VAR_TYPE_FLOW_BIT); + uint32_t varname_id = VarNameStoreRegister(fb_name, VAR_TYPE_FLOW_BIT); + if (unlikely(varname_id == 0)) + goto error; + cd->idx = varname_id; de_ctx->max_fb_id = MAX(cd->idx, de_ctx->max_fb_id); cd->cmd = fb_cmd; cd->or_list_size = 0; @@ -1610,6 +1616,7 @@ static int FlowBitsTestSig06(void) FAIL_IF_NULL(s); idx = VarNameStoreRegister("myflow", VAR_TYPE_FLOW_BIT); + FAIL_IF_NOT(idx); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); @@ -1684,6 +1691,7 @@ static int FlowBitsTestSig07(void) FAIL_IF_NULL(s); idx = VarNameStoreRegister("myflow", VAR_TYPE_FLOW_BIT); + FAIL_IF_NOT(idx); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); @@ -1759,6 +1767,7 @@ static int FlowBitsTestSig08(void) FAIL_IF_NULL(s); idx = VarNameStoreRegister("myflow", VAR_TYPE_FLOW_BIT); + FAIL_IF_NOT(idx); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); diff --git a/src/detect-flowint.c b/src/detect-flowint.c index 6c556f43df..c813ccbf4e 100644 --- a/src/detect-flowint.c +++ b/src/detect-flowint.c @@ -334,7 +334,10 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char SCLogError("malloc from strdup failed"); goto error; } - sfd->idx = VarNameStoreRegister(varname, VAR_TYPE_FLOW_INT); + uint32_t varname_id = VarNameStoreRegister(varname, VAR_TYPE_FLOW_INT); + if (unlikely(varname_id == 0)) + goto error; + sfd->idx = varname_id; SCLogDebug("sfd->name %s id %u", sfd->name, sfd->idx); sfd->modifier = modifier; diff --git a/src/detect-flowvar.c b/src/detect-flowvar.c index f940b76b6a..d539674245 100644 --- a/src/detect-flowvar.c +++ b/src/detect-flowvar.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2020 Open Information Security Foundation +/* Copyright (C) 2007-2025 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -178,7 +178,10 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char fd->name = SCStrdup(varname); if (unlikely(fd->name == NULL)) goto error; - fd->idx = VarNameStoreRegister(varname, VAR_TYPE_FLOW_VAR); + uint32_t varname_id = VarNameStoreRegister(varname, VAR_TYPE_FLOW_VAR); + if (unlikely(varname_id == 0)) + goto error; + fd->idx = varname_id; /* Okay so far so good, lets get this into a SigMatch * and put it in the Signature. */ diff --git a/src/detect-hostbits.c b/src/detect-hostbits.c index b9e209e10a..036f63234b 100644 --- a/src/detect-hostbits.c +++ b/src/detect-hostbits.c @@ -395,7 +395,10 @@ int DetectHostbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst if (unlikely(cd == NULL)) goto error; - cd->idx = VarNameStoreRegister(fb_name, VAR_TYPE_HOST_BIT); + uint32_t varname_id = VarNameStoreRegister(fb_name, VAR_TYPE_HOST_BIT); + if (unlikely(varname_id == 0)) + goto error; + cd->idx = varname_id; cd->cmd = fb_cmd; cd->tracker = hb_dir; cd->type = VAR_TYPE_HOST_BIT; diff --git a/src/detect-lua.c b/src/detect-lua.c index 07aaed2d62..7195c05a37 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2024 Open Information Security Foundation +/* Copyright (C) 2007-2025 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -575,6 +575,8 @@ static int DetectLuaSetupPrime(DetectEngineCtx *de_ctx, DetectLuaData *ld, const } uint32_t idx = VarNameStoreRegister(value, VAR_TYPE_FLOW_VAR); + if (unlikely(idx == 0)) + goto error; ld->flowvar[ld->flowvars++] = idx; SCLogDebug("script uses flowvar %u with script id %u", idx, ld->flowvars - 1); } @@ -597,6 +599,8 @@ static int DetectLuaSetupPrime(DetectEngineCtx *de_ctx, DetectLuaData *ld, const } uint32_t idx = VarNameStoreRegister(value, VAR_TYPE_FLOW_INT); + if (unlikely(idx == 0)) + goto error; ld->flowint[ld->flowints++] = idx; SCLogDebug("script uses flowint %u with script id %u", idx, ld->flowints - 1); } diff --git a/src/detect-pcre.c b/src/detect-pcre.c index 30f2977498..58c36ae022 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -815,21 +815,30 @@ static int DetectPcreParseCapture(const char *regexstr, DetectEngineCtx *de_ctx, return -1; } else if (strncmp(name_array[name_idx], "flow:", 5) == 0) { - pd->capids[pd->idx] = + uint32_t varname_id = VarNameStoreRegister(name_array[name_idx] + 5, VAR_TYPE_FLOW_VAR); + if (unlikely(varname_id == 0)) + return -1; + pd->capids[pd->idx] = varname_id; pd->captypes[pd->idx] = VAR_TYPE_FLOW_VAR; pd->idx++; } else if (strncmp(name_array[name_idx], "pkt:", 4) == 0) { - pd->capids[pd->idx] = + uint32_t varname_id = VarNameStoreRegister(name_array[name_idx] + 4, VAR_TYPE_PKT_VAR); + if (unlikely(varname_id == 0)) + return -1; + pd->capids[pd->idx] = varname_id; pd->captypes[pd->idx] = VAR_TYPE_PKT_VAR; SCLogDebug("id %u type %u", pd->capids[pd->idx], pd->captypes[pd->idx]); pd->idx++; } else if (strncmp(name_array[name_idx], "alert:", 6) == 0) { - pd->capids[pd->idx] = + uint32_t varname_id = VarNameStoreRegister(name_array[name_idx] + 6, VAR_TYPE_ALERT_VAR); + if (unlikely(varname_id == 0)) + return -1; + pd->capids[pd->idx] = varname_id; pd->captypes[pd->idx] = VAR_TYPE_ALERT_VAR; pd->idx++; @@ -890,16 +899,25 @@ static int DetectPcreParseCapture(const char *regexstr, DetectEngineCtx *de_ctx, } if (strcmp(type_str, "pkt") == 0) { - pd->capids[pd->idx] = VarNameStoreRegister((char *)capture_str, VAR_TYPE_PKT_VAR); + uint32_t varname_id = VarNameStoreRegister((char *)capture_str, VAR_TYPE_PKT_VAR); + if (unlikely(varname_id == 0)) + return -1; + pd->capids[pd->idx] = varname_id; pd->captypes[pd->idx] = VAR_TYPE_PKT_VAR; SCLogDebug("id %u type %u", pd->capids[pd->idx], pd->captypes[pd->idx]); pd->idx++; } else if (strcmp(type_str, "flow") == 0) { - pd->capids[pd->idx] = VarNameStoreRegister((char *)capture_str, VAR_TYPE_FLOW_VAR); + uint32_t varname_id = VarNameStoreRegister((char *)capture_str, VAR_TYPE_FLOW_VAR); + if (unlikely(varname_id == 0)) + return -1; + pd->capids[pd->idx] = varname_id; pd->captypes[pd->idx] = VAR_TYPE_FLOW_VAR; pd->idx++; } else if (strcmp(type_str, "alert") == 0) { - pd->capids[pd->idx] = VarNameStoreRegister((char *)capture_str, VAR_TYPE_ALERT_VAR); + uint32_t varname_id = VarNameStoreRegister((char *)capture_str, VAR_TYPE_ALERT_VAR); + if (unlikely(varname_id == 0)) + return -1; + pd->capids[pd->idx] = varname_id; pd->captypes[pd->idx] = VAR_TYPE_ALERT_VAR; pd->idx++; } diff --git a/src/detect-pktvar.c b/src/detect-pktvar.c index 7b3eb47757..96290d16c4 100644 --- a/src/detect-pktvar.c +++ b/src/detect-pktvar.c @@ -94,7 +94,7 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char size_t pcre2_len; uint8_t *content = NULL; uint16_t len = 0; - + DetectPktvarData *cd = NULL; pcre2_match_data *match = NULL; int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret != 3) { @@ -138,7 +138,7 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char } pcre2_substring_free((PCRE2_UCHAR8 *)varcontent); - DetectPktvarData *cd = SCCalloc(1, sizeof(DetectPktvarData)); + cd = SCCalloc(1, sizeof(DetectPktvarData)); if (unlikely(cd == NULL)) { pcre2_substring_free((PCRE2_UCHAR8 *)varname); SCFree(content); @@ -147,7 +147,10 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char cd->content = content; cd->content_len = len; - cd->id = VarNameStoreRegister(varname, VAR_TYPE_PKT_VAR); + uint32_t varname_id = VarNameStoreRegister(varname, VAR_TYPE_PKT_VAR); + if (unlikely(varname_id == 0)) + goto error; + cd->id = varname_id; pcre2_substring_free((PCRE2_UCHAR8 *)varname); /* Okay so far so good, lets get this into a SigMatch @@ -161,6 +164,7 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char return 0; error: + DetectPktvarFree(de_ctx, cd); if (match) { pcre2_match_data_free(match); } diff --git a/src/detect-xbits.c b/src/detect-xbits.c index 4056c3e496..06ca78346f 100644 --- a/src/detect-xbits.c +++ b/src/detect-xbits.c @@ -368,7 +368,10 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx, if (unlikely(cd == NULL)) return -1; - cd->idx = VarNameStoreRegister(fb_name, var_type); + uint32_t varname_id = VarNameStoreRegister(fb_name, var_type); + if (unlikely(varname_id == 0)) + goto error; + cd->idx = varname_id; cd->cmd = fb_cmd; cd->tracker = hb_dir; cd->type = var_type;