Changeset 588
- Timestamp:
- Oct 26, 2025, 12:17:47 PM (12 hours ago)
- Location:
- trunk
- Files:
-
- 10 edited
-
configure.ac (modified) (2 diffs)
-
docs/Changelog (modified) (1 diff)
-
include/sh_string.h (modified) (1 diff)
-
src/sh_log_check.c (modified) (1 diff)
-
src/sh_log_correlate.c (modified) (6 diffs)
-
src/sh_log_evalrule.c (modified) (27 diffs)
-
src/sh_log_parse_apache.c (modified) (14 diffs)
-
src/sh_log_parse_generic.c (modified) (2 diffs)
-
src/sh_log_parse_pacct.c (modified) (1 diff)
-
src/sh_string.c (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/configure.ac
r583 r588 1679 1679 [ 1680 1680 if test "x${enable_logfile_monitor}" = xyes; then 1681 AC_CHECK_HEADER(pcre.h, 1681 cflags_store="$CFLAGS" 1682 CFLAGS="$CFLAGS -DPCRE2_CODE_UNIT_WIDTH=8" 1683 AC_CHECK_HEADER(pcre2.h, 1682 1684 [ 1683 1685 AC_DEFINE([USE_LOGFILE_MONITOR], [1], [Define if you want the logfile monitor module.]) 1684 LIBS="-lpcre $LIBS"1686 LIBS="-lpcre2-8 $LIBS" 1685 1687 ], 1686 1688 [ 1687 AC_CHECK_HEADER(pcre /pcre.h,1689 AC_CHECK_HEADER(pcre2/pcre2.h, 1688 1690 [ 1689 1691 AC_DEFINE([USE_LOGFILE_MONITOR], [1], [Define if you want the logfile monitor module.]) 1690 AC_DEFINE([HAVE_PCRE _PCRE_H], [1], [Define if you have pcre/pcre.h.])1691 LIBS="-lpcre $LIBS"1692 AC_DEFINE([HAVE_PCRE2_PCRE2_H], [1], [Define if you have pcre2/pcre2.h.]) 1693 LIBS="-lpcre2-8 $LIBS" 1692 1694 ], 1693 1695 [AC_MSG_ERROR([The --enable-logfile-monitor option requires libpcre. For compiling the pcre development package is needed.])] … … 1695 1697 ] 1696 1698 ) 1697 AC_CHECK_LIB(pcre, pcre_dfa_exec, [ 1698 AC_DEFINE([HAVE_PCRE_DFA_EXEC], [1], [Define if you have pcre_dfa_exec]) 1699 ], [ 1700 AC_MSG_WARN([pcre_dfa_exec not available]) 1701 ]) 1699 CFLAGS="$cflags_store" 1702 1700 fi 1703 1701 ] -
trunk/docs/Changelog
r584 r588 1 4.5.2 1 4.5.3: 2 * fix inadvertent inclusion of scripts/logrotate and init/samhain.startSystemd 3 (reported by kjd) 4 * fix annoying message from systemd about read permissions for service file 5 (reported by kjd) 6 * fix compiler warnings about unused variables 7 * move logfile monitor module from PCRE to PCRE2 (PCRE is end of life and no 8 longer actively maintained) 9 10 4.5.2 (02-01-2025): 2 11 * fix segfault with --enable-static on unresolvable host name 3 12 * fix autoreconf (problem reported by Pascal de Bruijn) -
trunk/include/sh_string.h
r577 r588 107 107 */ 108 108 sh_string * sh_string_replace(const sh_string * s, 109 const int * ovector, int ovecnum,109 const size_t * ovector, int ovecnum, 110 110 const char * replacement, size_t rlen); 111 111 -
trunk/src/sh_log_check.c
r581 r588 39 39 #define FIL__ _("sh_log_check.c") 40 40 41 /* Debian/Ubuntu: libpcre3-dev */ 42 #ifdef HAVE_PCRE_PCRE_H 43 #include <pcre/pcre.h> 41 /* Debian/Ubuntu: libpcre2-dev */ 42 #define PCRE2_CODE_UNIT_WIDTH 8 43 #ifdef HAVE_PCRE2_PCRE2_H 44 #include <pcre2/pcre2.h> 44 45 #else 45 #include <pcre .h>46 #include <pcre2.h> 46 47 #endif 47 48 -
trunk/src/sh_log_correlate.c
r481 r588 9 9 #include <time.h> 10 10 11 /* Debian/Ubuntu: libpcre3-dev */ 12 #ifdef HAVE_PCRE_PCRE_H 13 #include <pcre/pcre.h> 11 /* Debian/Ubuntu: libpcre2-dev */ 12 #define PCRE2_CODE_UNIT_WIDTH 8 13 #ifdef HAVE_PCRE2_PCRE2_H 14 #include <pcre2/pcre2.h> 14 15 #else 15 #include <pcre .h>16 #include <pcre2.h> 16 17 #endif 17 18 18 #ifndef PCRE_NO_AUTO_CAPTURE19 #define PCRE_NO_AUTO_CAPTURE 020 #endif21 19 22 20 #include "samhain.h" … … 173 171 { 174 172 sh_string * label; /* label of match rule */ 175 pcre 173 pcre2_code * rule; /* compiled regex for rule */ 176 174 time_t reported; /* last reported */ 177 175 struct sh_qeval * queue; /* assigned queue */ … … 208 206 { 209 207 struct sh_mkeep * mkeep = SH_ALLOC(sizeof(struct sh_mkeep)); 210 const char *error;211 interroffset;208 int error; 209 size_t erroffset; 212 210 struct sh_qeval * rqueue = NULL; 213 211 214 mkeep->rule = pcre _compile(pattern, PCRE_NO_AUTO_CAPTURE,215 212 mkeep->rule = pcre2_compile((PCRE2_SPTR8)pattern, PCRE2_ZERO_TERMINATED, PCRE2_NO_AUTO_CAPTURE, 213 &error, &erroffset, NULL); 216 214 if (!(mkeep->rule)) 217 215 { … … 239 237 if (!rqueue) 240 238 { 241 pcre _free(mkeep->rule);239 pcre2_code_free(mkeep->rule); 242 240 SH_FREE(splits); 243 241 SH_FREE(mkeep); … … 264 262 mkeep_list = mkeep->next; 265 263 sh_string_destroy(&(mkeep->label)); 266 pcre _free(mkeep->rule);264 pcre2_code_free(mkeep->rule); 267 265 mkeep = mkeep_list; 268 266 } … … 286 284 while (mkeep) 287 285 { 288 /* Use pcre_dfa_exec() to obtain number of matches. Needs ovector 289 * array, otherwise number of matches is not returned. 290 */ 291 #if defined(HAVE_PCRE_DFA_EXEC) 292 int ovector[SH_MINIBUF]; 293 int wspace[SH_MINIBUF]; 294 #endif 295 296 #if defined(HAVE_PCRE_DFA_EXEC) 297 int val = pcre_dfa_exec(mkeep->rule, NULL, 298 sh_string_str(res), 299 (int)sh_string_len(res), 300 0, /* start at offset 0 in the subject */ 301 0, 302 ovector, SH_MINIBUF, 303 wspace, SH_MINIBUF); 304 #else 305 int val = pcre_exec(mkeep->rule, NULL, 306 sh_string_str(res), 307 (int)sh_string_len(res), 308 0, /* start at offset 0 in the subject */ 309 0, 310 NULL, 0); 311 val = (val >= 0) ? 1 : val; 312 #endif 313 314 if (val >= 0) 286 pcre2_match_data * match_data = pcre2_match_data_create_from_pattern(mkeep->rule, NULL); 287 288 int val = pcre2_match(mkeep->rule, 289 (PCRE2_SPTR8) sh_string_str(res), (int)sh_string_len(res), 0, 290 0, match_data, NULL); 291 292 pcre2_match_data_free(match_data); 293 294 if (val > 0) 315 295 { 316 296 sh_string * alias; -
trunk/src/sh_log_evalrule.c
r541 r588 15 15 #define FIL__ _("sh_log_evalrule.c") 16 16 17 /* Debian/Ubuntu: libpcre3-dev */ 18 #ifdef HAVE_PCRE_PCRE_H 19 #include <pcre/pcre.h> 17 /* Debian/Ubuntu: libpcre2-dev */ 18 #define PCRE2_CODE_UNIT_WIDTH 8 19 #ifdef HAVE_PCRE2_PCRE2_H 20 #include <pcre2/pcre2.h> 20 21 #else 21 #include <pcre .h>22 #include <pcre2.h> 22 23 #endif 23 24 24 #ifndef PCRE _NO_AUTO_CAPTURE25 #define PCRE _NO_AUTO_CAPTURE 025 #ifndef PCRE2_NO_AUTO_CAPTURE 26 #define PCRE2_NO_AUTO_CAPTURE 0 26 27 #endif 27 28 … … 95 96 struct sh_geval /* Group of rules (may be a single rule) */ 96 97 { 97 sh_string * label; /* label for this group */98 pcre 99 pcre_extra * rule_extra; 100 int * ovector;/* captured substrings */101 int ovecnum; /* how many captured */102 int captures; /* (captures+1)*3 required */103 int flags; /* bit flags */104 unsigned long delay; /* delay for keep rules */105 zAVLTree * counterlist; /* counters if EVAL_SUM */106 struct sh_qeval * queue; /* queue for this rule */107 struct sh_geval * nextrule; /* next rule in this group */108 struct sh_geval * next; /* next group of rules */109 struct sh_geval * gnext; /* grouplist next */98 sh_string * label; /* label for this group */ 99 pcre2_code * rule; /* compiled regex for rule */ 100 101 pcre2_match_data * match_data; /* captured substrings */ 102 int ovecnum; /* how many captured */ 103 int captures; /* (captures+1)*3 required */ 104 int flags; /* bit flags */ 105 unsigned long delay; /* delay for keep rules */ 106 zAVLTree * counterlist; /* counters if EVAL_SUM */ 107 struct sh_qeval * queue; /* queue for this rule */ 108 struct sh_geval * nextrule; /* next rule in this group */ 109 struct sh_geval * next; /* next group of rules */ 110 struct sh_geval * gnext; /* grouplist next */ 110 111 }; 111 112 112 113 struct sh_heval /* host-specific rules */ 113 114 { 114 pcre * hostname; /* compiled regex for hostname */ 115 pcre_extra * hostname_extra; 115 pcre2_code * hostname; /* compiled regex for hostname */ 116 116 struct sh_geval * rulegroups; /* list of group of rules */ 117 117 struct sh_heval * next; … … 142 142 struct sh_geval * ng; 143 143 struct sh_geval * tmp; 144 pcre *group;145 pcre_extra * group_extra; 146 const char *error;147 interroffset;144 pcre2_code * group; 145 146 int error; 147 PCRE2_SIZE erroffset; 148 148 unsigned int nfields = 2; 149 149 size_t lengths[2]; 150 150 151 char * new = sh_util_strdup(str); 151 152 char ** splits = split_array(new, &nfields, ':', lengths); … … 164 165 } 165 166 166 group = pcre _compile(splits[1], PCRE_NO_AUTO_CAPTURE,167 group = pcre2_compile((PCRE2_SPTR8)splits[1], lengths[1], PCRE2_NO_AUTO_CAPTURE, 167 168 &error, &erroffset, NULL); 168 169 if (!group) … … 183 184 return -1; 184 185 } 185 group_extra = NULL; /* pcre_study(group, 0, &error); */186 186 187 187 ng = SH_ALLOC(sizeof(struct sh_geval)); … … 192 192 193 193 ng->rule = group; 194 ng->rule_extra = group_extra; 195 ng-> ovector = NULL;194 195 ng->match_data = pcre2_match_data_create_from_pattern(group, NULL); 196 196 ng->ovecnum = 0; 197 197 ng->captures = 0; … … 206 206 if (0 != sh_eval_hadd("^.*")) 207 207 { 208 pcre_free(group); 208 pcre2_code_free(group); 209 pcre2_match_data_free(ng->match_data); 209 210 sh_string_destroy(&(ng->label)); 210 211 SH_FREE(splits); … … 266 267 struct sh_heval * nh; 267 268 struct sh_heval * tmp; 268 pcre * host;269 pcre_extra * host_extra; 270 const char *error;271 interroffset;269 pcre2_code * host; 270 271 int error; 272 PCRE2_SIZE erroffset; 272 273 273 274 if (host_open) 274 275 host_open = NULL; 275 276 276 host = pcre _compile(str, PCRE_NO_AUTO_CAPTURE,277 &error, &erroffset, NULL);277 host = pcre2_compile((PCRE2_SPTR8)str, PCRE2_ZERO_TERMINATED, PCRE2_NO_AUTO_CAPTURE, 278 &error, &erroffset, NULL); 278 279 if (!host) 279 280 { … … 291 292 return -1; 292 293 } 293 host_extra = NULL; /* pcre_study(host, 0, &error); */294 294 295 295 nh = SH_ALLOC(sizeof(struct sh_heval)); … … 297 297 298 298 nh->hostname = host; 299 nh->hostname_extra = host_extra;300 299 nh->rulegroups = NULL; 301 300 … … 478 477 struct sh_geval * tmp; 479 478 struct sh_qeval * queue; 480 pcre * rule;481 pcre_extra * rule_extra; 482 const char *error;483 interroffset;484 intcaptures = 0;479 pcre2_code * rule; 480 481 int error; 482 PCRE2_SIZE erroffset; 483 unsigned int captures = 0; 485 484 unsigned int nfields = 2; /* queue:regex */ 486 485 size_t lengths[3]; … … 576 575 } 577 576 578 rule = pcre _compile(splits[rpos], 0,579 &error, &erroffset, NULL);577 rule = pcre2_compile((PCRE2_SPTR8)splits[rpos], lengths[rpos], 0, 578 &error, &erroffset, NULL); 580 579 if (!rule) 581 580 { … … 595 594 return -1; 596 595 } 597 rule_extra = NULL; /* pcre_study(rule, 0, &error); */ 598 pcre _fullinfo(rule, rule_extra, PCRE_INFO_CAPTURECOUNT, &captures);596 597 pcre2_pattern_info(rule, PCRE2_INFO_CAPTURECOUNT, &captures); 599 598 600 599 if (flag_err_debug == S_TRUE) … … 602 601 char * emsg = SH_ALLOC(SH_ERRBUF_SIZE); 603 602 if (dstr) 604 sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Adding rule: |%s| with % dcaptures, keep(%lu,%s)"),603 sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Adding rule: |%s| with %u captures, keep(%lu,%s)"), 605 604 splits[rpos], captures, dsec, dstr); 606 605 else 607 sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Adding rule: |%s| with % dcaptures"),606 sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Adding rule: |%s| with %u captures"), 608 607 splits[rpos], captures); 609 608 SH_MUTEX_LOCK(mutex_thread_nolog); … … 614 613 } 615 614 616 DEBUG("adding rule: |%s| with % dcaptures\n", splits[rpos], captures);615 DEBUG("adding rule: |%s| with %u captures\n", splits[rpos], captures); 617 616 618 617 SH_FREE(splits); … … 627 626 628 627 nr->rule = rule; 629 nr->rule_extra = rule_extra; 628 630 629 nr->captures = captures; 631 nr-> ovector = SH_ALLOC(sizeof(int) * (captures+1) * 3);630 nr->match_data = pcre2_match_data_create_from_pattern(rule, NULL); 632 631 nr->ovecnum = 0; 633 632 nr->counterlist = NULL; … … 695 694 if (nr->label) 696 695 sh_string_destroy(&(nr->label)); 697 SH_FREE(nr->ovector); 696 if (nr->rule) 697 pcre2_code_free(nr->rule); 698 if (nr->match_data) 699 pcre2_match_data_free(nr->match_data); 698 700 SH_FREE(nr); 699 701 return -1; … … 743 745 if (nr->label) 744 746 sh_string_destroy(&(nr->label)); 745 SH_FREE(nr->ovector); 747 if (nr->rule) 748 pcre2_code_free(nr->rule); 749 if (nr->match_data) 750 pcre2_match_data_free(nr->match_data); 746 751 SH_FREE(nr); 747 752 return -1; … … 763 768 grouplist = gtmp->gnext; 764 769 765 if (gtmp->label) sh_string_destroy(&(gtmp->label)); 766 if (gtmp->rule_extra) (*pcre_free)(gtmp->rule_extra); 767 if (gtmp->rule) (*pcre_free)(gtmp->rule); 770 if (gtmp->label) 771 sh_string_destroy(&(gtmp->label)); 772 if (gtmp->rule) 773 pcre2_code_free(gtmp->rule); 774 if (gtmp->match_data) 775 pcre2_match_data_free(gtmp->match_data); 768 776 if (gtmp->counterlist) 769 777 zAVLFreeTree(gtmp->counterlist, sh_ceval_free); 770 if (gtmp->ovector) 771 SH_FREE(gtmp->ovector); 778 772 779 #if 0 773 780 while (gtmp->nextrule) … … 776 783 gtmp->nextrule = tmp->nextrule; 777 784 778 if (tmp->rule _extra) (*pcre_free)(tmp->rule_extra);779 if (tmp->rule) (*pcre_free)(tmp->rule);785 if (tmp->rule) 786 pcre2_code_free(tmp->rule); 780 787 if (tmp->counterlist) 781 788 zAVLFreeTree(tmp->counterlist, sh_ceval_free); … … 800 807 while (htmp) 801 808 { 802 if (htmp->hostname_extra) (*pcre_free)(htmp->hostname_extra); 803 if (htmp->hostname) (*pcre_free)(htmp->hostname); 804 if (htmp->rulegroups) htmp->rulegroups = NULL; 809 if (htmp->hostname) 810 pcre2_code_free(htmp->hostname); 811 if (htmp->rulegroups) 812 htmp->rulegroups = NULL; 805 813 hostlist = htmp->next; 806 814 htmp->next = NULL; … … 862 870 863 871 DEBUG("debug: check rule %d for <%s>\n", count, msg->str); 864 res = pcre_exec(rule->rule, rule->rule_extra, 865 sh_string_str(msg), (int)sh_string_len(msg), 0, 866 0, rule->ovector, (3*(1+rule->captures))); 867 if (res >= 0) 872 873 res = pcre2_match(rule->rule, 874 (PCRE2_SPTR8)sh_string_str(msg), (int)sh_string_len(msg), 0, 875 0, rule->match_data, NULL); 876 877 if (res > 0) 868 878 { 869 rule->ovecnum = res;879 rule->ovecnum = pcre2_get_ovector_count(rule->match_data); 870 880 871 881 if (flag_err_debug == S_TRUE) … … 965 975 966 976 DEBUG("debug: if group->label %s\n", sh_string_str(group->label)); 967 if (pcre_exec(group->rule, group->rule_extra, 968 sh_string_str(msg), (int) sh_string_len(msg), 969 0, 0, NULL, 0) >= 0) 977 978 if (pcre2_match(group->rule, 979 (PCRE2_SPTR8)sh_string_str(msg), (int) sh_string_len(msg), 0, 980 0, NULL, NULL) > 0) 970 981 { 971 982 result = test_rule(group->nextrule, msg, timestamp); … … 1017 1028 { 1018 1029 do { 1019 if (pcre _exec(hlist->hostname, hlist->hostname_extra,1020 sh_string_str(host), (int) sh_string_len(host),1021 0, 0, NULL, 0) >=0)1030 if (pcre2_match(hlist->hostname, 1031 (PCRE2_SPTR8)sh_string_str(host), (int) sh_string_len(host), 0, 1032 0, NULL, NULL) > 0) 1022 1033 { 1023 1034 /* matching host, check rules/groups of rules */ … … 1035 1046 */ 1036 1047 static sh_string * replace_captures(const sh_string * message, 1037 int * ovector, int ovecnum)1048 size_t * ovector, int ovecnum) 1038 1049 { 1039 1050 sh_string * retval = sh_string_new_from_lchar(sh_string_str(message), … … 1058 1069 SH_MUTEX_LOCK(mutex_thread_nolog); 1059 1070 if (rule) { 1060 mmm = replace_captures(record->message, rule->ovector,1071 mmm = replace_captures(record->message, pcre2_get_ovector_pointer(rule->match_data), 1061 1072 rule->ovecnum); 1062 1073 rule->ovecnum = 0; … … 1170 1181 if (!(counter->counted_str)) 1171 1182 { 1172 counter->counted_str = replace_captures(record->message, rule->ovector,1183 counter->counted_str = replace_captures(record->message, pcre2_get_ovector_pointer(rule->match_data), 1173 1184 rule->ovecnum); 1174 1185 rule->ovecnum = 0; -
trunk/src/sh_log_parse_apache.c
r541 r588 28 28 #define FIL__ _("sh_log_parse_apache.c") 29 29 30 /* Debian/Ubuntu: libpcre3-dev */ 31 #ifdef HAVE_PCRE_PCRE_H 32 #include <pcre/pcre.h> 30 /* Debian/Ubuntu: libpcre2-dev */ 31 #define PCRE2_CODE_UNIT_WIDTH 8 32 #ifdef HAVE_PCRE2_PCRE2_H 33 #include <pcre2/pcre2.h> 33 34 #else 34 #include <pcre .h>35 #include <pcre2.h> 35 36 #endif 36 37 … … 44 45 45 46 struct sh_fileinfo_apache { 46 pcre * line_regex;47 int* line_ovector; /* captured substrings */48 int line_ovecnum; /* how many captured */47 pcre2_code * line_regex; 48 PCRE2_SIZE * line_ovector; /* captured substrings */ 49 int line_ovecnum; /* how many captured */ 49 50 50 51 int pos_host; … … 82 83 volatile int p_time = -1; 83 84 char * f_time = NULL; 84 const char *error;85 interroffset;85 int error; 86 size_t erroffset; 86 87 87 88 /* Take the address to keep gcc from putting them into registers. … … 261 262 262 263 result = SH_ALLOC(sizeof(struct sh_fileinfo_apache)); 263 result->line_regex = pcre _compile(sh_string_str(re_string), 0,264 result->line_regex = pcre2_compile((PCRE2_SPTR8)sh_string_str(re_string), sh_string_len(re_string), 0, 264 265 &error, &erroffset, NULL); 265 266 if (!(result->line_regex)) … … 285 286 sh_string_destroy(&re_string); 286 287 287 result->line_ovector = SH_ALLOC(sizeof(int) * (nfields+1) * 3);288 result->line_ovector = NULL; 288 289 result->line_ovecnum = nfields; 289 290 result->pos_host = p_host; … … 304 305 char tstr[128]; 305 306 char sstr[128]; 306 c onst char* hstr;307 char * hstr; 307 308 int res; 308 const char **hstr_addr = (const char **) &hstr; 309 unsigned char **hstr_addr = (unsigned char **) &hstr; 310 size_t hstr_len; 309 311 310 312 struct sh_fileinfo_apache * info = (struct sh_fileinfo_apache *) fileinfo; 311 313 314 pcre2_match_data * match_data = NULL; 315 312 316 if (sh_string_len(logline) > 0 && flag_err_debug == S_TRUE) 313 317 { … … 324 328 } 325 329 326 res = pcre_exec(info->line_regex, NULL, 327 sh_string_str(logline), (int)sh_string_len(logline), 0, 328 0, info->line_ovector, (3*(1+info->line_ovecnum))); 329 330 if (res == (1+info->line_ovecnum)) 330 match_data = pcre2_match_data_create_from_pattern(info->line_regex, NULL); 331 332 res = pcre2_match(info->line_regex, 333 (PCRE2_SPTR8)sh_string_str(logline), (int)sh_string_len(logline), 0, 334 0, match_data, NULL); 335 336 if (res == 1+info->line_ovecnum) /* successful match */ 331 337 { 332 338 struct sh_logrecord * record; 333 339 time_t timestamp = 0; 334 340 size_t size; 341 342 info->line_ovector = pcre2_get_ovector_pointer(match_data); 343 335 344 if (info->pos_time > 0) 336 345 { 337 res = pcre_copy_substring(sh_string_str(logline),338 info->line_ovector, res,339 info->pos_time, tstr, sizeof(tstr));340 if (res <= 0)346 size = sizeof(tstr); 347 res = pcre2_substring_copy_bynumber(match_data, info->pos_time, 348 (PCRE2_UCHAR8 *)tstr, &size); 349 if (res != 0) 341 350 goto corrupt; 342 351 } 343 352 else 344 353 { 345 res = 0;354 res = -1; 346 355 timestamp = 0; 347 356 info->format_time = sh_util_strdup(_("%d/%b/%Y:%T")); … … 349 358 } 350 359 351 if (res >0)360 if (res == 0) 352 361 { 353 362 struct tm btime; … … 371 380 if (info->pos_status > 0) 372 381 { 373 res = pcre_copy_substring(sh_string_str(logline),374 info->line_ovector, res,375 info->pos_status, sstr, sizeof(sstr));376 if (res <= 0)382 size = sizeof(sstr); 383 res = pcre2_substring_copy_bynumber(match_data, info->pos_status, 384 (PCRE2_UCHAR8 *)sstr, &size); 385 if (res != 0) 377 386 goto corrupt; 378 387 } … … 384 393 if (info->pos_host > 0) 385 394 { 386 res = pcre_get_substring(sh_string_str(logline), 387 info->line_ovector, res, 388 info->pos_host, hstr_addr); 389 if (res <= 0) 395 res = pcre2_substring_get_bynumber(match_data, info->pos_host, 396 hstr_addr, &hstr_len); 397 if (res != 0) 390 398 goto corrupt; 391 399 } … … 401 409 402 410 if (hstr) 403 record->host = sh_string_new_from_lchar(hstr, strlen(hstr));411 record->host = sh_string_new_from_lchar(hstr, hstr_len); 404 412 else 405 413 record->host = sh_string_new_from_lchar(sh.host.name, strlen(sh.host.name)); … … 409 417 record->pid = PID_INVALID; 410 418 411 pcre_free_substring(hstr); 419 /* does nothing if hstr == NULL */ 420 pcre2_substring_free((PCRE2_UCHAR8 *)hstr); 421 422 pcre2_match_data_free(match_data); 412 423 return record; 413 424 } … … 415 426 { 416 427 char msg[128]; 417 sl_snprintf(msg, sizeof(msg), _("Incorrect number of captured subexpressions: %d vs %d"), 418 res, info->line_ovecnum); 428 sl_snprintf(msg, sizeof(msg), _("Matching error: %d"), res); 419 429 420 430 SH_MUTEX_LOCK(mutex_thread_nolog); … … 440 450 sh_string_destroy(&msg); 441 451 } 452 pcre2_match_data_free(match_data); 442 453 return NULL; 443 454 } -
trunk/src/sh_log_parse_generic.c
r481 r588 22 22 #include <time.h> 23 23 24 /* Debian/Ubuntu: libpcre3-dev */ 25 #ifdef HAVE_PCRE_PCRE_H 26 #include <pcre/pcre.h> 24 /* Debian/Ubuntu: libpcre2-dev */ 25 #define PCRE2_CODE_UNIT_WIDTH 8 26 #ifdef HAVE_PCRE2_PCRE2_H 27 #include <pcre2/pcre2.h> 27 28 #else 28 #include <pcre .h>29 #include <pcre2.h> 29 30 #endif 30 31 … … 34 35 35 36 struct sh_fileinfo_generic { 36 pcre * line_regex;37 int * line_ovector;/* captured substrings */38 int line_ovecnum; /* how many captured */37 pcre2_code * line_regex; 38 pcre2_match_data * line_match_data; /* captured substrings */ 39 int line_ovecnum; /* how many captured */ 39 40 40 41 int pos_host; -
trunk/src/sh_log_parse_pacct.c
r481 r588 314 314 } 315 315 316 sh_dummy_294_record = NULL; 317 316 318 p = strchr(sh_string_str(logline), ':'); 317 319 -
trunk/src/sh_string.c
r587 r588 546 546 * of field, offset of first char after field (this is how 547 547 * the pcre library does it). 548 */ 548 */ 549 #define IS_PCRE2_UNSET (~(size_t)0) 550 549 551 sh_string * sh_string_replace(const sh_string * s, 550 const int * ovector, int ovecnum,552 const size_t * ovector, int ovecnum, 551 553 const char * replacement, size_t rlen) 552 554 { … … 604 606 for (i = 0; i < ovecnum; ++i) 605 607 { 606 if (ovector[2*i] >= 0)608 if (ovector[2*i] != IS_PCRE2_UNSET) 607 609 { 608 610 curr = 2*i; … … 611 613 } 612 614 613 if (r && ovecnum > 0 && ovector[curr] >= 0)615 if (r && ovecnum > 0 && ovector[curr] != IS_PCRE2_UNSET) 614 616 { 615 617 r->len = 0; r->str[0] = '\0'; p = r->str; … … 617 619 /* First part, until start of first replacement 618 620 */ 619 if (r->siz > (unsigned int)ovector[curr]) {620 memcpy(p, s->str, (size_t)ovector[curr]);621 if (r->siz > ovector[curr]) { 622 memcpy(p, s->str, ovector[curr]); 621 623 p += ovector[curr]; 622 624 r->len += ovector[curr]; … … 633 635 for (i = 1; i < ovecnum; ++i) 634 636 { 635 if (ovector[2*i] < 0)637 if (ovector[2*i] == IS_PCRE2_UNSET) 636 638 continue; 637 639 … … 704 706 size_t lengths[16]; 705 707 unsigned int iarr; 706 int ovector[16];708 size_t ovector[16]; 707 709 int ovecnum; 708 710
Note:
See TracChangeset
for help on using the changeset viewer.
