X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fanalysisd%2Fdecoders%2Fdecoders_list.c;fp=src%2Fanalysisd%2Fdecoders%2Fdecoders_list.c;h=2ce73d339938d6b7551c041d5a160cfeee67f96c;hp=652f78574adaa7edb8b9bee5151bc455ac9d88d5;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b diff --git a/src/analysisd/decoders/decoders_list.c b/src/analysisd/decoders/decoders_list.c old mode 100755 new mode 100644 index 652f785..2ce73d3 --- a/src/analysisd/decoders/decoders_list.c +++ b/src/analysisd/decoders/decoders_list.c @@ -1,6 +1,3 @@ -/* @(#) $Id: ./src/analysisd/decoders/decoders_list.c, 2011/09/08 dcid Exp $ - */ - /* Copyright (C) 2009 Trend Micro Inc. * All rights reserved. * @@ -8,29 +5,24 @@ * and/or modify it under the terms of the GNU General Public * License (version 2) as published by the FSF - Free Software * Foundation. - * - * License details at the LICENSE file included with OSSEC or - * online at: http://www.ossec.net/en/licensing.html */ - #include #include #include #include "headers/debug_op.h" #include "decoder.h" - #include "error_messages/error_messages.h" - /* We have two internal lists. One with the program_name * and one without. This is going to improve greatly the * performance of our decoder matching. */ -OSDecoderNode *osdecodernode_forpname; -OSDecoderNode *osdecodernode_nopname; +static OSDecoderNode *osdecodernode_forpname; +static OSDecoderNode *osdecodernode_nopname; +static OSDecoderNode *_OS_AddOSDecoder(OSDecoderNode *s_node, OSDecoderInfo *pi); /* Create the Event List */ void OS_CreateOSDecoderList() @@ -41,84 +33,71 @@ void OS_CreateOSDecoderList() return; } - /* Get first osdecoder */ -OSDecoderNode *OS_GetFirstOSDecoder(char *p_name) +OSDecoderNode *OS_GetFirstOSDecoder(const char *p_name) { - /* If program name is set, we return the forpname list. - */ - if(p_name) - { - return(osdecodernode_forpname); + /* If program name is set, we return the forpname list */ + if (p_name) { + return (osdecodernode_forpname); } - return(osdecodernode_nopname); + return (osdecodernode_nopname); } - -/* Add a osdecoder to the list */ -OSDecoderNode *_OS_AddOSDecoder(OSDecoderNode *s_node, OSDecoderInfo *pi) +/* Add an osdecoder to the list */ +static OSDecoderNode *_OS_AddOSDecoder(OSDecoderNode *s_node, OSDecoderInfo *pi) { OSDecoderNode *tmp_node = s_node; + OSDecoderNode *new_node; int rm_f = 0; - if(tmp_node) - { - OSDecoderNode *new_node; - - new_node = (OSDecoderNode *)calloc(1,sizeof(OSDecoderNode)); - if(new_node == NULL) - { - merror(MEM_ERROR,ARGV0); - return(NULL); + if (tmp_node) { + new_node = (OSDecoderNode *)calloc(1, sizeof(OSDecoderNode)); + if (new_node == NULL) { + merror(MEM_ERROR, ARGV0, errno, strerror(errno)); + return (NULL); } /* Going to the last node */ - do - { - /* Checking for common names */ - if((strcmp(tmp_node->osdecoder->name,pi->name) == 0) && - (pi->parent != NULL)) - { - if((tmp_node->osdecoder->prematch || - tmp_node->osdecoder->regex) && pi->regex_offset) - { + do { + /* Check for common names */ + if ((strcmp(tmp_node->osdecoder->name, pi->name) == 0) && + (pi->parent != NULL)) { + if ((tmp_node->osdecoder->prematch || + tmp_node->osdecoder->regex || + tmp_node->osdecoder->prematch_pcre2 || + tmp_node->osdecoder->pcre2) && pi->regex_offset) { rm_f = 1; } /* Multi-regexes patterns cannot have prematch */ - if(pi->prematch) - { - merror(PDUP_INV, ARGV0,pi->name); - return(NULL); + if (pi->prematch || pi->prematch_pcre2) { + merror(PDUP_INV, ARGV0, pi->name); + goto error; } /* Multi-regex patterns cannot have fts set */ - if(pi->fts) - { - merror(PDUPFTS_INV, ARGV0,pi->name); - return(NULL); + if (pi->fts) { + merror(PDUPFTS_INV, ARGV0, pi->name); + goto error; } - if(tmp_node->osdecoder->regex && pi->regex) - { + if (tmp_node->osdecoder->regex && pi->regex) { tmp_node->osdecoder->get_next = 1; - } - else - { - merror(DUP_INV, ARGV0,pi->name); - return(NULL); + } else if (tmp_node->osdecoder->pcre2 && pi->pcre2) { + tmp_node->osdecoder->get_next = 1; + } else { + merror(DUP_INV, ARGV0, pi->name); + goto error; } } - }while(tmp_node->next && (tmp_node = tmp_node->next)); - + } while (tmp_node->next && (tmp_node = tmp_node->next)); /* Must have a prematch set */ - if(!rm_f && (pi->regex_offset & AFTER_PREVREGEX)) - { + if (!rm_f && (pi->regex_offset & AFTER_PREVREGEX)) { merror(INV_OFFSET, ARGV0, pi->name); - return(NULL); + goto error; } tmp_node->next = new_node; @@ -128,20 +107,17 @@ OSDecoderNode *_OS_AddOSDecoder(OSDecoderNode *s_node, OSDecoderInfo *pi) new_node->child = NULL; } - else - { + else { /* Must not have a previous regex set */ - if(pi->regex_offset & AFTER_PREVREGEX) - { + if (pi->regex_offset & AFTER_PREVREGEX) { merror(INV_OFFSET, ARGV0, pi->name); - return(NULL); + return (NULL); } tmp_node = (OSDecoderNode *)calloc(1, sizeof(OSDecoderNode)); - if(tmp_node == NULL) - { - ErrorExit(MEM_ERROR,ARGV0); + if (tmp_node == NULL) { + ErrorExit(MEM_ERROR, ARGV0, errno, strerror(errno)); } tmp_node->child = NULL; @@ -152,97 +128,80 @@ OSDecoderNode *_OS_AddOSDecoder(OSDecoderNode *s_node, OSDecoderInfo *pi) } return (s_node); -} +error: + if (new_node) { + free(new_node); + } + return (NULL); +} int OS_AddOSDecoder(OSDecoderInfo *pi) { int added = 0; OSDecoderNode *osdecodernode; - /* We can actually have two lists. One with program * name and the other without. */ - if(pi->program_name) - { + if (pi->program_name || pi->program_name_pcre2) { osdecodernode = osdecodernode_forpname; - } - else - { + } else { osdecodernode = osdecodernode_nopname; } - /* Search for parent on both lists */ - if(pi->parent) - { + if (pi->parent) { OSDecoderNode *tmp_node = osdecodernode_forpname; /* List with p_name */ - while(tmp_node) - { - if(strcmp(tmp_node->osdecoder->name, pi->parent) == 0) - { + while (tmp_node) { + if (strcmp(tmp_node->osdecoder->name, pi->parent) == 0) { tmp_node->child = _OS_AddOSDecoder(tmp_node->child, pi); - if(!tmp_node->child) - { + if (!tmp_node->child) { merror(DEC_PLUGIN_ERR, ARGV0); - return(0); + return (0); } added = 1; } tmp_node = tmp_node->next; } - /* List without p name */ tmp_node = osdecodernode_nopname; - while(tmp_node) - { - if(strcmp(tmp_node->osdecoder->name, pi->parent) == 0) - { + while (tmp_node) { + if (strcmp(tmp_node->osdecoder->name, pi->parent) == 0) { tmp_node->child = _OS_AddOSDecoder(tmp_node->child, pi); - if(!tmp_node->child) - { + if (!tmp_node->child) { merror(DEC_PLUGIN_ERR, ARGV0); - return(0); + return (0); } added = 1; } tmp_node = tmp_node->next; } - /* OSDecoder was added correctly */ - if(added == 1) - { - return(1); + if (added == 1) { + return (1); } merror(PPLUGIN_INV, ARGV0, pi->parent); - return(0); - } - else - { + return (0); + } else { osdecodernode = _OS_AddOSDecoder(osdecodernode, pi); - if(!osdecodernode) - { + if (!osdecodernode) { merror(DEC_PLUGIN_ERR, ARGV0); - return(0); + return (0); } - /* Updating global decoders pointers */ - if(pi->program_name) - { + /* Update global decoder pointers */ + if (pi->program_name || pi->program_name_pcre2) { osdecodernode_forpname = osdecodernode; - } - else - { + } else { osdecodernode_nopname = osdecodernode; } } - return(1); + return (1); } -/* EOF */