* matches. */
if (file != NULL) {
file_id = file->file_store_id;
+ if (file->sid != NULL && s->id > 0) {
+ if (file->sid_cnt >= file->sid_max) {
+ void *p = SCRealloc(file->sid, sizeof(uint32_t) * (file->sid_max + 8));
+ if (p == NULL) {
+ SCFree(file->sid);
+ file->sid = NULL;
+ file->sid_cnt = 0;
+ file->sid_max = 0;
+ goto continue_after_realloc_fail;
+ } else {
+ file->sid = p;
+ file->sid_max += 8;
+ }
+ }
+ file->sid[file->sid_cnt] = s->id;
+ file->sid_cnt++;
+ }
}
+continue_after_realloc_fail:
+
det_ctx->filestore[det_ctx->filestore_cnt].file_id = file_id;
det_ctx->filestore[det_ctx->filestore_cnt].tx_id = det_ctx->tx_id;
char filename_string[filename_size];
BytesToStringBuffer(ff->name, ff->name_len, filename_string, filename_size);
json_object_set_new(fjs, "filename", SCJsonString(filename_string));
+
+ json_t *sig_ids = json_array();
+ if (unlikely(sig_ids == NULL)) {
+ json_decref(js);
+ return NULL;
+ }
+
+ for (uint32_t i = 0; ff->sid != NULL && i < ff->sid_cnt; i++) {
+ json_array_append(sig_ids, json_integer(ff->sid[i]));
+ }
+ json_object_set_new(fjs, "sid", sig_ids);
+
#ifdef HAVE_MAGIC
if (ff->magic)
json_object_set_new(fjs, "magic", json_string((char *)ff->magic));
new->name_len = name_len;
memcpy(new->name, name, name_len);
+ new->sid_cnt = 0;
+ new->sid_max = 8;
+ /* SCMalloc() is allowed to fail here because sid well be checked later on */
+ new->sid = SCMalloc(sizeof(uint32_t) * new->sid_max);
+ if (new->sid == NULL)
+ new->sid_max = 0;
+
return new;
}
if (ff->name != NULL)
SCFree(ff->name);
+ if (ff->sid != NULL)
+ SCFree(ff->sid);
#ifdef HAVE_MAGIC
/* magic returned by libmagic is strdup'd by MagicLookup. */
if (ff->magic != NULL)
* flag is set */
uint64_t content_stored;
uint64_t size;
+
+ uint32_t *sid; /* signature id of a rule that triggered the filestore event */
+ uint32_t sid_cnt;
+ uint32_t sid_max;
} File;
typedef struct FileContainer_ {
projects / thirdparty / suricata.git / commitdiff
