I wrote a test file to grab all the TCP rule which has source port as "any" and destination port as "any", save them into a temp file.
the rule file example are as follow (the 4th parameter is source and the the 6th is destination port):
Code:
alert tcp any any -> any any ( content:"Volume Serial Number"; sid:1292;)
alert tcp any 80 -> any any ( content:"Command completed"; sid:494;)
alert tcp any 80 -> any any ( content:"Bad command or filename"; sid:495;)
alert tcp any any -> any any ( content:"1 file|28|s|29| copied"; sid:497;)
alert tcp any 80 -> any any ( content:"Invalid URL"; sid:1200;)
alert tcp any 80 -> any any ( content:"Index of /cgi-bin/"; sid:1666;)
alert tcp any any -> any any ( content:"HTTP/1.1 403"; sid:1201;)
alert ip any any -> any any ( content:"uid=0|28|root|29|"; sid:498;)
My code is:
Code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define MAXLINECHAR 2048
void DivideRule ();
FILE *ruleset, *ruletemp;
int main (void){
ruleset = fopen ("ruleset.rules", "r");
ruletemp = fopen ("ruletemp.rules", "w+");
DivideRule ();
fclose (ruletemp);
fclose (ruleset);
return 0;
}
void DivideRule (){
char F1[10], F2[10], F3[200], F4[10], F5[10], F6[10], F7[10];
char *prerule, *temprule;
char bufc;
while ((fgetc (ruleset)) != EOF){ //get a character and see whether it is the end of the file
fseek (ruleset, -1, 1); //go back to the start of the line
prerule = (char *)malloc (MAXLINECHAR*sizeof(char)); //allocate a bunch of memory so as to store the rule
fgets (prerule, MAXLINECHAR, ruleset); //grab a rule
fseek (ruleset, -strlen(prerule), 1); //set the internal FILE pointer back to start of the line
fscanf(ruleset, "%s %s %s %s %s %s %s", F1, F2, F3, F4, F5, F6, F7); //scan from the start to grab each parameter
if (F2[0] == 't' && F2[1] == 'c' && F2[2] == 'p'){ // if the protocol in the rule is TCP, go ahead
if (atoi (F4) == 0 && atoi (F7) == 0){ //port is 0 (source port is any/range and destination port is any/range), which means this rule should be insert into the Generic Set
fprintf(ruletemp, "%s %s %s %s %s %s %s", F1, F2, F3, F4, F5, F6, F7);
temprule = (char *)malloc (MAXLINECHAR*sizeof(char)); //create a temp buffer to store the rest of characters in the line
fgets (temprule, MAXLINECHAR, ruleset);
fprintf (ruletemp, "%s", temprule);
free (temprule);
}
}
else{
temprule = (char *)malloc (MAXLINECHAR*sizeof(char));
fgets (temprule, MAXLINECHAR, ruleset);
free (temprule);
}
free (prerule);
}
}
When I compile the file, there is no error. However, when I run it in cygwin, it crashed. The error information are as follow:
"$ ./a.exe
10 [main] a 620_cygtls::handle_exceptions: Error while dumping state (probably corrupted stack)
Segmentation fault (core dumped)"
Please help me what's wrong with the code. Thanks a lot!