Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect/transforms: write directly in inspect buffer (backport7) #12100

Closed
wants to merge 1 commit into from
Closed

detect/transforms: write directly in inspect buffer (backport7) #12100

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 14 additions & 2 deletions src/detect-engine.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1654,10 +1654,10 @@ void InspectionBufferFree(InspectionBuffer *buffer)
* \brief make sure that the buffer has at least 'min_size' bytes
* Expand the buffer if necessary
*/
catenacyber marked this conversation as resolved.
Show resolved Hide resolved
void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size)
void *InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size)
{
if (likely(buffer->size >= min_size))
return;
return buffer->buf;

uint32_t new_size = (buffer->size == 0) ? 4096 : buffer->size;
while (new_size < min_size) {
Expand All @@ -1668,7 +1668,19 @@ void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size)
if (ptr != NULL) {
buffer->buf = ptr;
buffer->size = new_size;
} else {
return NULL;
}
return buffer->buf;
}

void InspectionBufferTruncate(InspectionBuffer *buffer, uint32_t buf_len)
catenacyber marked this conversation as resolved.
Show resolved Hide resolved
{
DEBUG_VALIDATE_BUG_ON(buffer->buf == NULL);
DEBUG_VALIDATE_BUG_ON(buf_len > buffer->size);
buffer->inspect = buffer->buf;
buffer->inspect_len = buf_len;
buffer->initialized = true;
}

void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len)
Expand Down
3 changes: 2 additions & 1 deletion src/detect-engine.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,8 @@ void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size);
void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id,
InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len);
void InspectionBufferFree(InspectionBuffer *buffer);
void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size);
void *InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size);
void InspectionBufferTruncate(InspectionBuffer *buffer, uint32_t buf_len);
void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len);
void InspectionBufferApplyTransforms(InspectionBuffer *buffer,
const DetectEngineTransforms *transforms);
Expand Down
14 changes: 10 additions & 4 deletions src/detect-transform-casechange.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,12 +62,15 @@ static void DetectTransformToLower(InspectionBuffer *buffer, void *options)
return;
}

uint8_t output[input_len];
uint8_t *output = (uint8_t *)InspectionBufferCheckAndExpand(buffer, input_len);
if (output == NULL) {
return;
}
for (uint32_t i = 0; i < input_len; i++) {
output[i] = u8_tolower(input[i]);
}

InspectionBufferCopy(buffer, output, input_len);
InspectionBufferTruncate(buffer, input_len);
}
/**
* \internal
Expand Down Expand Up @@ -102,12 +105,15 @@ static void DetectTransformToUpper(InspectionBuffer *buffer, void *options)
return;
}

uint8_t output[input_len];
uint8_t *output = (uint8_t *)InspectionBufferCheckAndExpand(buffer, input_len);
if (output == NULL) {
return;
}
for (uint32_t i = 0; i < input_len; i++) {
output[i] = u8_toupper(input[i]);
}

InspectionBufferCopy(buffer, output, input_len);
InspectionBufferTruncate(buffer, input_len);
}

/*
Expand Down
8 changes: 6 additions & 2 deletions src/detect-transform-compress-whitespace.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,11 @@ static void TransformCompressWhitespace(InspectionBuffer *buffer, void *options)
return;
}

uint8_t output[input_len]; // we can only shrink
// we can only shrink
uint8_t *output = (uint8_t *)InspectionBufferCheckAndExpand(buffer, input_len);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we need the cast, instead of updating InspectionBufferCheckAndExpand to return uint8_t *?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice

if (output == NULL) {
return;
}
uint8_t *oi = output, *os = output;

//PrintRawDataFp(stdout, input, input_len);
Expand All @@ -132,7 +136,7 @@ static void TransformCompressWhitespace(InspectionBuffer *buffer, void *options)
uint32_t output_size = oi - os;
//PrintRawDataFp(stdout, output, output_size);

InspectionBufferCopy(buffer, os, output_size);
InspectionBufferTruncate(buffer, output_size);
}

#ifdef UNITTESTS
Expand Down
8 changes: 6 additions & 2 deletions src/detect-transform-dotprefix.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,11 +110,15 @@ static void TransformDotPrefix(InspectionBuffer *buffer, void *options)
const size_t input_len = buffer->inspect_len;

if (input_len) {
uint8_t output[input_len + 1]; // For the leading '.'
// For the leading '.'
uint8_t *output = (uint8_t *)InspectionBufferCheckAndExpand(buffer, input_len + 1);
if (output == NULL) {
return;
}

output[0] = '.';
memcpy(&output[1], buffer->inspect, input_len);
InspectionBufferCopy(buffer, output, input_len + 1);
InspectionBufferTruncate(buffer, input_len + 1);
}
}

Expand Down
7 changes: 5 additions & 2 deletions src/detect-transform-header-lowercase.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,10 @@ static void DetectTransformHeaderLowercase(InspectionBuffer *buffer, void *optio
if (input_len == 0) {
return;
}
uint8_t output[input_len];
uint8_t *output = (uint8_t *)InspectionBufferCheckAndExpand(buffer, input_len);
if (output == NULL) {
return;
}

// state 0 is header name, 1 is header value
int state = 0;
Expand All @@ -72,7 +75,7 @@ static void DetectTransformHeaderLowercase(InspectionBuffer *buffer, void *optio
}
}
}
InspectionBufferCopy(buffer, output, input_len);
InspectionBufferTruncate(buffer, input_len);
}

void DetectTransformHeaderLowercaseRegister(void)
Expand Down
7 changes: 5 additions & 2 deletions src/detect-transform-strip-pseudo-headers.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,10 @@ static void DetectTransformStripPseudoHeaders(InspectionBuffer *buffer, void *op
if (input_len == 0) {
return;
}
uint8_t output[input_len];
uint8_t *output = (uint8_t *)InspectionBufferCheckAndExpand(buffer, input_len);
if (output == NULL) {
return;
}

bool new_line = true;
bool pseudo = false;
Expand Down Expand Up @@ -82,7 +85,7 @@ static void DetectTransformStripPseudoHeaders(InspectionBuffer *buffer, void *op
j++;
}
}
InspectionBufferCopy(buffer, output, j);
InspectionBufferTruncate(buffer, j);
}

void DetectTransformStripPseudoHeadersRegister(void)
Expand Down
8 changes: 6 additions & 2 deletions src/detect-transform-strip-whitespace.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,11 @@ static void TransformStripWhitespace(InspectionBuffer *buffer, void *options)
if (input_len == 0) {
return;
}
uint8_t output[input_len]; // we can only shrink
// we can only shrink
uint8_t *output = (uint8_t *)InspectionBufferCheckAndExpand(buffer, input_len);
if (output == NULL) {
return;
}
uint8_t *oi = output, *os = output;

//PrintRawDataFp(stdout, input, input_len);
Expand All @@ -119,7 +123,7 @@ static void TransformStripWhitespace(InspectionBuffer *buffer, void *options)
uint32_t output_size = oi - os;
//PrintRawDataFp(stdout, output, output_size);

InspectionBufferCopy(buffer, os, output_size);
InspectionBufferTruncate(buffer, output_size);
}

#ifdef UNITTESTS
Expand Down
8 changes: 6 additions & 2 deletions src/detect-transform-urldecode.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,12 +125,16 @@ static void TransformUrlDecode(InspectionBuffer *buffer, void *options)
if (input_len == 0) {
return;
}
uint8_t output[input_len]; // we can only shrink
// we can only shrink
uint8_t *output = (uint8_t *)InspectionBufferCheckAndExpand(buffer, input_len);
if (output == NULL) {
return;
}

changed = BufferUrlDecode(input, input_len, output, &output_size);

if (changed) {
InspectionBufferCopy(buffer, output, output_size);
InspectionBufferTruncate(buffer, output_size);
}
}

Expand Down
7 changes: 5 additions & 2 deletions src/detect-transform-xor.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,12 +133,15 @@ static void DetectTransformXor(InspectionBuffer *buffer, void *options)
if (input_len == 0) {
return;
}
uint8_t output[input_len];
uint8_t *output = (uint8_t *)InspectionBufferCheckAndExpand(buffer, input_len);
if (output == NULL) {
return;
}

for (uint32_t i = 0; i < input_len; i++) {
output[i] = input[i] ^ pxd->key[i % pxd->length];
}
InspectionBufferCopy(buffer, output, input_len);
InspectionBufferTruncate(buffer, input_len);
}

#ifdef UNITTESTS
Expand Down
Loading