|
 |
fa49311 |
diff -urp pads-1.2.orig/src/identification.c pads-1.2/src/identification.c
|
|
|
fa49311 |
--- pads-1.2.orig/src/identification.c 2008-06-30 13:56:52.000000000 -0400
|
|
|
fa49311 |
+++ pads-1.2/src/identification.c 2008-06-30 16:12:11.000000000 -0400
|
|
|
fa49311 |
@@ -96,7 +96,7 @@ int parse_raw_signature (bstring line, i
|
|
|
fa49311 |
struct bstrList *raw_sig;
|
|
|
fa49311 |
struct bstrList *title = NULL;
|
|
|
fa49311 |
Signature *sig;
|
|
|
fa49311 |
- bstring pcre_string;
|
|
|
fa49311 |
+ bstring pcre_string = NULL;
|
|
|
fa49311 |
const char *err; /* PCRE */
|
|
|
fa49311 |
int erroffset; /* PCRE */
|
|
|
fa49311 |
int ret = 0;
|
|
|
fa49311 |
@@ -117,10 +117,12 @@ int parse_raw_signature (bstring line, i
|
|
|
fa49311 |
} else if (raw_sig->qty > 3) {
|
|
|
fa49311 |
pcre_string = bstrcpy(raw_sig->entry[2]);
|
|
|
fa49311 |
for (i = 3; i < raw_sig->qty; i++) {
|
|
|
fa49311 |
- if ((bconcat(pcre_string, bfromcstr(","))) == BSTR_ERR)
|
|
|
fa49311 |
+ bstring tmp = bfromcstr(",");
|
|
|
fa49311 |
+ if ((bconcat(pcre_string, tmp)) == BSTR_ERR)
|
|
|
fa49311 |
ret = -1;
|
|
|
fa49311 |
if ((bconcat(pcre_string, raw_sig->entry[i])) == BSTR_ERR)
|
|
|
fa49311 |
ret = -1;
|
|
|
fa49311 |
+ bdestroy(tmp);
|
|
|
fa49311 |
}
|
|
|
fa49311 |
} else {
|
|
|
fa49311 |
pcre_string = bstrcpy(raw_sig->entry[2]);
|
|
|
fa49311 |
@@ -129,8 +131,10 @@ int parse_raw_signature (bstring line, i
|
|
|
fa49311 |
/* Split Title */
|
|
|
fa49311 |
if (raw_sig->entry[1] != NULL && ret != -1)
|
|
|
fa49311 |
title = bsplit(raw_sig->entry[1], '/');
|
|
|
fa49311 |
- if (title == NULL)
|
|
|
fa49311 |
+ if (title == NULL) {
|
|
|
fa49311 |
+ bdestroy(pcre_string);
|
|
|
fa49311 |
return -1;
|
|
|
fa49311 |
+ }
|
|
|
fa49311 |
|
|
|
fa49311 |
if (title->qty < 3)
|
|
|
fa49311 |
ret = -1;
|
|
|
fa49311 |
@@ -139,6 +143,7 @@ int parse_raw_signature (bstring line, i
|
|
|
fa49311 |
if (ret != -1) {
|
|
|
fa49311 |
sig = (Signature*)malloc(sizeof(Signature));
|
|
|
fa49311 |
sig->next = NULL;
|
|
|
fa49311 |
+ sig->regex = NULL;
|
|
|
fa49311 |
if (raw_sig->entry[0] != NULL)
|
|
|
fa49311 |
sig->service = bstrcpy(raw_sig->entry[0]);
|
|
|
fa49311 |
if (title->entry[1] != NULL)
|
|
|
fa49311 |
@@ -280,6 +285,7 @@ int pcre_identify (struct in_addr ip_add
|
|
|
fa49311 |
if (rc != -1) {
|
|
|
fa49311 |
app = get_app_name(list, payload, ovector, rc);
|
|
|
fa49311 |
update_asset(ip_addr, port, proto, list->service, app);
|
|
|
fa49311 |
+ bdestroy(app);
|
|
|
fa49311 |
return 1;
|
|
|
fa49311 |
}
|
|
|
fa49311 |
|
|
|
fa49311 |
@@ -359,7 +365,7 @@ bstring get_app_name (Signature *sig,
|
|
|
fa49311 |
}
|
|
|
fa49311 |
sub[z] = '\0';
|
|
|
fa49311 |
|
|
|
fa49311 |
- retval = bstrcpy(bfromcstr(sub));
|
|
|
fa49311 |
+ retval = bfromcstr(sub);
|
|
|
fa49311 |
return retval;
|
|
|
fa49311 |
|
|
|
fa49311 |
}
|
|
|
fa49311 |
@@ -388,6 +394,7 @@ void end_identification()
|
|
|
fa49311 |
bdestroy(signature_list->title.ver);
|
|
|
fa49311 |
if (signature_list->title.misc != NULL)
|
|
|
fa49311 |
bdestroy(signature_list->title.misc);
|
|
|
fa49311 |
+ pcre_free(signature_list->regex);
|
|
|
fa49311 |
|
|
|
fa49311 |
/* Free Record */
|
|
|
fa49311 |
if (signature_list != NULL)
|
|
|
fa49311 |
diff -urp pads-1.2.orig/src/output/output.c pads-1.2/src/output/output.c
|
|
|
fa49311 |
--- pads-1.2.orig/src/output/output.c 2008-06-30 13:56:52.000000000 -0400
|
|
|
fa49311 |
+++ pads-1.2/src/output/output.c 2008-06-30 16:12:11.000000000 -0400
|
|
|
fa49311 |
@@ -31,8 +31,8 @@
|
|
|
fa49311 |
#include "output-fifo.h"
|
|
|
fa49311 |
#include "storage.h"
|
|
|
fa49311 |
|
|
|
fa49311 |
-/* Global Variables */
|
|
|
fa49311 |
-OutputPluginList *output_plugin_list;
|
|
|
fa49311 |
+/* Local Variables */
|
|
|
fa49311 |
+static OutputPluginList *output_plugin_list = NULL;
|
|
|
fa49311 |
|
|
|
fa49311 |
/* ----------------------------------------------------------
|
|
|
fa49311 |
* FUNCTION : init_output()
|
|
|
fa49311 |
@@ -77,6 +77,7 @@ int register_output_plugin (OutputPlugin
|
|
|
fa49311 |
list = (OutputPluginList*)malloc(sizeof(OutputPluginList));
|
|
|
fa49311 |
list->plugin = plugin;
|
|
|
fa49311 |
list->active = 0;
|
|
|
fa49311 |
+ list->next = NULL;
|
|
|
fa49311 |
|
|
|
fa49311 |
/* Place plugin in data structure. */
|
|
|
fa49311 |
if (output_plugin_list == NULL) {
|
|
|
fa49311 |
diff -urp pads-1.2.orig/src/output/output-csv.c pads-1.2/src/output/output-csv.c
|
|
|
fa49311 |
--- pads-1.2.orig/src/output/output-csv.c 2008-06-30 13:56:52.000000000 -0400
|
|
|
fa49311 |
+++ pads-1.2/src/output/output-csv.c 2008-06-30 16:12:11.000000000 -0400
|
|
|
fa49311 |
@@ -46,7 +46,7 @@ setup_output_csv (void)
|
|
|
fa49311 |
|
|
|
fa49311 |
/* Allocate and setup plugin data record. */
|
|
|
fa49311 |
plugin = (OutputPlugin*)malloc(sizeof(OutputPlugin));
|
|
|
fa49311 |
- plugin->name = bstrcpy(bfromcstr("csv"));
|
|
|
fa49311 |
+ plugin->name = bfromcstr("csv");
|
|
|
fa49311 |
plugin->init = init_output_csv;
|
|
|
fa49311 |
plugin->print_asset = print_asset_csv;
|
|
|
fa49311 |
plugin->print_arp = print_arp_asset_csv;
|
|
|
fa49311 |
@@ -83,7 +83,7 @@ init_output_csv (bstring filename)
|
|
|
fa49311 |
if (filename != NULL)
|
|
|
fa49311 |
output_csv_conf.filename = bstrcpy(filename);
|
|
|
fa49311 |
else
|
|
|
fa49311 |
- output_csv_conf.filename = bstrcpy(bfromcstr("assets.csv"));
|
|
|
fa49311 |
+ output_csv_conf.filename = bfromcstr("assets.csv");
|
|
|
fa49311 |
|
|
|
fa49311 |
/* Check to see if *filename exists. */
|
|
|
fa49311 |
if ((fp = fopen((char *)bdata(output_csv_conf.filename), "r")) == NULL) {
|
|
|
fa49311 |
diff -urp pads-1.2.orig/src/output/output-fifo.c pads-1.2/src/output/output-fifo.c
|
|
|
fa49311 |
--- pads-1.2.orig/src/output/output-fifo.c 2008-06-30 13:56:52.000000000 -0400
|
|
|
fa49311 |
+++ pads-1.2/src/output/output-fifo.c 2008-06-30 16:12:11.000000000 -0400
|
|
|
fa49311 |
@@ -71,7 +71,7 @@ setup_output_fifo (void)
|
|
|
fa49311 |
|
|
|
fa49311 |
/* Allocate and setup plugin data record. */
|
|
|
fa49311 |
plugin = (OutputPlugin*)malloc(sizeof(OutputPlugin));
|
|
|
fa49311 |
- plugin->name = bstrcpy(bfromcstr("fifo"));
|
|
|
fa49311 |
+ plugin->name = bfromcstr("fifo");
|
|
|
fa49311 |
plugin->init = init_output_fifo;
|
|
|
fa49311 |
plugin->print_asset = print_asset_fifo;
|
|
|
fa49311 |
plugin->print_arp = print_arp_asset_fifo;
|
|
|
fa49311 |
@@ -102,7 +102,7 @@ init_output_fifo (bstring fifo_file)
|
|
|
fa49311 |
|
|
|
fa49311 |
/* Make sure report_file isn't NULL. */
|
|
|
fa49311 |
if (fifo_file == NULL)
|
|
|
fa49311 |
- fifo_file = bstrcpy(bfromcstr("pads.fifo"));
|
|
|
fa49311 |
+ fifo_file = bfromcstr("pads.fifo");
|
|
|
fa49311 |
|
|
|
fa49311 |
output_fifo_conf.filename = bstrcpy(fifo_file);
|
|
|
fa49311 |
|
|
|
fa49311 |
diff -urp pads-1.2.orig/src/output/output-screen.c pads-1.2/src/output/output-screen.c
|
|
|
fa49311 |
--- pads-1.2.orig/src/output/output-screen.c 2008-06-30 13:56:52.000000000 -0400
|
|
|
fa49311 |
+++ pads-1.2/src/output/output-screen.c 2008-06-30 16:12:11.000000000 -0400
|
|
|
fa49311 |
@@ -43,7 +43,7 @@ setup_output_screen (void)
|
|
|
fa49311 |
|
|
|
fa49311 |
/* Allocate and setup plugin data record. */
|
|
|
fa49311 |
plugin = (OutputPlugin*)malloc(sizeof(OutputPlugin));
|
|
|
fa49311 |
- plugin->name = bstrcpy(bfromcstr("screen"));
|
|
|
fa49311 |
+ plugin->name = bfromcstr("screen");
|
|
|
fa49311 |
plugin->init = init_output_screen;
|
|
|
fa49311 |
plugin->print_asset = print_asset_screen;
|
|
|
fa49311 |
plugin->print_arp = print_arp_asset_screen;
|
|
|
fa49311 |
diff -urp pads-1.2.orig/src/packet.c pads-1.2/src/packet.c
|
|
|
fa49311 |
--- pads-1.2.orig/src/packet.c 2008-06-30 13:56:52.000000000 -0400
|
|
|
fa49311 |
+++ pads-1.2/src/packet.c 2008-06-30 16:12:11.000000000 -0400
|
|
|
fa49311 |
@@ -211,8 +211,13 @@ void process_tcp (const struct pcap_pkth
|
|
|
fa49311 |
|
|
|
fa49311 |
/* Check to see if this is a known asset. */
|
|
|
fa49311 |
if(check_tcp_asset(ip_src, tcph->th_sport)) {
|
|
|
fa49311 |
+ bstring serv, app;
|
|
|
fa49311 |
+ serv = bfromcstr("unknown");
|
|
|
fa49311 |
+ app = bfromcstr("unknown");
|
|
|
fa49311 |
add_asset(ip_src, tcph->th_sport,
|
|
|
fa49311 |
- IPPROTO_TCP, bfromcstr("unknown"), bfromcstr("unknown"), 0);
|
|
|
fa49311 |
+ IPPROTO_TCP, serv, app, 0);
|
|
|
fa49311 |
+ bdestroy(serv);
|
|
|
fa49311 |
+ bdestroy(app);
|
|
|
fa49311 |
} else {
|
|
|
fa49311 |
/* Record connection for statistical purposes. */
|
|
|
fa49311 |
print_stat(ip_src, tcph->th_sport, IPPROTO_TCP);
|
|
|
fa49311 |
@@ -269,8 +274,13 @@ void process_icmp (const struct pcap_pkt
|
|
|
fa49311 |
|
|
|
fa49311 |
if (icmp->icmp_type == ICMP_ECHOREPLY) {
|
|
|
fa49311 |
if(check_icmp_asset(ip_src)) {
|
|
|
fa49311 |
- add_asset(ip_src, 0, IPPROTO_ICMP, bfromcstr("ICMP"), bfromcstr("ICMP"), 0);
|
|
|
fa49311 |
+ bstring serv, app;
|
|
|
fa49311 |
+ serv = bfromcstr("ICMP");
|
|
|
fa49311 |
+ app = bfromcstr("ICMP");
|
|
|
fa49311 |
+ add_asset(ip_src, 0, IPPROTO_ICMP, serv, app, 0);
|
|
|
fa49311 |
print_asset(ip_src, 0, IPPROTO_ICMP);
|
|
|
fa49311 |
+ bdestroy(serv);
|
|
|
fa49311 |
+ bdestroy(app);
|
|
|
fa49311 |
}
|
|
|
fa49311 |
}
|
|
|
fa49311 |
|
|
|
fa49311 |
diff -urp pads-1.2.orig/src/pads.c pads-1.2/src/pads.c
|
|
|
fa49311 |
--- pads-1.2.orig/src/pads.c 2008-06-30 13:56:52.000000000 -0400
|
|
|
fa49311 |
+++ pads-1.2/src/pads.c 2008-06-30 16:23:31.000000000 -0400
|
|
|
fa49311 |
@@ -165,9 +165,33 @@ print_version (void)
|
|
|
fa49311 |
* FUNCTION : init_pads
|
|
|
fa49311 |
* DESCRIPTION : This function will initialize PADS.
|
|
|
fa49311 |
* ---------------------------------------------------------- */
|
|
|
fa49311 |
+void init_gc(void)
|
|
|
fa49311 |
+{
|
|
|
fa49311 |
+ gc.handle = NULL;
|
|
|
fa49311 |
+ gc.dev = NULL;
|
|
|
fa49311 |
+ gc.pcap_filter = NULL;
|
|
|
fa49311 |
+ gc.conf_file = NULL;
|
|
|
fa49311 |
+ gc.report_file = NULL;
|
|
|
fa49311 |
+ gc.fifo_file = NULL;
|
|
|
fa49311 |
+ gc.pcap_file = NULL;
|
|
|
fa49311 |
+ gc.dump_file = NULL;
|
|
|
fa49311 |
+ gc.pid_file = NULL;
|
|
|
fa49311 |
+ gc.sig_file = NULL;
|
|
|
fa49311 |
+ gc.mac_file = NULL;
|
|
|
fa49311 |
+ gc.priv_user = NULL;
|
|
|
fa49311 |
+ gc.priv_group = NULL;
|
|
|
fa49311 |
+}
|
|
|
fa49311 |
+
|
|
|
fa49311 |
+/* ----------------------------------------------------------
|
|
|
fa49311 |
+ * FUNCTION : init_pads
|
|
|
fa49311 |
+ * DESCRIPTION : This function will initialize PADS.
|
|
|
fa49311 |
+ * ---------------------------------------------------------- */
|
|
|
fa49311 |
void
|
|
|
fa49311 |
init_pads (void)
|
|
|
fa49311 |
{
|
|
|
fa49311 |
+ /* Init global config to known state */
|
|
|
fa49311 |
+ init_gc();
|
|
|
fa49311 |
+
|
|
|
fa49311 |
/* Process the command line parameters. */
|
|
|
fa49311 |
process_cmdline(prog_argc, prog_argv);
|
|
|
fa49311 |
|
|
|
fa49311 |
@@ -179,15 +203,22 @@ init_pads (void)
|
|
|
fa49311 |
init_configuration(gc.conf_file);
|
|
|
fa49311 |
|
|
|
fa49311 |
} else {
|
|
|
fa49311 |
- /* Default Output Plugins: These plugins are activated if a configuration
|
|
|
fa49311 |
- * file is not specified. */
|
|
|
fa49311 |
+ bstring name, args;
|
|
|
fa49311 |
+ /* Default Output Plugins: These plugins are activated if a
|
|
|
fa49311 |
+ * configuration file is not specified. */
|
|
|
fa49311 |
|
|
|
fa49311 |
/* output: screen */
|
|
|
fa49311 |
- if ((activate_output_plugin(bfromcstr("screen"), bfromcstr(""))) == -1)
|
|
|
fa49311 |
+ name = bfromcstr("screen");
|
|
|
fa49311 |
+ args = bfromcstr("");
|
|
|
fa49311 |
+ if ((activate_output_plugin(name, args)) == -1)
|
|
|
fa49311 |
log_message("warning: 'activate_output_plugin' in function 'init_pads' failed.");
|
|
|
fa49311 |
+ bdestroy(name);
|
|
|
fa49311 |
+ bdestroy(args);
|
|
|
fa49311 |
/* output: csv */
|
|
|
fa49311 |
- if ((activate_output_plugin(bfromcstr("csv"), gc.report_file)) == -1)
|
|
|
fa49311 |
+ name = bfromcstr("csv");
|
|
|
fa49311 |
+ if ((activate_output_plugin(name, gc.report_file)) == -1)
|
|
|
fa49311 |
log_message("warning: 'activate_output_plugin' in function 'init_pads' failed.");
|
|
|
fa49311 |
+ bdestroy(name);
|
|
|
fa49311 |
}
|
|
|
fa49311 |
|
|
|
fa49311 |
/* Initialize Modules */
|
|
|
fa49311 |
diff -urp pads-1.2.orig/src/storage.c pads-1.2/src/storage.c
|
|
|
fa49311 |
--- pads-1.2.orig/src/storage.c 2008-06-30 13:56:52.000000000 -0400
|
|
|
fa49311 |
+++ pads-1.2/src/storage.c 2008-06-30 16:12:11.000000000 -0400
|
|
|
fa49311 |
@@ -29,8 +29,8 @@
|
|
|
fa49311 |
#include "storage.h"
|
|
|
fa49311 |
#include "mac-resolution.h"
|
|
|
fa49311 |
|
|
|
fa49311 |
-Asset *asset_list;
|
|
|
fa49311 |
-ArpAsset *arp_asset_list;
|
|
|
fa49311 |
+static Asset *asset_list = NULL;
|
|
|
fa49311 |
+static ArpAsset *arp_asset_list = NULL;
|
|
|
fa49311 |
|
|
|
fa49311 |
/* ----------------------------------------------------------
|
|
|
fa49311 |
* FUNCTION : check_tcp_asset
|
|
|
fa49311 |
@@ -343,7 +343,9 @@ short update_asset (struct in_addr ip_ad
|
|
|
fa49311 |
&& port == list->port
|
|
|
fa49311 |
&& proto == list->proto) {
|
|
|
fa49311 |
/* Found! */
|
|
|
fa49311 |
+ bdestroy(list->service);
|
|
|
fa49311 |
list->service = bstrcpy(service);
|
|
|
fa49311 |
+ bdestroy(list->application);
|
|
|
fa49311 |
list->application = bstrcpy(application);
|
|
|
fa49311 |
return 0;
|
|
|
fa49311 |
|
|
|
fa49311 |
diff -urp pads-1.2.orig/src/util.c pads-1.2/src/util.c
|
|
|
fa49311 |
--- pads-1.2.orig/src/util.c 2008-06-30 13:56:52.000000000 -0400
|
|
|
fa49311 |
+++ pads-1.2/src/util.c 2008-06-30 16:26:24.000000000 -0400
|
|
|
fa49311 |
@@ -120,7 +120,7 @@ init_pid_file (bstring pid_file, bstring
|
|
|
fa49311 |
struct passwd *this_user;
|
|
|
fa49311 |
|
|
|
fa49311 |
/* Default PID File */
|
|
|
fa49311 |
- if (gc.pid_file->slen >= 0)
|
|
|
fa49311 |
+ if (gc.pid_file == NULL || gc.pid_file->slen == 0)
|
|
|
fa49311 |
gc.pid_file = bfromcstr("/var/run/pads.pid");
|
|
|
fa49311 |
|
|
|
fa49311 |
/* Create PID File */
|