datajson: fix thread safety violation

author Eric Leblond <el@stamus-networks.com>

Mon, 28 Apr 2025 19:29:51 +0000 (21:29 +0200)

committer Victor Julien <victor@inliniac.net>

Wed, 11 Jun 2025 18:49:18 +0000 (20:49 +0200)
author Eric Leblond <el@stamus-networks.com>
Mon, 28 Apr 2025 19:29:51 +0000 (21:29 +0200)
committer Victor Julien <victor@inliniac.net>
Wed, 11 Jun 2025 18:49:18 +0000 (20:49 +0200)
diff --git a/src/datajson.c b/src/datajson.c

index f8d1fc7f581138910a69b6bc2f18fd1e25dba377..ba2be9f20b6e953f34085dd49337f44ef9a51dfd 100644 (file)
--- a/src/datajson.c
+++ b/src/datajson.c
@@ -44,6 +44,13 @@ static inline void DatajsonUnlockData(THashData *d)
      THashDataUnlock(d);
  }
  
+void DatajsonUnlockElt(DataJsonResultType *r)
+{
+    if (r->hashdata) {
+        DatajsonUnlockData(r->hashdata);
+    }
+}
+
  /* return true if number is a float or an integer */
  static bool IsFloat(const char *in, size_t ins)
  {
@@ -786,7 +793,7 @@ static DataJsonResultType DatajsonLookupString(
          StringType *found = rdata->data;
          rrep.found = true;
          rrep.json = found->json;
-        DatajsonUnlockData(rdata);
+        rrep.hashdata = rdata;
          return rrep;
      }
      return rrep;
@@ -810,7 +817,7 @@ static DataJsonResultType DatajsonLookupMd5(
          Md5Type *found = rdata->data;
          rrep.found = true;
          rrep.json = found->json;
-        DatajsonUnlockData(rdata);
+        rrep.hashdata = rdata;
          return rrep;
      }
      return rrep;
@@ -834,7 +841,7 @@ static DataJsonResultType DatajsonLookupSha256(
          Sha256Type *found = rdata->data;
          rrep.found = true;
          rrep.json = found->json;
-        DatajsonUnlockData(rdata);
+        rrep.hashdata = rdata;
          return rrep;
      }
      return rrep;
@@ -858,7 +865,7 @@ static DataJsonResultType DatajsonLookupIPv4(
          IPv4Type *found = rdata->data;
          rrep.found = true;
          rrep.json = found->json;
-        DatajsonUnlockData(rdata);
+        rrep.hashdata = rdata;
          return rrep;
      }
      return rrep;
@@ -883,7 +890,7 @@ static DataJsonResultType DatajsonLookupIPv6(
          IPv6Type *found = rdata->data;
          rrep.found = true;
          rrep.json = found->json;
-        DatajsonUnlockData(rdata);
+        rrep.hashdata = rdata;
          return rrep;
      }
      return rrep;
diff --git a/src/datajson.h b/src/datajson.h

index 710485cc1f8bb86f16d166b912715755ae8c6446..9871b1100509008a77521772c7146af039f65be2 100644 (file)
--- a/src/datajson.h
+++ b/src/datajson.h
@@ -37,6 +37,7 @@ typedef struct DataJsonType {
  typedef struct DataJsonResultType {
      bool found;
      DataJsonType json;
+    THashData *hashdata;
  } DataJsonResultType;
  
  /* Common functions */
@@ -49,4 +50,6 @@ DataJsonResultType DatajsonLookup(Dataset *set, const uint8_t *data, const uint3
  
  int DatajsonAddSerialized(Dataset *set, const char *value, const char *json);
  
+void DatajsonUnlockElt(DataJsonResultType *r);
+
  #endif /* SURICATA_DATAJSON_H*/
diff --git a/src/detect-dataset.c b/src/detect-dataset.c

index 1485c4b2e0c8270d0322744f22c4451635e8c656..623b8c119de25e816805608166baec75ffd05e53 100644 (file)
--- a/src/detect-dataset.c
+++ b/src/detect-dataset.c
@@ -89,6 +89,7 @@ static int DetectDatajsonBufferMatch(DetectEngineThreadCtx *det_ctx, const Detec
                      det_ctx->json_content[det_ctx->json_content_len].id = sd->id;
                      det_ctx->json_content_len++;
                  }
+                DatajsonUnlockElt(&r);
              }
              return 1;
          }
author	Eric Leblond <el@stamus-networks.com>
	Mon, 28 Apr 2025 19:29:51 +0000 (21:29 +0200)
committer	Victor Julien <victor@inliniac.net>
	Wed, 11 Jun 2025 18:49:18 +0000 (20:49 +0200)
src/datajson.c		patch \| blob \| blame \| history
src/datajson.h		patch \| blob \| blame \| history
src/detect-dataset.c		patch \| blob \| blame \| history