Hi,
Le samedi 27 novembre 2010 à 15:56 +0100, Julia Lawall a écrit :
> On Sat, 27 Nov 2010, Eric Leblond wrote:
>
> > Hi,
> >
> > Le jeudi 25 novembre 2010 à 18:55 +0100, Julia Lawall a écrit :
> > > On Wed, 24 Nov 2010, Julia Lawall wrote:
> > >
> > > > Thanks for your interest in Coccinelle. I had thought that in the
> > > > special
> > > > case where the change is only on the variable that it would be able to
> > > > make the transformation. Ie, if the second rule were rather written
> > > > with:
> > > >
> > > > Packet
> > > > - p
> > > > + *p = SCMalloc(SIZE_OF_PACKET)
> > > > ;
> > > >
> > > > But I see that this is not working either. I will look into it and
> > > > hope
> > > > to find a solution today or tomorrow.
> > >
> > > It turned out to be a little more subtle than expected. I will hope to
> > > have a working solution soon.
> >
> > Working on the same code modification, I did not found a way to treat
> > the case where I've got multiple Packet variable.
> >
> > If I use :
> > @rule1@
> > identifier p;
> > identifier func;
> > identifier fdl;
> > @@
> > func(...) {
> > ...
> > Packet p;
> > <...
> > (
> > - p.fdl
> > + p->fdl
> > |
> > - &(p)
> > + p
> > )
> > ...>
> > }
> >
> > on a file where there is :
> > Packet p1;
> > Packet p2;
> >
> > then the modification is only done on p1.
> >
> > Is there a way to treat all variables at once ?
>
> Yes, it should work better if you move the <... up above the declaration
> of Packet. You may also want to change it to <+... ...+> if you want to
> be sure there is at least one match.
Thanks ! It does the job for most of the patch but I've got the
following problem. With the following cocci file
@rule2@
identifier p;
identifier func;
@@
func(...) {
<...
- Packet p;
+ Packet *p = SCMalloc(SIZE_OF_PACKET);
+ if (p == NULL)
+ return 0;
...
+ SCFree(p);
return ...;
...>
}
I encounter:
init_defs_builtins: /usr/share/coccinelle/standard.h
HANDLING: multi.c
previous modification:
<<< SCFree(rule2:p);
CONTEXT
According to environment 1:
rule2.p -> id p2
current modification:
<<< SCFree(rule2:p);
CONTEXT
According to environment 1:
rule2.p -> id p1
Fatal error: exception Failure("rule2: already tagged token:
C code context
File "multi.c", line 94, column 4, charpos = 2599
around = 'return', whole content = return result;")
Is there a workaround ? I attach the related files to the mail for more
convenience.
BR,
--
Eric Leblond <[email protected]>
int SigTest24IPV4Keyword(void)
{
uint8_t valid_raw_ipv4[] = {
0x45, 0x00, 0x00, 0x54, 0x00, 0x00, 0x40, 0x00,
0x40, 0x01, 0xb7, 0x52, 0xc0, 0xa8, 0x01, 0x03,
0xc0, 0xa8, 0x01, 0x03};
uint8_t invalid_raw_ipv4[] = {
0x45, 0x00, 0x00, 0x54, 0x00, 0x00, 0x40, 0x00,
0x40, 0x01, 0xb7, 0x52, 0xc0, 0xa8, 0x01, 0x03,
0xc0, 0xa8, 0x01, 0x06};
Packet p1;
Packet p2;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
int result = 0;
uint8_t *buf = (uint8_t *)"GET /one/ HTTP/1.0\r\n"
"\r\n\r\n";
uint16_t buflen = strlen((char *)buf);
memset(&th_v, 0, sizeof(ThreadVars));
memset(&p1, 0, SIZE_OF_PACKET);
memset(&p2, 0, SIZE_OF_PACKET);
p1.ip4c.comp_csum = -1;
p2.ip4c.comp_csum = -1;
p1.ip4h = (IPV4Hdr *)valid_raw_ipv4;
p1.src.family = AF_INET;
p1.dst.family = AF_INET;
p1.payload = buf;
p1.payload_len = buflen;
p1.proto = IPPROTO_TCP;
p2.ip4h = (IPV4Hdr *)invalid_raw_ipv4;
p2.src.family = AF_INET;
p2.dst.family = AF_INET;
p2.payload = buf;
p2.payload_len = buflen;
p2.proto = IPPROTO_TCP;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert ip any any -> any any "
"(content:\"/one/\"; ipv4-csum:valid; "
"msg:\"ipv4-csum keyword check(1)\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("sig 1 parse: ");
goto end;
}
de_ctx->sig_list->next = SigInit(de_ctx,
"alert ip any any -> any any "
"(content:\"/one/\"; ipv4-csum:invalid; "
"msg:\"ipv4-csum keyword check(1)\"; "
"sid:2;)");
if (de_ctx->sig_list->next == NULL) {
printf("sig 2 parse: ");
goto end;
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1);
if (!(PacketAlertCheck(&p1, 1))) {
printf("signature 1 didn't match, but should have: ");
goto end;
}
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2);
if (!((PacketAlertCheck(&p2, 2)))) {
printf("signature 2 didn't match, but should have: ");
goto end;
}
result = 1;
end:
if (det_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
}
return result;
}
@rule2@
identifier p;
identifier func;
@@
func(...) {
<...
- Packet p;
+ Packet *p = SCMalloc(SIZE_OF_PACKET);
+ if (p == NULL)
+ return 0;
...
+ SCFree(p);
return ...;
...>
}
_______________________________________________
Cocci mailing list
[email protected]
http://lists.diku.dk/mailman/listinfo/cocci
(Web access from inside DIKUs LAN only)
