Changeset 588 for trunk/src/sh_log_correlate.c

Timestamp:

Oct 26, 2025, 12:17:47 PM (16 hours ago)

Author:

katerina

Message:

Fix for ticket #476 (move logfile monitoring module from PCRE to PCRE2).

File:

• trunk/src/sh_log_correlate.c (modified) (6 diffs)

trunk/src/sh_log_correlate.c

@@ -9 +9 @@
 #include <time.h>
 
-/* Debian/Ubuntu: libpcre3-dev */
-#ifdef HAVE_PCRE_PCRE_H
-#include <pcre/pcre.h>
+/* Debian/Ubuntu: libpcre2-dev */
+#define PCRE2_CODE_UNIT_WIDTH 8
+#ifdef HAVE_PCRE2_PCRE2_H
+#include <pcre2/pcre2.h>
 #else
-#include <pcre.h>
+#include <pcre2.h>
 #endif
 
-#ifndef PCRE_NO_AUTO_CAPTURE
-#define PCRE_NO_AUTO_CAPTURE 0
-#endif
 
 #include "samhain.h"
@@ -173 +171 @@
 {
   sh_string       * label;           /* label of match rule     */
-  pcre            * rule;            /* compiled regex for rule */
+  pcre2_code      * rule;            /* compiled regex for rule */
   time_t            reported;        /* last reported           */
   struct sh_qeval * queue;           /* assigned queue          */
@@ -208 +206 @@
     {
       struct sh_mkeep * mkeep = SH_ALLOC(sizeof(struct sh_mkeep));
-      const char * error;
-      int          erroffset;
+      int               error;
+      size_t            erroffset;
       struct sh_qeval * rqueue = NULL;
 
-      mkeep->rule = pcre_compile(pattern, PCRE_NO_AUTO_CAPTURE, 
-                             &error, &erroffset, NULL);
+      mkeep->rule = pcre2_compile((PCRE2_SPTR8)pattern, PCRE2_ZERO_TERMINATED, PCRE2_NO_AUTO_CAPTURE, 
+                                  &error, &erroffset, NULL);
       if (!(mkeep->rule))
         {
@@ -239 +237 @@
           if (!rqueue)
             {
-              pcre_free(mkeep->rule);
+              pcre2_code_free(mkeep->rule);
               SH_FREE(splits);
               SH_FREE(mkeep);
@@ -264 +262 @@
       mkeep_list = mkeep->next;
       sh_string_destroy(&(mkeep->label));
-      pcre_free(mkeep->rule);
+      pcre2_code_free(mkeep->rule);
       mkeep = mkeep_list;
     }
@@ -286 +284 @@
           while (mkeep)
             {
-              /* Use pcre_dfa_exec() to obtain number of matches. Needs ovector
-               * array, otherwise number of matches is not returned.
-               */
-#if defined(HAVE_PCRE_DFA_EXEC)
-              int ovector[SH_MINIBUF];
-              int wspace[SH_MINIBUF];
-#endif
-
-#if defined(HAVE_PCRE_DFA_EXEC)
-              int val = pcre_dfa_exec(mkeep->rule, NULL, 
-                                      sh_string_str(res), 
-                                      (int)sh_string_len(res), 
-                                      0, /* start at offset 0 in the subject */
-                                      0, 
-                                      ovector, SH_MINIBUF,
-                                      wspace, SH_MINIBUF);
-#else
-              int val = pcre_exec(mkeep->rule, NULL, 
-                                  sh_string_str(res), 
-                                  (int)sh_string_len(res), 
-                                  0, /* start at offset 0 in the subject */
-                                  0, 
-                                  NULL, 0);
-              val = (val >= 0) ? 1 : val;                             
-#endif
-
-              if (val >= 0)
+              pcre2_match_data * match_data = pcre2_match_data_create_from_pattern(mkeep->rule, NULL);
+              
+              int val = pcre2_match(mkeep->rule, 
+                                    (PCRE2_SPTR8) sh_string_str(res), (int)sh_string_len(res), 0,
+                                    0, match_data, NULL);
+              
+              pcre2_match_data_free(match_data);
+              
+              if (val > 0)
                 {
                   sh_string * alias;