Browse code
pcre: removed outdated comments pcre: added lsig validation and more accurate subsig counting
Kevin Lin authored on 2014/09/04 04:41:06Showing 3 changed files
| ... | ... |
@@ -46,7 +46,7 @@ int cli_pcre_addpatt(struct cli_matcher *root, const char *trigger, const char * |
| 46 | 46 |
return CL_ENULLARG; |
| 47 | 47 |
} |
| 48 | 48 |
|
| 49 |
- /* TODO: trigger and regex checking (string length limitations) */ |
|
| 49 |
+ /* TODO: trigger and regex checking (string length limitations, no self referencal or other pcre referential) */ |
|
| 50 | 50 |
|
| 51 | 51 |
/* allocating entries */ |
| 52 | 52 |
pm = (struct cli_pcre_meta *)mpool_calloc(root->mempool, 1, sizeof(*pm)); |
| ... | ... |
@@ -170,7 +170,7 @@ int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hex |
| 170 | 170 |
|
| 171 | 171 |
/* check for trigger */ |
| 172 | 172 |
if (!tlen) {
|
| 173 |
- cli_dbgmsg("cli_parseadd(): cannot add pcre without logical trigger\n");
|
|
| 173 |
+ cli_errmsg("cli_parseadd(): cannot add pcre without logical trigger\n");
|
|
| 174 | 174 |
return CL_EMALFDB; |
| 175 | 175 |
} |
| 176 | 176 |
|
| ... | ... |
@@ -216,27 +216,8 @@ int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hex |
| 216 | 216 |
|
| 217 | 217 |
cli_dbgmsg("trigger %s; regex %s; cflags %s\n", trigger, regex, cflags);
|
| 218 | 218 |
|
| 219 |
- /* TODO: allow subsigs to be validated during the subsig counting phase; validation of trigger occurs in cli_pcre_addpatt */ |
|
| 219 |
+ /* TODO: validation of trigger occurs in cli_pcre_addpatt */ |
|
| 220 | 220 |
|
| 221 |
- /* if trigger is PCRE_BYPASS, add to unconditionally run pcres (move to cli_pcre_addpatt) */ |
|
| 222 |
- /* if (!strncmp(trigger, PCRE_BYPASS, tlen)) {
|
|
| 223 |
- cli_dbgmsg("unconditional pcre regex detected: %s\n", wild);
|
|
| 224 |
- free(trigger); |
|
| 225 |
- |
|
| 226 |
- regex = cli_calloc(rlen+1, sizeof(char)); |
|
| 227 |
- if (!regex) {
|
|
| 228 |
- cli_errmsg("cli_parseadd(): cannot allocate memory\n");
|
|
| 229 |
- return CL_EMEM; |
|
| 230 |
- } |
|
| 231 |
- strncpy(regex, hexsig+tlen+1, rlen); |
|
| 232 |
- regex[rlen] = '\0'; |
|
| 233 |
- |
|
| 234 |
- ret = cli_pcre_adducondpatt(root, regex, lsigid); |
|
| 235 |
- free(regex); |
|
| 236 |
- |
|
| 237 |
- return ret; |
|
| 238 |
- } |
|
| 239 |
- */ |
|
| 240 | 221 |
/* normal trigger */ |
| 241 | 222 |
cli_dbgmsg("pcre regex detected: %s on trigger: %s with cflags: %s\n", regex, trigger, cflags);
|
| 242 | 223 |
ret = cli_pcre_addpatt(root, trigger, regex, cflags, lsigid); |
| ... | ... |
@@ -1363,10 +1344,58 @@ static int load_oneldb(char *buffer, int chkpua, struct cl_engine *engine, unsig |
| 1363 | 1363 |
return CL_EMALFDB; |
| 1364 | 1364 |
} |
| 1365 | 1365 |
subsigs++; |
| 1366 |
- if(subsigs > 64) {
|
|
| 1367 |
- cli_errmsg("cli_loadldb: Broken logical expression or too many subsignatures\n");
|
|
| 1368 |
- return CL_EMALFDB; |
|
| 1366 |
+ |
|
| 1367 |
+#if HAVE_PCRE |
|
| 1368 |
+ /* Regex LSig Check */ |
|
| 1369 |
+ for (i = 0; i < tokens_count-3; ++i) {
|
|
| 1370 |
+ char *wild; |
|
| 1371 |
+ int rssigs; |
|
| 1372 |
+ |
|
| 1373 |
+ if ((wild = strchr(tokens[i+3], '/'))) {
|
|
| 1374 |
+ char *trigger; |
|
| 1375 |
+ size_t tlen = wild-tokens[i+3]; |
|
| 1376 |
+ |
|
| 1377 |
+ /* check for trigger */ |
|
| 1378 |
+ if (!tlen) {
|
|
| 1379 |
+ cli_errmsg("cli_loadldb: cannot add pcre without logical trigger\n");
|
|
| 1380 |
+ return CL_EMALFDB; |
|
| 1381 |
+ } |
|
| 1382 |
+ |
|
| 1383 |
+ /* get the trigger statement */ |
|
| 1384 |
+ trigger = cli_calloc(tlen+1, sizeof(char)); |
|
| 1385 |
+ if (!trigger) {
|
|
| 1386 |
+ cli_errmsg("cli_loadldb: cannot allocate memory for trigger string\n");
|
|
| 1387 |
+ return CL_EMEM; |
|
| 1388 |
+ } |
|
| 1389 |
+ strncpy(trigger, tokens[i+3], tlen); |
|
| 1390 |
+ trigger[tlen] = '\0'; |
|
| 1391 |
+ |
|
| 1392 |
+ /* validate the lsig */ |
|
| 1393 |
+ rssigs = cli_ac_chklsig(trigger, trigger + strlen(trigger), NULL, NULL, NULL, 1); |
|
| 1394 |
+ if((strcmp(trigger, PCRE_BYPASS)) && (rssigs == -1)) {
|
|
| 1395 |
+ cli_errmsg("cli_loadldb: regex subsig %d is missing a valid logical trigger\n", i);
|
|
| 1396 |
+ return CL_EMALFDB; |
|
| 1397 |
+ } |
|
| 1398 |
+ |
|
| 1399 |
+ /* overwrite the global subsig count if the local one is greater */ |
|
| 1400 |
+ if (rssigs+1 > subsigs) |
|
| 1401 |
+ subsigs = rssigs+1; /* +1 is from the 'subsigs++;' above */ |
|
| 1402 |
+ |
|
| 1403 |
+ cli_dbgmsg("cli_loadldb: regex subsig %d uses %d(%d) highest ID\n", i, rssigs, rssigs+1);
|
|
| 1404 |
+ free(trigger); |
|
| 1405 |
+ } |
|
| 1369 | 1406 |
} |
| 1407 |
+#else |
|
| 1408 |
+ /* Regex Usage and Support Check */ |
|
| 1409 |
+ for (i = 0; i < subsigs; ++i) {
|
|
| 1410 |
+ if (strchr(tokens[i+3], '/')) {
|
|
| 1411 |
+ cli_dbgmsg("cli_loadldb: logical signature for %s uses PCREs but support is disabled, skipping\n", virname);
|
|
| 1412 |
+ (*sigs)--; |
|
| 1413 |
+ return CL_SUCCESS; |
|
| 1414 |
+ } |
|
| 1415 |
+ } |
|
| 1416 |
+#endif |
|
| 1417 |
+ |
|
| 1370 | 1418 |
if (!line) {
|
| 1371 | 1419 |
/* This is a logical signature from the bytecode, we need all |
| 1372 | 1420 |
* subsignatures, even if not referenced from the logical expression */ |
| ... | ... |
@@ -1381,16 +1410,11 @@ static int load_oneldb(char *buffer, int chkpua, struct cl_engine *engine, unsig |
| 1381 | 1381 |
return CL_EMALFDB; |
| 1382 | 1382 |
} |
| 1383 | 1383 |
|
| 1384 |
- /* Regex Usage and Support Check */ |
|
| 1385 |
-#if !HAVE_PCRE |
|
| 1386 |
- for (i = 0; i < subsigs; ++i) {
|
|
| 1387 |
- if (strchr(tokens[i+3], '/')) {
|
|
| 1388 |
- cli_dbgmsg("cli_loadldb: logical signature for %s uses PCREs but support is disabled, skipping\n", virname);
|
|
| 1389 |
- (*sigs)--; |
|
| 1390 |
- return CL_SUCCESS; |
|
| 1391 |
- } |
|
| 1384 |
+ /* enforce 64 subsig cap */ |
|
| 1385 |
+ if(subsigs > 64) {
|
|
| 1386 |
+ cli_errmsg("cli_loadldb: Broken logical expression or too many subsignatures\n");
|
|
| 1387 |
+ return CL_EMALFDB; |
|
| 1392 | 1388 |
} |
| 1393 |
-#endif |
|
| 1394 | 1389 |
|
| 1395 | 1390 |
/* TDB */ |
| 1396 | 1391 |
memset(&tdb, 0, sizeof(tdb)); |
| ... | ... |
@@ -183,8 +183,10 @@ static void named_substr_print(struct cli_pcre_data *pd, const unsigned char *bu |
| 183 | 183 |
|
| 184 | 184 |
cli_dbgmsg("named_substr: (%d) %*s: %s%s\n", n, name_entry_size - 3, tabptr + 2,
|
| 185 | 185 |
outstr, trunc ? " (trunc)":""); |
| 186 |
- /*cli_dbgmsg("named_substr: (%d) %*s: %.*s%s\n", n, name_entry_size - 3, tabptr + 2,
|
|
| 187 |
- ovector[2*n+1] - ovector[2*n], subject + ovector[2*n], trunc ? " (trunc)":"");*/ |
|
| 186 |
+ /* |
|
| 187 |
+ cli_dbgmsg("named_substr: (%d) %*s: %.*s%s\n", n, name_entry_size - 3, tabptr + 2,
|
|
| 188 |
+ length, start, trunc ? " (trunc)":""); |
|
| 189 |
+ */ |
|
| 188 | 190 |
tabptr += name_entry_size; |
| 189 | 191 |
} |
| 190 | 192 |
} |