X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=src%2Fanalysisd%2Flists_list.c;fp=src%2Fanalysisd%2Flists_list.c;h=cf3e9f00c6a02496e2167c3d7ca5724ed2a0dbd0;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=e5f8358a21b89f15a38efe0a82bf8a1d875c471a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git diff --git a/src/analysisd/lists_list.c b/src/analysisd/lists_list.c index e5f8358..cf3e9f0 100644 --- a/src/analysisd/lists_list.c +++ b/src/analysisd/lists_list.c @@ -1,6 +1,3 @@ -/* @(#) $Id: ./src/analysisd/lists_list.c, 2011/09/08 dcid Exp $ - */ - /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. * @@ -10,7 +7,6 @@ * Foundation */ - #include "shared.h" #include "rules.h" #include "cdb/cdb.h" @@ -19,13 +15,9 @@ #include #include -/* Global */ -ListNode *global_listnode; -ListRule *global_listrule; - -/* - */ -ListNode *_OS_AddList(ListNode *new_listnode); +/* Local variables */ +static ListNode *global_listnode; +static ListRule *global_listrule; /* Create the ListRule */ @@ -42,103 +34,54 @@ ListNode *OS_GetFirstList() { ListNode *listnode_pt = global_listnode; - return(listnode_pt); -} - -ListRule *OS_GetFirstListRule() -{ - ListRule *listrule_pt = global_listrule; - return listrule_pt; + return (listnode_pt); } void OS_ListLoadRules() { ListRule *lrule = global_listrule; - while(lrule != NULL) - { - if(!lrule->loaded) - { + while (lrule != NULL) { + if (!lrule->loaded) { lrule->db = OS_FindList(lrule->filename); - lrule->loaded=1; + lrule->loaded = 1; } lrule = lrule->next; } } -ListRule *_OS_AddListRule(ListRule *new_listrule) -{ - - if(global_listrule == NULL) - { - global_listrule = new_listrule; - } - else - { - ListRule *last_list_rule = global_listrule; - while(last_list_rule->next != NULL) - { - last_list_rule = last_list_rule->next; - } - last_list_rule->next = new_listrule; - } - return(global_listrule); -} - - - -/* Add a list in the chain */ -ListNode *_OS_AddList(ListNode *new_listnode) +/* External AddList */ +int OS_AddList(ListNode *new_listnode) { - if(global_listnode == NULL) - { + if (global_listnode == NULL) { /* First list */ global_listnode = new_listnode; - } - else - { - /* Adding new list to the end */ + } else { + /* Add new list to the end */ ListNode *last_list_node = global_listnode; - while(last_list_node->next != NULL) - { + while (last_list_node->next != NULL) { last_list_node = last_list_node->next; } last_list_node->next = new_listnode; } - return(global_listnode); -} - -/* External AddList */ -int OS_AddList(ListNode *new_listnode) -{ - _OS_AddList(new_listnode); - return(0); + return 0; } -ListNode *_OS_FindList(ListNode *_listnode, char *listname) +ListNode *OS_FindList(const char *listname) { ListNode *last_list_node = OS_GetFirstList(); if (last_list_node != NULL) { - do - { + do { if (strcmp(last_list_node->txt_filename, listname) == 0 || - strcmp(last_list_node->cdb_filename, listname) == 0) - { + strcmp(last_list_node->cdb_filename, listname) == 0) { /* Found first match returning */ - return(last_list_node); + return (last_list_node); } last_list_node = last_list_node->next; } while (last_list_node != NULL); } - return(NULL); -} - -ListNode *OS_FindList(char *listname) -{ - ListNode *matched = NULL; - matched = _OS_FindList(global_listnode, listname); - return matched; + return (NULL); } ListRule *OS_AddListRule(ListRule *first_rule_list, @@ -148,29 +91,30 @@ ListRule *OS_AddListRule(ListRule *first_rule_list, OSMatch *matcher) { ListRule *new_rulelist_pt = NULL; - new_rulelist_pt = (ListRule *)calloc(1,sizeof(ListRule)); + new_rulelist_pt = (ListRule *)calloc(1, sizeof(ListRule)); + if (!new_rulelist_pt) { + return (NULL); + } + new_rulelist_pt->field = field; new_rulelist_pt->next = NULL; new_rulelist_pt->matcher = matcher; new_rulelist_pt->lookup_type = lookup_type; new_rulelist_pt->filename = listname; - if((new_rulelist_pt->db = OS_FindList(listname)) == NULL) + if ((new_rulelist_pt->db = OS_FindList(listname)) == NULL) { new_rulelist_pt->loaded = 0; - else + } else { new_rulelist_pt->loaded = 1; - if(first_rule_list == NULL) - { + } + if (first_rule_list == NULL) { debug1("Adding First rulelist item: filename: %s field: %d lookup_type: %d", new_rulelist_pt->filename, new_rulelist_pt->field, new_rulelist_pt->lookup_type); - first_rule_list = new_rulelist_pt; - } - else - { - while(first_rule_list->next) - { - first_rule_list = first_rule_list->next; + first_rule_list = new_rulelist_pt; + } else { + while (first_rule_list->next) { + first_rule_list = first_rule_list->next; } debug1("Adding rulelist item: filename: %s field: %d lookup_type: %d", new_rulelist_pt->filename, @@ -181,14 +125,12 @@ ListRule *OS_AddListRule(ListRule *first_rule_list, return first_rule_list; } -int _OS_CDBOpen(ListNode *lnode) +static int _OS_CDBOpen(ListNode *lnode) { int fd; - if (lnode->loaded != 1) - { - if((fd = open(lnode->cdb_filename, O_RDONLY)) == -1) - { - merror(OPEN_ERROR, ARGV0, lnode->cdb_filename, strerror (errno)); + if (lnode->loaded != 1) { + if ((fd = open(lnode->cdb_filename, O_RDONLY)) == -1) { + merror(OPEN_ERROR, ARGV0, lnode->cdb_filename, errno, strerror (errno)); return -1; } cdb_init(&lnode->cdb, fd); @@ -197,18 +139,23 @@ int _OS_CDBOpen(ListNode *lnode) return 0; } -int OS_DBSearchKeyValue(ListRule *lrule, char *key) +static int OS_DBSearchKeyValue(ListRule *lrule, char *key) { - int result=-1; + int result = -1; char *val; unsigned vlen, vpos; - if (lrule->db!= NULL) - { - if(_OS_CDBOpen(lrule->db) == -1) return 0; - if(cdb_find(&lrule->db->cdb, key, strlen(key)) > 0 ) { + if (lrule->db != NULL) { + if (_OS_CDBOpen(lrule->db) == -1) { + return 0; + } + if (cdb_find(&lrule->db->cdb, key, strlen(key)) > 0 ) { vpos = cdb_datapos(&lrule->db->cdb); vlen = cdb_datalen(&lrule->db->cdb); - val = malloc(vlen); + val = (char *) calloc(vlen + 1, sizeof(char)); + if(val == NULL) { + merror("%s: malloc failed: %s", ARGV0, strerror(errno)); + return(0); + } cdb_read(&lrule->db->cdb, val, vlen, vpos); result = OSMatch_Execute(val, vlen, lrule->matcher); free(val); @@ -220,40 +167,34 @@ int OS_DBSearchKeyValue(ListRule *lrule, char *key) return 0; } - - -int OS_DBSeachKey(ListRule *lrule, char *key) +static int OS_DBSeachKey(ListRule *lrule, char *key) { - if (lrule->db != NULL) - { - if(_OS_CDBOpen(lrule->db) == -1) return -1; - if( cdb_find(&lrule->db->cdb, key, strlen(key)) > 0 ) return 1; + if (lrule->db != NULL) { + if (_OS_CDBOpen(lrule->db) == -1) { + return -1; + } + if ( cdb_find(&lrule->db->cdb, key, strlen(key)) > 0 ) { + return 1; + } } return 0; } -int OS_DBSeachKeyAddress(ListRule *lrule, char *key) +static int OS_DBSeachKeyAddress(ListRule *lrule, char *key) { - //char _ip[128]; - //_ip[127] = "\0"; - if (lrule->db != NULL) - { - if(_OS_CDBOpen(lrule->db) == -1) return -1; - //snprintf(_ip,128,"%s",key); - //XXX Breka apart string on the . boundtrys a loop over to longest match. + if (lrule->db != NULL) { + if (_OS_CDBOpen(lrule->db) == -1) { + return -1; + } - if( cdb_find(&lrule->db->cdb, key, strlen(key)) > 0 ) { + if ( cdb_find(&lrule->db->cdb, key, strlen(key)) > 0 ) { return 1; - } - else - { + } else { char *tmpkey; os_strdup(key, tmpkey); - while(strlen(tmpkey) > 0) - { - if(tmpkey[strlen(tmpkey) - 1] == '.') - { - if( cdb_find(&lrule->db->cdb, tmpkey, strlen(tmpkey)) > 0 ) { + while (strlen(tmpkey) > 0) { + if (tmpkey[strlen(tmpkey) - 1] == '.') { + if ( cdb_find(&lrule->db->cdb, tmpkey, strlen(tmpkey)) > 0 ) { free(tmpkey); return 1; } @@ -266,36 +207,39 @@ int OS_DBSeachKeyAddress(ListRule *lrule, char *key) return 0; } -int OS_DBSearchKeyAddressValue(ListRule *lrule, char *key) +static int OS_DBSearchKeyAddressValue(ListRule *lrule, char *key) { - int result=-1; + int result = -1; char *val; unsigned vlen, vpos; - if (lrule->db!= NULL) - { - if(_OS_CDBOpen(lrule->db) == -1) return 0; + if (lrule->db != NULL) { + if (_OS_CDBOpen(lrule->db) == -1) { + return 0; + } - // First lookup for a single IP address - if(cdb_find(&lrule->db->cdb, key, strlen(key)) > 0 ) { + /* First lookup for a single IP address */ + if (cdb_find(&lrule->db->cdb, key, strlen(key)) > 0 ) { vpos = cdb_datapos(&lrule->db->cdb); vlen = cdb_datalen(&lrule->db->cdb); - val = malloc(vlen); + val = (char *) malloc(vlen); + if(val == NULL) { + merror("%s: malloc failed", ARGV0); + return(0); + } cdb_read(&lrule->db->cdb, val, vlen, vpos); result = OSMatch_Execute(val, vlen, lrule->matcher); free(val); return result; } else { - // IP address not found, look for matching subnets + /* IP address not found, look for matching subnets */ char *tmpkey; os_strdup(key, tmpkey); - while(strlen(tmpkey) > 0) - { - if(tmpkey[strlen(tmpkey) - 1] == '.') - { - if( cdb_find(&lrule->db->cdb, tmpkey, strlen(tmpkey)) > 0 ) { + while (strlen(tmpkey) > 0) { + if (tmpkey[strlen(tmpkey) - 1] == '.') { + if ( cdb_find(&lrule->db->cdb, tmpkey, strlen(tmpkey)) > 0 ) { vpos = cdb_datapos(&lrule->db->cdb); vlen = cdb_datalen(&lrule->db->cdb); - val = malloc(vlen); + val = (char *) malloc(vlen); cdb_read(&lrule->db->cdb, val, vlen, vpos); result = OSMatch_Execute(val, vlen, lrule->matcher); free(val); @@ -315,56 +259,46 @@ int OS_DBSearchKeyAddressValue(ListRule *lrule, char *key) int OS_DBSearch(ListRule *lrule, char *key) { //XXX - god damn hack!!! Jeremy Rossi - if (lrule->loaded == 0) - { + if (lrule->loaded == 0) { lrule->db = OS_FindList(lrule->filename); lrule->loaded = 1; } - switch(lrule->lookup_type) - { + switch (lrule->lookup_type) { case LR_STRING_MATCH: //debug1("LR_STRING_MATCH"); - if(OS_DBSeachKey(lrule, key) == 1) + if (OS_DBSeachKey(lrule, key) == 1) { return 1; - else - return 0; - break; + } + return 0; case LR_STRING_NOT_MATCH: //debug1("LR_STRING_NOT_MATCH"); - if(OS_DBSeachKey(lrule, key) == 1) + if (OS_DBSeachKey(lrule, key) == 1) { return 0; - else - return 1; - break; + } + return 1; case LR_STRING_MATCH_VALUE: //debug1("LR_STRING_MATCH_VALUE"); - if (OS_DBSearchKeyValue(lrule, key) == 1) + if (OS_DBSearchKeyValue(lrule, key) == 1) { return 1; - else - return 0; - break; + } + return 0; case LR_ADDRESS_MATCH: //debug1("LR_ADDRESS_MATCH"); return OS_DBSeachKeyAddress(lrule, key); - break; case LR_ADDRESS_NOT_MATCH: //debug1("LR_ADDRESS_NOT_MATCH"); - if (OS_DBSeachKeyAddress(lrule, key) == 0) + if (OS_DBSeachKeyAddress(lrule, key) == 0) { return 1; - else - return 0; - break; + } + return 0; case LR_ADDRESS_MATCH_VALUE: //debug1("LR_ADDRESS_MATCH_VALUE"); - if (OS_DBSearchKeyAddressValue(lrule, key) == 0) + if (OS_DBSearchKeyAddressValue(lrule, key) == 0) { return 1; - else - return 0; - break; + } + return 0; default: debug1("lists_list.c::OS_DBSearch should never hit default"); return 0; } - return 0; } -