diff --git a/src/maat_bool_plugin.c b/src/maat_bool_plugin.c index 5a6fb3a..d1c877f 100644 --- a/src/maat_bool_plugin.c +++ b/src/maat_bool_plugin.c @@ -268,18 +268,22 @@ bool_plugin_accept_tag_match(struct bool_plugin_schema *schema, FREE(tag_str); if (TAG_MATCH_ERR == ret) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_BOOL_PLUGIN, "[%s:%d] bool_plugin table:<%s> has invalid tag" " in line:%s", __FUNCTION__, __LINE__, table_name, - cJSON_Print(json)); + json_str); + FREE(json_str); return TAG_MATCH_ERR; } if (TAG_MATCH_UNMATCHED == ret) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_BOOL_PLUGIN, "[%s:%d] bool_plugin table:<%s> has unmatched tag" " in line:%s", __FUNCTION__, __LINE__, table_name, - cJSON_Print(json)); + json_str); + FREE(json_str); return TAG_MATCH_UNMATCHED; } } @@ -305,20 +309,24 @@ bool_plugin_expr_new(struct bool_plugin_schema *schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, schema->key_name); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_BOOL_PLUGIN, "[%s:%d] bool_plugin table:<%s> has " "no key_name %s or invalid format in line:%s", __FUNCTION__, - __LINE__, table_name, schema->key_name, cJSON_Print(json)); + __LINE__, table_name, schema->key_name, json_str); + FREE(json_str); goto error; } uuid_parse(tmp_obj->valuestring, bool_expr->expr_uuid); tmp_obj = cJSON_GetObjectItem(json, "bool_expr"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_BOOL_PLUGIN, "[%s:%d] bool_plugin table:<%s> has " "no bool_expr or invalid format in line:%s", __FUNCTION__, - __LINE__, table_name, cJSON_Print(json)); + __LINE__, table_name, json_str); + FREE(json_str); goto error; } @@ -333,10 +341,12 @@ bool_plugin_expr_new(struct bool_plugin_schema *schema, const char *table_name, ret = sscanf(sub_token, "%llu", items + n_item); n_item++; if (ret != 1 || n_item > MAX_ITEMS_PER_BOOL_EXPR) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_BOOL_PLUGIN, "[%s:%d] bool_plugin table:<%s> has " "invalid format of bool_expr in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } } diff --git a/src/maat_config_monitor.c b/src/maat_config_monitor.c index 0ebc24e..6074239 100644 --- a/src/maat_config_monitor.c +++ b/src/maat_config_monitor.c @@ -186,35 +186,35 @@ void config_monitor_traverse(long long current_version, const cJSON *json_root, } } -static void object_info_add(struct object_info *object_name_map, const char *object_name, const char *object_uuid) +static void object_info_add(struct object_info **object_name_map, const char *object_name, const char *object_uuid) { struct object_info *object_info = NULL; - HASH_FIND_STR(object_name_map, object_name, object_info); + HASH_FIND_STR(*object_name_map, object_name, object_info); if (object_info == NULL) { object_info = ALLOC(struct object_info, 1); strncpy(object_info->object_name, object_name, sizeof(object_info->object_name)); strncpy(object_info->object_uuid, object_uuid, sizeof(object_info->object_uuid)); - HASH_ADD_STR(object_name_map, object_name, object_info); + HASH_ADD_STR(*object_name_map, object_name, object_info); } } -static struct object_info *object_info_find(struct object_info *object_name_map, const char *object_name) +static struct object_info *object_info_find(struct object_info **object_name_map, const char *object_name) { struct object_info *object_info = NULL; - HASH_FIND_STR(object_name_map, object_name, object_info); + HASH_FIND_STR(*object_name_map, object_name, object_info); return object_info; } -static void object_info_free(struct object_info *object_name_map) +static void object_info_free(struct object_info **object_name_map) { struct object_info *object_info, *tmp; - HASH_ITER(hh, object_name_map, object_info, tmp) { - HASH_DEL(object_name_map, object_info); + HASH_ITER(hh, *object_name_map, object_info, tmp) { + HASH_DEL(*object_name_map, object_info); FREE(object_info); } } -static void convert_condition(struct object_info *object_name_map, cJSON *condition, cJSON *top_items, int *object_gen_id, int *item_gen_id) +static void convert_condition(struct object_info **object_name_map, cJSON *condition, cJSON *top_items, int *object_gen_id, int *item_gen_id) { cJSON *object_uuid_array = cJSON_CreateArray(); cJSON *object_name = cJSON_GetObjectItem(condition, "object_name"); @@ -386,11 +386,11 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff) if (or_conditions) { cJSON *tmp_or_condition = NULL; cJSON_ArrayForEach(tmp_or_condition, or_conditions) { - convert_condition(object_name_map, tmp_or_condition, top_items, &object_gen_id, &item_gen_id); + convert_condition(&object_name_map, tmp_or_condition, top_items, &object_gen_id, &item_gen_id); } } else { cJSON *tmp_or_condition = cJSON_Duplicate(tmp_and_condition, 1); - convert_condition(object_name_map, tmp_or_condition, top_items, &object_gen_id, &item_gen_id); + convert_condition(&object_name_map, tmp_or_condition, top_items, &object_gen_id, &item_gen_id); or_conditions = cJSON_CreateArray(); cJSON_AddItemToArray(or_conditions, tmp_or_condition); @@ -400,7 +400,7 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff) } - object_info_free(object_name_map); + object_info_free(&object_name_map); } int load_maat_json_rule_file(struct maat *maat_inst, const char *json_filename, @@ -464,5 +464,7 @@ int load_maat_json_rule_file(struct maat *maat_inst, const char *json_filename, convert_maat_json_rule(json_root, json_buff); + FREE(json_buff); + return 0; } \ No newline at end of file diff --git a/src/maat_ex_data.c b/src/maat_ex_data.c index 2a4705b..d38cb74 100644 --- a/src/maat_ex_data.c +++ b/src/maat_ex_data.c @@ -44,7 +44,17 @@ void cache_row_free(void *p) free(*(char **)p); } -UT_icd ut_cache_row_icd = {sizeof(char*), NULL, NULL, cache_row_free}; +void cache_row_copy(void *dst, const void *src) +{ + struct ex_data_row *ex_data_row_src = (struct ex_data_row *)src; + struct ex_data_row *ex_data_row_dst = (struct ex_data_row *)dst; + + ex_data_row_dst->row = ALLOC(char, strlen(ex_data_row_src->row) + 1); + strcpy(ex_data_row_dst->row, ex_data_row_src->row); + ex_data_row_dst->op = ex_data_row_src->op; +} + +UT_icd ut_cache_row_icd = {sizeof(struct ex_data_row), NULL, cache_row_copy, cache_row_free}; struct ex_data_runtime * ex_data_runtime_new(int table_id, int gc_timeout_s, struct log_handle *logger) @@ -100,14 +110,16 @@ void ex_data_runtime_cache_row_put(struct ex_data_runtime *ex_data_rt, const cha } size_t row_len = strlen(row); - struct ex_data_row *ex_data_row = ALLOC(struct ex_data_row, 1); - ex_data_row->row = ALLOC(char, row_len + 1); + struct ex_data_row ex_data_row; + ex_data_row.row = ALLOC(char, row_len + 1); - ex_data_row->op = op; - memcpy(ex_data_row->row, row, row_len); + ex_data_row.op = op; + memcpy(ex_data_row.row, row, row_len); ex_data_rt->cache_size += row_len; utarray_push_back(ex_data_rt->cache_rows, &ex_data_row); ex_data_rt->cache_row_num++; + + FREE(ex_data_row.row); } const struct ex_data_row *ex_data_runtime_cached_row_get(struct ex_data_runtime *ex_data_rt, size_t index) @@ -116,9 +128,7 @@ const struct ex_data_row *ex_data_runtime_cached_row_get(struct ex_data_runtime return NULL; } - const char **row = NULL; - row = (const char **)utarray_eltptr(ex_data_rt->cache_rows, index); - return (struct ex_data_row *)*row; + return (struct ex_data_row *)utarray_eltptr(ex_data_rt->cache_rows, index); } size_t ex_data_runtime_cached_row_count(struct ex_data_runtime *ex_data_rt) diff --git a/src/maat_expr.c b/src/maat_expr.c index ae21af4..45bab8a 100644 --- a/src/maat_expr.c +++ b/src/maat_expr.c @@ -104,35 +104,43 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, "object_uuid"); if (tmp_obj == NULL && tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> has no object_id in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } uuid_parse(tmp_obj->valuestring, expr_item->object_uuid); tmp_obj = cJSON_GetObjectItem(json, "expression"); if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> has no expression in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } len = strlen(tmp_obj->valuestring); if (len > MAX_KEYWORDS_STR_LEN) { + char *json_str = cJSON_Print(json); log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> expression length too long in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } memcpy(expr_item->keywords, tmp_obj->valuestring, len); tmp_obj = cJSON_GetObjectItem(json, "expr_type"); if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> has no expr_type in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } @@ -145,9 +153,11 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name, } if (expr_item->expr_type == EXPR_TYPE_INVALID) { + char *json_str = cJSON_Print(json); log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> has invalid expr_type in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } else if (expr_item->expr_type == EXPR_TYPE_REGEX) { ret = expr_matcher_verify_regex_expression(expr_item->keywords, expr_rt->logger); @@ -603,10 +613,12 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema, uuid_t item_uuid; uuid_parse(tmp_obj->valuestring, item_uuid); if (uuid_is_null(item_uuid)) { + char *json_str = cJSON_Print(json); log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> item_id wrong" " in table_line:%s", __FUNCTION__, __LINE__, table_name, - cJSON_Print(json)); + json_str); + FREE(json_str); expr_rt->update_err_cnt++; goto ERROR; } diff --git a/src/maat_flag.c b/src/maat_flag.c index 42a24e5..1cebe12 100644 --- a/src/maat_flag.c +++ b/src/maat_flag.c @@ -202,18 +202,21 @@ flag_item_new(struct flag_schema *schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, "object_uuid"); if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(flag_rt->logger, MODULE_FLAG, "[%s:%d] flag table:<%s> has no object_id in json:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); goto error; } uuid_parse(tmp_obj->valuestring, item->object_uuid); tmp_obj = cJSON_GetObjectItem(json, "flag"); if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) { + char *json_str = cJSON_Print(json); log_fatal(flag_rt->logger, MODULE_FLAG, "[%s:%d] flag table:<%s> has no flag in json:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } @@ -221,9 +224,11 @@ flag_item_new(struct flag_schema *schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, "mask"); if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) { + char *json_str = cJSON_Print(json); log_fatal(flag_rt->logger, MODULE_FLAG, "[%s:%d] flag table:<%s> has no mask in json:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } diff --git a/src/maat_fqdn_plugin.c b/src/maat_fqdn_plugin.c index 282ba0e..c916fde 100644 --- a/src/maat_fqdn_plugin.c +++ b/src/maat_fqdn_plugin.c @@ -220,18 +220,22 @@ fqdn_plugin_accept_tag_match(struct fqdn_plugin_schema *schema, FREE(tag_str); if (TAG_MATCH_ERR == ret) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_FQDN_PLUGIN, "[%s:%d] fqdn_plugin table:<%s> has invalid tag" " format in line:%s", __FUNCTION__, __LINE__, - table_name, cJSON_Print(json)); + table_name, json_str); + FREE(json_str); return TAG_MATCH_ERR; } if (TAG_MATCH_UNMATCHED == ret) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_FQDN_PLUGIN, "[%s:%d] fqdn_plugin table:<%s> has unmatched tag" " in line:%s", __FUNCTION__, __LINE__, table_name, - cJSON_Print(json)); + json_str); + FREE(json_str); return TAG_MATCH_UNMATCHED; } } @@ -255,18 +259,22 @@ fqdn_plugin_rule_new(const cJSON *json, struct fqdn_plugin_schema *schema, tmp_obj = cJSON_GetObjectItem(json, schema->key_name); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_FQDN_PLUGIN, "[%s:%d] fqdn_plugin table:<%s> has no key_name or invalid format in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } uuid_parse(tmp_obj->valuestring, fqdn_plugin_rule->uuid); tmp_obj = cJSON_GetObjectItem(json, "fqdn"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_FQDN_PLUGIN, "[%s:%d] fqdn_plugin table:<%s> has no fqdn in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } diff --git a/src/maat_interval.c b/src/maat_interval.c index e37acb2..be03149 100644 --- a/src/maat_interval.c +++ b/src/maat_interval.c @@ -173,18 +173,22 @@ interval_item_new(struct interval_schema *schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, "object_uuid"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(interval_rt->logger, MODULE_INTERVAL, "[%s:%d] interval table:<%s> has no object_id in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } uuid_parse(tmp_obj->valuestring, item->object_uuid); tmp_obj = cJSON_GetObjectItem(json, "interval"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(interval_rt->logger, MODULE_INTERVAL, "[%s:%d] interval table:<%s> has no interval in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } memcpy(port_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring)); diff --git a/src/maat_ip.c b/src/maat_ip.c index c23a462..04d6759 100644 --- a/src/maat_ip.c +++ b/src/maat_ip.c @@ -109,18 +109,22 @@ ip_item_new(struct ip_schema *ip_schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, "object_uuid"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP, "[%s:%d] ip table:<%s> has no object_id in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } uuid_parse(tmp_obj->valuestring, ip_item->object_uuid); tmp_obj = cJSON_GetObjectItem(json, "ip"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP, "[%s:%d] ip table:<%s> has no ip in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } memcpy(ip_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring)); @@ -134,18 +138,22 @@ ip_item_new(struct ip_schema *ip_schema, const char *table_name, if (IPv4 == ip_item->addr_type) { ret = ip_format2range(ip_str, ip_item->addr_type, &ip_item->ipv4.min_ip, &ip_item->ipv4.max_ip); if (ret < 0) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP, "[%s:%d] ip table:<%s> ip_format2range(ip4) failed in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } } else { //ipv6 ret = ip_format2range(ip_str, ip_item->addr_type, ip_item->ipv6.min_ip, ip_item->ipv6.max_ip); if (ret < 0) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP, "[%s:%d] ip table:<%s> ip_format2range(ip6) failed in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } } @@ -319,9 +327,11 @@ int ip_runtime_update(void *ip_runtime, void *ip_schema, tmp_obj = cJSON_GetObjectItem(json, "uuid"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(ip_rt->logger, MODULE_IP, "[%s:%d] ip table:<%s> has no item_id in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); ip_rt->update_err_cnt++; goto ERROR; } diff --git a/src/maat_ip_plugin.c b/src/maat_ip_plugin.c index 8c33efa..63a5893 100644 --- a/src/maat_ip_plugin.c +++ b/src/maat_ip_plugin.c @@ -118,16 +118,20 @@ ip_plugin_accept_tag_match(struct ip_plugin_schema *schema, FREE(tag_str); if (TAG_MATCH_ERR == ret) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP_PLUGIN, "[%s:%d] ip_plugin table:<%s> has invalid tag format" - " in line:%s", __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + " in line:%s", __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); return TAG_MATCH_ERR; } if (TAG_MATCH_UNMATCHED == ret) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP_PLUGIN, "[%s:%d] ip_plugin table:<%s> has unmatched tag in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); return TAG_MATCH_UNMATCHED; } } @@ -151,18 +155,22 @@ ip_plugin_rule_new(struct ip_plugin_schema *schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, schema->key_name); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP_PLUGIN, "[%s:%d] ip_plugin table:<%s> has no key %s or invalid format in line:%s", - __FUNCTION__, __LINE__, table_name, schema->key_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, schema->key_name, json_str); + FREE(json_str); goto error; } uuid_parse(tmp_obj->valuestring, ip_plugin_rule->rule_uuid); tmp_obj = cJSON_GetObjectItem(json, "ip"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP_PLUGIN, "[%s:%d] ip_plugin table:<%s> has no ip field or invalid format in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } strncpy(ip_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring)); @@ -176,20 +184,24 @@ ip_plugin_rule_new(struct ip_plugin_schema *schema, const char *table_name, if (IPv4 == ip_plugin_rule->type) { ret = ip_format2range(ip_str, ip_plugin_rule->type, &ip_plugin_rule->ipv4_rule.start_ip, &ip_plugin_rule->ipv4_rule.end_ip); if (ret < 0) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP_PLUGIN, "[%s:%d] ip_plugin table:<%s>> ip_format2range(ip4)" " failed in line:%s", __FUNCTION__, __LINE__, - table_name, cJSON_Print(json)); + table_name, json_str); + FREE(json_str); goto error; } } else { //ipv6 ret = ip_format2range(ip_str, ip_plugin_rule->type, ip_plugin_rule->ipv6_rule.start_ip, ip_plugin_rule->ipv6_rule.end_ip); if (ret < 0) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP_PLUGIN, "[%s:%d] ip_plugin table:<%s> ip_format2range(ip6)" " failed in line:%s", __FUNCTION__, __LINE__, - table_name, cJSON_Print(json)); + table_name, json_str); + FREE(json_str); goto error; } } diff --git a/src/maat_ipport_plugin.c b/src/maat_ipport_plugin.c index 35b12bd..f328d2d 100644 --- a/src/maat_ipport_plugin.c +++ b/src/maat_ipport_plugin.c @@ -233,18 +233,22 @@ ipport_item_new(struct ipport_plugin_schema *schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, schema->key_name); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport table:<%s> has no key or invalid format, line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } uuid_parse(tmp_obj->valuestring, ipport_item->item_uuid); tmp_obj = cJSON_GetObjectItem(json, "ip"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport table:<%s> has no ip or invalid format in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } strncpy(ip_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring)); @@ -258,27 +262,33 @@ ipport_item_new(struct ipport_plugin_schema *schema, const char *table_name, if (IPV4 == ipport_item->ip_type) { ret = ip_format2range(ip_str, ipport_item->ip_type, &ipport_item->ipv4.min_ip, &ipport_item->ipv4.max_ip); if (ret < 0) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport table:<%s> ip_format2range(ip4) failed in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } } else { //ipv6 ret = ip_format2range(ip_str, ipport_item->ip_type, ipport_item->ipv6.min_ip, ipport_item->ipv6.max_ip); if (ret < 0) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport table:<%s> ip_format2range(ip6) failed in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } } tmp_obj = cJSON_GetObjectItem(json, "port"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport table:<%s> has no port or invalid format in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } diff --git a/src/maat_plugin.c b/src/maat_plugin.c index 2c1e85a..8929f50 100644 --- a/src/maat_plugin.c +++ b/src/maat_plugin.c @@ -378,7 +378,7 @@ static int plugin_accept_tag_match(struct plugin_schema *schema, { size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr); cJSON *tmp_obj = NULL; - int ret = 0; + int ret = TAG_MATCH_MATCHED; cJSON *json = cJSON_Parse(line); tmp_obj = cJSON_GetObjectItem(json, "effective_range"); @@ -390,21 +390,24 @@ static int plugin_accept_tag_match(struct plugin_schema *schema, if (TAG_MATCH_ERR == ret) { log_fatal(logger, MODULE_PLUGIN, "[%s:%d] table: <%s> has invalid tag format in table_line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); - return TAG_MATCH_ERR; + __FUNCTION__, __LINE__, table_name, line); + goto END; } if (TAG_MATCH_UNMATCHED == ret) { log_fatal(logger, MODULE_PLUGIN, "[%s:%d] table: <%s> has unmatched tag in table_line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); - return TAG_MATCH_UNMATCHED; + __FUNCTION__, __LINE__, table_name, line); + goto END; } } - cJSON_Delete(json); +END: + if (json) { + cJSON_Delete(json); + } - return TAG_MATCH_MATCHED; + return ret; } static int plugin_table_line_get_ip_key(struct plugin_schema *schema, @@ -419,7 +422,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema, log_fatal(logger, MODULE_PLUGIN, "[%s:%d] plugin table:<%s> ip_key too long exceed maximum:%d in " "table_line:%s", __FUNCTION__, __LINE__, table_name, - INET6_ADDRSTRLEN, cJSON_Print(json)); + INET6_ADDRSTRLEN, line); goto ERROR; } @@ -430,7 +433,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema, if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) { log_fatal(logger, MODULE_PLUGIN, "[%s:%d] plugin table:<%s> has no addr_type or not number format in table_line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, line); goto ERROR; } @@ -446,7 +449,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema, log_fatal(logger, MODULE_PLUGIN, "[%s:%d] plugin table:<%s> ipv4 key" " illegal in table_line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, line); goto ERROR; } @@ -459,7 +462,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema, log_fatal(logger, MODULE_PLUGIN, "[%s:%d] plugin table:<%s> ipv6 key" " illegal in table_line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, line); goto ERROR; } @@ -469,11 +472,15 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema, log_fatal(logger, MODULE_PLUGIN, "[%s:%d] plugin table:<%s> addr_type:%d illegal, just" " allow{4, 6}, table_line:%s", - __FUNCTION__, __LINE__, table_name, addr_type, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, addr_type, line); goto ERROR; } + if (json) { + cJSON_Delete(json); + } return 0; + ERROR: if (json) { cJSON_Delete(json); diff --git a/src/maat_rule.c b/src/maat_rule.c index 1108b1e..e23bc72 100644 --- a/src/maat_rule.c +++ b/src/maat_rule.c @@ -345,6 +345,10 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule rule_item->condition_num = rule->condition_num; rule->user_data = rule_item; + if (table_json) { + cJSON_Delete(table_json); + } + return rule; error: @@ -352,6 +356,10 @@ error: maat_rule_free(rule); } + if (table_json) { + cJSON_Delete(table_json); + } + return NULL; } @@ -361,33 +369,38 @@ static int rule_accept_tag_match(struct rule_schema *schema, const char *line, size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr); cJSON *tmp_obj = NULL; cJSON *table_json = cJSON_Parse(line); + int ret = TAG_MATCH_MATCHED; tmp_obj = cJSON_GetObjectItem(table_json, "effective_range"); if ((tmp_obj && cJSON_GetArraySize(tmp_obj) > 0) && n_tag > 0) { char *tag_str = cJSON_Print(tmp_obj); - int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str); + ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str); FREE(tag_str); if (TAG_MATCH_ERR == ret) { log_fatal(logger, MODULE_RULE, "[%s:%d] table: <%s> has invalid tag format in line:%s", __FUNCTION__, __LINE__, table_name, line); - return TAG_MATCH_ERR; + goto END; } if (TAG_MATCH_UNMATCHED == ret) { log_fatal(logger, MODULE_RULE, "[%s:%d] table: <%s> has unmatched tag in line:%s", __FUNCTION__, __LINE__, table_name, line); - return TAG_MATCH_UNMATCHED; + goto END; } } - return TAG_MATCH_MATCHED; +END: + if (table_json) { + cJSON_Delete(table_json); + } + + return ret; } -static struct rule_item * -rule_item_new(const char *table_line, struct rule_schema *schema, +static struct rule_item *rule_item_new(const char *table_line, struct rule_schema *schema, const char *table_name, struct log_handle *logger) { int ret = rule_accept_tag_match(schema, table_line, table_name, logger); @@ -403,7 +416,7 @@ rule_item_new(const char *table_line, struct rule_schema *schema, if (tmp_obj == NULL && tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_RULE, "[%s:%d] table: <%s> has no rule_id or not string format in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(table_json)); + __FUNCTION__, __LINE__, table_name, table_line); goto error; } uuid_parse(tmp_obj->valuestring, rule_item->rule_uuid); @@ -530,6 +543,25 @@ void rule_runtime_free(void *rule_runtime) rule_rt->not_condition_id_kv_hash = NULL; } + if (rule_rt->tbl_not_condition_hash != NULL) { + struct table_condition *not_condition = NULL, *tmp_not_condition = NULL; + HASH_ITER(hh, rule_rt->tbl_not_condition_hash, not_condition, tmp_not_condition) { + HASH_DEL(rule_rt->tbl_not_condition_hash, not_condition); + if (not_condition->condition_ids != NULL) { + utarray_free(not_condition->condition_ids); + not_condition->condition_ids = NULL; + } + + if (not_condition->object_ids != NULL) { + utarray_free(not_condition->object_ids); + not_condition->object_ids = NULL; + } + + FREE(not_condition); + } + assert(rule_rt->tbl_not_condition_hash == NULL); + } + if (rule_rt->expr_match_buff != NULL) { FREE(rule_rt->expr_match_buff); } @@ -1424,7 +1456,7 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt, struct rule_item *rule_item = rule_item_new(line, schema, table_name, rule_rt->logger); if (NULL == rule_item) { - return -1; + goto ERROR; } int table_id = table_manager_get_table_id(schema->ref_tbl_mgr, table_name); @@ -1432,7 +1464,7 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt, log_fatal(logger, MODULE_RULE, "[%s:%d]table_name:%s has invalid table_id:%d, drop line:%s", __FUNCTION__, __LINE__, table_name, table_id, line); - return -1; + goto ERROR; } int updating_flag = rcu_hash_is_updating(rule_rt->cfg_hash); @@ -1449,6 +1481,7 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt, log_fatal(logger, MODULE_RULE, "[%s:%d]rule_id:%s already existed in rule table, drop line:%s", __FUNCTION__, __LINE__, rule_uuid_str, line); + goto ERROR; } rule = maat_rule_new(rule_rt, schema, table_name, *rule_uuid, line, rule_item); @@ -1456,12 +1489,19 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt, log_fatal(logger, MODULE_RULE, "[%s:%d]maat_rule_new failed, drop line:%s", __FUNCTION__, __LINE__, line); - return -1; + goto ERROR; } rcu_hash_add(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t), rule); return 0; + +ERROR: + if (rule_item != NULL) { + rule_item_free(rule_item); + } + + return -1; } static void rule_runtime_del_rule(struct rule_runtime *rule_rt, diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index d97999c..2fe19a5 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -5104,10 +5104,10 @@ void ipport_plugin_ex_free_cb(const char *table_name, void **ad, long argl, void if (ud->buffer) { memset(ud->buffer, 0, ud->buf_len); ud->buf_len = 0; - free(ud->buffer); + FREE(ud->buffer); } - free(ud); + FREE(ud); *ad = NULL; } @@ -5656,6 +5656,8 @@ void rule_ex_param_new(const char *table_name, const char *key, (*counter)++; *ad = param; + + cJSON_Delete(json); } void rule_ex_param_free(const char *table_name, void **ad, long argl, void *argp) @@ -5828,6 +5830,8 @@ void accept_tags_entry_cb(const char *table_name, const char *table_line, enum m EXPECT_STREQ(tmp_obj->valuestring, "SUCCESS"); (*callback_times)++; + + cJSON_Delete(json); } TEST_F(Policy, PluginRuleTags1) { diff --git a/test/maat_json.json b/test/maat_json.json index fa241a7..513a1cf 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -304,30 +304,6 @@ } ] }, - { - "object_name": "vt_grp_http_sig2", - "uuid": "00000000-0000-0000-0000-000000000153", - "items": [ - { - "table_name": "HTTP_SIGNATURE", - "table_type": "expr", - "table_content": { - - "expression": "uid=12345678", - "expr_type": "and" - } - }, - { - "table_name": "HTTP_SIGNATURE", - "table_type": "expr", - "table_content": { - - "expression": "sessionid=888888", - "expr_type": "and" - } - } - ] - }, { "object_name": "167_url_object", "uuid": "00000000-0000-0000-0000-000000000158", @@ -1922,16 +1898,37 @@ { "attribute_name": "HTTP_REQUEST_HEADER", "negate_option": false, - "object_uuids": [ - "00000000-0000-0000-0000-000000000153" - ] + "objects": [ + { + "object_name": "vt_grp_http_sig2", + "uuid": "00000000-0000-0000-0000-000000000153", + "items": [ + { + "table_name": "HTTP_SIGNATURE", + "table_type": "expr", + "table_content": { + + "expression": "uid=12345678", + "expr_type": "and" + } + }, + { + "table_name": "HTTP_SIGNATURE", + "table_type": "expr", + "table_content": { + + "expression": "sessionid=888888", + "expr_type": "and" + } + } + ] + } + ] }, { "attribute_name": "HTTP_RESPONSE_HEADER", "negate_option": false, - "object_uuids": [ - "00000000-0000-0000-0000-000000000153" - ] + "object_name": "vt_grp_http_sig2" } ] }, diff --git a/test/test_utils.cpp b/test/test_utils.cpp index 9cfd17a..468adcb 100644 --- a/test/test_utils.cpp +++ b/test/test_utils.cpp @@ -24,6 +24,8 @@ make_serial_rule(const char *table_name, const char *line, void *u_para, enum ma struct serial_rule *s_rule=(struct serial_rule *)u_para; redisContext *ctx = s_rule->ref_ctx; char *buff = ALLOC(char, strlen(line) + 1); + cJSON *rule_uuid = NULL; + int ret = 0; memcpy(buff, line, strlen(line) + 1); @@ -34,16 +36,18 @@ make_serial_rule(const char *table_name, const char *line, void *u_para, enum ma cJSON *json = cJSON_Parse(line); if (NULL == json) { - return -1; + ret = -1; + goto END; } - cJSON *rule_uuid = cJSON_GetObjectItem(json, "uuid"); + rule_uuid = cJSON_GetObjectItem(json, "uuid"); if (NULL == rule_uuid) { rule_uuid = cJSON_GetObjectItem(json, "object_uuid");//for object2object table } if (NULL == rule_uuid || rule_uuid->type != cJSON_String) { - return -1; + ret = -1; + goto END; } maat_set_serial_rule(s_rule + line_idx, op, rule_uuid->valuestring, @@ -51,9 +55,15 @@ make_serial_rule(const char *table_name, const char *line, void *u_para, enum ma (s_rule + line_idx)->ref_ctx = ctx; line_idx++; - FREE(buff); +END: + if (json) { + cJSON_Delete(json); + } + if (buff) { + FREE(buff); + } - return 0; + return ret; } int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_port, @@ -71,6 +81,10 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_por convert_maat_json_rule(&json_root, (unsigned char *)json_buff); + if (json_buff) { + FREE(json_buff); + } + redisContext *c = maat_connect_redis(redis_ip, redis_port, redis_db, logger); if (NULL == c) { return -1; @@ -162,6 +176,8 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name, int ret = maat_cmd_set_line(maat_inst, &line_rule, op); free(json_str); + cJSON_Delete(json_root); + return ret; }