Control: tags -1 + patch Please find a patch attached. I could not observe problems while testing it.
>From 014406e858e3e2af471bfb2b392ea693674120e3 Mon Sep 17 00:00:00 2001 From: Yavor Doganov <ya...@gnu.org> Date: Sun, 17 Dec 2023 00:53:23 +0200 Subject: [PATCH] Port to PCRE2 (#999984)
--- debian/changelog | 8 + debian/control | 5 +- debian/patches/debian-changes | 359 ++++++++++++++++++++++++++++++++++ src/Makefile | 2 +- src/prads.c | 5 +- src/prads.h | 6 +- src/servicefp/servicefp.c | 31 ++- src/servicefp/servicefp.h | 4 +- src/servicefp/tcpc.c | 18 +- src/servicefp/tcps.c | 18 +- src/servicefp/udps.c | 18 +- 11 files changed, 430 insertions(+), 44 deletions(-) diff --git a/debian/changelog b/debian/changelog index 445f0e0..9735891 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +prads (0.3.3-8) UNRELEASED; urgency=medium + + * Port to PCRE2 (Closes: #999984). + * debian/control (Depends): Drop libpcre3. + (Build-Depends): Replace libpcre3-dev with libpcre2-dev. + + -- Yavor Doganov <ya...@gnu.org> Sun, 17 Dec 2023 00:51:17 +0200 + prads (0.3.3-7) unstable; urgency=medium * Remove 1 obsolete maintscript entry. diff --git a/debian/control b/debian/control index 5895778..a2fb71f 100644 --- a/debian/control +++ b/debian/control @@ -5,7 +5,7 @@ Maintainer: Stig Sandbeck Mathisen <s...@debian.org> Build-Depends: debhelper-compat (= 13), libpcap-dev, - libpcre3-dev, + libpcre2-dev, python3-docutils, Standards-Version: 4.6.0 Homepage: https://gamelinux.github.com/prads/ @@ -15,8 +15,7 @@ Vcs-Browser: https://salsa.debian.org/debian/prads Package: prads Architecture: any Pre-Depends: ${misc:Pre-Depends} -Depends: ${shlibs:Depends}, ${misc:Depends}, libpcap0.8, libpcre3, - adduser +Depends: ${shlibs:Depends}, ${misc:Depends}, libpcap0.8, adduser Description: Passive Real-time Asset Detection System PRADS is a Passive Real-time Asset Detection System. . diff --git a/debian/patches/debian-changes b/debian/patches/debian-changes index 89c1c18..848acc3 100644 --- a/debian/patches/debian-changes +++ b/debian/patches/debian-changes @@ -58,6 +58,15 @@ A single combined diff, containing all the changes, follows. # for finding static libraries LIBDIR=/usr/lib/x86_64-linux-gnu +@@ -28,7 +28,7 @@ ifeq (${STATIC},) + ifeq (${TCMALLOC},y) + LDFLAGS+=-ltcmalloc + endif +-LDFLAGS+=-lpcap -lpcre -lresolv ++LDFLAGS+=-lpcap -lpcre2-8 -lresolv + CFLAGS+=-DCONFDIR='"${CONFDIR}/"' + else + ifeq (${TCMALLOC},y) --- prads-0.3.3.orig/src/output-plugins/log.h +++ prads-0.3.3/src/output-plugins/log.h @@ -19,8 +19,8 @@ typedef struct _output_plugin { @@ -82,3 +91,353 @@ A single combined diff, containing all the changes, follows. /* ---------------------------------------------------------- * FUNCTION : init_identification +@@ -135,8 +135,8 @@ int parse_raw_signature(bstring line, in + signature *sig, *head; + sig = head = NULL; + bstring pcre_string = NULL; +- const char *err = NULL; /* PCRE */ +- int erroffset; /* PCRE */ ++ int err; /* PCRE */ ++ PCRE2_SIZE erroffset; /* PCRE */ + int ret = 0; + int i; + +@@ -207,18 +207,17 @@ int parse_raw_signature(bstring line, in + */ + if (pcre_string != NULL) { + if ((sig->regex = +- pcre_compile((char *)bdata(pcre_string), 0, &err, +- &erroffset, NULL)) == NULL) { ++ pcre2_compile((PCRE2_SPTR)bdata(pcre_string), ++ PCRE2_ZERO_TERMINATED, 0, &err, ++ &erroffset, NULL)) == NULL) { ++ PCRE2_UCHAR buf[120]; ++ ++ pcre2_get_error_message(err, buf, sizeof(buf)); + printf("Unable to compile signature: %s at line %d (%s)", +- err, lineno, bdata(line)); ++ buf, lineno, bdata(line)); + ret = -1; + } + } +- if (ret != -1) { +- sig->study = pcre_study(sig->regex, 0, &err); +- if (err != NULL) +- printf("Unable to study signature: %s", err); +- } + + /* + * Add signature to 'signature_list' data structure. +@@ -266,8 +265,7 @@ void free_signature_list (signature *hea + bdestroy(head->title.app); + bdestroy(head->title.ver); + bdestroy(head->title.misc); +- if (head->regex != NULL) free(head->regex); +- if (head->study != NULL) free(head->study); ++ pcre2_code_free(head->regex); + tmp = head->next; + free(head); + head = NULL; +@@ -297,11 +295,11 @@ void del_signature_lists() + * INPUT : 0 - Signature Pointer + * : 1 - payload + * : 2 - ovector +- * : 3 - rc (return from pcre_exec) ++ * : 3 - rc (return from pcre2_match) + * RETURN : processed app name + * ---------------------------------------------------------- */ + bstring get_app_name(signature * sig, +- const uint8_t *payload, int *ovector, int rc) ++ const uint8_t *payload, pcre2_match_data *ovector, int rc) + { + char sub[512]; + char app[5000]; +@@ -311,6 +309,7 @@ bstring get_app_name(signature * sig, + int n = 0; + int x = 0; + int z = 0; ++ PCRE2_SIZE l; + + /* + * Create Application string using the values in signature[i].title. +@@ -346,14 +345,14 @@ bstring get_app_name(signature * sig, + i++; + n = atoi(&app[i]); + +- pcre_get_substring((const char *)payload, ovector, rc, n, &expr); ++ pcre2_substring_get_bynumber(ovector, n, (PCRE2_UCHAR **)&expr, &l); + x = 0; + while (expr[x] != '\0' && z < (sizeof(sub) - 1)) { + sub[z] = expr[x]; + z++; + x++; + } +- pcre_free_substring (expr); ++ pcre2_substring_free ((PCRE2_UCHAR *)expr); + expr = NULL; + i++; + } else { +--- prads-0.3.3.orig/src/prads.c ++++ prads-0.3.3/src/prads.c +@@ -1329,9 +1329,12 @@ int prads_initialize(globalconfig *conf) + + void prads_version(void) + { ++ char buf[24]; ++ ++ pcre2_config(PCRE2_CONFIG_VERSION, buf); + olog("[*] prads %s\n", VERSION); + olog(" Using %s\n", pcap_lib_version()); +- olog(" Using PCRE version %s\n", pcre_version()); ++ olog(" Using PCRE version %s\n", buf); + } + + /* magic main */ +--- prads-0.3.3.orig/src/prads.h ++++ prads-0.3.3/src/prads.h +@@ -27,7 +27,8 @@ + #include "common.h" + #include "bstrlib.h" + #include <netinet/in.h> +-#include <pcre.h> ++#define PCRE2_CODE_UNIT_WIDTH 8 ++#include <pcre2.h> + + /* D E F I N E S ************************************************************/ + #ifndef RELEASE +@@ -750,8 +751,7 @@ typedef struct _signature { + bstring ver; /* Version */ + bstring misc; /* Misc info */ + } title; +- pcre *regex; /* Signature - Compiled Regular Expression */ +- pcre_extra *study; /* Studied version of the compiled regex. */ ++ pcre2_code *regex; /* Signature - Compiled Regular Expression */ + struct { /* Signature stats */ + uint32_t checked; /* How many times the sig has been matched for */ + uint32_t matched; /* How many times it has matched*/ +--- prads-0.3.3.orig/src/servicefp/tcpc.c ++++ prads-0.3.3/src/servicefp/tcpc.c +@@ -27,7 +27,7 @@ extern bstring UNKNOWN; + void client_tcp4(packetinfo *pi, signature* sig_client_tcp) + { + int rc; /* PCRE */ +- int ovector[15]; ++ pcre2_match_data *ovector; + int tmplen; + signature *tmpsig; + bstring app, service_name; +@@ -40,19 +40,22 @@ void client_tcp4(packetinfo *pi, signatu + else tmplen = pi->plen; + + tmpsig = sig_client_tcp; ++ ovector = pcre2_match_data_create(15, NULL); + while (tmpsig != NULL) { +- rc = pcre_exec(tmpsig->regex, tmpsig->study, (const char*)pi->payload, tmplen, 0, 0, +- ovector, 15); ++ rc = pcre2_match(tmpsig->regex, pi->payload, tmplen, 0, 0, ++ ovector, NULL); + if (rc != -1) { + app = get_app_name(tmpsig, pi->payload, ovector, rc); + //printf("[*] - MATCH CLIENT IPv4/TCP: %s\n",(char *)bdata(app)); + update_asset_service(pi, tmpsig->service, app); + pi->cxt->check |= CXT_CLIENT_DONT_CHECK; + bdestroy(app); ++ pcre2_match_data_free(ovector); + return; + } + tmpsig = tmpsig->next; + } ++ pcre2_match_data_free(ovector); + // Should have a flag set to resolve unknowns to default service + if ( !ISSET_CLIENT_UNKNOWN(pi) + && (service_name = check_known_port(IP_PROTO_TCP,ntohs(pi->tcph->dst_port))) !=NULL ) { +@@ -65,7 +68,7 @@ void client_tcp4(packetinfo *pi, signatu + void client_tcp6(packetinfo *pi, signature* sig_client_tcp) + { + int rc; /* PCRE */ +- int ovector[15]; ++ pcre2_match_data *ovector; + signature *tmpsig; + bstring app, service_name; + +@@ -74,19 +77,22 @@ void client_tcp6(packetinfo *pi, signatu + * a range between 500-1000 should be good! + */ + tmpsig = sig_client_tcp; ++ ovector = pcre2_match_data_create(15, NULL); + while (tmpsig != NULL) { +- rc = pcre_exec(tmpsig->regex, tmpsig->study, (const char*) pi->payload, pi->plen, 0, 0, +- ovector, 15); ++ rc = pcre2_match(tmpsig->regex, pi->payload, pi->plen, 0, 0, ++ ovector, NULL); + if (rc != -1) { + app = get_app_name(tmpsig, pi->payload, ovector, rc); + //printf("[*] - MATCH CLIENT IPv6/TCP: %s\n",(char *)bdata(app)); + update_asset_service(pi, tmpsig->service, app); + pi->cxt->check |= CXT_CLIENT_DONT_CHECK; + bdestroy(app); ++ pcre2_match_data_free(ovector); + return; + } + tmpsig = tmpsig->next; + } ++ pcre2_match_data_free(ovector); + if (!ISSET_CLIENT_UNKNOWN(pi) + && (service_name = check_known_port(IP_PROTO_TCP,ntohs(pi->tcph->dst_port))) !=NULL ) { + update_asset_service(pi, UNKNOWN, service_name); +--- prads-0.3.3.orig/src/servicefp/tcps.c ++++ prads-0.3.3/src/servicefp/tcps.c +@@ -28,7 +28,7 @@ extern bstring UNKNOWN; + void service_tcp4(packetinfo *pi, signature* sig_serv_tcp) + { + int rc; /* PCRE */ +- int ovector[15]; ++ pcre2_match_data *ovector; + int tmplen; + signature *tmpsig; + bstring app,service_name; +@@ -41,15 +41,17 @@ void service_tcp4(packetinfo *pi, signat + else tmplen = pi->plen; + + tmpsig = sig_serv_tcp; ++ ovector = pcre2_match_data_create(15, NULL); + while (tmpsig != NULL) { +- rc = pcre_exec(tmpsig->regex, tmpsig->study, (const char *)pi->payload, tmplen, 0, 0, +- ovector, 15); ++ rc = pcre2_match(tmpsig->regex, pi->payload, tmplen, 0, 0, ++ ovector, NULL); + if (rc >= 0) { + app = get_app_name(tmpsig, pi->payload, ovector, rc); + //printf("[*] - MATCH SERVICE IPv4/TCP: %s\n",(char *)bdata(app)); + update_asset_service(pi, tmpsig->service, app); + pi->cxt->check |= CXT_SERVICE_DONT_CHECK; + bdestroy(app); ++ pcre2_match_data_free(ovector); + return; + } + /* +@@ -61,6 +63,7 @@ void service_tcp4(packetinfo *pi, signat + */ + tmpsig = tmpsig->next; + } ++ pcre2_match_data_free(ovector); + // Should have a flag set to resolve unknowns to default service + if ( !ISSET_SERVICE_UNKNOWN(pi) + && (service_name = check_known_port(IP_PROTO_TCP,ntohs(pi->s_port))) !=NULL ) { +@@ -73,7 +76,7 @@ void service_tcp4(packetinfo *pi, signat + void service_tcp6(packetinfo *pi, signature* sig_serv_tcp) + { + int rc; /* PCRE */ +- int ovector[15]; ++ pcre2_match_data *ovector; + int tmplen; + signature *tmpsig; + bstring app,service_name; +@@ -86,19 +89,22 @@ void service_tcp6(packetinfo *pi, signat + else tmplen = pi->plen; + + tmpsig = sig_serv_tcp; ++ ovector = pcre2_match_data_create(15, NULL); + while (tmpsig != NULL) { +- rc = pcre_exec(tmpsig->regex, tmpsig->study, (const char *) pi->payload, tmplen, 0, 0, +- ovector, 15); ++ rc = pcre2_match(tmpsig->regex, pi->payload, tmplen, 0, 0, ++ ovector, NULL); + if (rc >= 0) { + app = get_app_name(tmpsig, pi->payload, ovector, rc); + //printf("[*] - MATCH SERVICE IPv6/TCP: %s\n",(char *)bdata(app)); + update_asset_service(pi, tmpsig->service, app); + pi->cxt->check |= CXT_SERVICE_DONT_CHECK; + bdestroy(app); ++ pcre2_match_data_free(ovector); + return; + } + tmpsig = tmpsig->next; + } ++ pcre2_match_data_free(ovector); + // Should have a flag set to resolve unknowns to default service + if ( !ISSET_SERVICE_UNKNOWN(pi) + && (service_name = check_known_port(IP_PROTO_TCP,ntohs(pi->s_port))) !=NULL ) { +--- prads-0.3.3.orig/src/servicefp/udps.c ++++ prads-0.3.3/src/servicefp/udps.c +@@ -28,7 +28,7 @@ extern bstring UNKNOWN; + void service_udp4(packetinfo *pi, signature* sig_serv_udp) + { + int rc; /* PCRE */ +- int ovector[15]; ++ pcre2_match_data *ovector; + signature *tmpsig; + bstring app, service_name; + app = service_name = NULL; +@@ -38,19 +38,22 @@ void service_udp4(packetinfo *pi, signat + * a range between 500-1000 should be good! + */ + tmpsig = sig_serv_udp; ++ ovector = pcre2_match_data_create(15, NULL); + while (tmpsig != NULL) { +- rc = pcre_exec(tmpsig->regex, tmpsig->study, (const char*) pi->payload, pi->plen, 0, 0, +- ovector, 15); ++ rc = pcre2_match(tmpsig->regex, pi->payload, pi->plen, 0, 0, ++ ovector, NULL); + if (rc != -1) { + app = get_app_name(tmpsig, pi->payload, ovector, rc); + //printf("[*] - MATCH SERVICE IPv4/UDP: %s\n",(char *)bdata(app)); + update_asset_service(pi, tmpsig->service, app); + pi->cxt->check |= CXT_SERVICE_DONT_CHECK; + bdestroy(app); ++ pcre2_match_data_free(ovector); + return; + } + tmpsig = tmpsig->next; + } ++ pcre2_match_data_free(ovector); + + /* + * If no sig is found/mached, use default port to determin. +@@ -85,7 +88,7 @@ void service_udp4(packetinfo *pi, signat + void service_udp6(packetinfo *pi, signature* sig_serv_udp) + { + int rc; /* PCRE */ +- int ovector[15]; ++ pcre2_match_data *ovector; + int tmplen; + signature *tmpsig; + bstring app,service_name; +@@ -98,19 +101,22 @@ void service_udp6(packetinfo *pi, signat + else tmplen = pi->plen; + + tmpsig = sig_serv_udp; ++ ovector = pcre2_match_data_create(15, NULL); + while (tmpsig != NULL) { +- rc = pcre_exec(tmpsig->regex, tmpsig->study, (const char *) pi->payload, tmplen, 0, 0, +- ovector, 15); ++ rc = pcre2_match(tmpsig->regex, pi->payload, tmplen, 0, 0, ++ ovector, NULL); + if (rc != -1) { + app = get_app_name(tmpsig, pi->payload, ovector, rc); + //printf("[*] - MATCH SERVICE IPv6/UDP: %s\n",(char *)bdata(app)); + update_asset_service(pi, tmpsig->service, app); + pi->cxt->check |= CXT_SERVICE_DONT_CHECK; + bdestroy(app); ++ pcre2_match_data_free(ovector); + return; + } + tmpsig = tmpsig->next; + } ++ pcre2_match_data_free(ovector); + if (pi->sc == SC_CLIENT && !ISSET_CLIENT_UNKNOWN(pi)) { + if ((service_name = (bstring) check_known_port(IP_PROTO_UDP,ntohs(pi->d_port))) !=NULL ) { + update_asset_service(pi, UNKNOWN, service_name); +--- prads-0.3.3.orig/src/servicefp/servicefp.h ++++ prads-0.3.3/src/servicefp/servicefp.h +@@ -4,8 +4,8 @@ + void arp_check(char *eth_hdr, time_t tstamp); + int load_servicefp_file(char *sigfile, signature **db, int); + int parse_raw_signature(bstring line, int lineno, signature **dbp); +-bstring get_app_name(signature * sig, const uint8_t *payload, int *ovector, +- int rc); ++bstring get_app_name(signature * sig, const uint8_t *payload, ++ pcre2_match_data *ovector, int rc); + bstring check_port(uint8_t proto, uint16_t port); + void service_tcp4(packetinfo *pi, signature *db); + void service_tcp6(packetinfo *pi, signature *db); diff --git a/src/Makefile b/src/Makefile index df37ebc..4d91a86 100644 --- a/src/Makefile +++ b/src/Makefile @@ -28,7 +28,7 @@ ifeq (${STATIC},) ifeq (${TCMALLOC},y) LDFLAGS+=-ltcmalloc endif -LDFLAGS+=-lpcap -lpcre -lresolv +LDFLAGS+=-lpcap -lpcre2-8 -lresolv CFLAGS+=-DCONFDIR='"${CONFDIR}/"' else ifeq (${TCMALLOC},y) diff --git a/src/prads.c b/src/prads.c index 34503fc..130bbb4 100644 --- a/src/prads.c +++ b/src/prads.c @@ -1329,9 +1329,12 @@ int prads_initialize(globalconfig *conf) void prads_version(void) { + char buf[24]; + + pcre2_config(PCRE2_CONFIG_VERSION, buf); olog("[*] prads %s\n", VERSION); olog(" Using %s\n", pcap_lib_version()); - olog(" Using PCRE version %s\n", pcre_version()); + olog(" Using PCRE version %s\n", buf); } /* magic main */ diff --git a/src/prads.h b/src/prads.h index ba8c23d..c4f7edc 100644 --- a/src/prads.h +++ b/src/prads.h @@ -27,7 +27,8 @@ #include "common.h" #include "bstrlib.h" #include <netinet/in.h> -#include <pcre.h> +#define PCRE2_CODE_UNIT_WIDTH 8 +#include <pcre2.h> /* D E F I N E S ************************************************************/ #ifndef RELEASE @@ -750,8 +751,7 @@ typedef struct _signature { bstring ver; /* Version */ bstring misc; /* Misc info */ } title; - pcre *regex; /* Signature - Compiled Regular Expression */ - pcre_extra *study; /* Studied version of the compiled regex. */ + pcre2_code *regex; /* Signature - Compiled Regular Expression */ struct { /* Signature stats */ uint32_t checked; /* How many times the sig has been matched for */ uint32_t matched; /* How many times it has matched*/ diff --git a/src/servicefp/servicefp.c b/src/servicefp/servicefp.c index 5a76422..117d9d1 100644 --- a/src/servicefp/servicefp.c +++ b/src/servicefp/servicefp.c @@ -135,8 +135,8 @@ int parse_raw_signature(bstring line, int lineno, signature **db) signature *sig, *head; sig = head = NULL; bstring pcre_string = NULL; - const char *err = NULL; /* PCRE */ - int erroffset; /* PCRE */ + int err; /* PCRE */ + PCRE2_SIZE erroffset; /* PCRE */ int ret = 0; int i; @@ -207,18 +207,17 @@ int parse_raw_signature(bstring line, int lineno, signature **db) */ if (pcre_string != NULL) { if ((sig->regex = - pcre_compile((char *)bdata(pcre_string), 0, &err, - &erroffset, NULL)) == NULL) { + pcre2_compile((PCRE2_SPTR)bdata(pcre_string), + PCRE2_ZERO_TERMINATED, 0, &err, + &erroffset, NULL)) == NULL) { + PCRE2_UCHAR buf[120]; + + pcre2_get_error_message(err, buf, sizeof(buf)); printf("Unable to compile signature: %s at line %d (%s)", - err, lineno, bdata(line)); + buf, lineno, bdata(line)); ret = -1; } } - if (ret != -1) { - sig->study = pcre_study(sig->regex, 0, &err); - if (err != NULL) - printf("Unable to study signature: %s", err); - } /* * Add signature to 'signature_list' data structure. @@ -266,8 +265,7 @@ void free_signature_list (signature *head) bdestroy(head->title.app); bdestroy(head->title.ver); bdestroy(head->title.misc); - if (head->regex != NULL) free(head->regex); - if (head->study != NULL) free(head->study); + pcre2_code_free(head->regex); tmp = head->next; free(head); head = NULL; @@ -297,11 +295,11 @@ void del_signature_lists() * INPUT : 0 - Signature Pointer * : 1 - payload * : 2 - ovector - * : 3 - rc (return from pcre_exec) + * : 3 - rc (return from pcre2_match) * RETURN : processed app name * ---------------------------------------------------------- */ bstring get_app_name(signature * sig, - const uint8_t *payload, int *ovector, int rc) + const uint8_t *payload, pcre2_match_data *ovector, int rc) { char sub[512]; char app[5000]; @@ -311,6 +309,7 @@ bstring get_app_name(signature * sig, int n = 0; int x = 0; int z = 0; + PCRE2_SIZE l; /* * Create Application string using the values in signature[i].title. @@ -346,14 +345,14 @@ bstring get_app_name(signature * sig, i++; n = atoi(&app[i]); - pcre_get_substring((const char *)payload, ovector, rc, n, &expr); + pcre2_substring_get_bynumber(ovector, n, (PCRE2_UCHAR **)&expr, &l); x = 0; while (expr[x] != '\0' && z < (sizeof(sub) - 1)) { sub[z] = expr[x]; z++; x++; } - pcre_free_substring (expr); + pcre2_substring_free ((PCRE2_UCHAR *)expr); expr = NULL; i++; } else { diff --git a/src/servicefp/servicefp.h b/src/servicefp/servicefp.h index 9a3ca0c..4f7fbf4 100644 --- a/src/servicefp/servicefp.h +++ b/src/servicefp/servicefp.h @@ -4,8 +4,8 @@ void arp_check(char *eth_hdr, time_t tstamp); int load_servicefp_file(char *sigfile, signature **db, int); int parse_raw_signature(bstring line, int lineno, signature **dbp); -bstring get_app_name(signature * sig, const uint8_t *payload, int *ovector, - int rc); +bstring get_app_name(signature * sig, const uint8_t *payload, + pcre2_match_data *ovector, int rc); bstring check_port(uint8_t proto, uint16_t port); void service_tcp4(packetinfo *pi, signature *db); void service_tcp6(packetinfo *pi, signature *db); diff --git a/src/servicefp/tcpc.c b/src/servicefp/tcpc.c index 013409b..2f539b5 100644 --- a/src/servicefp/tcpc.c +++ b/src/servicefp/tcpc.c @@ -27,7 +27,7 @@ extern bstring UNKNOWN; void client_tcp4(packetinfo *pi, signature* sig_client_tcp) { int rc; /* PCRE */ - int ovector[15]; + pcre2_match_data *ovector; int tmplen; signature *tmpsig; bstring app, service_name; @@ -40,19 +40,22 @@ void client_tcp4(packetinfo *pi, signature* sig_client_tcp) else tmplen = pi->plen; tmpsig = sig_client_tcp; + ovector = pcre2_match_data_create(15, NULL); while (tmpsig != NULL) { - rc = pcre_exec(tmpsig->regex, tmpsig->study, (const char*)pi->payload, tmplen, 0, 0, - ovector, 15); + rc = pcre2_match(tmpsig->regex, pi->payload, tmplen, 0, 0, + ovector, NULL); if (rc != -1) { app = get_app_name(tmpsig, pi->payload, ovector, rc); //printf("[*] - MATCH CLIENT IPv4/TCP: %s\n",(char *)bdata(app)); update_asset_service(pi, tmpsig->service, app); pi->cxt->check |= CXT_CLIENT_DONT_CHECK; bdestroy(app); + pcre2_match_data_free(ovector); return; } tmpsig = tmpsig->next; } + pcre2_match_data_free(ovector); // Should have a flag set to resolve unknowns to default service if ( !ISSET_CLIENT_UNKNOWN(pi) && (service_name = check_known_port(IP_PROTO_TCP,ntohs(pi->tcph->dst_port))) !=NULL ) { @@ -65,7 +68,7 @@ void client_tcp4(packetinfo *pi, signature* sig_client_tcp) void client_tcp6(packetinfo *pi, signature* sig_client_tcp) { int rc; /* PCRE */ - int ovector[15]; + pcre2_match_data *ovector; signature *tmpsig; bstring app, service_name; @@ -74,19 +77,22 @@ void client_tcp6(packetinfo *pi, signature* sig_client_tcp) * a range between 500-1000 should be good! */ tmpsig = sig_client_tcp; + ovector = pcre2_match_data_create(15, NULL); while (tmpsig != NULL) { - rc = pcre_exec(tmpsig->regex, tmpsig->study, (const char*) pi->payload, pi->plen, 0, 0, - ovector, 15); + rc = pcre2_match(tmpsig->regex, pi->payload, pi->plen, 0, 0, + ovector, NULL); if (rc != -1) { app = get_app_name(tmpsig, pi->payload, ovector, rc); //printf("[*] - MATCH CLIENT IPv6/TCP: %s\n",(char *)bdata(app)); update_asset_service(pi, tmpsig->service, app); pi->cxt->check |= CXT_CLIENT_DONT_CHECK; bdestroy(app); + pcre2_match_data_free(ovector); return; } tmpsig = tmpsig->next; } + pcre2_match_data_free(ovector); if (!ISSET_CLIENT_UNKNOWN(pi) && (service_name = check_known_port(IP_PROTO_TCP,ntohs(pi->tcph->dst_port))) !=NULL ) { update_asset_service(pi, UNKNOWN, service_name); diff --git a/src/servicefp/tcps.c b/src/servicefp/tcps.c index cc58c5f..f04e80c 100644 --- a/src/servicefp/tcps.c +++ b/src/servicefp/tcps.c @@ -28,7 +28,7 @@ extern bstring UNKNOWN; void service_tcp4(packetinfo *pi, signature* sig_serv_tcp) { int rc; /* PCRE */ - int ovector[15]; + pcre2_match_data *ovector; int tmplen; signature *tmpsig; bstring app,service_name; @@ -41,15 +41,17 @@ void service_tcp4(packetinfo *pi, signature* sig_serv_tcp) else tmplen = pi->plen; tmpsig = sig_serv_tcp; + ovector = pcre2_match_data_create(15, NULL); while (tmpsig != NULL) { - rc = pcre_exec(tmpsig->regex, tmpsig->study, (const char *)pi->payload, tmplen, 0, 0, - ovector, 15); + rc = pcre2_match(tmpsig->regex, pi->payload, tmplen, 0, 0, + ovector, NULL); if (rc >= 0) { app = get_app_name(tmpsig, pi->payload, ovector, rc); //printf("[*] - MATCH SERVICE IPv4/TCP: %s\n",(char *)bdata(app)); update_asset_service(pi, tmpsig->service, app); pi->cxt->check |= CXT_SERVICE_DONT_CHECK; bdestroy(app); + pcre2_match_data_free(ovector); return; } /* @@ -61,6 +63,7 @@ void service_tcp4(packetinfo *pi, signature* sig_serv_tcp) */ tmpsig = tmpsig->next; } + pcre2_match_data_free(ovector); // Should have a flag set to resolve unknowns to default service if ( !ISSET_SERVICE_UNKNOWN(pi) && (service_name = check_known_port(IP_PROTO_TCP,ntohs(pi->s_port))) !=NULL ) { @@ -73,7 +76,7 @@ void service_tcp4(packetinfo *pi, signature* sig_serv_tcp) void service_tcp6(packetinfo *pi, signature* sig_serv_tcp) { int rc; /* PCRE */ - int ovector[15]; + pcre2_match_data *ovector; int tmplen; signature *tmpsig; bstring app,service_name; @@ -86,19 +89,22 @@ void service_tcp6(packetinfo *pi, signature* sig_serv_tcp) else tmplen = pi->plen; tmpsig = sig_serv_tcp; + ovector = pcre2_match_data_create(15, NULL); while (tmpsig != NULL) { - rc = pcre_exec(tmpsig->regex, tmpsig->study, (const char *) pi->payload, tmplen, 0, 0, - ovector, 15); + rc = pcre2_match(tmpsig->regex, pi->payload, tmplen, 0, 0, + ovector, NULL); if (rc >= 0) { app = get_app_name(tmpsig, pi->payload, ovector, rc); //printf("[*] - MATCH SERVICE IPv6/TCP: %s\n",(char *)bdata(app)); update_asset_service(pi, tmpsig->service, app); pi->cxt->check |= CXT_SERVICE_DONT_CHECK; bdestroy(app); + pcre2_match_data_free(ovector); return; } tmpsig = tmpsig->next; } + pcre2_match_data_free(ovector); // Should have a flag set to resolve unknowns to default service if ( !ISSET_SERVICE_UNKNOWN(pi) && (service_name = check_known_port(IP_PROTO_TCP,ntohs(pi->s_port))) !=NULL ) { diff --git a/src/servicefp/udps.c b/src/servicefp/udps.c index fc29447..aae43c9 100644 --- a/src/servicefp/udps.c +++ b/src/servicefp/udps.c @@ -28,7 +28,7 @@ extern bstring UNKNOWN; void service_udp4(packetinfo *pi, signature* sig_serv_udp) { int rc; /* PCRE */ - int ovector[15]; + pcre2_match_data *ovector; signature *tmpsig; bstring app, service_name; app = service_name = NULL; @@ -38,19 +38,22 @@ void service_udp4(packetinfo *pi, signature* sig_serv_udp) * a range between 500-1000 should be good! */ tmpsig = sig_serv_udp; + ovector = pcre2_match_data_create(15, NULL); while (tmpsig != NULL) { - rc = pcre_exec(tmpsig->regex, tmpsig->study, (const char*) pi->payload, pi->plen, 0, 0, - ovector, 15); + rc = pcre2_match(tmpsig->regex, pi->payload, pi->plen, 0, 0, + ovector, NULL); if (rc != -1) { app = get_app_name(tmpsig, pi->payload, ovector, rc); //printf("[*] - MATCH SERVICE IPv4/UDP: %s\n",(char *)bdata(app)); update_asset_service(pi, tmpsig->service, app); pi->cxt->check |= CXT_SERVICE_DONT_CHECK; bdestroy(app); + pcre2_match_data_free(ovector); return; } tmpsig = tmpsig->next; } + pcre2_match_data_free(ovector); /* * If no sig is found/mached, use default port to determin. @@ -85,7 +88,7 @@ void service_udp4(packetinfo *pi, signature* sig_serv_udp) void service_udp6(packetinfo *pi, signature* sig_serv_udp) { int rc; /* PCRE */ - int ovector[15]; + pcre2_match_data *ovector; int tmplen; signature *tmpsig; bstring app,service_name; @@ -98,19 +101,22 @@ void service_udp6(packetinfo *pi, signature* sig_serv_udp) else tmplen = pi->plen; tmpsig = sig_serv_udp; + ovector = pcre2_match_data_create(15, NULL); while (tmpsig != NULL) { - rc = pcre_exec(tmpsig->regex, tmpsig->study, (const char *) pi->payload, tmplen, 0, 0, - ovector, 15); + rc = pcre2_match(tmpsig->regex, pi->payload, tmplen, 0, 0, + ovector, NULL); if (rc != -1) { app = get_app_name(tmpsig, pi->payload, ovector, rc); //printf("[*] - MATCH SERVICE IPv6/UDP: %s\n",(char *)bdata(app)); update_asset_service(pi, tmpsig->service, app); pi->cxt->check |= CXT_SERVICE_DONT_CHECK; bdestroy(app); + pcre2_match_data_free(ovector); return; } tmpsig = tmpsig->next; } + pcre2_match_data_free(ovector); if (pi->sc == SC_CLIENT && !ISSET_CLIENT_UNKNOWN(pi)) { if ((service_name = (bstring) check_known_port(IP_PROTO_UDP,ntohs(pi->d_port))) !=NULL ) { update_asset_service(pi, UNKNOWN, service_name); -- 2.43.0
