Project

General

Profile

Download (5.04 KB)

Bug #445 ยป 0001-update-handling-negative-offsets-in-byte_extract.-Al.patch

Anoop Saldanha, 04/05/2012 02:08 PM

View differences:

src/detect-byte-extract.c
#define PARSE_REGEX "^" \
"\\s*([0-9]+)\\s*" \
",\\s*([0-9]+)\\s*" \
",\\s*(-?[0-9]+)\\s*" \
",\\s*([^\\s,]+)\\s*" \
"(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
"(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
......
}
/* Validate that the to-be-extracted is within the packet */
if (data->nbytes > len) {
if (ptr < payload || data->nbytes > len) {
SCLogDebug("Data not within payload pkt=%p, ptr=%p, len=%"PRIu32", nbytes=%d",
payload, ptr, len, data->nbytes);
return 0;
......
return result;
}
int DetectByteExtractTest63(void)
{
int result = 0;
DetectByteExtractData *bed = DetectByteExtractParse("4, -2, one");
if (bed == NULL)
goto end;
if (bed->nbytes != 4 ||
bed->offset != -2 ||
strcmp(bed->name, "one") != 0 ||
bed->flags != 0 ||
bed->endian != DETECT_BYTE_EXTRACT_ENDIAN_DEFAULT ||
bed->base != DETECT_BYTE_EXTRACT_BASE_NONE ||
bed->align_value != 0 ||
bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
goto end;
}
result = 1;
end:
if (bed != NULL)
DetectByteExtractFree(bed);
return result;
}
#endif /* UNITTESTS */
void DetectByteExtractRegisterTests(void)
......
UtRegisterTest("DetectByteExtractTest60", DetectByteExtractTest60, 1);
UtRegisterTest("DetectByteExtractTest61", DetectByteExtractTest61, 1);
UtRegisterTest("DetectByteExtractTest62", DetectByteExtractTest62, 1);
UtRegisterTest("DetectByteExtractTest63", DetectByteExtractTest63, 1);
#endif /* UNITTESTS */
return;
src/detect-engine-payload.c
return result;
}
/*
* \test Test negative byte extract.
*/
static int PayloadTestSig25(void)
{
uint8_t buf[] = {
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x35, /* the last byte is 2 */
0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D,
0x0E, 0x0F,
};
uint16_t buflen = sizeof(buf);
Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
int result = 0;
char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
"content:\"|35 07 08 09|\"; "
"byte_extract:1,-4,one,string,dec,relative; "
"content:\"|0C 0D 0E 0F|\"; distance:one; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
result = 0;
goto end;
}
result = 1;
end:
if (p != NULL)
UTHFreePacket(p);
return result;
}
/*
* \test Test negative byte extract.
*/
static int PayloadTestSig26(void)
{
uint8_t buf[] = {
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x35, /* the last byte is 2 */
0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D,
0x0E, 0x0F,
};
uint16_t buflen = sizeof(buf);
Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
int result = 0;
char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
"content:\"|35 07 08 09|\"; "
"byte_extract:1,-3000,one,string,dec,relative; "
"content:\"|0C 0D 0E 0F|\"; distance:one; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_AC) != 0) {
result = 0;
goto end;
}
result = 1;
end:
if (p != NULL)
UTHFreePacket(p);
return result;
}
#endif /* UNITTESTS */
void PayloadRegisterTests(void) {
......
UtRegisterTest("PayloadTestSig22", PayloadTestSig22, 1);
UtRegisterTest("PayloadTestSig23", PayloadTestSig23, 1);
UtRegisterTest("PayloadTestSig24", PayloadTestSig24, 1);
UtRegisterTest("PayloadTestSig25", PayloadTestSig25, 1);
UtRegisterTest("PayloadTestSig26", PayloadTestSig26, 1);
#endif /* UNITTESTS */
return;
    (1-1/1)