/** * \test DetectIsdataatTestParse03 is a test to make sure that we return a correct IsdataatData structure * when given valid isdataat opt */ int DetectIsdataatTestParse03 (void) { int result = 0; DetectIsdataatData *idad = NULL; idad = DetectIsdataatParse("30,relative, rawbytes ", NULL); if (idad != NULL && idad->flags & ISDATAAT_RELATIVE && idad->flags & ISDATAAT_RAWBYTES) { DetectIsdataatFree(idad); result = 1; } return result; }
/** * \test DetectIsdataatTestParse01 is a test to make sure that we return a correct IsdataatData structure * when given valid isdataat opt */ int DetectIsdataatTestParse01 (void) { int result = 0; DetectIsdataatData *idad = NULL; idad = DetectIsdataatParse("30 ", NULL); if (idad != NULL) { DetectIsdataatFree(idad); result = 1; } return result; }
/** * \brief This function is used to parse isdataat options passed via isdataat: keyword * * \param isdataatstr Pointer to the user provided isdataat options * * \retval idad pointer to DetectIsdataatData on success * \retval NULL on failure */ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr, char **offset) { DetectIsdataatData *idad = NULL; char *args[3] = {NULL,NULL,NULL}; #define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; int i=0; ret = pcre_exec(parse_regex, parse_regex_study, isdataatstr, strlen(isdataatstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, isdataatstr); goto error; } if (ret > 1) { const char *str_ptr; res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[0] = (char *)str_ptr; if (ret > 2) { res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[1] = (char *)str_ptr; } if (ret > 3) { res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[2] = (char *)str_ptr; } idad = SCMalloc(sizeof(DetectIsdataatData)); if (unlikely(idad == NULL)) goto error; idad->flags = 0; idad->dataat = 0; if (args[0][0] != '-' && isalpha((unsigned char)args[0][0])) { if (offset == NULL) { SCLogError(SC_ERR_INVALID_ARGUMENT, "isdataat supplied with " "var name for offset. \"offset\" argument supplied to " "this function has to be non-NULL"); goto error; } *offset = SCStrdup(args[0]); if (*offset == NULL) goto error; } else { if (ByteExtractStringUint16(&idad->dataat, 10, strlen(args[0]), args[0]) < 0 ) { SCLogError(SC_ERR_INVALID_VALUE, "isdataat out of range"); SCFree(idad); idad = NULL; goto error; } } if (args[1] !=NULL) { idad->flags |= ISDATAAT_RELATIVE; if(args[2] !=NULL) idad->flags |= ISDATAAT_RAWBYTES; } if (isdataatstr[0] == '!') { idad->flags |= ISDATAAT_NEGATED; } for (i = 0; i < (ret -1); i++) { if (args[i] != NULL) SCFree(args[i]); } return idad; } error: for (i = 0; i < (ret -1) && i < 3; i++){ if (args[i] != NULL) SCFree(args[i]); } if (idad != NULL) DetectIsdataatFree(idad); return NULL; }
/** * \brief This function is used to parse isdataat options passed via isdataat: keyword * * \param isdataatstr Pointer to the user provided isdataat options * * \retval idad pointer to DetectIsdataatData on success * \retval NULL on failure */ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr) { DetectIsdataatData *idad = NULL; char *args[3] = {NULL,NULL,NULL}; #define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; int i=0; ret = pcre_exec(parse_regex, parse_regex_study, isdataatstr, strlen(isdataatstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, isdataatstr); goto error; } if (ret > 1) { const char *str_ptr; res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[0] = (char *)str_ptr; if (ret > 2) { res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[1] = (char *)str_ptr; } if (ret > 3) { res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[2] = (char *)str_ptr; } idad = SCMalloc(sizeof(DetectIsdataatData)); if (idad == NULL) goto error; idad->flags = 0; idad->dataat = 0; if (args[0] != NULL) { if (ByteExtractStringUint16(&idad->dataat, 10, strlen(args[0]), args[0]) < 0 ) { SCLogError(SC_ERR_INVALID_VALUE, "isdataat out of range"); SCFree(idad); idad = NULL; goto error; } } else { goto error; } if (args[1] !=NULL) { idad->flags |= ISDATAAT_RELATIVE; if(args[2] !=NULL) idad->flags |= ISDATAAT_RAWBYTES; } if (isdataatstr[0] == '!') { idad->flags |= ISDATAAT_NEGATED; } for (i = 0; i < (ret -1); i++) { if (args[i] != NULL) SCFree(args[i]); } return idad; } error: for (i = 0; i < (ret -1) && i < 3; i++){ if (args[i] != NULL) SCFree(args[i]); } if (idad != NULL) DetectIsdataatFree(idad); return NULL; }