detect/reference: allow undefined references

References are currently not used in Suricata, so erroring out on
rules using a undefined reference is too harsh.

Just issue a warning once per unique missing reference.

diff --git a/src/detect-reference.c b/src/detect-reference.c
index d7aabf629c5b97710ff0081aa84c76efc10e27c7..5a1dbcc31e927efd8443b7abc726a21884352ab2 100644 (file)
--- a/src/detect-reference.c
+++ b/src/detect-reference.c
@@ -134,10 +134,17 @@ static DetectReference *DetectReferenceParse(const char *rawstr, DetectEngineCtx
     if (lookup_ref_conf != NULL) {
         ref->key = lookup_ref_conf->url;
     } else {
-        SCLogError(SC_ERR_REFERENCE_UNKNOWN, "unknown reference key \"%s\". "
-                   "Supported keys are defined in reference.config file.  Please "
-                   "have a look at the conf param \"reference-config-file\"", key);
-        goto error;
+        SCLogWarning(SC_ERR_REFERENCE_UNKNOWN,
+                "unknown reference key \"%s\"", key);
+
+        char str[2048];
+        snprintf(str, sizeof(str), "config reference: %s undefined\n", key);
+
+        if (SCRConfAddReference(de_ctx, str) < 0)
+            goto error;
+        lookup_ref_conf = SCRConfGetReference(key, de_ctx);
+        if (lookup_ref_conf == NULL)
+            goto error;
     }
 
     /* make a copy so we can free pcre's substring */
@@ -282,7 +289,7 @@ static int DetectReferenceParseTest03(void)
     Signature *s = DetectEngineAppendSig(de_ctx, "alert icmp any any -> any any "
                                    "(msg:\"invalid ref\"; "
                                    "reference:unknownkey,001-2010; sid:2;)");
-    FAIL_IF_NOT_NULL(s);
+    FAIL_IF_NULL(s);
     DetectEngineCtxFree(de_ctx);
     PASS;
 }

diff --git a/src/util-reference-config.c b/src/util-reference-config.c
index 5951d637aa1e850157dd7ce50772bb9a693c2e7b..4519b7b019e4c1bddcd0675aae167824e9615b4d 100644 (file)
--- a/src/util-reference-config.c
+++ b/src/util-reference-config.c
@@ -100,13 +100,13 @@ void SCReferenceConfDeinit(void)
  *
  * \param de_ctx Pointer to the Detection Engine Context.
  *
+ * \note if file open fails, we leave de_ctx->reference_conf_ht initialized
+ *
  * \retval  0 On success.
  * \retval -1 On failure.
  */
 static FILE *SCRConfInitContextAndLocalResources(DetectEngineCtx *de_ctx, FILE *fd)
 {
-    const char *filename = NULL;
-
     /* init the hash table to be used by the reference config references */
     de_ctx->reference_conf_ht = HashTableInit(128, SCRConfReferenceHashFunc,
                                               SCRConfReferenceHashCompareFunc,
@@ -114,7 +114,7 @@ static FILE *SCRConfInitContextAndLocalResources(DetectEngineCtx *de_ctx, FILE *
     if (de_ctx->reference_conf_ht == NULL) {
         SCLogError(SC_ERR_HASH_TABLE_INIT, "Error initializing the hash "
                    "table");
-        goto error;
+        return NULL;
     }
 
     /* if it is not NULL, use the file descriptor.  The hack so that we can
@@ -122,31 +122,19 @@ static FILE *SCRConfInitContextAndLocalResources(DetectEngineCtx *de_ctx, FILE *
      * instead use an input stream against a buffer containing the
      * reference strings */
     if (fd == NULL) {
-        filename = SCRConfGetConfFilename(de_ctx);
+        const char *filename = SCRConfGetConfFilename(de_ctx);
         if ((fd = fopen(filename, "r")) == NULL) {
 #ifdef UNITTESTS
             if (RunmodeIsUnittests())
-                goto error; // silently fail
+                return NULL; // silently fail
 #endif
             SCLogError(SC_ERR_FOPEN, "Error opening file: \"%s\": %s", filename,
                        strerror(errno));
-            goto error;
+            return NULL;
         }
     }
 
     return fd;
-
- error:
-    if (de_ctx->reference_conf_ht != NULL) {
-        HashTableFree(de_ctx->reference_conf_ht);
-        de_ctx->reference_conf_ht = NULL;
-    }
-    if (fd != NULL) {
-        fclose(fd);
-        fd = NULL;
-    }
-
-    return NULL;
 }