Exemplo n.º 1
0
static DetectTosData *DetectTosParse(const char *arg, bool negate)
{
    DetectTosData *tosd = NULL;
#define MAX_SUBSTRINGS 30
    int ret = 0, res = 0;
    int ov[MAX_SUBSTRINGS];

    ret = pcre_exec(parse_regex, parse_regex_study, arg, strlen(arg), 0, 0,
                    ov, MAX_SUBSTRINGS);

    if (ret != 2) {
        SCLogError(SC_ERR_PCRE_MATCH, "invalid tos option - %s. "
                   "The tos option value must be in the range "
                   "%u - %u", arg, DETECT_IPTOS_MIN, DETECT_IPTOS_MAX);
        goto error;
    }

    /* For TOS value */
    char tosbytes_str[64] = "";
    res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, 1,
                             tosbytes_str, sizeof(tosbytes_str));
    if (res < 0) {
        SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
        goto error;
    }

    int64_t tos = 0;

    if (tosbytes_str[0] == 'x' || tosbytes_str[0] == 'X') {
        int r = ByteExtractStringSigned(&tos, 16, 0, &tosbytes_str[1]);
        if (r < 0) {
            goto error;
        }
    } else {
        int r = ByteExtractStringSigned(&tos, 10, 0, &tosbytes_str[0]);
        if (r < 0) {
            goto error;
        }
    }

    if (!(tos >= DETECT_IPTOS_MIN && tos <= DETECT_IPTOS_MAX)) {
        SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid tos argument - "
                   "%s.  The tos option value must be in the range "
                   "%u - %u", tosbytes_str, DETECT_IPTOS_MIN, DETECT_IPTOS_MAX);
        goto error;
    }

    tosd = SCMalloc(sizeof(DetectTosData));
    if (unlikely(tosd == NULL))
        goto error;
    tosd->tos = (uint8_t)tos;
    tosd->negated = negate;

    return tosd;

error:
    return NULL;
}
Exemplo n.º 2
0
int ByteExtractStringInt8(int8_t *res, int base, uint16_t len, const char *str)
{
    int64_t i64;
    int ret;

    ret = ByteExtractStringSigned(&i64, base, len, str);
    if (ret <= 0) {
        return ret;
    }

    *res = (int8_t)i64;

    if ((int64_t)(*res) != i64) {
        SCLogError(SC_ERR_NUMERIC_VALUE_ERANGE, "Numeric value out of range "
                   "(%" PRIi64 " > %" PRIiMAX ")\n", i64, (intmax_t)CHAR_MAX);
        return -1;
    }

    return ret;
}
Exemplo n.º 3
0
int ByteExtractStringInt64(int64_t *res, int base, uint16_t len, const char *str)
{
    return ByteExtractStringSigned(res, base, len, str);
}
Exemplo n.º 4
0
DetectTosData *DetectTosParse(char *arg)
{
    DetectTosData *tosd = NULL;
#define MAX_SUBSTRINGS 30
    int ret = 0, res = 0;
    int ov[MAX_SUBSTRINGS];

    ret = pcre_exec(parse_regex, parse_regex_study, arg, strlen(arg), 0, 0,
                    ov, MAX_SUBSTRINGS);

    if (ret != 2) {
        SCLogError(SC_ERR_PCRE_MATCH, "invalid tos option - %s. "
                   "The tos option value must be in the range "
                   "%u - %u", arg, DETECT_IPTOS_MIN, DETECT_IPTOS_MAX);
        goto error;
    }

    const char *str_ptr;
    res = pcre_get_substring((char *)arg, ov, MAX_SUBSTRINGS, 1,
                             &str_ptr);
    if (res < 0) {
        SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
        goto error;
    }

    int64_t tos = 0;
    int negated = 0;

    if (*str_ptr == '!') {
        str_ptr++;
        negated = 1;
    }

    while (isspace((unsigned char)*str_ptr))
        str_ptr++;

    if (*str_ptr == 'x' || *str_ptr == 'X') {
        int r = ByteExtractStringSigned(&tos, 16, 0, str_ptr + 1);
        if (r < 0) {
            goto error;
        }
    } else {
        int r = ByteExtractStringSigned(&tos, 10, 0, str_ptr);
        if (r < 0) {
            goto error;
        }
    }
    if (!(tos >= DETECT_IPTOS_MIN && tos <= DETECT_IPTOS_MAX)) {
        SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid tos argument - "
                   "%s.  The tos option value must be in the range "
                   "%u - %u", str_ptr, DETECT_IPTOS_MIN, DETECT_IPTOS_MAX);
        goto error;
    }

    tosd = SCMalloc(sizeof(DetectTosData));
    if (unlikely(tosd == NULL))
        goto error;
    tosd->tos = (uint8_t)tos;
    tosd->negated = negated;

    return tosd;

error:
    if (tosd != NULL)
        DetectTosFree(tosd);
    return NULL;
}