... | ... |
@@ -50,7 +50,7 @@ int cli_pcre_addpatt(struct cli_matcher *root, const char *trigger, const char * |
50 | 50 |
return CL_ENULLARG; |
51 | 51 |
} |
52 | 52 |
|
53 |
- /* TODO: trigger and regex checking (string length limitations?) */ |
|
53 |
+ /* TODO: trigger and regex checking (string length limitations?)(backreference limitations?) */ |
|
54 | 54 |
|
55 | 55 |
/* validate the lsig trigger */ |
56 | 56 |
rssigs = cli_ac_chklsig(trigger, trigger + strlen(trigger), NULL, NULL, NULL, 1); |
... | ... |
@@ -196,7 +196,7 @@ int cli_pcre_build(struct cli_matcher *root, long long unsigned match_limit, lon |
196 | 196 |
} |
197 | 197 |
|
198 | 198 |
cli_dbgmsg("cli_pcre_build: Compiling regex: %s\n", pm->pdata.expression); |
199 |
- /* parse the regex - TODO: set start_offset (at the addpatt phase?), also no options override */ |
|
199 |
+ /* parse the regex, no options override */ |
|
200 | 200 |
if ((ret = cli_pcre_compile(&(pm->pdata), match_limit, recmatch_limit, 0, 0)) != CL_SUCCESS) { |
201 | 201 |
cli_errmsg("cli_pcre_build: failed to parse pcre regex\n"); |
202 | 202 |
return ret; |
... | ... |
@@ -208,7 +208,7 @@ int cli_pcre_build(struct cli_matcher *root, long long unsigned match_limit, lon |
208 | 208 |
|
209 | 209 |
int cli_pcre_recaloff(struct cli_matcher *root, struct cli_pcre_off *data, struct cli_target_info *info) |
210 | 210 |
{ |
211 |
- /* TODO: fix the relative offset data maintained in cli_ac_data (generate own data?) */ |
|
211 |
+ /* TANGENT: maintain relative offset data in cli_ac_data? */ |
|
212 | 212 |
int ret; |
213 | 213 |
unsigned int i; |
214 | 214 |
struct cli_pcre_meta *pm; |
... | ... |
@@ -362,7 +362,7 @@ int cli_pcre_scanbuf(const unsigned char *buffer, uint32_t length, const struct |
362 | 362 |
pm = root->pcre_metatable[i]; |
363 | 363 |
pd = &(pm->pdata); |
364 | 364 |
|
365 |
- /* check the evaluation of the trigger - TODO: fix me */ |
|
365 |
+ /* check the evaluation of the trigger */ |
|
366 | 366 |
if (pm->lsigid[0]) { |
367 | 367 |
cli_dbgmsg("cli_pcre_scanbuf: checking %s; running regex /%s/\n", pm->trigger, pd->expression); |
368 | 368 |
if ((strcmp(pm->trigger, PCRE_BYPASS)) && (cli_ac_chklsig(pm->trigger, pm->trigger + strlen(pm->trigger), mdata->lsigcnt[pm->lsigid[1]], &evalcnt, &evalids, 0) != 1)) |
... | ... |
@@ -370,6 +370,7 @@ int cli_pcre_scanbuf(const unsigned char *buffer, uint32_t length, const struct |
370 | 370 |
} |
371 | 371 |
else { |
372 | 372 |
cli_dbgmsg("cli_pcre_scanbuf: skipping %s check due to unintialized lsigid\n", pm->trigger); |
373 |
+ /* fall-through to unconditional execution for sigtool */ |
|
373 | 374 |
} |
374 | 375 |
|
375 | 376 |
global = (pm->flags & CLI_PCRE_GLOBAL); /* search for all matches */ |
... | ... |
@@ -479,21 +480,29 @@ int cli_pcre_scanbuf(const unsigned char *buffer, uint32_t length, const struct |
479 | 479 |
|
480 | 480 |
/* handle error codes */ |
481 | 481 |
if (rc < 0 && rc != PCRE_ERROR_NOMATCH) { |
482 |
- cli_errmsg("cli_pcre_scanbuf: cli_pcre_match: pcre_exec: returned error %d\n", rc); |
|
483 |
- /* TODO: convert the pcre error codes to clamav error codes, handle match_limit and match_limit_recursion exceeded */ |
|
484 |
- return CL_BREAK; |
|
482 |
+ switch (rc) { |
|
483 |
+ /* for user-defined callback function error (unused) */ |
|
484 |
+ case PCRE_ERROR_CALLOUT: |
|
485 |
+ break; |
|
486 |
+ case PCRE_ERROR_NOMEMORY: |
|
487 |
+ cli_errmsg("cli_pcre_scanbuf: cli_pcre_match: pcre_exec: out of memory\n"); |
|
488 |
+ return CL_EMEM; |
|
489 |
+ case PCRE_ERROR_MATCHLIMIT: |
|
490 |
+ cli_dbgmsg("cli_pcre_scanbuf: cli_pcre_match: pcre_exec: match limit exceeded\n"); |
|
491 |
+ break; |
|
492 |
+ case PCRE_ERROR_RECURSIONLIMIT: |
|
493 |
+ cli_dbgmsg("cli_pcre_scanbuf: cli_pcre_match: pcre_exec: recursive limit exceeded\n"); |
|
494 |
+ break; |
|
495 |
+ default: |
|
496 |
+ cli_errmsg("cli_pcre_scanbuf: cli_pcre_match: pcre_exec: returned error %d\n", rc); |
|
497 |
+ return CL_BREAK; |
|
498 |
+ } |
|
485 | 499 |
} |
486 | 500 |
} |
487 | 501 |
|
488 | 502 |
return CL_SUCCESS; |
489 | 503 |
} |
490 | 504 |
|
491 |
-int cli_pcre_ucondscanbuf(const unsigned char *buffer, uint32_t length, const struct cli_matcher *root, struct cli_ac_data *mdata, struct cli_ac_result **res, struct cli_pcre_off *data, cli_ctx *ctx) |
|
492 |
-{ |
|
493 |
- /* TODO: copy cli_pcre_scanbuf - trigger */ |
|
494 |
- return CL_SUCCESS; |
|
495 |
-} |
|
496 |
- |
|
497 | 505 |
void cli_pcre_freemeta(struct cli_pcre_meta *pm) |
498 | 506 |
{ |
499 | 507 |
if (!pm) |
... | ... |
@@ -61,7 +61,6 @@ int cli_pcre_build(struct cli_matcher *root, long long unsigned match_limit, lon |
61 | 61 |
int cli_pcre_recaloff(struct cli_matcher *root, struct cli_pcre_off *data, struct cli_target_info *info); |
62 | 62 |
void cli_pcre_freeoff(struct cli_pcre_off *data); |
63 | 63 |
int cli_pcre_scanbuf(const unsigned char *buffer, uint32_t length, const struct cli_matcher *root, struct cli_ac_data *mdata, struct cli_ac_result **res, const struct cli_pcre_off *data, cli_ctx *ctx); |
64 |
-int cli_pcre_ucondscanbuf(const unsigned char *buffer, uint32_t length, const struct cli_matcher *root, struct cli_ac_data *mdata, struct cli_ac_result **res, struct cli_pcre_off *data, cli_ctx *ctx); |
|
65 | 64 |
void cli_pcre_freemeta(struct cli_pcre_meta *pm); |
66 | 65 |
void cli_pcre_freetable(struct cli_matcher *root); |
67 | 66 |
#endif /* HAVE_PCRE */ |
... | ... |
@@ -34,9 +34,7 @@ |
34 | 34 |
#include "others.h" |
35 | 35 |
#include "regex_pcre.h" |
36 | 36 |
|
37 |
-/* TODO: redefine pcre_malloc and pcre_free */ |
|
38 |
- |
|
39 |
-/* TODO: function is kinda pointless, remove? */ |
|
37 |
+/* TODO: function is kinda pointless, remove or rework? */ |
|
40 | 38 |
int cli_pcre_parse(struct cli_pcre_data *pd, const char *pattern) |
41 | 39 |
{ |
42 | 40 |
if (!pd || !pattern) { |
... | ... |
@@ -102,7 +100,7 @@ int cli_pcre_compile(struct cli_pcre_data *pd, long long unsigned match_limit, l |
102 | 102 |
pd->re = pcre_compile(pd->expression, pd->options, &error, &erroffset, NULL); /* pd->re handled by libpcre -> call pcre_free() -> calls free() */ |
103 | 103 |
if (pd->re == NULL) { |
104 | 104 |
cli_errmsg("cli_pcre_parse: PCRE compilation failed at offset %d: %s\n", erroffset, error); |
105 |
- return CL_EPARSE; /* TODO - change ERRORCODE */ |
|
105 |
+ return CL_EMALFDB; |
|
106 | 106 |
} |
107 | 107 |
|
108 | 108 |
/* now study it... (section totally not from snort) */ |
... | ... |
@@ -143,7 +141,7 @@ int cli_pcre_compile(struct cli_pcre_data *pd, long long unsigned match_limit, l |
143 | 143 |
#define DISABLE_PCRE_REPORT 0 |
144 | 144 |
#define MATCH_MAXLEN 1028 /*because lolz*/ |
145 | 145 |
|
146 |
-/* TODO: audit this function, how to handle the named substring name? */ |
|
146 |
+/* TODO: audit this function */ |
|
147 | 147 |
static void named_substr_print(struct cli_pcre_data *pd, const unsigned char *buffer, int *ovector, size_t ovlen) |
148 | 148 |
{ |
149 | 149 |
int i, j, length, namecount, trunc; |