Project

General

Profile

Download (5.58 KB)

Bug #130 » 0001-Bug-130-detect-nocase-was-not-recreating-the-BmCtx-w.patch

detect-nocase was not recreating the BmCtx with nocase chars, so it was not working with patterns of capital letters as expected - Pablo Rincon, 04/27/2010 11:56 AM

View differences:

src/detect-nocase.c
DetectUricontentData *ud = NULL;
DetectContentData *cd = NULL;
DetectHttpClientBodyData *dhcb = NULL;
DetectHttpCookieData *dhcd = NULL;
switch (pm->type) {
case DETECT_URICONTENT:
ud = (DetectUricontentData *)pm->ctx;
......
SCReturnInt(-1);
}
ud->flags |= DETECT_URICONTENT_NOCASE;
/* Recreate the context with nocase chars */
BoyerMooreCtxToNocase(ud->bm_ctx, ud->uricontent, ud->uricontent_len);
break;
case DETECT_CONTENT:
......
SCReturnInt(-1);
}
cd->flags |= DETECT_CONTENT_NOCASE;
/* Recreate the context with nocase chars */
BoyerMooreCtxToNocase(cd->bm_ctx, cd->content, cd->content_len);
break;
case DETECT_AL_HTTP_CLIENT_BODY:
((DetectHttpClientBodyData *)(pm->ctx))->flags |= DETECT_AL_HTTP_CLIENT_BODY_NOCASE;
dhcb =(DetectHttpClientBodyData *) pm->ctx;
dhcb->flags |= DETECT_AL_HTTP_CLIENT_BODY_NOCASE;
/* Recreate the context with nocase chars */
BoyerMooreCtxToNocase(dhcb->bm_ctx, dhcb->content, dhcb->content_len);
break;
case DETECT_AL_HTTP_COOKIE:
((DetectHttpCookieData *)(pm->ctx))->flags |= DETECT_AL_HTTP_COOKIE_NOCASE;
dhcd = (DetectHttpCookieData *) pm->ctx;
dhcd->flags |= DETECT_AL_HTTP_COOKIE_NOCASE;
break;
/* should never happen */
default:
src/util-spm-bm.c
#include <string.h>
/**
* \brief Given a BmCtx structure, recreate the pre/suffixes for
* nocase
*
* \retval BmCtx pointer to the already created BmCtx (with BoyerMooreCtxInit())
* \param str pointer to the pattern string
* \param size length of the string
*/
void BoyerMooreCtxToNocase(BmCtx *bm_ctx, uint8_t *needle, uint32_t needle_len) {
/* Prepare bad chars with nocase chars */
PreBmBcNocase(needle, needle_len, bm_ctx->bmBc);
/* Prepare good Suffixes with nocase chars */
PreBmGsNocase(needle, needle_len, bm_ctx->bmGs);
}
/**
* \brief Setup a Booyer More context.
*
* \param str pointer to the pattern string
src/util-spm-bm.h
/** Prepare and return a Boyer Moore context */
BmCtx *BoyerMooreCtxInit(uint8_t *needle, uint32_t needle_len);
void BoyerMooreCtxToNocase(BmCtx *, uint8_t *, uint32_t);
inline void PreBmBc(const uint8_t *x, int32_t m, int32_t *bmBc);
inline void BoyerMooreSuffixes(const uint8_t *x, int32_t m, int32_t *suff);
inline void PreBmGs(const uint8_t *x, int32_t m, int32_t *bmGs);
src/util-spm.c
return 0;
}
/**
* \test issue 130 (@redmine) check to ensure that the
* problem is not the algorithm implementation
*/
int UtilSpmBoyerMooreSearchNocaseTestIssue130() {
uint8_t *needle = (uint8_t *)"WWW-Authenticate: ";
uint8_t *text = (uint8_t *)"Date: Mon, 23 Feb 2009 13:31:49 GMT"
"Server: Apache\r\n"
"Www-authenticate: Basic realm=\"Authentification user password\"\r\n"
"Vary: accept-language,accept-charset\r\n"
"Accept-ranges: bytes\r\n"
"Connection: close\r\n"
"Content-type: text/html; charset=iso-8859-1\r\n"
"Content-language: fr\r\n"
"Expires: Mon, 23 Feb 2009 13:31:49 GMT\r\n\r\n";
uint8_t *found = BoyerMooreNocaseWrapper(text, needle, 1);
//printf("found: %s\n", found);
if (found != NULL)
return 1;
else
return 0;
}
/* Generic tests that should not match */
int UtilSpmBasicSearchTest02() {
uint8_t *needle = (uint8_t *)"oPQRsT";
......
UtRegisterTest("UtilSpmBoyerMooreSearchTest01", UtilSpmBoyerMooreSearchTest01, 1);
UtRegisterTest("UtilSpmBoyerMooreSearchNocaseTest01", UtilSpmBoyerMooreSearchNocaseTest01, 1);
UtRegisterTest("UtilSpmBoyerMooreSearchNocaseTestIssue130", UtilSpmBoyerMooreSearchNocaseTestIssue130, 1);
UtRegisterTest("UtilSpmBs2bmSearchTest02", UtilSpmBs2bmSearchTest02, 1);
UtRegisterTest("UtilSpmBs2bmSearchNocaseTest02", UtilSpmBs2bmSearchNocaseTest02, 1);
(2-2/2)