Next 20160520 v11

src/app-layer-dns-common.c

@@ -1005,6 +1005,21 @@ const uint8_t *DNSReponseParse(DNSState *dns_state, const DNSHeader * const dns_
             data += ntohs(head->len);
             break;
         }
+        case DNS_RECORD_TYPE_SSHFP:
+        {
+            /* data here should be:
+             * [1 byte algo][1 byte type][var bytes fingerprint]
+             * As we currently can't store each of those in the state,
+             * we just store the raw data an let the output/detect
+             * code figure out what to do with it. */
+
+            DNSStoreAnswerInState(dns_state, list, fqdn, fqdn_len,
+                    ntohs(head->type), ntohs(head->class), ntohl(head->ttl),
+                    data, ntohs(head->len), ntohs(dns_header->tx_id));
+
+            data += ntohs(head->len);
+            break;
+        }
         default:    /* unsupported record */
         {
             DNSStoreAnswerInState(dns_state, list, NULL, 0,

src/app-layer-dns-common.h

@@ -92,7 +92,6 @@
 #define DNS_RECORD_TYPE_ANY         255
 #define DNS_RECORD_TYPE_URI         256
 
-
 #define DNS_RCODE_NOERROR       0
 #define DNS_RCODE_FORMERR       1
 #define DNS_RCODE_SERVFAIL      2

src/app-layer-htp-body.c

@@ -96,8 +96,9 @@ int HtpBodyAppendChunk(const HTPCfgDir *hcfg, HtpBody *body,
     if (body->first == NULL) {
         /* New chunk */
         bd = (HtpBodyChunk *)HTPCalloc(1, sizeof(HtpBodyChunk));
-        if (bd == NULL)
-            goto error;
+        if (bd == NULL) {
+            SCReturnInt(-1);
+        }
 
         StreamingBufferAppend(body->sb, &bd->sbseg, data, len);
 
@@ -106,8 +107,9 @@ int HtpBodyAppendChunk(const HTPCfgDir *hcfg, HtpBody *body,
         body->content_len_so_far = len;
     } else {
         bd = (HtpBodyChunk *)HTPCalloc(1, sizeof(HtpBodyChunk));
-        if (bd == NULL)
-            goto error;
+        if (bd == NULL) {
+            SCReturnInt(-1);
+        }
 
         StreamingBufferAppend(body->sb, &bd->sbseg, data, len);
 
@@ -119,12 +121,6 @@ int HtpBodyAppendChunk(const HTPCfgDir *hcfg, HtpBody *body,
     SCLogDebug("body %p", body);
 
     SCReturnInt(0);
-
-error:
-    if (bd != NULL) {
-        HTPFree(bd, sizeof(HtpBodyChunk));
-    }
-    SCReturnInt(-1);
 }
 
 /**

src/app-layer-smtp.c

@@ -374,7 +374,7 @@ static void SMTPPruneFiles(FileContainer *files)
                 window, file_size, data_size);
 
         if (data_size > (window * 3)) {
-            uint64_t left_edge = left_edge = file_size - window;
+            uint64_t left_edge = file_size - window;
             SCLogDebug("file->content_inspected now %"PRIu64, left_edge);
             file->content_inspected = left_edge;
         }

src/flow-worker.c

@@ -115,9 +115,10 @@ static TmEcode FlowWorkerThreadDeinit(ThreadVars *tv, void *data)
 
     /* free DETECT */
     void *detect_thread = SC_ATOMIC_GET(fw->detect_thread);
-    if (detect_thread != NULL)
+    if (detect_thread != NULL) {
         DetectEngineThreadCtxDeinit(tv, detect_thread);
         SC_ATOMIC_SET(fw->detect_thread, NULL);
+    }
 #if 0
     // free OUTPUT
 #endif

src/output-json-dns.c

@@ -172,6 +172,34 @@ static void OutputAnswer(LogDnsLogThread *aft, json_t *djs, DNSTransaction *tx,
             } else {
                 json_object_set_new(js, "rdata", json_string(""));
             }
+        } else if (entry->type == DNS_RECORD_TYPE_SSHFP) {
+            if (entry->data_len > 2) {
+                /* get algo and type */
+                uint8_t algo = *ptr;
+                uint8_t fptype = *(ptr+1);
+
+                /* turn fp raw buffer into a nice :-separate hex string */
+                uint16_t fp_len = (entry->data_len - 2);
+                uint8_t *dptr = ptr+2;
+                uint32_t output_len = fp_len * 2 + 1; // create c-string, so add space for 0.
+                char hexstring[output_len], *p = hexstring;
+                memset(hexstring, 0x00, output_len);
+
+                uint16_t x;
+                for (x = 0; x < fp_len; x++, p += 3) {
+                    snprintf(p, 4, x == fp_len - 1 ? "%02x" : "%02x:", dptr[x]);
+                }
+
+                /* wrap the whole thing in it's own structure */
+                json_t *hjs = json_object();
+                if (hjs != NULL) {
+                    json_object_set_new(hjs, "fingerprint", json_string(hexstring));
+                    json_object_set_new(hjs, "algo", json_integer(algo));
+                    json_object_set_new(hjs, "type", json_integer(fptype));
+
+                    json_object_set_new(js, "sshfp", hjs);
+                }
+            }
         }
     }
 

src/util-mpm-ac.c

@@ -89,6 +89,10 @@ void SCACRegisterTests(void);
 
 #define STATE_QUEUE_CONTAINER_SIZE 65536
 
+#define AC_CASE_MASK    0x80000000
+#define AC_PID_MASK     0x7FFFFFFF
+#define AC_CASE_BIT     31
+
 static int construct_both_16_and_32_state_tables = 0;
 
 /**
@@ -674,8 +678,8 @@ static inline void SCACInsertCaseSensitiveEntriesForPatterns(MpmCtx *mpm_ctx)
 
         for (k = 0; k < ctx->output_table[state].no_of_entries; k++) {
             if (ctx->pid_pat_list[ctx->output_table[state].pids[k]].cs != NULL) {
-                ctx->output_table[state].pids[k] &= 0x0000FFFF;
-                ctx->output_table[state].pids[k] |= 1 << 16;
+                ctx->output_table[state].pids[k] &= AC_PID_MASK;
+                ctx->output_table[state].pids[k] |= ((uint32_t)1 << AC_CASE_BIT);
             }
         }
     }
@@ -1047,8 +1051,8 @@ uint32_t SCACSearch(const MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx,
                 uint32_t *pids = ctx->output_table[state & 0x7FFF].pids;
                 uint32_t k;
                 for (k = 0; k < no_of_entries; k++) {
-                    if (pids[k] & 0xFFFF0000) {
-                        uint32_t lower_pid = pids[k] & 0x0000FFFF;
+                    if (pids[k] & AC_CASE_MASK) {
+                        uint32_t lower_pid = pids[k] & AC_PID_MASK;
                         if (SCMemcmp(pid_pat_list[lower_pid].cs,
                                      buf + i - pid_pat_list[lower_pid].patlen + 1,
                                      pid_pat_list[lower_pid].patlen) != 0) {
@@ -1087,7 +1091,7 @@ uint32_t SCACSearch(const MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx,
                 uint32_t *pids = ctx->output_table[state & 0x00FFFFFF].pids;
                 uint32_t k;
                 for (k = 0; k < no_of_entries; k++) {
-                    if (pids[k] & 0xFFFF0000) {
+                    if (pids[k] & AC_CASE_MASK) {
                         uint32_t lower_pid = pids[k] & 0x0000FFFF;
                         if (SCMemcmp(pid_pat_list[lower_pid].cs,
                                      buf + i - pid_pat_list[lower_pid].patlen + 1,
@@ -1587,7 +1591,7 @@ uint32_t SCACCudaPacketResultsProcessing(Packet *p, const MpmCtx *mpm_ctx,
          * don't copy the pattern id into the pattern_id_array.  That's
          * the only change */
         for (k = 0; k < no_of_entries; k++) {
-            if (pids[k] & 0xFFFF0000) {
+            if (pids[k] & AC_CASE_MASK) {
                 uint32_t lower_pid = pids[k] & 0x0000FFFF;
                 if (SCMemcmp(pid_pat_list[lower_pid].cs,
                              buf + offset - pid_pat_list[lower_pid].patlen + 1,