diff options
| author | root <[email protected]> | 2024-10-14 02:25:36 +0000 |
|---|---|---|
| committer | root <[email protected]> | 2024-10-14 02:25:36 +0000 |
| commit | 78f733417cf8f11649101dc29aae79326eb553a6 (patch) | |
| tree | a63c74a9a3ce957464a84a2407cb276e134e3d1a /src | |
| parent | 586f1c11b20524066a3b4025cd4a59a14565ad32 (diff) | |
fix memory leak
Diffstat (limited to 'src')
| -rw-r--r-- | src/maat_bool_plugin.c | 20 | ||||
| -rw-r--r-- | src/maat_config_monitor.c | 26 | ||||
| -rw-r--r-- | src/maat_ex_data.c | 26 | ||||
| -rw-r--r-- | src/maat_expr.c | 24 | ||||
| -rw-r--r-- | src/maat_flag.c | 11 | ||||
| -rw-r--r-- | src/maat_fqdn_plugin.c | 16 | ||||
| -rw-r--r-- | src/maat_interval.c | 8 | ||||
| -rw-r--r-- | src/maat_ip.c | 20 | ||||
| -rw-r--r-- | src/maat_ip_plugin.c | 24 | ||||
| -rw-r--r-- | src/maat_ipport_plugin.c | 20 | ||||
| -rw-r--r-- | src/maat_plugin.c | 31 | ||||
| -rw-r--r-- | src/maat_rule.c | 60 |
12 files changed, 208 insertions, 78 deletions
diff --git a/src/maat_bool_plugin.c b/src/maat_bool_plugin.c index 5a6fb3a..d1c877f 100644 --- a/src/maat_bool_plugin.c +++ b/src/maat_bool_plugin.c @@ -268,18 +268,22 @@ bool_plugin_accept_tag_match(struct bool_plugin_schema *schema, FREE(tag_str); if (TAG_MATCH_ERR == ret) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_BOOL_PLUGIN, "[%s:%d] bool_plugin table:<%s> has invalid tag" " in line:%s", __FUNCTION__, __LINE__, table_name, - cJSON_Print(json)); + json_str); + FREE(json_str); return TAG_MATCH_ERR; } if (TAG_MATCH_UNMATCHED == ret) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_BOOL_PLUGIN, "[%s:%d] bool_plugin table:<%s> has unmatched tag" " in line:%s", __FUNCTION__, __LINE__, table_name, - cJSON_Print(json)); + json_str); + FREE(json_str); return TAG_MATCH_UNMATCHED; } } @@ -305,20 +309,24 @@ bool_plugin_expr_new(struct bool_plugin_schema *schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, schema->key_name); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_BOOL_PLUGIN, "[%s:%d] bool_plugin table:<%s> has " "no key_name %s or invalid format in line:%s", __FUNCTION__, - __LINE__, table_name, schema->key_name, cJSON_Print(json)); + __LINE__, table_name, schema->key_name, json_str); + FREE(json_str); goto error; } uuid_parse(tmp_obj->valuestring, bool_expr->expr_uuid); tmp_obj = cJSON_GetObjectItem(json, "bool_expr"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_BOOL_PLUGIN, "[%s:%d] bool_plugin table:<%s> has " "no bool_expr or invalid format in line:%s", __FUNCTION__, - __LINE__, table_name, cJSON_Print(json)); + __LINE__, table_name, json_str); + FREE(json_str); goto error; } @@ -333,10 +341,12 @@ bool_plugin_expr_new(struct bool_plugin_schema *schema, const char *table_name, ret = sscanf(sub_token, "%llu", items + n_item); n_item++; if (ret != 1 || n_item > MAX_ITEMS_PER_BOOL_EXPR) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_BOOL_PLUGIN, "[%s:%d] bool_plugin table:<%s> has " "invalid format of bool_expr in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } } diff --git a/src/maat_config_monitor.c b/src/maat_config_monitor.c index 0ebc24e..6074239 100644 --- a/src/maat_config_monitor.c +++ b/src/maat_config_monitor.c @@ -186,35 +186,35 @@ void config_monitor_traverse(long long current_version, const cJSON *json_root, } } -static void object_info_add(struct object_info *object_name_map, const char *object_name, const char *object_uuid) +static void object_info_add(struct object_info **object_name_map, const char *object_name, const char *object_uuid) { struct object_info *object_info = NULL; - HASH_FIND_STR(object_name_map, object_name, object_info); + HASH_FIND_STR(*object_name_map, object_name, object_info); if (object_info == NULL) { object_info = ALLOC(struct object_info, 1); strncpy(object_info->object_name, object_name, sizeof(object_info->object_name)); strncpy(object_info->object_uuid, object_uuid, sizeof(object_info->object_uuid)); - HASH_ADD_STR(object_name_map, object_name, object_info); + HASH_ADD_STR(*object_name_map, object_name, object_info); } } -static struct object_info *object_info_find(struct object_info *object_name_map, const char *object_name) +static struct object_info *object_info_find(struct object_info **object_name_map, const char *object_name) { struct object_info *object_info = NULL; - HASH_FIND_STR(object_name_map, object_name, object_info); + HASH_FIND_STR(*object_name_map, object_name, object_info); return object_info; } -static void object_info_free(struct object_info *object_name_map) +static void object_info_free(struct object_info **object_name_map) { struct object_info *object_info, *tmp; - HASH_ITER(hh, object_name_map, object_info, tmp) { - HASH_DEL(object_name_map, object_info); + HASH_ITER(hh, *object_name_map, object_info, tmp) { + HASH_DEL(*object_name_map, object_info); FREE(object_info); } } -static void convert_condition(struct object_info *object_name_map, cJSON *condition, cJSON *top_items, int *object_gen_id, int *item_gen_id) +static void convert_condition(struct object_info **object_name_map, cJSON *condition, cJSON *top_items, int *object_gen_id, int *item_gen_id) { cJSON *object_uuid_array = cJSON_CreateArray(); cJSON *object_name = cJSON_GetObjectItem(condition, "object_name"); @@ -386,11 +386,11 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff) if (or_conditions) { cJSON *tmp_or_condition = NULL; cJSON_ArrayForEach(tmp_or_condition, or_conditions) { - convert_condition(object_name_map, tmp_or_condition, top_items, &object_gen_id, &item_gen_id); + convert_condition(&object_name_map, tmp_or_condition, top_items, &object_gen_id, &item_gen_id); } } else { cJSON *tmp_or_condition = cJSON_Duplicate(tmp_and_condition, 1); - convert_condition(object_name_map, tmp_or_condition, top_items, &object_gen_id, &item_gen_id); + convert_condition(&object_name_map, tmp_or_condition, top_items, &object_gen_id, &item_gen_id); or_conditions = cJSON_CreateArray(); cJSON_AddItemToArray(or_conditions, tmp_or_condition); @@ -400,7 +400,7 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff) } - object_info_free(object_name_map); + object_info_free(&object_name_map); } int load_maat_json_rule_file(struct maat *maat_inst, const char *json_filename, @@ -464,5 +464,7 @@ int load_maat_json_rule_file(struct maat *maat_inst, const char *json_filename, convert_maat_json_rule(json_root, json_buff); + FREE(json_buff); + return 0; }
\ No newline at end of file diff --git a/src/maat_ex_data.c b/src/maat_ex_data.c index 2a4705b..d38cb74 100644 --- a/src/maat_ex_data.c +++ b/src/maat_ex_data.c @@ -44,7 +44,17 @@ void cache_row_free(void *p) free(*(char **)p); } -UT_icd ut_cache_row_icd = {sizeof(char*), NULL, NULL, cache_row_free}; +void cache_row_copy(void *dst, const void *src) +{ + struct ex_data_row *ex_data_row_src = (struct ex_data_row *)src; + struct ex_data_row *ex_data_row_dst = (struct ex_data_row *)dst; + + ex_data_row_dst->row = ALLOC(char, strlen(ex_data_row_src->row) + 1); + strcpy(ex_data_row_dst->row, ex_data_row_src->row); + ex_data_row_dst->op = ex_data_row_src->op; +} + +UT_icd ut_cache_row_icd = {sizeof(struct ex_data_row), NULL, cache_row_copy, cache_row_free}; struct ex_data_runtime * ex_data_runtime_new(int table_id, int gc_timeout_s, struct log_handle *logger) @@ -100,14 +110,16 @@ void ex_data_runtime_cache_row_put(struct ex_data_runtime *ex_data_rt, const cha } size_t row_len = strlen(row); - struct ex_data_row *ex_data_row = ALLOC(struct ex_data_row, 1); - ex_data_row->row = ALLOC(char, row_len + 1); + struct ex_data_row ex_data_row; + ex_data_row.row = ALLOC(char, row_len + 1); - ex_data_row->op = op; - memcpy(ex_data_row->row, row, row_len); + ex_data_row.op = op; + memcpy(ex_data_row.row, row, row_len); ex_data_rt->cache_size += row_len; utarray_push_back(ex_data_rt->cache_rows, &ex_data_row); ex_data_rt->cache_row_num++; + + FREE(ex_data_row.row); } const struct ex_data_row *ex_data_runtime_cached_row_get(struct ex_data_runtime *ex_data_rt, size_t index) @@ -116,9 +128,7 @@ const struct ex_data_row *ex_data_runtime_cached_row_get(struct ex_data_runtime return NULL; } - const char **row = NULL; - row = (const char **)utarray_eltptr(ex_data_rt->cache_rows, index); - return (struct ex_data_row *)*row; + return (struct ex_data_row *)utarray_eltptr(ex_data_rt->cache_rows, index); } size_t ex_data_runtime_cached_row_count(struct ex_data_runtime *ex_data_rt) diff --git a/src/maat_expr.c b/src/maat_expr.c index ae21af4..45bab8a 100644 --- a/src/maat_expr.c +++ b/src/maat_expr.c @@ -104,35 +104,43 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, "object_uuid"); if (tmp_obj == NULL && tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> has no object_id in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } uuid_parse(tmp_obj->valuestring, expr_item->object_uuid); tmp_obj = cJSON_GetObjectItem(json, "expression"); if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> has no expression in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } len = strlen(tmp_obj->valuestring); if (len > MAX_KEYWORDS_STR_LEN) { + char *json_str = cJSON_Print(json); log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> expression length too long in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } memcpy(expr_item->keywords, tmp_obj->valuestring, len); tmp_obj = cJSON_GetObjectItem(json, "expr_type"); if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> has no expr_type in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } @@ -145,9 +153,11 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name, } if (expr_item->expr_type == EXPR_TYPE_INVALID) { + char *json_str = cJSON_Print(json); log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> has invalid expr_type in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } else if (expr_item->expr_type == EXPR_TYPE_REGEX) { ret = expr_matcher_verify_regex_expression(expr_item->keywords, expr_rt->logger); @@ -603,10 +613,12 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema, uuid_t item_uuid; uuid_parse(tmp_obj->valuestring, item_uuid); if (uuid_is_null(item_uuid)) { + char *json_str = cJSON_Print(json); log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> item_id wrong" " in table_line:%s", __FUNCTION__, __LINE__, table_name, - cJSON_Print(json)); + json_str); + FREE(json_str); expr_rt->update_err_cnt++; goto ERROR; } diff --git a/src/maat_flag.c b/src/maat_flag.c index 42a24e5..1cebe12 100644 --- a/src/maat_flag.c +++ b/src/maat_flag.c @@ -202,18 +202,21 @@ flag_item_new(struct flag_schema *schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, "object_uuid"); if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(flag_rt->logger, MODULE_FLAG, "[%s:%d] flag table:<%s> has no object_id in json:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); goto error; } uuid_parse(tmp_obj->valuestring, item->object_uuid); tmp_obj = cJSON_GetObjectItem(json, "flag"); if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) { + char *json_str = cJSON_Print(json); log_fatal(flag_rt->logger, MODULE_FLAG, "[%s:%d] flag table:<%s> has no flag in json:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } @@ -221,9 +224,11 @@ flag_item_new(struct flag_schema *schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, "mask"); if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) { + char *json_str = cJSON_Print(json); log_fatal(flag_rt->logger, MODULE_FLAG, "[%s:%d] flag table:<%s> has no mask in json:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } diff --git a/src/maat_fqdn_plugin.c b/src/maat_fqdn_plugin.c index 282ba0e..c916fde 100644 --- a/src/maat_fqdn_plugin.c +++ b/src/maat_fqdn_plugin.c @@ -220,18 +220,22 @@ fqdn_plugin_accept_tag_match(struct fqdn_plugin_schema *schema, FREE(tag_str); if (TAG_MATCH_ERR == ret) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_FQDN_PLUGIN, "[%s:%d] fqdn_plugin table:<%s> has invalid tag" " format in line:%s", __FUNCTION__, __LINE__, - table_name, cJSON_Print(json)); + table_name, json_str); + FREE(json_str); return TAG_MATCH_ERR; } if (TAG_MATCH_UNMATCHED == ret) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_FQDN_PLUGIN, "[%s:%d] fqdn_plugin table:<%s> has unmatched tag" " in line:%s", __FUNCTION__, __LINE__, table_name, - cJSON_Print(json)); + json_str); + FREE(json_str); return TAG_MATCH_UNMATCHED; } } @@ -255,18 +259,22 @@ fqdn_plugin_rule_new(const cJSON *json, struct fqdn_plugin_schema *schema, tmp_obj = cJSON_GetObjectItem(json, schema->key_name); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_FQDN_PLUGIN, "[%s:%d] fqdn_plugin table:<%s> has no key_name or invalid format in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } uuid_parse(tmp_obj->valuestring, fqdn_plugin_rule->uuid); tmp_obj = cJSON_GetObjectItem(json, "fqdn"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_FQDN_PLUGIN, "[%s:%d] fqdn_plugin table:<%s> has no fqdn in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } diff --git a/src/maat_interval.c b/src/maat_interval.c index e37acb2..be03149 100644 --- a/src/maat_interval.c +++ b/src/maat_interval.c @@ -173,18 +173,22 @@ interval_item_new(struct interval_schema *schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, "object_uuid"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(interval_rt->logger, MODULE_INTERVAL, "[%s:%d] interval table:<%s> has no object_id in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } uuid_parse(tmp_obj->valuestring, item->object_uuid); tmp_obj = cJSON_GetObjectItem(json, "interval"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(interval_rt->logger, MODULE_INTERVAL, "[%s:%d] interval table:<%s> has no interval in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } memcpy(port_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring)); diff --git a/src/maat_ip.c b/src/maat_ip.c index c23a462..04d6759 100644 --- a/src/maat_ip.c +++ b/src/maat_ip.c @@ -109,18 +109,22 @@ ip_item_new(struct ip_schema *ip_schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, "object_uuid"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP, "[%s:%d] ip table:<%s> has no object_id in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } uuid_parse(tmp_obj->valuestring, ip_item->object_uuid); tmp_obj = cJSON_GetObjectItem(json, "ip"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP, "[%s:%d] ip table:<%s> has no ip in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } memcpy(ip_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring)); @@ -134,18 +138,22 @@ ip_item_new(struct ip_schema *ip_schema, const char *table_name, if (IPv4 == ip_item->addr_type) { ret = ip_format2range(ip_str, ip_item->addr_type, &ip_item->ipv4.min_ip, &ip_item->ipv4.max_ip); if (ret < 0) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP, "[%s:%d] ip table:<%s> ip_format2range(ip4) failed in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } } else { //ipv6 ret = ip_format2range(ip_str, ip_item->addr_type, ip_item->ipv6.min_ip, ip_item->ipv6.max_ip); if (ret < 0) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP, "[%s:%d] ip table:<%s> ip_format2range(ip6) failed in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } } @@ -319,9 +327,11 @@ int ip_runtime_update(void *ip_runtime, void *ip_schema, tmp_obj = cJSON_GetObjectItem(json, "uuid"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(ip_rt->logger, MODULE_IP, "[%s:%d] ip table:<%s> has no item_id in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); ip_rt->update_err_cnt++; goto ERROR; } diff --git a/src/maat_ip_plugin.c b/src/maat_ip_plugin.c index 8c33efa..63a5893 100644 --- a/src/maat_ip_plugin.c +++ b/src/maat_ip_plugin.c @@ -118,16 +118,20 @@ ip_plugin_accept_tag_match(struct ip_plugin_schema *schema, FREE(tag_str); if (TAG_MATCH_ERR == ret) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP_PLUGIN, "[%s:%d] ip_plugin table:<%s> has invalid tag format" - " in line:%s", __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + " in line:%s", __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); return TAG_MATCH_ERR; } if (TAG_MATCH_UNMATCHED == ret) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP_PLUGIN, "[%s:%d] ip_plugin table:<%s> has unmatched tag in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); return TAG_MATCH_UNMATCHED; } } @@ -151,18 +155,22 @@ ip_plugin_rule_new(struct ip_plugin_schema *schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, schema->key_name); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP_PLUGIN, "[%s:%d] ip_plugin table:<%s> has no key %s or invalid format in line:%s", - __FUNCTION__, __LINE__, table_name, schema->key_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, schema->key_name, json_str); + FREE(json_str); goto error; } uuid_parse(tmp_obj->valuestring, ip_plugin_rule->rule_uuid); tmp_obj = cJSON_GetObjectItem(json, "ip"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP_PLUGIN, "[%s:%d] ip_plugin table:<%s> has no ip field or invalid format in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } strncpy(ip_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring)); @@ -176,20 +184,24 @@ ip_plugin_rule_new(struct ip_plugin_schema *schema, const char *table_name, if (IPv4 == ip_plugin_rule->type) { ret = ip_format2range(ip_str, ip_plugin_rule->type, &ip_plugin_rule->ipv4_rule.start_ip, &ip_plugin_rule->ipv4_rule.end_ip); if (ret < 0) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP_PLUGIN, "[%s:%d] ip_plugin table:<%s>> ip_format2range(ip4)" " failed in line:%s", __FUNCTION__, __LINE__, - table_name, cJSON_Print(json)); + table_name, json_str); + FREE(json_str); goto error; } } else { //ipv6 ret = ip_format2range(ip_str, ip_plugin_rule->type, ip_plugin_rule->ipv6_rule.start_ip, ip_plugin_rule->ipv6_rule.end_ip); if (ret < 0) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IP_PLUGIN, "[%s:%d] ip_plugin table:<%s> ip_format2range(ip6)" " failed in line:%s", __FUNCTION__, __LINE__, - table_name, cJSON_Print(json)); + table_name, json_str); + FREE(json_str); goto error; } } diff --git a/src/maat_ipport_plugin.c b/src/maat_ipport_plugin.c index 35b12bd..f328d2d 100644 --- a/src/maat_ipport_plugin.c +++ b/src/maat_ipport_plugin.c @@ -233,18 +233,22 @@ ipport_item_new(struct ipport_plugin_schema *schema, const char *table_name, tmp_obj = cJSON_GetObjectItem(json, schema->key_name); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport table:<%s> has no key or invalid format, line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } uuid_parse(tmp_obj->valuestring, ipport_item->item_uuid); tmp_obj = cJSON_GetObjectItem(json, "ip"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport table:<%s> has no ip or invalid format in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } strncpy(ip_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring)); @@ -258,27 +262,33 @@ ipport_item_new(struct ipport_plugin_schema *schema, const char *table_name, if (IPV4 == ipport_item->ip_type) { ret = ip_format2range(ip_str, ipport_item->ip_type, &ipport_item->ipv4.min_ip, &ipport_item->ipv4.max_ip); if (ret < 0) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport table:<%s> ip_format2range(ip4) failed in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } } else { //ipv6 ret = ip_format2range(ip_str, ipport_item->ip_type, ipport_item->ipv6.min_ip, ipport_item->ipv6.max_ip); if (ret < 0) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport table:<%s> ip_format2range(ip6) failed in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } } tmp_obj = cJSON_GetObjectItem(json, "port"); if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + char *json_str = cJSON_Print(json); log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport table:<%s> has no port or invalid format in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, json_str); + FREE(json_str); goto error; } diff --git a/src/maat_plugin.c b/src/maat_plugin.c index 2c1e85a..8929f50 100644 --- a/src/maat_plugin.c +++ b/src/maat_plugin.c @@ -378,7 +378,7 @@ static int plugin_accept_tag_match(struct plugin_schema *schema, { size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr); cJSON *tmp_obj = NULL; - int ret = 0; + int ret = TAG_MATCH_MATCHED; cJSON *json = cJSON_Parse(line); tmp_obj = cJSON_GetObjectItem(json, "effective_range"); @@ -390,21 +390,24 @@ static int plugin_accept_tag_match(struct plugin_schema *schema, if (TAG_MATCH_ERR == ret) { log_fatal(logger, MODULE_PLUGIN, "[%s:%d] table: <%s> has invalid tag format in table_line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); - return TAG_MATCH_ERR; + __FUNCTION__, __LINE__, table_name, line); + goto END; } if (TAG_MATCH_UNMATCHED == ret) { log_fatal(logger, MODULE_PLUGIN, "[%s:%d] table: <%s> has unmatched tag in table_line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); - return TAG_MATCH_UNMATCHED; + __FUNCTION__, __LINE__, table_name, line); + goto END; } } - cJSON_Delete(json); +END: + if (json) { + cJSON_Delete(json); + } - return TAG_MATCH_MATCHED; + return ret; } static int plugin_table_line_get_ip_key(struct plugin_schema *schema, @@ -419,7 +422,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema, log_fatal(logger, MODULE_PLUGIN, "[%s:%d] plugin table:<%s> ip_key too long exceed maximum:%d in " "table_line:%s", __FUNCTION__, __LINE__, table_name, - INET6_ADDRSTRLEN, cJSON_Print(json)); + INET6_ADDRSTRLEN, line); goto ERROR; } @@ -430,7 +433,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema, if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) { log_fatal(logger, MODULE_PLUGIN, "[%s:%d] plugin table:<%s> has no addr_type or not number format in table_line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, line); goto ERROR; } @@ -446,7 +449,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema, log_fatal(logger, MODULE_PLUGIN, "[%s:%d] plugin table:<%s> ipv4 key" " illegal in table_line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, line); goto ERROR; } @@ -459,7 +462,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema, log_fatal(logger, MODULE_PLUGIN, "[%s:%d] plugin table:<%s> ipv6 key" " illegal in table_line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, line); goto ERROR; } @@ -469,11 +472,15 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema, log_fatal(logger, MODULE_PLUGIN, "[%s:%d] plugin table:<%s> addr_type:%d illegal, just" " allow{4, 6}, table_line:%s", - __FUNCTION__, __LINE__, table_name, addr_type, cJSON_Print(json)); + __FUNCTION__, __LINE__, table_name, addr_type, line); goto ERROR; } + if (json) { + cJSON_Delete(json); + } return 0; + ERROR: if (json) { cJSON_Delete(json); diff --git a/src/maat_rule.c b/src/maat_rule.c index 1108b1e..e23bc72 100644 --- a/src/maat_rule.c +++ b/src/maat_rule.c @@ -345,6 +345,10 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule rule_item->condition_num = rule->condition_num; rule->user_data = rule_item; + if (table_json) { + cJSON_Delete(table_json); + } + return rule; error: @@ -352,6 +356,10 @@ error: maat_rule_free(rule); } + if (table_json) { + cJSON_Delete(table_json); + } + return NULL; } @@ -361,33 +369,38 @@ static int rule_accept_tag_match(struct rule_schema *schema, const char *line, size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr); cJSON *tmp_obj = NULL; cJSON *table_json = cJSON_Parse(line); + int ret = TAG_MATCH_MATCHED; tmp_obj = cJSON_GetObjectItem(table_json, "effective_range"); if ((tmp_obj && cJSON_GetArraySize(tmp_obj) > 0) && n_tag > 0) { char *tag_str = cJSON_Print(tmp_obj); - int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str); + ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str); FREE(tag_str); if (TAG_MATCH_ERR == ret) { log_fatal(logger, MODULE_RULE, "[%s:%d] table: <%s> has invalid tag format in line:%s", __FUNCTION__, __LINE__, table_name, line); - return TAG_MATCH_ERR; + goto END; } if (TAG_MATCH_UNMATCHED == ret) { log_fatal(logger, MODULE_RULE, "[%s:%d] table: <%s> has unmatched tag in line:%s", __FUNCTION__, __LINE__, table_name, line); - return TAG_MATCH_UNMATCHED; + goto END; } } - return TAG_MATCH_MATCHED; +END: + if (table_json) { + cJSON_Delete(table_json); + } + + return ret; } -static struct rule_item * -rule_item_new(const char *table_line, struct rule_schema *schema, +static struct rule_item *rule_item_new(const char *table_line, struct rule_schema *schema, const char *table_name, struct log_handle *logger) { int ret = rule_accept_tag_match(schema, table_line, table_name, logger); @@ -403,7 +416,7 @@ rule_item_new(const char *table_line, struct rule_schema *schema, if (tmp_obj == NULL && tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_RULE, "[%s:%d] table: <%s> has no rule_id or not string format in line:%s", - __FUNCTION__, __LINE__, table_name, cJSON_Print(table_json)); + __FUNCTION__, __LINE__, table_name, table_line); goto error; } uuid_parse(tmp_obj->valuestring, rule_item->rule_uuid); @@ -530,6 +543,25 @@ void rule_runtime_free(void *rule_runtime) rule_rt->not_condition_id_kv_hash = NULL; } + if (rule_rt->tbl_not_condition_hash != NULL) { + struct table_condition *not_condition = NULL, *tmp_not_condition = NULL; + HASH_ITER(hh, rule_rt->tbl_not_condition_hash, not_condition, tmp_not_condition) { + HASH_DEL(rule_rt->tbl_not_condition_hash, not_condition); + if (not_condition->condition_ids != NULL) { + utarray_free(not_condition->condition_ids); + not_condition->condition_ids = NULL; + } + + if (not_condition->object_ids != NULL) { + utarray_free(not_condition->object_ids); + not_condition->object_ids = NULL; + } + + FREE(not_condition); + } + assert(rule_rt->tbl_not_condition_hash == NULL); + } + if (rule_rt->expr_match_buff != NULL) { FREE(rule_rt->expr_match_buff); } @@ -1424,7 +1456,7 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt, struct rule_item *rule_item = rule_item_new(line, schema, table_name, rule_rt->logger); if (NULL == rule_item) { - return -1; + goto ERROR; } int table_id = table_manager_get_table_id(schema->ref_tbl_mgr, table_name); @@ -1432,7 +1464,7 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt, log_fatal(logger, MODULE_RULE, "[%s:%d]table_name:%s has invalid table_id:%d, drop line:%s", __FUNCTION__, __LINE__, table_name, table_id, line); - return -1; + goto ERROR; } int updating_flag = rcu_hash_is_updating(rule_rt->cfg_hash); @@ -1449,6 +1481,7 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt, log_fatal(logger, MODULE_RULE, "[%s:%d]rule_id:%s already existed in rule table, drop line:%s", __FUNCTION__, __LINE__, rule_uuid_str, line); + goto ERROR; } rule = maat_rule_new(rule_rt, schema, table_name, *rule_uuid, line, rule_item); @@ -1456,12 +1489,19 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt, log_fatal(logger, MODULE_RULE, "[%s:%d]maat_rule_new failed, drop line:%s", __FUNCTION__, __LINE__, line); - return -1; + goto ERROR; } rcu_hash_add(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t), rule); return 0; + +ERROR: + if (rule_item != NULL) { + rule_item_free(rule_item); + } + + return -1; } static void rule_runtime_del_rule(struct rule_runtime *rule_rt, |