diff --git a/src/detect-base64-decode.c b/src/detect-base64-decode.c index 4c5279187c71..25fdf10e70c4 100644 --- a/src/detect-base64-decode.c +++ b/src/detect-base64-decode.c @@ -114,7 +114,6 @@ int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s static int DetectBase64DecodeParse(const char *str, uint32_t *bytes, uint32_t *offset, uint8_t *relative) { - int pcre_rc; const char *bytes_str = NULL; const char *offset_str = NULL; const char *relative_str = NULL; @@ -124,15 +123,15 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes, *offset = 0; *relative = 0; size_t pcre2_len; + pcre2_match_data *match = NULL; - pcre_rc = DetectParsePcreExec(&decode_pcre, str, 0, 0); + int pcre_rc = DetectParsePcreExec(&decode_pcre, &match, str, 0, 0); if (pcre_rc < 3) { goto error; } if (pcre_rc >= 3) { - if (pcre2_substring_get_bynumber( - decode_pcre.match, 2, (PCRE2_UCHAR8 **)&bytes_str, &pcre2_len) == 0) { + if (pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&bytes_str, &pcre2_len) == 0) { if (StringParseUint32(bytes, 10, 0, bytes_str) <= 0) { SCLogError("Bad value for bytes: \"%s\"", bytes_str); goto error; @@ -141,8 +140,7 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes, } if (pcre_rc >= 5) { - if (pcre2_substring_get_bynumber( - decode_pcre.match, 4, (PCRE2_UCHAR8 **)&offset_str, &pcre2_len) == 0) { + if (pcre2_substring_get_bynumber(match, 4, (PCRE2_UCHAR8 **)&offset_str, &pcre2_len) == 0) { if (StringParseUint32(offset, 10, 0, offset_str) <= 0) { SCLogError("Bad value for offset: \"%s\"", offset_str); goto error; @@ -151,8 +149,8 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes, } if (pcre_rc >= 6) { - if (pcre2_substring_get_bynumber( - decode_pcre.match, 5, (PCRE2_UCHAR8 **)&relative_str, &pcre2_len) == 0) { + if (pcre2_substring_get_bynumber(match, 5, (PCRE2_UCHAR8 **)&relative_str, &pcre2_len) == + 0) { if (strcmp(relative_str, "relative") == 0) { *relative = 1; } @@ -164,7 +162,12 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes, } retval = 1; + + pcre2_match_data_free(match); + match = NULL; + error: + if (bytes_str != NULL) { pcre2_substring_free((PCRE2_UCHAR8 *)bytes_str); } @@ -174,6 +177,9 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes, if (relative_str != NULL) { pcre2_substring_free((PCRE2_UCHAR8 *)relative_str); } + if (match) { + pcre2_match_data_free(match); + } return retval; } diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c index fd96a46e5ff9..ec9b27fc6406 100644 --- a/src/detect-byte-extract.c +++ b/src/detect-byte-extract.c @@ -214,11 +214,12 @@ int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatchData static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ctx, const char *arg) { DetectByteExtractData *bed = NULL; - int ret = 0, res = 0; + int res = 0; size_t pcre2len; int i = 0; + pcre2_match_data *match = NULL; - ret = DetectParsePcreExec(&parse_regex, arg, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, arg, 0, 0); if (ret < 3 || ret > 19) { SCLogError("parse error, ret %" PRId32 ", string \"%s\"", ret, arg); SCLogError("Invalid arg to byte_extract : %s " @@ -235,8 +236,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ /* no of bytes to extract */ char nbytes_str[64] = ""; pcre2len = sizeof(nbytes_str); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 1, (PCRE2_UCHAR8 *)nbytes_str, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)nbytes_str, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed " "for arg 1 for byte_extract"); @@ -253,8 +253,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ /* offset */ char offset_str[64] = ""; pcre2len = sizeof(offset_str); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 2, (PCRE2_UCHAR8 *)offset_str, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)offset_str, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed " "for arg 2 for byte_extract"); @@ -270,8 +269,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ /* var name */ char varname_str[256] = ""; pcre2len = sizeof(varname_str); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 3, (PCRE2_UCHAR8 *)varname_str, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)varname_str, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed " "for arg 3 for byte_extract"); @@ -285,7 +283,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ for (i = 4; i < ret; i++) { char opt_str[64] = ""; pcre2len = sizeof(opt_str); - res = SC_Pcre2SubstringCopy(parse_regex.match, i, (PCRE2_UCHAR8 *)opt_str, &pcre2len); + res = SC_Pcre2SubstringCopy(match, i, (PCRE2_UCHAR8 *)opt_str, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed " "for arg %d for byte_extract with %d", @@ -312,7 +310,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ char multiplier_str[16] = ""; pcre2len = sizeof(multiplier_str); res = pcre2_substring_copy_bynumber( - parse_regex.match, i, (PCRE2_UCHAR8 *)multiplier_str, &pcre2len); + match, i, (PCRE2_UCHAR8 *)multiplier_str, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed " "for arg %d for byte_extract", @@ -416,8 +414,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ char align_str[16] = ""; pcre2len = sizeof(align_str); - res = pcre2_substring_copy_bynumber( - parse_regex.match, i, (PCRE2_UCHAR8 *)align_str, &pcre2len); + res = pcre2_substring_copy_bynumber(match, i, (PCRE2_UCHAR8 *)align_str, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed " "for arg %d in byte_extract", @@ -507,10 +504,15 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_ bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_DEFAULT; } + pcre2_match_data_free(match); + return bed; error: if (bed != NULL) DetectByteExtractFree(de_ctx, bed); + if (match) { + pcre2_match_data_free(match); + } return NULL; } diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c index 4054f049347e..63d70aad5919 100644 --- a/src/detect-bytejump.c +++ b/src/detect-bytejump.c @@ -372,18 +372,19 @@ static DetectBytejumpData *DetectBytejumpParse( { DetectBytejumpData *data = NULL; char args[10][64]; - int ret = 0, res = 0; + int res = 0; size_t pcre2len; int numargs = 0; int i = 0; uint32_t nbytes = 0; char *str_ptr; char *end_ptr; + pcre2_match_data *match = NULL; memset(args, 0x00, sizeof(args)); /* Execute the regex and populate args with captures. */ - ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, optstr, 0, 0); if (ret < 2 || ret > 10) { SCLogError("parse error, ret %" PRId32 ", string \"%s\"", ret, optstr); goto error; @@ -395,7 +396,7 @@ static DetectBytejumpData *DetectBytejumpParse( */ char str[512] = ""; pcre2len = sizeof(str); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)str, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)str, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed " "for arg 1"); @@ -425,8 +426,7 @@ static DetectBytejumpData *DetectBytejumpParse( /* The remaining args are directly from PCRE substrings */ for (i = 1; i < (ret - 1); i++) { pcre2len = sizeof(args[0]); - res = pcre2_substring_copy_bynumber( - parse_regex.match, i + 1, (PCRE2_UCHAR8 *)args[i + 1], &pcre2len); + res = pcre2_substring_copy_bynumber(match, i + 1, (PCRE2_UCHAR8 *)args[i + 1], &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed for arg %d", i + 1); goto error; @@ -554,6 +554,7 @@ static DetectBytejumpData *DetectBytejumpParse( } } + pcre2_match_data_free(match); return data; error: @@ -567,6 +568,9 @@ static DetectBytejumpData *DetectBytejumpParse( } if (data != NULL) DetectBytejumpFree(de_ctx, data); + if (match) { + pcre2_match_data_free(match); + } return NULL; } diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c index d888664205a7..3eeba0f0f0e6 100644 --- a/src/detect-bytetest.c +++ b/src/detect-bytetest.c @@ -330,14 +330,15 @@ static DetectBytetestData *DetectBytetestParse( }; char *test_value = NULL; char *data_offset = NULL; - int ret = 0, res = 0; + int res = 0; size_t pcre2_len; int i; uint32_t nbytes; const char *str_ptr = NULL; + pcre2_match_data *match = NULL; /* Execute the regex and populate args with captures. */ - ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, optstr, 0, 0); if (ret < 4 || ret > 9) { SCLogError("parse error, ret %" PRId32 ", string %s", ret, optstr); goto error; @@ -345,8 +346,7 @@ static DetectBytetestData *DetectBytetestParse( /* Subtract two since two values are conjoined */ for (i = 0; i < (ret - 1); i++) { - res = pcre2_substring_get_bynumber( - parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed " "for arg %d", @@ -562,6 +562,7 @@ static DetectBytetestData *DetectBytetestParse( if (data_offset) SCFree(data_offset); if (test_value) pcre2_substring_free((PCRE2_UCHAR8 *)test_value); + pcre2_match_data_free(match); return data; error: @@ -573,6 +574,9 @@ static DetectBytetestData *DetectBytetestParse( if (test_value) pcre2_substring_free((PCRE2_UCHAR8 *)test_value); if (data) SCFree(data); + if (match) { + pcre2_match_data_free(match); + } return NULL; } diff --git a/src/detect-classtype.c b/src/detect-classtype.c index 2815e65dd76d..bec179e72bc8 100644 --- a/src/detect-classtype.c +++ b/src/detect-classtype.c @@ -73,27 +73,35 @@ static int DetectClasstypeParseRawString(const char *rawstr, char *out, size_t o const size_t esize = CLASSTYPE_NAME_MAX_LEN + 8; char e[esize]; + pcre2_match_data *match = NULL; - int ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret < 0) { SCLogError("Invalid Classtype in Signature"); - return -1; + goto error; } pcre2len = esize; - ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)e, &pcre2len); + ret = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)e, &pcre2len); if (ret < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); - return -1; + goto error; } if (strlen(e) >= CLASSTYPE_NAME_MAX_LEN) { SCLogError("classtype '%s' is too big: max %d", rawstr, CLASSTYPE_NAME_MAX_LEN - 1); - return -1; + goto error; } (void)strlcpy(out, e, outsize); + pcre2_match_data_free(match); return 0; + +error: + if (match) { + pcre2_match_data_free(match); + } + return -1; } /** diff --git a/src/detect-config.c b/src/detect-config.c index e0f366e34984..ae215dd2161c 100644 --- a/src/detect-config.c +++ b/src/detect-config.c @@ -171,7 +171,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char DetectConfigData *fd = NULL; SigMatch *sm = NULL; - int ret = 0, res = 0; + int res = 0; size_t pcre2len; #if 0 /* filestore and bypass keywords can't work together */ @@ -181,6 +181,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char return -1; } #endif + pcre2_match_data *match = NULL; sm = SigMatchAlloc(); if (sm == NULL) goto error; @@ -198,13 +199,13 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char char scopeval[32]; SCLogDebug("str %s", str); - ret = DetectParsePcreExec(&parse_regex, str, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, str, 0, 0); if (ret != 7) { SCLogError("config is rather picky at this time"); goto error; } pcre2len = sizeof(subsys); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)subsys, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)subsys, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -217,7 +218,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char SCLogDebug("subsys %s", subsys); pcre2len = sizeof(state); - res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)state, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)state, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -230,7 +231,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char SCLogDebug("state %s", state); pcre2len = sizeof(type); - res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)type, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)type, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -243,7 +244,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char SCLogDebug("type %s", type); pcre2len = sizeof(typeval); - res = pcre2_substring_copy_bynumber(parse_regex.match, 4, (PCRE2_UCHAR8 *)typeval, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 4, (PCRE2_UCHAR8 *)typeval, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -256,7 +257,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char SCLogDebug("typeval %s", typeval); pcre2len = sizeof(scope); - res = pcre2_substring_copy_bynumber(parse_regex.match, 5, (PCRE2_UCHAR8 *)scope, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 5, (PCRE2_UCHAR8 *)scope, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -269,7 +270,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char SCLogDebug("scope %s", scope); pcre2len = sizeof(scopeval); - res = pcre2_substring_copy_bynumber(parse_regex.match, 6, (PCRE2_UCHAR8 *)scopeval, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 6, (PCRE2_UCHAR8 *)scopeval, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -299,9 +300,13 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char sm->ctx = (SigMatchCtx*)fd; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH); + pcre2_match_data_free(match); return 0; error: + if (match) { + pcre2_match_data_free(match); + } if (sm != NULL) SCFree(sm); return -1; diff --git a/src/detect-detection-filter.c b/src/detect-detection-filter.c index c63a6d82c897..29c5183dc80f 100644 --- a/src/detect-detection-filter.c +++ b/src/detect-detection-filter.c @@ -100,7 +100,7 @@ static int DetectDetectionFilterMatch( static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr) { DetectThresholdData *df = NULL; - int ret = 0, res = 0; + int res = 0; size_t pcre2_len; const char *str_ptr = NULL; char *args[6] = { NULL, NULL, NULL, NULL, NULL, NULL }; @@ -110,6 +110,7 @@ static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr) size_t pos = 0; int i = 0; char *saveptr = NULL; + pcre2_match_data *match = NULL; copy_str = SCStrdup(rawstr); if (unlikely(copy_str == NULL)) { @@ -132,7 +133,7 @@ static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr) if (count_found != 1 || seconds_found != 1 || track_found != 1) goto error; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret < 5) { SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; @@ -147,8 +148,7 @@ static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr) df->type = TYPE_DETECTION; for (i = 0; i < (ret - 1); i++) { - res = pcre2_substring_get_bynumber( - parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -187,6 +187,8 @@ static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr) if (args[i] != NULL) pcre2_substring_free((PCRE2_UCHAR *)args[i]); } + + pcre2_match_data_free(match); return df; error: @@ -196,6 +198,9 @@ static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr) } if (df != NULL) SCFree(df); + if (match) { + pcre2_match_data_free(match); + } return NULL; } diff --git a/src/detect-engine-event.c b/src/detect-engine-event.c index 9943a3b3cc4a..82f838446ffa 100644 --- a/src/detect-engine-event.c +++ b/src/detect-engine-event.c @@ -130,10 +130,11 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr) { int i; DetectEngineEventData *de = NULL; - int ret = 0, res = 0, found = 0; + int res = 0, found = 0; size_t pcre2len; + pcre2_match_data *match = NULL; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret < 1) { SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; @@ -141,7 +142,7 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr) char copy_str[128] = ""; pcre2len = sizeof(copy_str); - res = pcre2_substring_copy_bynumber(parse_regex.match, 0, (PCRE2_UCHAR8 *)copy_str, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 0, (PCRE2_UCHAR8 *)copy_str, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); @@ -179,11 +180,15 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr) } } + pcre2_match_data_free(match); return de; error: if (de) SCFree(de); + if (match) { + pcre2_match_data_free(match); + } return NULL; } diff --git a/src/detect-engine.c b/src/detect-engine.c index fbba52103fff..f4a0aa8c9dac 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -2514,6 +2514,7 @@ static DetectEngineCtx *DetectEngineCtxInitReal(enum DetectEngineType type, cons /* init iprep... ignore errors for now */ (void)SRepInit(de_ctx); + SCClassConfInit(de_ctx); if (!SCClassConfLoadClassificationConfigFile(de_ctx, NULL)) { if (RunmodeGetCurrent() == RUNMODE_CONF_TEST) goto error; @@ -2522,6 +2523,7 @@ static DetectEngineCtx *DetectEngineCtxInitReal(enum DetectEngineType type, cons if (ActionInitConfig() < 0) { goto error; } + SCReferenceConfInit(de_ctx); if (SCRConfLoadReferenceConfigFile(de_ctx, NULL) < 0) { if (RunmodeGetCurrent() == RUNMODE_CONF_TEST) goto error; @@ -2658,6 +2660,8 @@ void DetectEngineCtxFree(DetectEngineCtx *de_ctx) DetectBufferTypeFreeDetectEngine(de_ctx); /* freed our var name hash */ VarNameStoreFree(de_ctx->version); + SCClassConfDeinit(de_ctx); + SCReferenceConfDeinit(de_ctx); SCFree(de_ctx); //DetectAddressGroupPrintMemory(); diff --git a/src/detect-fast-pattern.c b/src/detect-fast-pattern.c index 34f4cf4c6996..b82f3274d709 100644 --- a/src/detect-fast-pattern.c +++ b/src/detect-fast-pattern.c @@ -213,10 +213,11 @@ void DetectFastPatternRegister(void) */ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg) { - int ret = 0, res = 0; + int res = 0; size_t pcre2len; char arg_substr[128] = ""; DetectContentData *cd = NULL; + pcre2_match_data *match = NULL; SigMatch *pm1 = DetectGetLastSMFromMpmLists(de_ctx, s); SigMatch *pm2 = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1); @@ -278,7 +279,7 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c } /* Execute the regex and populate args with captures. */ - ret = DetectParsePcreExec(&parse_regex, arg, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, arg, 0, 0); /* fast pattern only */ if (ret == 2) { if ((cd->flags & DETECT_CONTENT_NEGATED) || @@ -298,8 +299,7 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c /* fast pattern chop */ } else if (ret == 4) { pcre2len = sizeof(arg_substr); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 2, (PCRE2_UCHAR8 *)arg_substr, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)arg_substr, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed " "for fast_pattern offset"); @@ -315,8 +315,7 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c } pcre2len = sizeof(arg_substr); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 3, (PCRE2_UCHAR8 *)arg_substr, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)arg_substr, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed " "for fast_pattern offset"); @@ -356,9 +355,13 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c cd->flags |= DETECT_CONTENT_FAST_PATTERN; + pcre2_match_data_free(match); return 0; error: + if (match) { + pcre2_match_data_free(match); + } return -1; } diff --git a/src/detect-filestore.c b/src/detect-filestore.c index d19763d5eeb3..c53a93d78dd2 100644 --- a/src/detect-filestore.c +++ b/src/detect-filestore.c @@ -351,8 +351,9 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch DetectFilestoreData *fd = NULL; SigMatch *sm = NULL; char *args[3] = {NULL,NULL,NULL}; - int ret = 0, res = 0; + int res = 0; size_t pcre2len; + pcre2_match_data *match = NULL; /* filestore and bypass keywords can't work together */ if (s->flags & SIG_FLAG_BYPASS) { @@ -372,7 +373,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch char str_2[32]; SCLogDebug("str %s", str); - ret = DetectParsePcreExec(&parse_regex, str, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, str, 0, 0); if (ret < 1 || ret > 4) { SCLogError("parse error, ret %" PRId32 ", string %s", ret, str); goto error; @@ -380,8 +381,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch if (ret > 1) { pcre2len = sizeof(str_0); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 1, (PCRE2_UCHAR8 *)str_0, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)str_0, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -390,8 +390,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch if (ret > 2) { pcre2len = sizeof(str_1); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 2, (PCRE2_UCHAR8 *)str_1, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)str_1, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -400,8 +399,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch } if (ret > 3) { pcre2len = sizeof(str_2); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 3, (PCRE2_UCHAR8 *)str_2, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)str_2, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -477,11 +475,17 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch sm->ctx = NULL; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH); - s->flags |= SIG_FLAG_FILESTORE; + + if (match) + pcre2_match_data_free(match); + return 0; error: + if (match) { + pcre2_match_data_free(match); + } if (sm != NULL) SCFree(sm); return -1; diff --git a/src/detect-flow.c b/src/detect-flow.c index 4739fdd48ac5..09787515722c 100644 --- a/src/detect-flow.c +++ b/src/detect-flow.c @@ -173,11 +173,12 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo { DetectFlowData *fd = NULL; char *args[3] = {NULL,NULL,NULL}; - int ret = 0, res = 0; + int res = 0; size_t pcre2len; char str1[16] = "", str2[16] = "", str3[16] = ""; + pcre2_match_data *match = NULL; - ret = DetectParsePcreExec(&parse_regex, flowstr, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, flowstr, 0, 0); if (ret < 1 || ret > 4) { SCLogError("parse error, ret %" PRId32 ", string %s", ret, flowstr); goto error; @@ -185,7 +186,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo if (ret > 1) { pcre2len = sizeof(str1); - res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len); + res = SC_Pcre2SubstringCopy(match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -194,8 +195,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo if (ret > 2) { pcre2len = sizeof(str2); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -204,8 +204,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo } if (ret > 3) { pcre2len = sizeof(str3); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 3, (PCRE2_UCHAR8 *)str3, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)str3, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -318,9 +317,13 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo //printf("args[%" PRId32 "]: %s match_cnt: %" PRId32 " flags: 0x%02X\n", i, args[i], fd->match_cnt, fd->flags); } } + pcre2_match_data_free(match); return fd; error: + if (match) { + pcre2_match_data_free(match); + } if (fd != NULL) DetectFlowFree(de_ctx, fd); return NULL; diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c index a0ccda9cf10d..ad9096b4ae9e 100644 --- a/src/detect-flowbits.c +++ b/src/detect-flowbits.c @@ -222,28 +222,29 @@ int DetectFlowbitMatch (DetectEngineThreadCtx *det_ctx, Packet *p, static int DetectFlowbitParse(const char *str, char *cmd, int cmd_len, char *name, int name_len) { - int count, rc; + int rc; size_t pcre2len; + pcre2_match_data *match = NULL; - count = DetectParsePcreExec(&parse_regex, str, 0, 0); + int count = DetectParsePcreExec(&parse_regex, &match, str, 0, 0); if (count != 2 && count != 3) { SCLogError("\"%s\" is not a valid setting for flowbits.", str); - return 0; + goto error; } pcre2len = cmd_len; - rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len); + rc = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len); if (rc < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); - return 0; + goto error; } if (count == 3) { pcre2len = name_len; - rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len); + rc = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)name, &pcre2len); if (rc < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); - return 0; + goto error; } /* Trim trailing whitespace. */ @@ -256,13 +257,20 @@ static int DetectFlowbitParse(const char *str, char *cmd, int cmd_len, char *nam for (size_t i = 0; i < strlen(name); i++) { if (isblank(name[i])) { SCLogError("spaces not allowed in flowbit names"); - return 0; + goto error; } } } } + pcre2_match_data_free(match); return 1; + +error: + if (match) { + pcre2_match_data_free(match); + } + return 0; } int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr) diff --git a/src/detect-flowint.c b/src/detect-flowint.c index 7b9c22385587..facf1c8ad7d8 100644 --- a/src/detect-flowint.c +++ b/src/detect-flowint.c @@ -230,27 +230,28 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char char *varname = NULL; char *varval = NULL; char *modstr = NULL; - int ret = 0, res = 0; + int res = 0; size_t pcre2_len; uint8_t modifier = FLOWINT_MODIFIER_UNKNOWN; unsigned long long value_long = 0; const char *str_ptr; + pcre2_match_data *match = NULL; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret < 3 || ret > 4) { SCLogError("\"%s\" is not a valid setting for flowint(ret = %d).", rawstr, ret); - return NULL; + goto error; } /* Get our flowint varname */ - res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0 || str_ptr == NULL) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; } varname = (char *)str_ptr; - res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0 || str_ptr == NULL) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -296,8 +297,7 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char if (ret < 4) goto error; - res = pcre2_substring_get_bynumber( - parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); varval = (char *)str_ptr; if (res < 0 || varval == NULL || strcmp(varval, "") == 0) { SCLogError("pcre2_substring_get_bynumber failed"); @@ -339,8 +339,12 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char pcre2_substring_free((PCRE2_UCHAR *)modstr); if (varval) pcre2_substring_free((PCRE2_UCHAR *)varval); + pcre2_match_data_free(match); return sfd; error: + if (match) { + pcre2_match_data_free(match); + } if (varname) pcre2_substring_free((PCRE2_UCHAR *)varname); if (varval) diff --git a/src/detect-flowvar.c b/src/detect-flowvar.c index c8cffeccede4..b17a713e08ce 100644 --- a/src/detect-flowvar.c +++ b/src/detect-flowvar.c @@ -116,28 +116,32 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char DetectFlowvarData *fd = NULL; SigMatch *sm = NULL; char varname[64], varcontent[64]; - int ret = 0, res = 0; + int res = 0; size_t pcre2len; uint8_t *content = NULL; uint16_t contentlen = 0; uint32_t contentflags = s->init_data->negated ? DETECT_CONTENT_NEGATED : 0; + pcre2_match_data *match = NULL; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret != 3) { SCLogError("\"%s\" is not a valid setting for flowvar.", rawstr); + if (match) { + pcre2_match_data_free(match); + } return -1; } pcre2len = sizeof(varname); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)varname, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)varname, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); return -1; } pcre2len = sizeof(varcontent); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 2, (PCRE2_UCHAR8 *)varcontent, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)varcontent, &pcre2len); + pcre2_match_data_free(match); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); return -1; diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c index 421dfe5b2b1d..0c266557864b 100644 --- a/src/detect-fragbits.c +++ b/src/detect-fragbits.c @@ -169,21 +169,22 @@ static int DetectFragBitsMatch (DetectEngineThreadCtx *det_ctx, static DetectFragBitsData *DetectFragBitsParse (const char *rawstr) { DetectFragBitsData *de = NULL; - int ret = 0, found = 0, res = 0; + int found = 0, res = 0; size_t pcre2_len; const char *str_ptr = NULL; char *args[2] = { NULL, NULL}; char *ptr; int i; + pcre2_match_data *match = NULL; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret < 1) { SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; } for (i = 0; i < (ret - 1); i++) { - res = SC_Pcre2SubstringGet(parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = SC_Pcre2SubstringGet(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed %d", res); goto error; @@ -255,9 +256,13 @@ static DetectFragBitsData *DetectFragBitsParse (const char *rawstr) if (args[i] != NULL) pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } + pcre2_match_data_free(match); return de; error: + if (match) { + pcre2_match_data_free(match); + } for (i = 0; i < 2; i++) { if (args[i] != NULL) pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c index 0b2a8d2d5b06..f32f06005a49 100644 --- a/src/detect-fragoffset.c +++ b/src/detect-fragoffset.c @@ -143,20 +143,21 @@ static DetectFragOffsetData *DetectFragOffsetParse (DetectEngineCtx *de_ctx, con { DetectFragOffsetData *fragoff = NULL; char *substr[3] = {NULL, NULL, NULL}; - int ret = 0, res = 0; + int res = 0; size_t pcre2_len; int i; const char *str_ptr; char *mode = NULL; + pcre2_match_data *match = NULL; - ret = DetectParsePcreExec(&parse_regex, fragoffsetstr, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, fragoffsetstr, 0, 0); if (ret < 1 || ret > 4) { SCLogError("Parse error %s", fragoffsetstr); goto error; } for (i = 1; i < ret; i++) { - res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = SC_Pcre2SubstringGet(match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -200,9 +201,13 @@ static DetectFragOffsetData *DetectFragOffsetParse (DetectEngineCtx *de_ctx, con pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]); } + pcre2_match_data_free(match); return fragoff; error: + if (match) { + pcre2_match_data_free(match); + } for (i = 0; i < 3; i++) { if (substr[i] != NULL) pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]); diff --git a/src/detect-ftpdata.c b/src/detect-ftpdata.c index 0bd22d14b2ad..c07847dff3f8 100644 --- a/src/detect-ftpdata.c +++ b/src/detect-ftpdata.c @@ -131,15 +131,16 @@ static DetectFtpdataData *DetectFtpdataParse(const char *ftpcommandstr) DetectFtpdataData *ftpcommandd = NULL; char arg1[5] = ""; size_t pcre2len; + pcre2_match_data *match = NULL; - int ret = DetectParsePcreExec(&parse_regex, ftpcommandstr, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, ftpcommandstr, 0, 0); if (ret != 2) { SCLogError("parse error, ret %" PRId32 "", ret); goto error; } pcre2len = sizeof(arg1); - int res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); + int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -158,9 +159,13 @@ static DetectFtpdataData *DetectFtpdataParse(const char *ftpcommandstr) goto error; } + pcre2_match_data_free(match); return ftpcommandd; error: + if (match) { + pcre2_match_data_free(match); + } if (ftpcommandd) SCFree(ftpcommandd); return NULL; diff --git a/src/detect-hostbits.c b/src/detect-hostbits.c index ee8203e18aec..8297b2f8ae51 100644 --- a/src/detect-hostbits.c +++ b/src/detect-hostbits.c @@ -284,41 +284,48 @@ static int DetectHostbitMatch (DetectEngineThreadCtx *det_ctx, Packet *p, static int DetectHostbitParse(const char *str, char *cmd, int cmd_len, char *name, int name_len, char *dir, int dir_len) { - int count, rc; + int rc; size_t pcre2len; - count = DetectParsePcreExec(&parse_regex, str, 0, 0); + pcre2_match_data *match = NULL; + int count = DetectParsePcreExec(&parse_regex, &match, str, 0, 0); if (count != 2 && count != 3 && count != 4) { SCLogError("\"%s\" is not a valid setting for hostbits.", str); - return 0; + goto error; } pcre2len = cmd_len; - rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len); + rc = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len); if (rc < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); - return 0; + goto error; } if (count >= 3) { pcre2len = name_len; - rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len); + rc = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)name, &pcre2len); if (rc < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); - return 0; + goto error; } if (count >= 4) { pcre2len = dir_len; - rc = pcre2_substring_copy_bynumber( - parse_regex.match, 3, (PCRE2_UCHAR8 *)dir, &pcre2len); + rc = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)dir, &pcre2len); if (rc < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); - return 0; + goto error; } } } + pcre2_match_data_free(match); return 1; + +error: + if (match) { + pcre2_match_data_free(match); + } + return 0; } int DetectHostbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr) diff --git a/src/detect-icmp-id.c b/src/detect-icmp-id.c index 713ca33f3cd3..aee14bc377e9 100644 --- a/src/detect-icmp-id.c +++ b/src/detect-icmp-id.c @@ -161,10 +161,11 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char { DetectIcmpIdData *iid = NULL; char *substr[3] = {NULL, NULL, NULL}; - int ret = 0, res = 0; + int res = 0; size_t pcre2_len; - ret = DetectParsePcreExec(&parse_regex, icmpidstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, icmpidstr, 0, 0); if (ret < 1 || ret > 4) { SCLogError("Parse error %s", icmpidstr); goto error; @@ -173,7 +174,7 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char int i; const char *str_ptr; for (i = 1; i < ret; i++) { - res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = SC_Pcre2SubstringGet(match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -211,9 +212,13 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char if (substr[i] != NULL) pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]); } + pcre2_match_data_free(match); return iid; error: + if (match) { + pcre2_match_data_free(match); + } for (i = 0; i < 3; i++) { if (substr[i] != NULL) pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]); diff --git a/src/detect-icmp-seq.c b/src/detect-icmp-seq.c index 345f5d012907..18a53fa68c26 100644 --- a/src/detect-icmp-seq.c +++ b/src/detect-icmp-seq.c @@ -162,19 +162,20 @@ static DetectIcmpSeqData *DetectIcmpSeqParse (DetectEngineCtx *de_ctx, const cha { DetectIcmpSeqData *iseq = NULL; char *substr[3] = {NULL, NULL, NULL}; - int ret = 0, res = 0; + int res = 0; size_t pcre2_len; int i; const char *str_ptr; - ret = DetectParsePcreExec(&parse_regex, icmpseqstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, icmpseqstr, 0, 0); if (ret < 1 || ret > 4) { SCLogError("Parse error %s", icmpseqstr); goto error; } for (i = 1; i < ret; i++) { - res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = SC_Pcre2SubstringGet(match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -214,9 +215,13 @@ static DetectIcmpSeqData *DetectIcmpSeqParse (DetectEngineCtx *de_ctx, const cha pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]); } + pcre2_match_data_free(match); return iseq; error: + if (match) { + pcre2_match_data_free(match); + } for (i = 0; i < 3; i++) { if (substr[i] != NULL) pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]); diff --git a/src/detect-id.c b/src/detect-id.c index dd1717db7192..52392885a554 100644 --- a/src/detect-id.c +++ b/src/detect-id.c @@ -123,25 +123,26 @@ static DetectIdData *DetectIdParse (const char *idstr) { uint16_t temp; DetectIdData *id_d = NULL; - int ret = 0, res = 0; + int res = 0; size_t pcre2len; + pcre2_match_data *match = NULL; - ret = DetectParsePcreExec(&parse_regex, idstr, 0, 0); + int ret = DetectParsePcreExec(&parse_regex, &match, idstr, 0, 0); if (ret < 1 || ret > 3) { SCLogError("invalid id option '%s'. The id option " "value must be in the range %u - %u", idstr, DETECT_IPID_MIN, DETECT_IPID_MAX); - return NULL; + goto error; } char copy_str[128] = ""; char *tmp_str; pcre2len = sizeof(copy_str); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); - return NULL; + goto error; } tmp_str = copy_str; @@ -155,18 +156,25 @@ static DetectIdData *DetectIdParse (const char *idstr) /* ok, fill the id data */ if (StringParseUint16(&temp, 10, 0, (const char *)tmp_str) < 0) { SCLogError("invalid id option '%s'", tmp_str); - return NULL; + goto error; } /* We have a correct id option */ id_d = SCMalloc(sizeof(DetectIdData)); if (unlikely(id_d == NULL)) - return NULL; + goto error; id_d->id = temp; SCLogDebug("detect-id: will look for ip_id: %u\n", id_d->id); + pcre2_match_data_free(match); return id_d; + +error: + if (match) { + pcre2_match_data_free(match); + } + return NULL; } /** diff --git a/src/detect-ike-chosen-sa.c b/src/detect-ike-chosen-sa.c index b0454c3d126a..59d245de7611 100644 --- a/src/detect-ike-chosen-sa.c +++ b/src/detect-ike-chosen-sa.c @@ -130,12 +130,13 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr) * ike.chosen_sa_attribute:"hash_algorithm=8" */ DetectIkeChosenSaData *dd = NULL; - int ret = 0, res = 0; + int res = 0; size_t pcre2len; char attribute[100]; char value[100]; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret < 3 || ret > 5) { SCLogError( "pcre match for ike.chosen_sa_attribute failed, should be: =, " @@ -145,14 +146,14 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr) } pcre2len = sizeof(attribute); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)attribute, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)attribute, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; } pcre2len = sizeof(value); - res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)value, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -172,9 +173,13 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr) goto error; } + pcre2_match_data_free(match); return dd; error: + if (match) { + pcre2_match_data_free(match); + } if (dd) { if (dd->sa_type != NULL) SCFree(dd->sa_type); diff --git a/src/detect-ipopts.c b/src/detect-ipopts.c index ae6a6ed3ab08..07e6b7eac9b2 100644 --- a/src/detect-ipopts.c +++ b/src/detect-ipopts.c @@ -160,9 +160,10 @@ static DetectIpOptsData *DetectIpOptsParse (const char *rawstr) { int i; DetectIpOptsData *de = NULL; - int ret = 0, found = 0; + int found = 0; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret < 1) { SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; @@ -184,9 +185,13 @@ static DetectIpOptsData *DetectIpOptsParse (const char *rawstr) de->ipopt = ipopts[i].code; + pcre2_match_data_free(match); return de; error: + if (match) { + pcre2_match_data_free(match); + } if (de) SCFree(de); return NULL; } diff --git a/src/detect-ipproto.c b/src/detect-ipproto.c index 04582384a055..51aac4f173bc 100644 --- a/src/detect-ipproto.c +++ b/src/detect-ipproto.c @@ -85,13 +85,14 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr) { DetectIPProtoData *data = NULL; char *args[2] = { NULL, NULL }; - int ret = 0, res = 0; + int res = 0; size_t pcre2_len; int i; const char *str_ptr; /* Execute the regex and populate args with captures. */ - ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, optstr, 0, 0); if (ret != 3) { SCLogError("pcre_exec parse error, ret" "%" PRId32 ", string %s", @@ -100,8 +101,7 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr) } for (i = 0; i < (ret - 1); i++) { - res = pcre2_substring_get_bynumber( - parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -142,9 +142,13 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr) pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } + pcre2_match_data_free(match); return data; error: + if (match) { + pcre2_match_data_free(match); + } for (i = 0; i < (ret - 1) && i < 2; i++){ if (args[i] != NULL) pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); diff --git a/src/detect-isdataat.c b/src/detect-isdataat.c index a032b693682c..effe9733b685 100644 --- a/src/detect-isdataat.c +++ b/src/detect-isdataat.c @@ -98,11 +98,12 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c { DetectIsdataatData *idad = NULL; char *args[3] = {NULL,NULL,NULL}; - int ret = 0, res = 0; + int res = 0; size_t pcre2_len; int i=0; - ret = DetectParsePcreExec(&parse_regex, isdataatstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, isdataatstr, 0, 0); if (ret < 1 || ret > 4) { SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, isdataatstr); goto error; @@ -110,8 +111,7 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c if (ret > 1) { const char *str_ptr; - res = pcre2_substring_get_bynumber( - parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -120,8 +120,7 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c if (ret > 2) { - res = pcre2_substring_get_bynumber( - parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -129,8 +128,7 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c args[1] = (char *)str_ptr; } if (ret > 3) { - res = pcre2_substring_get_bynumber( - parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -181,11 +179,16 @@ static DetectIsdataatData *DetectIsdataatParse (DetectEngineCtx *de_ctx, const c pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } + pcre2_match_data_free(match); return idad; } + pcre2_match_data_free(match); error: + if (match) { + pcre2_match_data_free(match); + } for (i = 0; i < (ret -1) && i < 3; i++){ if (args[i] != NULL) pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); diff --git a/src/detect-krb5-errcode.c b/src/detect-krb5-errcode.c index ff5c2d48beab..30c516f8d273 100644 --- a/src/detect-krb5-errcode.c +++ b/src/detect-krb5-errcode.c @@ -126,17 +126,18 @@ static DetectKrb5ErrCodeData *DetectKrb5ErrCodeParse (const char *krb5str) { DetectKrb5ErrCodeData *krb5d = NULL; char arg1[4] = ""; - int ret = 0, res = 0; + int res = 0; size_t pcre2len; - ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, krb5str, 0, 0); if (ret != 2) { SCLogError("parse error, ret %" PRId32 "", ret); goto error; } pcre2len = sizeof(arg1); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -149,9 +150,13 @@ static DetectKrb5ErrCodeData *DetectKrb5ErrCodeParse (const char *krb5str) (const char *)arg1) < 0) { goto error; } + pcre2_match_data_free(match); return krb5d; error: + if (match) { + pcre2_match_data_free(match); + } if (krb5d) SCFree(krb5d); return NULL; diff --git a/src/detect-krb5-msgtype.c b/src/detect-krb5-msgtype.c index 12e3eeeb5b30..0dd800d6be58 100644 --- a/src/detect-krb5-msgtype.c +++ b/src/detect-krb5-msgtype.c @@ -123,17 +123,18 @@ static DetectKrb5MsgTypeData *DetectKrb5MsgTypeParse (const char *krb5str) { DetectKrb5MsgTypeData *krb5d = NULL; char arg1[4] = ""; - int ret = 0, res = 0; + int res = 0; size_t pcre2len; - ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, krb5str, 0, 0); if (ret != 2) { SCLogError("parse error, ret %" PRId32 "", ret); goto error; } pcre2len = sizeof(arg1); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -146,9 +147,13 @@ static DetectKrb5MsgTypeData *DetectKrb5MsgTypeParse (const char *krb5str) (const char *)arg1) < 0) { goto error; } + pcre2_match_data_free(match); return krb5d; error: + if (match) { + pcre2_match_data_free(match); + } if (krb5d) SCFree(krb5d); return NULL; diff --git a/src/detect-mark.c b/src/detect-mark.c index d12bc48ad740..021f7904f4d8 100644 --- a/src/detect-mark.c +++ b/src/detect-mark.c @@ -77,7 +77,7 @@ void DetectMarkRegister (void) */ static void * DetectMarkParse (const char *rawstr) { - int ret = 0, res = 0; + int res = 0; size_t pcre2_len; const char *str_ptr = NULL; char *ptr = NULL; @@ -86,45 +86,46 @@ static void * DetectMarkParse (const char *rawstr) uint32_t mask; DetectMarkData *data; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret < 1) { SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); return NULL; } - res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); - return NULL; + goto error; } ptr = (char *)str_ptr; if (ptr == NULL) - return NULL; + goto error; errno = 0; mark = strtoul(ptr, &endptr, 0); if (errno == ERANGE) { SCLogError("Numeric value out of range"); pcre2_substring_free((PCRE2_UCHAR8 *)ptr); - return NULL; + goto error; } /* If there is no numeric value in the given string then strtoull(), makes endptr equals to ptr and return 0 as result */ else if (endptr == ptr && mark == 0) { SCLogError("No numeric value"); pcre2_substring_free((PCRE2_UCHAR8 *)ptr); - return NULL; + goto error; } else if (endptr == ptr) { SCLogError("Invalid numeric value"); pcre2_substring_free((PCRE2_UCHAR8 *)ptr); - return NULL; + goto error; } - res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); - return NULL; + goto error; } pcre2_substring_free((PCRE2_UCHAR8 *)ptr); @@ -133,10 +134,11 @@ static void * DetectMarkParse (const char *rawstr) if (ptr == NULL) { data = SCMalloc(sizeof(DetectMarkData)); if (unlikely(data == NULL)) { - return NULL; + goto error; } data->mark = mark; data->mask = 0xffff; + pcre2_match_data_free(match); return data; } @@ -145,18 +147,18 @@ static void * DetectMarkParse (const char *rawstr) if (errno == ERANGE) { SCLogError("Numeric value out of range"); pcre2_substring_free((PCRE2_UCHAR8 *)ptr); - return NULL; + goto error; } /* If there is no numeric value in the given string then strtoull(), makes endptr equals to ptr and return 0 as result */ else if (endptr == ptr && mask == 0) { SCLogError("No numeric value"); pcre2_substring_free((PCRE2_UCHAR8 *)ptr); - return NULL; + goto error; } else if (endptr == ptr) { SCLogError("Invalid numeric value"); pcre2_substring_free((PCRE2_UCHAR8 *)ptr); - return NULL; + goto error; } SCLogDebug("Rule will set mark 0x%x with mask 0x%x", mark, mask); @@ -164,11 +166,18 @@ static void * DetectMarkParse (const char *rawstr) data = SCMalloc(sizeof(DetectMarkData)); if (unlikely(data == NULL)) { - return NULL; + goto error; } data->mark = mark; data->mask = mask; + pcre2_match_data_free(match); return data; + +error: + if (match) { + pcre2_match_data_free(match); + } + return NULL; } #endif /* NFQ */ diff --git a/src/detect-mqtt-connect-flags.c b/src/detect-mqtt-connect-flags.c index d7aa8eb4bda6..db7d56d574f6 100644 --- a/src/detect-mqtt-connect-flags.c +++ b/src/detect-mqtt-connect-flags.c @@ -116,18 +116,20 @@ static int DetectMQTTConnectFlagsMatch(DetectEngineThreadCtx *det_ctx, */ static DetectMQTTConnectFlagsData *DetectMQTTConnectFlagsParse(const char *rawstr) { - DetectMQTTConnectFlagsData *de = NULL; - int ret = 0; + DetectMQTTConnectFlagsData *de = SCCalloc(1, sizeof(DetectMQTTConnectFlagsData)); + if (unlikely(de == NULL)) + return NULL; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret < 1) { SCLogError("invalid flag definition: %s", rawstr); + if (match) { + pcre2_match_data_free(match); + } return NULL; } - de = SCCalloc(1, sizeof(DetectMQTTConnectFlagsData)); - if (unlikely(de == NULL)) - return NULL; de->username = de->password = de->will = MQTT_DONT_CARE; de->will_retain = de->clean_session = MQTT_DONT_CARE; @@ -188,11 +190,15 @@ static DetectMQTTConnectFlagsData *DetectMQTTConnectFlagsParse(const char *rawst flagv = strtok_r(NULL, ",", &xsaveptr); } + pcre2_match_data_free(match); return de; error: - /* de can't be NULL here */ - SCFree(de); + if (match) { + pcre2_match_data_free(match); + } + if (de) + SCFree(de); return NULL; } diff --git a/src/detect-mqtt-flags.c b/src/detect-mqtt-flags.c index a77ebff19070..799e1668e404 100644 --- a/src/detect-mqtt-flags.c +++ b/src/detect-mqtt-flags.c @@ -111,18 +111,22 @@ static int DetectMQTTFlagsMatch(DetectEngineThreadCtx *det_ctx, */ static DetectMQTTFlagsData *DetectMQTTFlagsParse(const char *rawstr) { - DetectMQTTFlagsData *de = NULL; - int ret = 0; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + DetectMQTTFlagsData *de = SCCalloc(1, sizeof(DetectMQTTFlagsData)); + if (unlikely(de == NULL)) + return NULL; + + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret < 1) { SCLogError("invalid flag definition: %s", rawstr); + if (match) { + pcre2_match_data_free(match); + } + SCFree(de); return NULL; } - de = SCCalloc(1, sizeof(DetectMQTTFlagsData)); - if (unlikely(de == NULL)) - return NULL; de->retain = de->dup = MQTT_DONT_CARE; char copy[strlen(rawstr)+1]; @@ -168,11 +172,15 @@ static DetectMQTTFlagsData *DetectMQTTFlagsParse(const char *rawstr) flagv = strtok_r(NULL, ",", &xsaveptr); } + pcre2_match_data_free(match); return de; error: - /* de can't be NULL here */ - SCFree(de); + if (match) { + pcre2_match_data_free(match); + } + if (de) + SCFree(de); return NULL; } diff --git a/src/detect-parse.c b/src/detect-parse.c index 2e109c3ecb2b..33d739300dd8 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -2620,11 +2620,14 @@ Signature *DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr) static DetectParseRegex *g_detect_parse_regex_list = NULL; -int DetectParsePcreExec( - DetectParseRegex *parse_regex, const char *str, int start_offset, int options) +int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str, + int start_offset, int options) { - return pcre2_match(parse_regex->regex, (PCRE2_SPTR8)str, strlen(str), options, start_offset, - parse_regex->match, NULL); + *match = pcre2_match_data_create_from_pattern(parse_regex->regex, NULL); + if (*match) + return pcre2_match(parse_regex->regex, (PCRE2_SPTR8)str, strlen(str), options, start_offset, + *match, NULL); + return -1; } void DetectParseFreeRegex(DetectParseRegex *r) diff --git a/src/detect-parse.h b/src/detect-parse.h index 33a2d515f0d2..a7f2c4d17df7 100644 --- a/src/detect-parse.h +++ b/src/detect-parse.h @@ -114,8 +114,8 @@ void DetectParseFreeRegexes(void); void DetectParseFreeRegex(DetectParseRegex *r); /* parse regex exec */ -int DetectParsePcreExec( - DetectParseRegex *parse_regex, const char *str, int start_offset, int options); +int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str, + int start_offset, int options); int SC_Pcre2SubstringCopy( pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR *buffer, PCRE2_SIZE *bufflen); int SC_Pcre2SubstringGet(pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR **bufferptr, diff --git a/src/detect-pktvar.c b/src/detect-pktvar.c index 4d366430edcb..0f807668e4d8 100644 --- a/src/detect-pktvar.c +++ b/src/detect-pktvar.c @@ -89,30 +89,31 @@ static void DetectPktvarFree(DetectEngineCtx *de_ctx, void *ptr) static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr) { char *varname = NULL, *varcontent = NULL; - int ret = 0, res = 0; + int res = 0; size_t pcre2_len; uint8_t *content = NULL; uint16_t len = 0; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret != 3) { SCLogError("\"%s\" is not a valid setting for pktvar.", rawstr); - return -1; + goto error; } const char *str_ptr; - res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); - return -1; + goto error; } varname = (char *)str_ptr; - res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { pcre2_substring_free((PCRE2_UCHAR8 *)varname); SCLogError("pcre2_substring_get_bynumber failed"); - return -1; + goto error; } varcontent = (char *)str_ptr; @@ -132,7 +133,7 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char if (ret == -1 || content == NULL) { pcre2_substring_free((PCRE2_UCHAR8 *)varname); pcre2_substring_free((PCRE2_UCHAR8 *)varcontent); - return -1; + goto error; } pcre2_substring_free((PCRE2_UCHAR8 *)varcontent); @@ -140,7 +141,7 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char if (unlikely(cd == NULL)) { pcre2_substring_free((PCRE2_UCHAR8 *)varname); SCFree(content); - return -1; + goto error; } cd->content = content; @@ -153,11 +154,18 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char SigMatch *sm = SigMatchAlloc(); if (unlikely(sm == NULL)) { DetectPktvarFree(de_ctx, cd); - return -1; + goto error; } sm->type = DETECT_PKTVAR; sm->ctx = (SigMatchCtx *)cd; + pcre2_match_data_free(match); SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH); return 0; + +error: + if (match) { + pcre2_match_data_free(match); + } + return -1; } diff --git a/src/detect-priority.c b/src/detect-priority.c index 688eeed438a8..81ee72966fb5 100644 --- a/src/detect-priority.c +++ b/src/detect-priority.c @@ -61,28 +61,30 @@ void DetectPriorityRegister (void) static int DetectPrioritySetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr) { char copy_str[128] = ""; - - int ret = 0; size_t pcre2len; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret < 0) { SCLogError("Invalid Priority in Signature " "- %s", rawstr); + if (match) + pcre2_match_data_free(match); return -1; } pcre2len = sizeof(copy_str); - ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len); + ret = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len); if (ret < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); + pcre2_match_data_free(match); return -1; } - long prio = 0; + pcre2_match_data_free(match); char *endptr = NULL; - prio = strtol(copy_str, &endptr, 10); + long prio = strtol(copy_str, &endptr, 10); if (endptr == NULL || *endptr != '\0') { SCLogError("Saw an invalid character as arg " "to priority keyword"); diff --git a/src/detect-reference.c b/src/detect-reference.c index d3fe1a05597c..aaa723db4963 100644 --- a/src/detect-reference.c +++ b/src/detect-reference.c @@ -95,33 +95,38 @@ static DetectReference *DetectReferenceParse(const char *rawstr, DetectEngineCtx { SCEnter(); - int ret = 0, res = 0; + int res = 0; size_t pcre2len; char key[REFERENCE_SYSTEM_NAME_MAX] = ""; char content[REFERENCE_CONTENT_NAME_MAX] = ""; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret < 2) { SCLogError("Unable to parse \"reference\" " "keyword argument - \"%s\". Invalid argument.", rawstr); + if (match) { + pcre2_match_data_free(match); + } return NULL; } DetectReference *ref = SCCalloc(1, sizeof(DetectReference)); if (unlikely(ref == NULL)) { + pcre2_match_data_free(match); return NULL; } pcre2len = sizeof(key); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)key, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)key, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; } pcre2len = sizeof(content); - res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)content, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)content, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -158,10 +163,14 @@ static DetectReference *DetectReferenceParse(const char *rawstr, DetectEngineCtx goto error; } + pcre2_match_data_free(match); /* free the substrings */ SCReturnPtr(ref, "Reference"); error: + if (match) { + pcre2_match_data_free(match); + } DetectReferenceFree(ref); SCReturnPtr(NULL, "Reference"); } diff --git a/src/detect-rfb-secresult.c b/src/detect-rfb-secresult.c index 4983982ad846..ff82d98fa690 100644 --- a/src/detect-rfb-secresult.c +++ b/src/detect-rfb-secresult.c @@ -158,9 +158,10 @@ static DetectRfbSecresultData *DetectRfbSecresultParse (const char *rawstr) { int i; DetectRfbSecresultData *de = NULL; - int ret = 0, found = 0; + int found = 0; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret < 1) { SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; @@ -184,9 +185,13 @@ static DetectRfbSecresultData *DetectRfbSecresultParse (const char *rawstr) de->result = results[i].code; + pcre2_match_data_free(match); return de; error: + if (match) { + pcre2_match_data_free(match); + } if (de) SCFree(de); return NULL; } diff --git a/src/detect-rpc.c b/src/detect-rpc.c index 0fee3fc1d12f..2739d6218caf 100644 --- a/src/detect-rpc.c +++ b/src/detect-rpc.c @@ -149,10 +149,11 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst { DetectRpcData *rd = NULL; char *args[3] = {NULL,NULL,NULL}; - int ret = 0, res = 0; + int res = 0; size_t pcre2_len; - ret = DetectParsePcreExec(&parse_regex, rpcstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, rpcstr, 0, 0); if (ret < 1 || ret > 4) { SCLogError("parse error, ret %" PRId32 ", string %s", ret, rpcstr); goto error; @@ -160,8 +161,7 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst if (ret > 1) { const char *str_ptr; - res = pcre2_substring_get_bynumber( - parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -169,8 +169,7 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst args[0] = (char *)str_ptr; if (ret > 2) { - res = pcre2_substring_get_bynumber( - parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -178,8 +177,7 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst args[1] = (char *)str_ptr; } if (ret > 3) { - res = pcre2_substring_get_bynumber( - parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -237,9 +235,13 @@ static DetectRpcData *DetectRpcParse (DetectEngineCtx *de_ctx, const char *rpcst if (args[i] != NULL) pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } + pcre2_match_data_free(match); return rd; error: + if (match) { + pcre2_match_data_free(match); + } for (i = 0; i < (ret -1) && i < 3; i++){ if (args[i] != NULL) pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); diff --git a/src/detect-snmp-pdu_type.c b/src/detect-snmp-pdu_type.c index 0f5edd58d501..d053c29a792d 100644 --- a/src/detect-snmp-pdu_type.c +++ b/src/detect-snmp-pdu_type.c @@ -122,19 +122,20 @@ static int DetectSNMPPduTypeMatch (DetectEngineThreadCtx *det_ctx, static DetectSNMPPduTypeData *DetectSNMPPduTypeParse (const char *rawstr) { DetectSNMPPduTypeData *dd = NULL; - int ret = 0, res = 0; + int res = 0; size_t pcre2len; char value1[20] = ""; char *endptr = NULL; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret != 2) { SCLogError("Parse error %s", rawstr); goto error; } pcre2len = sizeof(value1); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)value1, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)value1, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -152,9 +153,13 @@ static DetectSNMPPduTypeData *DetectSNMPPduTypeParse (const char *rawstr) goto error; } + pcre2_match_data_free(match); return dd; error: + if (match) { + pcre2_match_data_free(match); + } if (dd) SCFree(dd); return NULL; diff --git a/src/detect-ssh-proto-version.c b/src/detect-ssh-proto-version.c index 65f779c16532..9115d8affb83 100644 --- a/src/detect-ssh-proto-version.c +++ b/src/detect-ssh-proto-version.c @@ -160,10 +160,11 @@ static int DetectSshVersionMatch (DetectEngineThreadCtx *det_ctx, static DetectSshVersionData *DetectSshVersionParse (DetectEngineCtx *de_ctx, const char *str) { DetectSshVersionData *ssh = NULL; - int ret = 0, res = 0; + int res = 0; size_t pcre2_len; - ret = DetectParsePcreExec(&parse_regex, str, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, str, 0, 0); if (ret < 1 || ret > 3) { SCLogError("invalid ssh.protoversion option"); goto error; @@ -171,8 +172,7 @@ static DetectSshVersionData *DetectSshVersionParse (DetectEngineCtx *de_ctx, con if (ret > 1) { const char *str_ptr; - res = pcre2_substring_get_bynumber( - parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -206,9 +206,13 @@ static DetectSshVersionData *DetectSshVersionParse (DetectEngineCtx *de_ctx, con SCLogDebug("will look for ssh %s", ssh->ver); } + pcre2_match_data_free(match); return ssh; error: + if (match) { + pcre2_match_data_free(match); + } if (ssh != NULL) DetectSshVersionFree(de_ctx, ssh); return NULL; diff --git a/src/detect-ssh-software-version.c b/src/detect-ssh-software-version.c index b8a74e538a27..ddb3b76170a4 100644 --- a/src/detect-ssh-software-version.c +++ b/src/detect-ssh-software-version.c @@ -156,10 +156,11 @@ static int DetectSshSoftwareVersionMatch (DetectEngineThreadCtx *det_ctx, static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (DetectEngineCtx *de_ctx, const char *str) { DetectSshSoftwareVersionData *ssh = NULL; - int ret = 0, res = 0; + int res = 0; size_t pcre2_len; - ret = DetectParsePcreExec(&parse_regex, str, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, str, 0, 0); if (ret < 1 || ret > 3) { SCLogError("invalid ssh.softwareversion option"); @@ -168,8 +169,7 @@ static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (DetectEngine if (ret > 1) { const char *str_ptr = NULL; - res = pcre2_substring_get_bynumber( - parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -191,9 +191,13 @@ static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (DetectEngine SCLogDebug("will look for ssh %s", ssh->software_ver); } + pcre2_match_data_free(match); return ssh; error: + if (match) { + pcre2_match_data_free(match); + } if (ssh != NULL) DetectSshSoftwareVersionFree(de_ctx, ssh); return NULL; diff --git a/src/detect-ssl-state.c b/src/detect-ssl-state.c index b9b6d5215675..dc246479bc0c 100644 --- a/src/detect-ssl-state.c +++ b/src/detect-ssl-state.c @@ -140,7 +140,6 @@ static int DetectSslStateMatch(DetectEngineThreadCtx *det_ctx, */ static DetectSslStateData *DetectSslStateParse(const char *arg) { - int ret = 0, res = 0; size_t pcre2len; char str1[64]; char str2[64]; @@ -148,7 +147,8 @@ static DetectSslStateData *DetectSslStateParse(const char *arg) uint32_t flags = 0, mask = 0; DetectSslStateData *ssd = NULL; - ret = DetectParsePcreExec(&parse_regex1, arg, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex1, &match, arg, 0, 0); if (ret < 1) { SCLogError("Invalid arg \"%s\" supplied to " "ssl_state keyword.", @@ -157,7 +157,7 @@ static DetectSslStateData *DetectSslStateParse(const char *arg) } pcre2len = sizeof(str1); - res = pcre2_substring_copy_bynumber(parse_regex1.match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len); + int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -165,7 +165,7 @@ static DetectSslStateData *DetectSslStateParse(const char *arg) negate = !strcmp("!", str1); pcre2len = sizeof(str1); - res = pcre2_substring_copy_bynumber(parse_regex1.match, 2, (PCRE2_UCHAR8 *)str1, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)str1, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -199,22 +199,26 @@ static DetectSslStateData *DetectSslStateParse(const char *arg) } pcre2len = sizeof(str1); - res = pcre2_substring_copy_bynumber(parse_regex1.match, 3, (PCRE2_UCHAR8 *)str1, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)str1, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; } while (res >= 0 && strlen(str1) > 0) { - ret = DetectParsePcreExec(&parse_regex2, str1, 0, 0); + pcre2_match_data *match2 = NULL; + ret = DetectParsePcreExec(&parse_regex2, &match2, str1, 0, 0); if (ret < 1) { SCLogError("Invalid arg \"%s\" supplied to " "ssl_state keyword.", arg); + if (match2) { + pcre2_match_data_free(match2); + } goto error; } pcre2len = sizeof(str2); - res = pcre2_substring_copy_bynumber(parse_regex2.match, 1, (PCRE2_UCHAR8 *)str2, &pcre2len); + res = pcre2_substring_copy_bynumber(match2, 1, (PCRE2_UCHAR8 *)str2, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -222,9 +226,10 @@ static DetectSslStateData *DetectSslStateParse(const char *arg) negate = !strcmp("!", str2); pcre2len = sizeof(str2); - res = pcre2_substring_copy_bynumber(parse_regex2.match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len); + res = pcre2_substring_copy_bynumber(match2, 2, (PCRE2_UCHAR8 *)str2, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); + pcre2_match_data_free(match2); goto error; } if (strcmp("client_hello", str2) == 0) { @@ -251,17 +256,20 @@ static DetectSslStateData *DetectSslStateParse(const char *arg) SCLogError("Found invalid option \"%s\" " "in ssl_state keyword.", str2); + pcre2_match_data_free(match2); goto error; } pcre2len = sizeof(str2); - res = pcre2_substring_copy_bynumber(parse_regex2.match, 3, (PCRE2_UCHAR8 *)str2, &pcre2len); + res = pcre2_substring_copy_bynumber(match2, 3, (PCRE2_UCHAR8 *)str2, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); + pcre2_match_data_free(match2); goto error; } memcpy(str1, str2, sizeof(str1)); + pcre2_match_data_free(match2); } if ( (ssd = SCMalloc(sizeof(DetectSslStateData))) == NULL) { @@ -270,9 +278,13 @@ static DetectSslStateData *DetectSslStateParse(const char *arg) ssd->flags = flags; ssd->mask = mask; + pcre2_match_data_free(match); return ssd; error: + if (match) { + pcre2_match_data_free(match); + } return NULL; } diff --git a/src/detect-tag.c b/src/detect-tag.c index ec71acb09f5b..c31b44088d7d 100644 --- a/src/detect-tag.c +++ b/src/detect-tag.c @@ -156,17 +156,17 @@ static int DetectTagMatch(DetectEngineThreadCtx *det_ctx, Packet *p, static DetectTagData *DetectTagParse(const char *tagstr) { DetectTagData td; - int ret = 0, res = 0; size_t pcre2_len; const char *str_ptr = NULL; - ret = DetectParsePcreExec(&parse_regex, tagstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, tagstr, 0, 0); if (ret < 1) { SCLogError("parse error, ret %" PRId32 ", string %s", ret, tagstr); goto error; } - res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + int res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0 || str_ptr == NULL) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -190,8 +190,7 @@ static DetectTagData *DetectTagParse(const char *tagstr) td.direction = DETECT_TAG_DIR_DST; if (ret > 4) { - res = pcre2_substring_get_bynumber( - parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0 || str_ptr == NULL) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -209,8 +208,7 @@ static DetectTagData *DetectTagParse(const char *tagstr) pcre2_substring_free((PCRE2_UCHAR *)str_ptr); str_ptr = NULL; - res = pcre2_substring_get_bynumber( - parse_regex.match, 4, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 4, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0 || str_ptr == NULL) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -239,8 +237,7 @@ static DetectTagData *DetectTagParse(const char *tagstr) /* if specified, overwrite it */ if (ret == 7) { - res = pcre2_substring_get_bynumber( - parse_regex.match, 6, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, 6, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0 || str_ptr == NULL) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -278,9 +275,13 @@ static DetectTagData *DetectTagParse(const char *tagstr) } memcpy(real_td, &td, sizeof(DetectTagData)); + pcre2_match_data_free(match); return real_td; error: + if (match) { + pcre2_match_data_free(match); + } if (str_ptr != NULL) pcre2_substring_free((PCRE2_UCHAR *)str_ptr); return NULL; diff --git a/src/detect-target.c b/src/detect-target.c index f7ce19794e2a..b34b6e0d7066 100644 --- a/src/detect-target.c +++ b/src/detect-target.c @@ -81,41 +81,48 @@ void DetectTargetRegister(void) { */ static int DetectTargetParse(Signature *s, const char *targetstr) { - int ret = 0, res = 0; size_t pcre2len; char value[10]; - ret = DetectParsePcreExec(&parse_regex, targetstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, targetstr, 0, 0); if (ret < 1) { SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, targetstr); - return -1; + goto error; } pcre2len = sizeof(value); - res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)value, &pcre2len); + int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)value, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); - return -1; + goto error; } /* now check key value */ if (!strcmp(value, "src_ip")) { if (s->flags & SIG_FLAG_DEST_IS_TARGET) { SCLogError("Conflicting values of target keyword"); - return -1; + goto error; } s->flags |= SIG_FLAG_SRC_IS_TARGET; } else if (!strcmp(value, "dest_ip")) { if (s->flags & SIG_FLAG_SRC_IS_TARGET) { SCLogError("Conflicting values of target keyword"); - return -1; + goto error; } s->flags |= SIG_FLAG_DEST_IS_TARGET; } else { SCLogError("only 'src_ip' and 'dest_ip' are supported as target value"); - return -1; + goto error; } + pcre2_match_data_free(match); return 0; + +error: + if (match) { + pcre2_match_data_free(match); + } + return -1; } /** diff --git a/src/detect-tcp-flags.c b/src/detect-tcp-flags.c index 23a3bd23b0d7..183ae96f6792 100644 --- a/src/detect-tcp-flags.c +++ b/src/detect-tcp-flags.c @@ -173,51 +173,52 @@ static DetectFlagsData *DetectFlagsParse (const char *rawstr) { SCEnter(); - int ret = 0, found = 0, ignore = 0, res = 0; - size_t pcre2len; + int found = 0, ignore = 0; char *ptr; + DetectFlagsData *de = NULL; char arg1[16] = ""; char arg2[16] = ""; char arg3[16] = ""; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); SCLogDebug("input '%s', pcre said %d", rawstr, ret); if (ret < 3) { SCLogError("pcre match failed"); - SCReturnPtr(NULL, "DetectFlagsData"); + goto error; } - pcre2len = sizeof(arg1); - res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); + size_t pcre2len = sizeof(arg1); + int res = SC_Pcre2SubstringCopy(match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); - SCReturnPtr(NULL, "DetectFlagsData"); + goto error; } if (ret >= 2) { pcre2len = sizeof(arg2); - res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); - SCReturnPtr(NULL, "DetectFlagsData"); + goto error; } } if (ret >= 3) { pcre2len = sizeof(arg3); - res = SC_Pcre2SubstringCopy(parse_regex.match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len); + res = SC_Pcre2SubstringCopy(match, 3, (PCRE2_UCHAR8 *)arg3, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); - SCReturnPtr(NULL, "DetectFlagsData"); + goto error; } } SCLogDebug("args '%s', '%s', '%s'", arg1, arg2, arg3); if (strlen(arg2) == 0) { SCLogDebug("empty argument"); - SCReturnPtr(NULL, "DetectFlagsData"); + goto error; } - DetectFlagsData *de = SCMalloc(sizeof(DetectFlagsData)); + de = SCMalloc(sizeof(DetectFlagsData)); if (unlikely(de == NULL)) goto error; memset(de, 0, sizeof(DetectFlagsData)); @@ -450,6 +451,7 @@ static DetectFlagsData *DetectFlagsParse (const char *rawstr) } } + pcre2_match_data_free(match); SCLogDebug("found %"PRId32" ignore %"PRId32"", found, ignore); SCReturnPtr(de, "DetectFlagsData"); @@ -457,6 +459,9 @@ static DetectFlagsData *DetectFlagsParse (const char *rawstr) if (de) { SCFree(de); } + if (match) { + pcre2_match_data_free(match); + } SCReturnPtr(NULL, "DetectFlagsData"); } diff --git a/src/detect-tcp-window.c b/src/detect-tcp-window.c index c0817c93bff5..9f5c56270bb5 100644 --- a/src/detect-tcp-window.c +++ b/src/detect-tcp-window.c @@ -110,10 +110,11 @@ static int DetectWindowMatch(DetectEngineThreadCtx *det_ctx, Packet *p, static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char *windowstr) { DetectWindowData *wd = NULL; - int ret = 0, res = 0; + int res = 0; size_t pcre2len; - ret = DetectParsePcreExec(&parse_regex, windowstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, windowstr, 0, 0); if (ret < 1 || ret > 3) { SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, windowstr); goto error; @@ -126,7 +127,7 @@ static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char * if (ret > 1) { char copy_str[128] = ""; pcre2len = sizeof(copy_str); - res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len); + res = SC_Pcre2SubstringCopy(match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -140,8 +141,7 @@ static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char * if (ret > 2) { pcre2len = sizeof(copy_str); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 2, (PCRE2_UCHAR8 *)copy_str, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)copy_str, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -155,9 +155,13 @@ static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char * } } + pcre2_match_data_free(match); return wd; error: + if (match) { + pcre2_match_data_free(match); + } if (wd != NULL) DetectWindowFree(de_ctx, wd); return NULL; diff --git a/src/detect-template.c b/src/detect-template.c index e43b045f91e6..693e4bde821b 100644 --- a/src/detect-template.c +++ b/src/detect-template.c @@ -129,43 +129,50 @@ static DetectTemplateData *DetectTemplateParse (const char *templatestr) { char arg1[4] = ""; char arg2[4] = ""; - size_t pcre2len; - int ret = DetectParsePcreExec(&parse_regex, templatestr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, templatestr, 0, 0); if (ret != 3) { SCLogError("parse error, ret %" PRId32 "", ret); - return NULL; + goto error; } - pcre2len = sizeof(arg1); - ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); + size_t pcre2len = sizeof(arg1); + ret = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len); if (ret < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); - return NULL; + goto error; } SCLogDebug("Arg1 \"%s\"", arg1); pcre2len = sizeof(arg2); - ret = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len); + ret = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len); if (ret < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); - return NULL; + goto error; } SCLogDebug("Arg2 \"%s\"", arg2); DetectTemplateData *templated = SCMalloc(sizeof (DetectTemplateData)); if (unlikely(templated == NULL)) - return NULL; + goto error; if (ByteExtractStringUint8(&templated->arg1, 10, 0, (const char *)arg1) < 0) { SCFree(templated); - return NULL; + goto error; } if (ByteExtractStringUint8(&templated->arg2, 10, 0, (const char *)arg2) < 0) { SCFree(templated); - return NULL; + goto error; } + pcre2_match_data_free(match); return templated; + +error: + if (match) { + pcre2_match_data_free(match); + } + return NULL; } /** diff --git a/src/detect-threshold.c b/src/detect-threshold.c index 25bda3556bc4..95a09633b2ba 100644 --- a/src/detect-threshold.c +++ b/src/detect-threshold.c @@ -121,6 +121,7 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr) int second_pos = 0, count_pos = 0; size_t pos = 0; int i = 0; + pcre2_match_data *match = NULL; copy_str = SCStrdup(rawstr); if (unlikely(copy_str == NULL)) { @@ -147,7 +148,7 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr) if(count_found != 1 || second_found != 1 || type_found != 1 || track_found != 1) goto error; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret < 5) { SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; @@ -161,8 +162,7 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr) for (i = 0; i < (ret - 1); i++) { - res = pcre2_substring_get_bynumber( - parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); @@ -209,9 +209,13 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr) if (args[i] != NULL) pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); } + pcre2_match_data_free(match); return de; error: + if (match) { + pcre2_match_data_free(match); + } for (i = 0; i < (ret - 1); i++){ if (args[i] != NULL) pcre2_substring_free((PCRE2_UCHAR8 *)args[i]); diff --git a/src/detect-tls-cert-validity.c b/src/detect-tls-cert-validity.c index 4135e328bac6..63939b849286 100644 --- a/src/detect-tls-cert-validity.c +++ b/src/detect-tls-cert-validity.c @@ -290,21 +290,20 @@ static time_t DateStringToEpoch (char *string) static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr) { DetectTlsValidityData *dd = NULL; - int ret = 0, res = 0; - size_t pcre2len; char mode[2] = ""; char value1[20] = ""; char value2[20] = ""; char range[3] = ""; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret < 3 || ret > 5) { SCLogError("Parse error %s", rawstr); goto error; } - pcre2len = sizeof(mode); - res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); + size_t pcre2len = sizeof(mode); + int res = SC_Pcre2SubstringCopy(match, 1, (PCRE2_UCHAR8 *)mode, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -312,7 +311,7 @@ static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr) SCLogDebug("mode \"%s\"", mode); pcre2len = sizeof(value1); - res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -321,7 +320,7 @@ static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr) if (ret > 3) { pcre2len = sizeof(range); - res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)range, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)range, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -330,8 +329,7 @@ static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr) if (ret > 4) { pcre2len = sizeof(value2); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 4, (PCRE2_UCHAR8 *)value2, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 4, (PCRE2_UCHAR8 *)value2, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -390,9 +388,13 @@ static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr) goto error; } } + pcre2_match_data_free(match); return dd; error: + if (match) { + pcre2_match_data_free(match); + } if (dd) SCFree(dd); return NULL; diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c index ac663c1fea95..cba1f55e95d1 100644 --- a/src/detect-tls-version.c +++ b/src/detect-tls-version.c @@ -150,10 +150,11 @@ static DetectTlsVersionData *DetectTlsVersionParse (DetectEngineCtx *de_ctx, con { uint16_t temp; DetectTlsVersionData *tls = NULL; - int ret = 0, res = 0; + int res = 0; size_t pcre2len; - ret = DetectParsePcreExec(&parse_regex, str, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, str, 0, 0); if (ret < 1 || ret > 3) { SCLogError("invalid tls.version option"); goto error; @@ -163,8 +164,7 @@ static DetectTlsVersionData *DetectTlsVersionParse (DetectEngineCtx *de_ctx, con char ver_ptr[64]; char *tmp_str; pcre2len = sizeof(ver_ptr); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 1, (PCRE2_UCHAR8 *)ver_ptr, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)ver_ptr, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -205,9 +205,13 @@ static DetectTlsVersionData *DetectTlsVersionParse (DetectEngineCtx *de_ctx, con SCLogDebug("will look for tls %"PRIu16"", tls->ver); } + pcre2_match_data_free(match); return tls; error: + if (match) { + pcre2_match_data_free(match); + } if (tls != NULL) DetectTlsVersionFree(de_ctx, tls); return NULL; diff --git a/src/detect-tls.c b/src/detect-tls.c index b04f4398bfa7..71e45696cd9c 100644 --- a/src/detect-tls.c +++ b/src/detect-tls.c @@ -217,14 +217,14 @@ static int DetectTlsSubjectMatch (DetectEngineThreadCtx *det_ctx, static DetectTlsData *DetectTlsSubjectParse (DetectEngineCtx *de_ctx, const char *str, bool negate) { DetectTlsData *tls = NULL; - int ret = 0, res = 0; size_t pcre2_len; const char *str_ptr; char *orig = NULL; char *tmp_str; uint32_t flag = 0; - ret = DetectParsePcreExec(&subject_parse_regex, str, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&subject_parse_regex, &match, str, 0, 0); if (ret != 2) { SCLogError("invalid tls.subject option"); goto error; @@ -233,8 +233,7 @@ static DetectTlsData *DetectTlsSubjectParse (DetectEngineCtx *de_ctx, const char if (negate) flag = DETECT_CONTENT_NEGATED; - res = pcre2_substring_get_bynumber( - subject_parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + int res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -266,6 +265,7 @@ static DetectTlsData *DetectTlsSubjectParse (DetectEngineCtx *de_ctx, const char goto error; } + pcre2_match_data_free(match); SCFree(orig); SCLogDebug("will look for TLS subject %s", tls->subject); @@ -273,6 +273,9 @@ static DetectTlsData *DetectTlsSubjectParse (DetectEngineCtx *de_ctx, const char return tls; error: + if (match) { + pcre2_match_data_free(match); + } if (orig != NULL) SCFree(orig); if (tls != NULL) @@ -409,14 +412,14 @@ static int DetectTlsIssuerDNMatch (DetectEngineThreadCtx *det_ctx, static DetectTlsData *DetectTlsIssuerDNParse(DetectEngineCtx *de_ctx, const char *str, bool negate) { DetectTlsData *tls = NULL; - int ret = 0, res = 0; size_t pcre2_len; const char *str_ptr; char *orig = NULL; char *tmp_str; uint32_t flag = 0; - ret = DetectParsePcreExec(&issuerdn_parse_regex, str, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&issuerdn_parse_regex, &match, str, 0, 0); if (ret != 2) { SCLogError("invalid tls.issuerdn option"); goto error; @@ -425,8 +428,7 @@ static DetectTlsData *DetectTlsIssuerDNParse(DetectEngineCtx *de_ctx, const char if (negate) flag = DETECT_CONTENT_NEGATED; - res = pcre2_substring_get_bynumber( - issuerdn_parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); + int res = pcre2_substring_get_bynumber(match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len); if (res < 0) { SCLogError("pcre2_substring_get_bynumber failed"); goto error; @@ -461,11 +463,15 @@ static DetectTlsData *DetectTlsIssuerDNParse(DetectEngineCtx *de_ctx, const char SCFree(orig); + pcre2_match_data_free(match); SCLogDebug("Will look for TLS issuerdn %s", tls->issuerdn); return tls; error: + if (match) { + pcre2_match_data_free(match); + } if (orig != NULL) SCFree(orig); if (tls != NULL) diff --git a/src/detect-tos.c b/src/detect-tos.c index 422882f1f9a8..002ff9c927c9 100644 --- a/src/detect-tos.c +++ b/src/detect-tos.c @@ -111,10 +111,10 @@ static int DetectTosMatch(DetectEngineThreadCtx *det_ctx, Packet *p, static DetectTosData *DetectTosParse(const char *arg, bool negate) { DetectTosData *tosd = NULL; - int ret = 0, res = 0; size_t pcre2len; - ret = DetectParsePcreExec(&parse_regex, arg, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, arg, 0, 0); if (ret != 2) { SCLogError("invalid tos option - %s. " "The tos option value must be in the range " @@ -126,8 +126,7 @@ static DetectTosData *DetectTosParse(const char *arg, bool negate) /* For TOS value */ char tosbytes_str[64] = ""; pcre2len = sizeof(tosbytes_str); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 1, (PCRE2_UCHAR8 *)tosbytes_str, &pcre2len); + int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)tosbytes_str, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); goto error; @@ -159,9 +158,13 @@ static DetectTosData *DetectTosParse(const char *arg, bool negate) tosd->tos = (uint8_t)tos; tosd->negated = negate; + pcre2_match_data_free(match); return tosd; error: + if (match) { + pcre2_match_data_free(match); + } return NULL; } diff --git a/src/detect-xbits.c b/src/detect-xbits.c index 787b2dd50bfb..9c5871f7af8f 100644 --- a/src/detect-xbits.c +++ b/src/detect-xbits.c @@ -194,41 +194,44 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx, DetectXbitsData *cd = NULL; uint8_t fb_cmd = 0; uint8_t hb_dir = 0; - int ret = 0, res = 0; size_t pcre2len; char fb_cmd_str[16] = "", fb_name[256] = ""; char hb_dir_str[16] = ""; enum VarTypes var_type = VAR_TYPE_NOT_SET; uint32_t expire = DETECT_XBITS_EXPIRE_DEFAULT; - ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0); + pcre2_match_data *match = NULL; + int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0); if (ret != 2 && ret != 3 && ret != 4 && ret != 5) { SCLogError("\"%s\" is not a valid setting for xbits.", rawstr); + if (match) { + pcre2_match_data_free(match); + } return -1; } SCLogDebug("ret %d, %s", ret, rawstr); pcre2len = sizeof(fb_cmd_str); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 1, (PCRE2_UCHAR8 *)fb_cmd_str, &pcre2len); + int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)fb_cmd_str, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); + pcre2_match_data_free(match); return -1; } if (ret >= 3) { pcre2len = sizeof(fb_name); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 2, (PCRE2_UCHAR8 *)fb_name, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)fb_name, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); + pcre2_match_data_free(match); return -1; } if (ret >= 4) { pcre2len = sizeof(hb_dir_str); - res = pcre2_substring_copy_bynumber( - parse_regex.match, 3, (PCRE2_UCHAR8 *)hb_dir_str, &pcre2len); + res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)hb_dir_str, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); + pcre2_match_data_free(match); return -1; } SCLogDebug("hb_dir_str %s", hb_dir_str); @@ -244,6 +247,7 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx, var_type = VAR_TYPE_IPPAIR_BIT; } else { // TODO + pcre2_match_data_free(match); return -1; } } @@ -252,9 +256,10 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx, char expire_str[16] = ""; pcre2len = sizeof(expire_str); res = pcre2_substring_copy_bynumber( - parse_regex.match, 4, (PCRE2_UCHAR8 *)expire_str, &pcre2len); + match, 4, (PCRE2_UCHAR8 *)expire_str, &pcre2len); if (res < 0) { SCLogError("pcre2_substring_copy_bynumber failed"); + pcre2_match_data_free(match); return -1; } SCLogDebug("expire_str %s", expire_str); @@ -262,10 +267,12 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx, SCLogError("Invalid value for " "expire: \"%s\"", expire_str); + pcre2_match_data_free(match); return -1; } if (expire == 0) { SCLogError("expire must be bigger than 0"); + pcre2_match_data_free(match); return -1; } SCLogDebug("expire %d", expire); @@ -273,6 +280,7 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx, } } + pcre2_match_data_free(match); if (strcmp(fb_cmd_str,"noalert") == 0) { fb_cmd = DETECT_XBITS_CMD_NOALERT; } else if (strcmp(fb_cmd_str,"isset") == 0) { diff --git a/src/detect.h b/src/detect.h index 7dd42a1477fb..fe2bbfa6e27b 100644 --- a/src/detect.h +++ b/src/detect.h @@ -853,11 +853,6 @@ typedef struct DetectEngineCtx_ { /* used by the signature ordering module */ struct SCSigOrderFunc_ *sc_sig_order_funcs; - /* hash table used for holding the classification config info */ - HashTable *class_conf_ht; - /* hash table used for holding the reference config info */ - HashTable *reference_conf_ht; - /* main sigs */ DetectEngineLookupFlow flow_gh[FLOW_STATES]; @@ -1011,6 +1006,21 @@ typedef struct DetectEngineCtx_ { * run. */ bool sm_types_prefilter[DETECT_TBLSIZE]; bool sm_types_silent_error[DETECT_TBLSIZE]; + + /* classification config parsing */ + + /* hash table used for holding the classification config info */ + HashTable *class_conf_ht; + pcre2_code *class_conf_regex; + pcre2_match_data *class_conf_regex_match; + + /* reference config parsing */ + + /* hash table used for holding the reference config info */ + HashTable *reference_conf_ht; + pcre2_code *reference_conf_regex; + pcre2_match_data *reference_conf_regex_match; + } DetectEngineCtx; /* Engine groups profiles (low, medium, high, custom) */ diff --git a/src/runmode-unittests.c b/src/runmode-unittests.c index d7899a144ec7..1150bad89580 100644 --- a/src/runmode-unittests.c +++ b/src/runmode-unittests.c @@ -253,8 +253,6 @@ void RunUnittests(int list_unittests, const char *regex_arg) TmqhSetup(); TagInitCtx(); - SCReferenceConfInit(); - SCClassConfInit(); UtInitialize(); diff --git a/src/suricata.c b/src/suricata.c index 7172a49dba40..48aadfa77066 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -383,10 +383,6 @@ static void GlobalsDestroy(SCInstance *suri) FeatureTrackingRelease(); SCProtoNameRelease(); TimeDeinit(); - if (!suri->disabled_detect) { - SCReferenceConfDeinit(); - SCClassConfDeinit(); - } TmqhCleanup(); TmModuleRunDeInit(); ParseSizeDeinit(); @@ -2550,8 +2546,6 @@ void PostConfLoadedDetectSetup(SCInstance *suri) { DetectEngineCtx *de_ctx = NULL; if (!suri->disabled_detect) { - SCClassConfInit(); - SCReferenceConfInit(); SetupDelayedDetect(suri); int mt_enabled = 0; (void)ConfGetBool("multi-detect.enabled", &mt_enabled); diff --git a/src/tests/fuzz/fuzz_siginit.c b/src/tests/fuzz/fuzz_siginit.c index e649eb070d49..80514b2d9a52 100644 --- a/src/tests/fuzz/fuzz_siginit.c +++ b/src/tests/fuzz/fuzz_siginit.c @@ -28,8 +28,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) SpmTableSetup(); EngineModeSetIDS(); SigTableSetup(); - SCReferenceConfInit(); - SCClassConfInit(); } if (cnt++ == 1024) { DetectEngineCtxFree(de_ctx); diff --git a/src/util-classification-config.c b/src/util-classification-config.c index dbaac9a29f7c..be42469e6d4a 100644 --- a/src/util-classification-config.c +++ b/src/util-classification-config.c @@ -48,9 +48,6 @@ #define SC_CLASS_CONF_DEF_CONF_FILEPATH CONFIG_DIR "/classification.config" #endif -static pcre2_code *regex = NULL; -static pcre2_match_data *regex_match = NULL; - uint32_t SCClassConfClasstypeHashFunc(HashTable *ht, void *data, uint16_t datalen); char SCClassConfClasstypeHashCompareFunc(void *data1, uint16_t datalen1, void *data2, uint16_t datalen2); @@ -61,15 +58,15 @@ static SCClassConfClasstype *SCClassConfAllocClasstype(uint16_t classtype_id, const char *classtype, const char *classtype_desc, int priority); static void SCClassConfDeAllocClasstype(SCClassConfClasstype *ct); -void SCClassConfInit(void) +void SCClassConfInit(DetectEngineCtx *de_ctx) { int en; PCRE2_SIZE eo; int opts = 0; - regex = pcre2_compile( + de_ctx->class_conf_regex = pcre2_compile( (PCRE2_SPTR8)DETECT_CLASSCONFIG_REGEX, PCRE2_ZERO_TERMINATED, opts, &en, &eo, NULL); - if (regex == NULL) { + if (de_ctx->class_conf_regex == NULL) { PCRE2_UCHAR errbuffer[256]; pcre2_get_error_message(en, errbuffer, sizeof(errbuffer)); SCLogWarning("pcre2 compile of \"%s\" failed at " @@ -77,19 +74,20 @@ void SCClassConfInit(void) DETECT_CLASSCONFIG_REGEX, (int)eo, errbuffer); return; } - regex_match = pcre2_match_data_create_from_pattern(regex, NULL); + de_ctx->class_conf_regex_match = + pcre2_match_data_create_from_pattern(de_ctx->class_conf_regex, NULL); return; } -void SCClassConfDeinit(void) +void SCClassConfDeinit(DetectEngineCtx *de_ctx) { - if (regex != NULL) { - pcre2_code_free(regex); - regex = NULL; + if (de_ctx->class_conf_regex != NULL) { + pcre2_code_free(de_ctx->class_conf_regex); + de_ctx->class_conf_regex = NULL; } - if (regex_match != NULL) { - pcre2_match_data_free(regex_match); - regex_match = NULL; + if (de_ctx->class_conf_regex_match != NULL) { + pcre2_match_data_free(de_ctx->class_conf_regex_match); + de_ctx->class_conf_regex_match = NULL; } } @@ -248,7 +246,8 @@ int SCClassConfAddClasstype(DetectEngineCtx *de_ctx, char *rawstr, uint16_t inde int ret = 0; - ret = pcre2_match(regex, (PCRE2_SPTR8)rawstr, strlen(rawstr), 0, 0, regex_match, NULL); + ret = pcre2_match(de_ctx->class_conf_regex, (PCRE2_SPTR8)rawstr, strlen(rawstr), 0, 0, + de_ctx->class_conf_regex_match, NULL); if (ret < 0) { SCLogError("Invalid Classtype in " "classification.config file %s: \"%s\"", @@ -258,7 +257,8 @@ int SCClassConfAddClasstype(DetectEngineCtx *de_ctx, char *rawstr, uint16_t inde size_t copylen = sizeof(ct_name); /* retrieve the classtype name */ - ret = pcre2_substring_copy_bynumber(regex_match, 1, (PCRE2_UCHAR8 *)ct_name, ©len); + ret = pcre2_substring_copy_bynumber( + de_ctx->class_conf_regex_match, 1, (PCRE2_UCHAR8 *)ct_name, ©len); if (ret < 0) { SCLogInfo("pcre2_substring_copy_bynumber() failed"); goto error; @@ -266,7 +266,8 @@ int SCClassConfAddClasstype(DetectEngineCtx *de_ctx, char *rawstr, uint16_t inde /* retrieve the classtype description */ copylen = sizeof(ct_desc); - ret = pcre2_substring_copy_bynumber(regex_match, 2, (PCRE2_UCHAR8 *)ct_desc, ©len); + ret = pcre2_substring_copy_bynumber( + de_ctx->class_conf_regex_match, 2, (PCRE2_UCHAR8 *)ct_desc, ©len); if (ret < 0) { SCLogInfo("pcre2_substring_copy_bynumber() failed"); goto error; @@ -274,7 +275,8 @@ int SCClassConfAddClasstype(DetectEngineCtx *de_ctx, char *rawstr, uint16_t inde /* retrieve the classtype priority */ copylen = sizeof(ct_priority_str); - ret = pcre2_substring_copy_bynumber(regex_match, 3, (PCRE2_UCHAR8 *)ct_priority_str, ©len); + ret = pcre2_substring_copy_bynumber( + de_ctx->class_conf_regex_match, 3, (PCRE2_UCHAR8 *)ct_priority_str, ©len); if (ret < 0) { SCLogInfo("pcre2_substring_copy_bynumber() failed"); goto error; diff --git a/src/util-classification-config.h b/src/util-classification-config.h index f0b98979e3e1..9ac00c85d09e 100644 --- a/src/util-classification-config.h +++ b/src/util-classification-config.h @@ -51,8 +51,8 @@ SCClassConfClasstype *SCClassConfGetClasstype(const char *, DetectEngineCtx *); void SCClassConfDeInitContext(DetectEngineCtx *); -void SCClassConfInit(void); -void SCClassConfDeinit(void); +void SCClassConfInit(DetectEngineCtx *de_ctx); +void SCClassConfDeinit(DetectEngineCtx *de_ctx); /* for unittests */ #ifdef UNITTESTS diff --git a/src/util-reference-config.c b/src/util-reference-config.c index a0e25a75205a..0a3109825229 100644 --- a/src/util-reference-config.c +++ b/src/util-reference-config.c @@ -41,9 +41,6 @@ /* Default path for the reference.conf file */ #define SC_RCONF_DEFAULT_FILE_PATH CONFIG_DIR "/reference.config" -static pcre2_code *regex = NULL; -static pcre2_match_data *regex_match = NULL; - /* the hash functions */ uint32_t SCRConfReferenceHashFunc(HashTable *ht, void *data, uint16_t datalen); char SCRConfReferenceHashCompareFunc(void *data1, uint16_t datalen1, @@ -53,14 +50,15 @@ void SCRConfReferenceHashFree(void *ch); /* used to get the reference.config file path */ static const char *SCRConfGetConfFilename(const DetectEngineCtx *de_ctx); -void SCReferenceConfInit(void) +void SCReferenceConfInit(DetectEngineCtx *de_ctx) { int en; PCRE2_SIZE eo; int opts = 0; - regex = pcre2_compile((PCRE2_SPTR8)SC_RCONF_REGEX, PCRE2_ZERO_TERMINATED, opts, &en, &eo, NULL); - if (regex == NULL) { + de_ctx->reference_conf_regex = + pcre2_compile((PCRE2_SPTR8)SC_RCONF_REGEX, PCRE2_ZERO_TERMINATED, opts, &en, &eo, NULL); + if (de_ctx->reference_conf_regex == NULL) { PCRE2_UCHAR errbuffer[256]; pcre2_get_error_message(en, errbuffer, sizeof(errbuffer)); SCLogWarning("pcre2 compile of \"%s\" failed at " @@ -68,20 +66,20 @@ void SCReferenceConfInit(void) SC_RCONF_REGEX, (int)eo, errbuffer); return; } - regex_match = pcre2_match_data_create_from_pattern(regex, NULL); - + de_ctx->reference_conf_regex_match = + pcre2_match_data_create_from_pattern(de_ctx->reference_conf_regex, NULL); return; } -void SCReferenceConfDeinit(void) +void SCReferenceConfDeinit(DetectEngineCtx *de_ctx) { - if (regex != NULL) { - pcre2_code_free(regex); - regex = NULL; + if (de_ctx->reference_conf_regex != NULL) { + pcre2_code_free(de_ctx->reference_conf_regex); + de_ctx->reference_conf_regex = NULL; } - if (regex_match != NULL) { - pcre2_match_data_free(regex_match); - regex_match = NULL; + if (de_ctx->reference_conf_regex_match != NULL) { + pcre2_match_data_free(de_ctx->reference_conf_regex_match); + de_ctx->reference_conf_regex_match = NULL; } } @@ -235,7 +233,8 @@ int SCRConfAddReference(DetectEngineCtx *de_ctx, const char *line) int ret = 0; - ret = pcre2_match(regex, (PCRE2_SPTR8)line, strlen(line), 0, 0, regex_match, NULL); + ret = pcre2_match(de_ctx->reference_conf_regex, (PCRE2_SPTR8)line, strlen(line), 0, 0, + de_ctx->reference_conf_regex_match, NULL); if (ret < 0) { SCLogError("Invalid Reference Config in " "reference.config file"); @@ -244,7 +243,8 @@ int SCRConfAddReference(DetectEngineCtx *de_ctx, const char *line) /* retrieve the reference system */ size_t copylen = sizeof(system); - ret = pcre2_substring_copy_bynumber(regex_match, 1, (PCRE2_UCHAR8 *)system, ©len); + ret = pcre2_substring_copy_bynumber( + de_ctx->reference_conf_regex_match, 1, (PCRE2_UCHAR8 *)system, ©len); if (ret < 0) { SCLogError("pcre2_substring_copy_bynumber() failed"); goto error; @@ -252,7 +252,8 @@ int SCRConfAddReference(DetectEngineCtx *de_ctx, const char *line) /* retrieve the reference url */ copylen = sizeof(url); - ret = pcre2_substring_copy_bynumber(regex_match, 2, (PCRE2_UCHAR8 *)url, ©len); + ret = pcre2_substring_copy_bynumber( + de_ctx->reference_conf_regex_match, 2, (PCRE2_UCHAR8 *)url, ©len); if (ret < 0) { SCLogError("pcre2_substring_copy_bynumber() failed"); goto error; diff --git a/src/util-reference-config.h b/src/util-reference-config.h index 890b2c883a76..5334fd7c42c1 100644 --- a/src/util-reference-config.h +++ b/src/util-reference-config.h @@ -53,7 +53,7 @@ FILE *SCRConfGenerateValidDummyReferenceConfigFD01(void); FILE *SCRConfGenerateInvalidDummyReferenceConfigFD02(void); FILE *SCRConfGenerateInvalidDummyReferenceConfigFD03(void); -void SCReferenceConfInit(void); -void SCReferenceConfDeinit(void); +void SCReferenceConfInit(DetectEngineCtx *de_ctx); +void SCReferenceConfDeinit(DetectEngineCtx *de_ctx); #endif /* __UTIL_REFERENCE_CONFIG_H__ */