严重bug：加载二进制格式字符串配置时，仅加载了与表达式中的第一个子串。该bug自git上最早版本（20150724）就已存在。

2019-01-27 19:00:04 +06:00
parent cf5f1d0269
commit 95f788ee13
2 changed files with 35 additions and 17 deletions
--- a/src/entry/Maat_rule.cpp
+++ b/src/entry/Maat_rule.cpp
@@ -2154,24 +2154,24 @@ int add_expr_rule(struct Maat_table_desc* table,struct db_str_rule_t* db_rule,st
 		{
 			return -1;
 		}
-		op_expr=create_op_expr(expr_id
-								,0	//add
-								,u_para
-								,table->table_id
+		op_expr=create_op_expr(expr_id,
+								0,	//add
+								u_para,
+								table->table_id
 								);
 		for(k=0;k<sub_expr_cnt;k++)
 		{
-			region_str_len=strlen(sub_key_array[0])+1;
-			region_string=(char*)calloc(sizeof(char),region_str_len);
-			region_str_len=hex2bin(sub_key_array[0], strlen(sub_key_array[0]),region_string,region_str_len);
+			region_str_len=strlen(sub_key_array[k])+1;
+			region_string=ALLOC(char, region_str_len);
+			region_str_len=hex2bin(sub_key_array[k], strlen(sub_key_array[k]), region_string, region_str_len);
 			
-			p_rule=create_rs_str_rule(make_sub_type(table->table_id,dst_charset,expr_desc->do_charset_merge)
-									,db_rule->match_method
-									,db_rule->is_case_sensitive
-									,region_string
-									,region_str_len
-									,key_left_offset[k]
-									,key_right_offset[k]);
+			p_rule=create_rs_str_rule(make_sub_type(table->table_id,dst_charset,expr_desc->do_charset_merge),
+									db_rule->match_method,
+									db_rule->is_case_sensitive,
+									region_string,
+									region_str_len,
+									key_left_offset[k],
+									key_right_offset[k]);
 			op_expr_add_rule(op_expr, p_rule);
 			free(region_string);
 			region_string=NULL;
--- a/test/test_maatframe.cpp
+++ b/test/test_maatframe.cpp
@@ -282,7 +282,7 @@ TEST(StringScan, ExprPlusWithOffset)
 	struct Maat_rule_t result[4];
 	scan_status_t mid=NULL;
 	const char* region_name="Payload";
-	unsigned char udp_payload[] = { /* Stun packet */
+	unsigned char udp_payload_not_hit[] = { /* Stun packet */
 							0x00, 0x03, 0x00, 0x4a, 0x21, 0x12, 0xa4, 0x42, 
 							0x4f, 0xc2, 0xc2, 0x70, 0xb3, 0xa8, 0x4e, 0x22, 
 							0xf5, 0x22, 0x87, 0x4c, 0x40, 0x00, 0x00, 0x46, 
@@ -295,13 +295,31 @@ TEST(StringScan, ExprPlusWithOffset)
 							0xc5, 0xbb, 0xc3, 0xba, 0x69, 0x73, 0x52, 0x64, 
 							0xf6, 0x30, 0x81, 0xf4, 0x3f, 0xc2, 0x19, 0x6a, 
 							0x68, 0x61, 0x93, 0x08, 0xc0, 0x0a };
+	unsigned char udp_payload_hit[] = { /* Stun packet */					//rule:"1-1:03&9-10:2d&14-16:2d34&19-21:2d&24-25:2d"
+							0x00, 0x03, 0x00, 0x4a, 0x21, 0x12, 0xa4, 0x42, //1-1:03
+							0x4f, 0xc2, 0x2d, 0x70, 0xb3, 0xa8, 0x4e, 0x2d, //10-10:2d
+							0x34, 0x22, 0x87, 0x4c, 0x2d, 0x00, 0x00, 0x46, //15-16:2d34&20-20:2d
+							0x34, 0x34, 0xab, 0x39, 0xbb, 0x97, 0xe5, 0x01, //24-24:2d
+							0x03, 0x46, 0x1c, 0x28, 0x5b, 0xab, 0xfa, 0x9a, 
+							0xab, 0x2e, 0x71, 0x39, 0x66, 0xa0, 0xd7, 0xb9, 
+							0xd8, 0x41, 0xa7, 0xa0, 0x84, 0xa9, 0xf3, 0x1b, 
+							0x03, 0x7f, 0xa8, 0x28, 0xa2, 0xd3, 0x64, 0xc2, 
+							0x3d, 0x20, 0xe0, 0xb1, 0x41, 0x12, 0x6c, 0x2f, 
+							0xc5, 0xbb, 0xc3, 0xba, 0x69, 0x73, 0x52, 0x64, 
+							0xf6, 0x30, 0x81, 0xf4, 0x3f, 0xc2, 0x19, 0x6a, 
+							0x68, 0x61, 0x93, 0x08, 0xc0, 0x0a };
+
 	memset(&result, 0, sizeof(result));
 	table_id=Maat_table_register(g_feather, "APP_PAYLOAD");
 	ASSERT_GT(table_id, 0);
 	ret=Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_DISTRICT, region_name, strlen(region_name));
 	EXPECT_EQ(ret, 0);

-	ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, (char*)udp_payload, sizeof(udp_payload), 
+	ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, (char*)udp_payload_not_hit, sizeof(udp_payload_not_hit), 
+						result, NULL, 4,
+						&mid, 0);
+	EXPECT_EQ(ret, 0);
+	ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, (char*)udp_payload_hit, sizeof(udp_payload_hit), 
 						result, NULL, 4,
 						&mid, 0);
 	EXPECT_EQ(ret, 1);