-/* @(#) $Id: ./src/analysisd/decoders/decoders_list.c, 2011/09/08 dcid Exp $
- */
-
/* Copyright (C) 2009 Trend Micro Inc.
* All rights reserved.
*
* and/or modify it under the terms of the GNU General Public
* License (version 2) as published by the FSF - Free Software
* Foundation.
- *
- * License details at the LICENSE file included with OSSEC or
- * online at: http://www.ossec.net/en/licensing.html
*/
-
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "headers/debug_op.h"
#include "decoder.h"
-
#include "error_messages/error_messages.h"
-
/* We have two internal lists. One with the program_name
* and one without. This is going to improve greatly the
* performance of our decoder matching.
*/
-OSDecoderNode *osdecodernode_forpname;
-OSDecoderNode *osdecodernode_nopname;
+static OSDecoderNode *osdecodernode_forpname;
+static OSDecoderNode *osdecodernode_nopname;
+static OSDecoderNode *_OS_AddOSDecoder(OSDecoderNode *s_node, OSDecoderInfo *pi);
/* Create the Event List */
void OS_CreateOSDecoderList()
return;
}
-
/* Get first osdecoder */
-OSDecoderNode *OS_GetFirstOSDecoder(char *p_name)
+OSDecoderNode *OS_GetFirstOSDecoder(const char *p_name)
{
- /* If program name is set, we return the forpname list.
- */
- if(p_name)
- {
- return(osdecodernode_forpname);
+ /* If program name is set, we return the forpname list */
+ if (p_name) {
+ return (osdecodernode_forpname);
}
- return(osdecodernode_nopname);
+ return (osdecodernode_nopname);
}
-
-/* Add a osdecoder to the list */
-OSDecoderNode *_OS_AddOSDecoder(OSDecoderNode *s_node, OSDecoderInfo *pi)
+/* Add an osdecoder to the list */
+static OSDecoderNode *_OS_AddOSDecoder(OSDecoderNode *s_node, OSDecoderInfo *pi)
{
OSDecoderNode *tmp_node = s_node;
+ OSDecoderNode *new_node;
int rm_f = 0;
- if(tmp_node)
- {
- OSDecoderNode *new_node;
-
- new_node = (OSDecoderNode *)calloc(1,sizeof(OSDecoderNode));
- if(new_node == NULL)
- {
- merror(MEM_ERROR,ARGV0);
- return(NULL);
+ if (tmp_node) {
+ new_node = (OSDecoderNode *)calloc(1, sizeof(OSDecoderNode));
+ if (new_node == NULL) {
+ merror(MEM_ERROR, ARGV0, errno, strerror(errno));
+ return (NULL);
}
/* Going to the last node */
- do
- {
- /* Checking for common names */
- if((strcmp(tmp_node->osdecoder->name,pi->name) == 0) &&
- (pi->parent != NULL))
- {
- if((tmp_node->osdecoder->prematch ||
- tmp_node->osdecoder->regex) && pi->regex_offset)
- {
+ do {
+ /* Check for common names */
+ if ((strcmp(tmp_node->osdecoder->name, pi->name) == 0) &&
+ (pi->parent != NULL)) {
+ if ((tmp_node->osdecoder->prematch ||
+ tmp_node->osdecoder->regex ||
+ tmp_node->osdecoder->prematch_pcre2 ||
+ tmp_node->osdecoder->pcre2) && pi->regex_offset) {
rm_f = 1;
}
/* Multi-regexes patterns cannot have prematch */
- if(pi->prematch)
- {
- merror(PDUP_INV, ARGV0,pi->name);
- return(NULL);
+ if (pi->prematch || pi->prematch_pcre2) {
+ merror(PDUP_INV, ARGV0, pi->name);
+ goto error;
}
/* Multi-regex patterns cannot have fts set */
- if(pi->fts)
- {
- merror(PDUPFTS_INV, ARGV0,pi->name);
- return(NULL);
+ if (pi->fts) {
+ merror(PDUPFTS_INV, ARGV0, pi->name);
+ goto error;
}
- if(tmp_node->osdecoder->regex && pi->regex)
- {
+ if (tmp_node->osdecoder->regex && pi->regex) {
tmp_node->osdecoder->get_next = 1;
- }
- else
- {
- merror(DUP_INV, ARGV0,pi->name);
- return(NULL);
+ } else if (tmp_node->osdecoder->pcre2 && pi->pcre2) {
+ tmp_node->osdecoder->get_next = 1;
+ } else {
+ merror(DUP_INV, ARGV0, pi->name);
+ goto error;
}
}
- }while(tmp_node->next && (tmp_node = tmp_node->next));
-
+ } while (tmp_node->next && (tmp_node = tmp_node->next));
/* Must have a prematch set */
- if(!rm_f && (pi->regex_offset & AFTER_PREVREGEX))
- {
+ if (!rm_f && (pi->regex_offset & AFTER_PREVREGEX)) {
merror(INV_OFFSET, ARGV0, pi->name);
- return(NULL);
+ goto error;
}
tmp_node->next = new_node;
new_node->child = NULL;
}
- else
- {
+ else {
/* Must not have a previous regex set */
- if(pi->regex_offset & AFTER_PREVREGEX)
- {
+ if (pi->regex_offset & AFTER_PREVREGEX) {
merror(INV_OFFSET, ARGV0, pi->name);
- return(NULL);
+ return (NULL);
}
tmp_node = (OSDecoderNode *)calloc(1, sizeof(OSDecoderNode));
- if(tmp_node == NULL)
- {
- ErrorExit(MEM_ERROR,ARGV0);
+ if (tmp_node == NULL) {
+ ErrorExit(MEM_ERROR, ARGV0, errno, strerror(errno));
}
tmp_node->child = NULL;
}
return (s_node);
-}
+error:
+ if (new_node) {
+ free(new_node);
+ }
+ return (NULL);
+}
int OS_AddOSDecoder(OSDecoderInfo *pi)
{
int added = 0;
OSDecoderNode *osdecodernode;
-
/* We can actually have two lists. One with program
* name and the other without.
*/
- if(pi->program_name)
- {
+ if (pi->program_name || pi->program_name_pcre2) {
osdecodernode = osdecodernode_forpname;
- }
- else
- {
+ } else {
osdecodernode = osdecodernode_nopname;
}
-
/* Search for parent on both lists */
- if(pi->parent)
- {
+ if (pi->parent) {
OSDecoderNode *tmp_node = osdecodernode_forpname;
/* List with p_name */
- while(tmp_node)
- {
- if(strcmp(tmp_node->osdecoder->name, pi->parent) == 0)
- {
+ while (tmp_node) {
+ if (strcmp(tmp_node->osdecoder->name, pi->parent) == 0) {
tmp_node->child = _OS_AddOSDecoder(tmp_node->child, pi);
- if(!tmp_node->child)
- {
+ if (!tmp_node->child) {
merror(DEC_PLUGIN_ERR, ARGV0);
- return(0);
+ return (0);
}
added = 1;
}
tmp_node = tmp_node->next;
}
-
/* List without p name */
tmp_node = osdecodernode_nopname;
- while(tmp_node)
- {
- if(strcmp(tmp_node->osdecoder->name, pi->parent) == 0)
- {
+ while (tmp_node) {
+ if (strcmp(tmp_node->osdecoder->name, pi->parent) == 0) {
tmp_node->child = _OS_AddOSDecoder(tmp_node->child, pi);
- if(!tmp_node->child)
- {
+ if (!tmp_node->child) {
merror(DEC_PLUGIN_ERR, ARGV0);
- return(0);
+ return (0);
}
added = 1;
}
tmp_node = tmp_node->next;
}
-
/* OSDecoder was added correctly */
- if(added == 1)
- {
- return(1);
+ if (added == 1) {
+ return (1);
}
merror(PPLUGIN_INV, ARGV0, pi->parent);
- return(0);
- }
- else
- {
+ return (0);
+ } else {
osdecodernode = _OS_AddOSDecoder(osdecodernode, pi);
- if(!osdecodernode)
- {
+ if (!osdecodernode) {
merror(DEC_PLUGIN_ERR, ARGV0);
- return(0);
+ return (0);
}
- /* Updating global decoders pointers */
- if(pi->program_name)
- {
+ /* Update global decoder pointers */
+ if (pi->program_name || pi->program_name_pcre2) {
osdecodernode_forpname = osdecodernode;
- }
- else
- {
+ } else {
osdecodernode_nopname = osdecodernode;
}
}
- return(1);
+ return (1);
}
-/* EOF */