Browse code
pcre: removed obsolete function pcre: corrected error code for failed pcre_compile pcre: added pcre_exec error code conversion pcre: cleaned-up development notes
Kevin Lin authored on 2014/09/12 01:43:04Showing 3 changed files
| ... | ... |
@@ -50,7 +50,7 @@ int cli_pcre_addpatt(struct cli_matcher *root, const char *trigger, const char * |
| 50 | 50 |
return CL_ENULLARG; |
| 51 | 51 |
} |
| 52 | 52 |
|
| 53 |
- /* TODO: trigger and regex checking (string length limitations?) */ |
|
| 53 |
+ /* TODO: trigger and regex checking (string length limitations?)(backreference limitations?) */ |
|
| 54 | 54 |
|
| 55 | 55 |
/* validate the lsig trigger */ |
| 56 | 56 |
rssigs = cli_ac_chklsig(trigger, trigger + strlen(trigger), NULL, NULL, NULL, 1); |
| ... | ... |
@@ -196,7 +196,7 @@ int cli_pcre_build(struct cli_matcher *root, long long unsigned match_limit, lon |
| 196 | 196 |
} |
| 197 | 197 |
|
| 198 | 198 |
cli_dbgmsg("cli_pcre_build: Compiling regex: %s\n", pm->pdata.expression);
|
| 199 |
- /* parse the regex - TODO: set start_offset (at the addpatt phase?), also no options override */ |
|
| 199 |
+ /* parse the regex, no options override */ |
|
| 200 | 200 |
if ((ret = cli_pcre_compile(&(pm->pdata), match_limit, recmatch_limit, 0, 0)) != CL_SUCCESS) {
|
| 201 | 201 |
cli_errmsg("cli_pcre_build: failed to parse pcre regex\n");
|
| 202 | 202 |
return ret; |
| ... | ... |
@@ -208,7 +208,7 @@ int cli_pcre_build(struct cli_matcher *root, long long unsigned match_limit, lon |
| 208 | 208 |
|
| 209 | 209 |
int cli_pcre_recaloff(struct cli_matcher *root, struct cli_pcre_off *data, struct cli_target_info *info) |
| 210 | 210 |
{
|
| 211 |
- /* TODO: fix the relative offset data maintained in cli_ac_data (generate own data?) */ |
|
| 211 |
+ /* TANGENT: maintain relative offset data in cli_ac_data? */ |
|
| 212 | 212 |
int ret; |
| 213 | 213 |
unsigned int i; |
| 214 | 214 |
struct cli_pcre_meta *pm; |
| ... | ... |
@@ -362,7 +362,7 @@ int cli_pcre_scanbuf(const unsigned char *buffer, uint32_t length, const struct |
| 362 | 362 |
pm = root->pcre_metatable[i]; |
| 363 | 363 |
pd = &(pm->pdata); |
| 364 | 364 |
|
| 365 |
- /* check the evaluation of the trigger - TODO: fix me */ |
|
| 365 |
+ /* check the evaluation of the trigger */ |
|
| 366 | 366 |
if (pm->lsigid[0]) {
|
| 367 | 367 |
cli_dbgmsg("cli_pcre_scanbuf: checking %s; running regex /%s/\n", pm->trigger, pd->expression);
|
| 368 | 368 |
if ((strcmp(pm->trigger, PCRE_BYPASS)) && (cli_ac_chklsig(pm->trigger, pm->trigger + strlen(pm->trigger), mdata->lsigcnt[pm->lsigid[1]], &evalcnt, &evalids, 0) != 1)) |
| ... | ... |
@@ -370,6 +370,7 @@ int cli_pcre_scanbuf(const unsigned char *buffer, uint32_t length, const struct |
| 370 | 370 |
} |
| 371 | 371 |
else {
|
| 372 | 372 |
cli_dbgmsg("cli_pcre_scanbuf: skipping %s check due to unintialized lsigid\n", pm->trigger);
|
| 373 |
+ /* fall-through to unconditional execution for sigtool */ |
|
| 373 | 374 |
} |
| 374 | 375 |
|
| 375 | 376 |
global = (pm->flags & CLI_PCRE_GLOBAL); /* search for all matches */ |
| ... | ... |
@@ -479,21 +480,29 @@ int cli_pcre_scanbuf(const unsigned char *buffer, uint32_t length, const struct |
| 479 | 479 |
|
| 480 | 480 |
/* handle error codes */ |
| 481 | 481 |
if (rc < 0 && rc != PCRE_ERROR_NOMATCH) {
|
| 482 |
- cli_errmsg("cli_pcre_scanbuf: cli_pcre_match: pcre_exec: returned error %d\n", rc);
|
|
| 483 |
- /* TODO: convert the pcre error codes to clamav error codes, handle match_limit and match_limit_recursion exceeded */ |
|
| 484 |
- return CL_BREAK; |
|
| 482 |
+ switch (rc) {
|
|
| 483 |
+ /* for user-defined callback function error (unused) */ |
|
| 484 |
+ case PCRE_ERROR_CALLOUT: |
|
| 485 |
+ break; |
|
| 486 |
+ case PCRE_ERROR_NOMEMORY: |
|
| 487 |
+ cli_errmsg("cli_pcre_scanbuf: cli_pcre_match: pcre_exec: out of memory\n");
|
|
| 488 |
+ return CL_EMEM; |
|
| 489 |
+ case PCRE_ERROR_MATCHLIMIT: |
|
| 490 |
+ cli_dbgmsg("cli_pcre_scanbuf: cli_pcre_match: pcre_exec: match limit exceeded\n");
|
|
| 491 |
+ break; |
|
| 492 |
+ case PCRE_ERROR_RECURSIONLIMIT: |
|
| 493 |
+ cli_dbgmsg("cli_pcre_scanbuf: cli_pcre_match: pcre_exec: recursive limit exceeded\n");
|
|
| 494 |
+ break; |
|
| 495 |
+ default: |
|
| 496 |
+ cli_errmsg("cli_pcre_scanbuf: cli_pcre_match: pcre_exec: returned error %d\n", rc);
|
|
| 497 |
+ return CL_BREAK; |
|
| 498 |
+ } |
|
| 485 | 499 |
} |
| 486 | 500 |
} |
| 487 | 501 |
|
| 488 | 502 |
return CL_SUCCESS; |
| 489 | 503 |
} |
| 490 | 504 |
|
| 491 |
-int cli_pcre_ucondscanbuf(const unsigned char *buffer, uint32_t length, const struct cli_matcher *root, struct cli_ac_data *mdata, struct cli_ac_result **res, struct cli_pcre_off *data, cli_ctx *ctx) |
|
| 492 |
-{
|
|
| 493 |
- /* TODO: copy cli_pcre_scanbuf - trigger */ |
|
| 494 |
- return CL_SUCCESS; |
|
| 495 |
-} |
|
| 496 |
- |
|
| 497 | 505 |
void cli_pcre_freemeta(struct cli_pcre_meta *pm) |
| 498 | 506 |
{
|
| 499 | 507 |
if (!pm) |
| ... | ... |
@@ -61,7 +61,6 @@ int cli_pcre_build(struct cli_matcher *root, long long unsigned match_limit, lon |
| 61 | 61 |
int cli_pcre_recaloff(struct cli_matcher *root, struct cli_pcre_off *data, struct cli_target_info *info); |
| 62 | 62 |
void cli_pcre_freeoff(struct cli_pcre_off *data); |
| 63 | 63 |
int cli_pcre_scanbuf(const unsigned char *buffer, uint32_t length, const struct cli_matcher *root, struct cli_ac_data *mdata, struct cli_ac_result **res, const struct cli_pcre_off *data, cli_ctx *ctx); |
| 64 |
-int cli_pcre_ucondscanbuf(const unsigned char *buffer, uint32_t length, const struct cli_matcher *root, struct cli_ac_data *mdata, struct cli_ac_result **res, struct cli_pcre_off *data, cli_ctx *ctx); |
|
| 65 | 64 |
void cli_pcre_freemeta(struct cli_pcre_meta *pm); |
| 66 | 65 |
void cli_pcre_freetable(struct cli_matcher *root); |
| 67 | 66 |
#endif /* HAVE_PCRE */ |
| ... | ... |
@@ -34,9 +34,7 @@ |
| 34 | 34 |
#include "others.h" |
| 35 | 35 |
#include "regex_pcre.h" |
| 36 | 36 |
|
| 37 |
-/* TODO: redefine pcre_malloc and pcre_free */ |
|
| 38 |
- |
|
| 39 |
-/* TODO: function is kinda pointless, remove? */ |
|
| 37 |
+/* TODO: function is kinda pointless, remove or rework? */ |
|
| 40 | 38 |
int cli_pcre_parse(struct cli_pcre_data *pd, const char *pattern) |
| 41 | 39 |
{
|
| 42 | 40 |
if (!pd || !pattern) {
|
| ... | ... |
@@ -102,7 +100,7 @@ int cli_pcre_compile(struct cli_pcre_data *pd, long long unsigned match_limit, l |
| 102 | 102 |
pd->re = pcre_compile(pd->expression, pd->options, &error, &erroffset, NULL); /* pd->re handled by libpcre -> call pcre_free() -> calls free() */ |
| 103 | 103 |
if (pd->re == NULL) {
|
| 104 | 104 |
cli_errmsg("cli_pcre_parse: PCRE compilation failed at offset %d: %s\n", erroffset, error);
|
| 105 |
- return CL_EPARSE; /* TODO - change ERRORCODE */ |
|
| 105 |
+ return CL_EMALFDB; |
|
| 106 | 106 |
} |
| 107 | 107 |
|
| 108 | 108 |
/* now study it... (section totally not from snort) */ |
| ... | ... |
@@ -143,7 +141,7 @@ int cli_pcre_compile(struct cli_pcre_data *pd, long long unsigned match_limit, l |
| 143 | 143 |
#define DISABLE_PCRE_REPORT 0 |
| 144 | 144 |
#define MATCH_MAXLEN 1028 /*because lolz*/ |
| 145 | 145 |
|
| 146 |
-/* TODO: audit this function, how to handle the named substring name? */ |
|
| 146 |
+/* TODO: audit this function */ |
|
| 147 | 147 |
static void named_substr_print(struct cli_pcre_data *pd, const unsigned char *buffer, int *ovector, size_t ovlen) |
| 148 | 148 |
{
|
| 149 | 149 |
int i, j, length, namecount, trunc; |