Pull request #5010: smb,dlp: update filename,filesize of FileInfo handling to enable...

Merge in SNORT/snort3 from ~VEVURI/snort3:dlp-for-smb to master

Squashed commit of the following:

commit 05bda7e2ae1e9459082199474e77750d03bbe916
Author: Veera Reddy Evuri <vevuri@cisco.com>
Date:   Wed Nov 26 02:04:04 2025 -0800

    smb,dlp: update filename,filesize of FileInfo handling to enable dlp evaluation for repeated txns

diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc
index 1a1cbee556030e7b5795b068303b7eda90ac534c..289566a96797cc526fc81d747e202f930e1a951d 100644 (file)
--- a/src/file_api/file_lib.cc
+++ b/src/file_api/file_lib.cc
@@ -533,7 +533,7 @@ inline void FileContext::finalize_file_type()
 
 void FileContext::log_file_event(Flow* flow, FilePolicyBase* policy)
 {
-    // log file event either when filename is set or if it is a asymmetric flow  
+    // log file event either when filename is set or if it is a asymmetric flow
     if ( is_file_name_set() or !flow->two_way_traffic() )
     {
         bool log_needed = true;
@@ -655,10 +655,7 @@ void FileInfo::reset()
 {
     verdict = FILE_VERDICT_UNKNOWN;
     processing_complete = false;
-    set_file_size(0);
     reset_sha();
-    if (is_file_name_set())
-        unset_file_name();
     pending_expire_time.tv_sec = 0;
     pending_expire_time.tv_usec = 0;
 }
@@ -690,10 +687,7 @@ void FileContext::reset()
 {
     verdict = FILE_VERDICT_UNKNOWN;
     processing_complete = false;
-    set_file_size(0);
     reset_sha();
-    if (is_file_name_set())
-        unset_file_name();
     remove_segments();
 }
 
@@ -1222,12 +1216,15 @@ TEST_CASE ("reset", "[file_info]")
     info.verdict = FILE_VERDICT_BLOCK;
     info.processing_complete = true;
     info.set_file_name("test", 4);
+    info.set_file_size(123);
 
     info.reset();
 
     CHECK (false == info.processing_complete);
     CHECK (FILE_VERDICT_UNKNOWN == info.verdict);
-    CHECK (false == info.is_file_name_set());
+    CHECK (true == info.is_file_name_set());
+    CHECK (std::string("test") == info.get_file_name());
+    CHECK (123 == info.get_file_size());
 }
 
 TEST_CASE ("re_eval", "[file_info]")

diff --git a/src/service_inspectors/dce_rpc/dce_smb2_commands.cc b/src/service_inspectors/dce_rpc/dce_smb2_commands.cc
index d61c68e46ff05d7efc1603c0fff511a077b92859..97c1187c3e9440e3571b5b61b12f551a57ad7a44 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb2_commands.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb2_commands.cc
@@ -78,7 +78,7 @@ static inline FileContext* DCE2_Smb2GetFileContext(DCE2_Smb2SsnData*, DCE2_Smb2F
     }
     bool is_new_context = false;
     if (ftracker->file_name_hash)
-            return file_flows->get_file_context(ftracker->file_name_hash, to_create, is_new_context, ftracker->file_id);
+        return file_flows->get_file_context(ftracker->file_name_hash, to_create, is_new_context, ftracker->file_id);
     return file_flows->get_file_context(ftracker->file_id, to_create, is_new_context);
 }
 
@@ -1047,7 +1047,13 @@ static void DCE2_Smb2WriteRequest(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
         {
             FileContext* file = DCE2_Smb2GetFileContext(ssd, ftracker, true);
             if (file)
-                file->set_file_size(!ftracker->file_size ? UNKNOWN_FILE_SIZE : ftracker->file_size);
+            {
+                //preserve cached file_size when ftracker->file_size=0
+                if (ftracker->file_size != 0)
+                    file->set_file_size(ftracker->file_size);
+                else if (file->get_file_size() == 0)
+                    file->set_file_size(UNKNOWN_FILE_SIZE);
+            }
         }
         if (!DCE2_Smb2ProcessFileData(ssd, file_data, data_size))
             return;