Merge pull request #1868 in SNORT/snort3 from ~VKAMBALA/snort3:vkambala_test to master

Squashed commit of the following:

commit adce4923e61c0258762b54d8cd716f7cebdd27c4
Author: krishnakanth <vkambala@cisco.com>
Date:   Mon Nov 18 00:12:32 2019 -0500

    file_api: Fixed eventing when FILE_SIG_DEPTH failed when store files enabled

diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc
index 6dac8279d777cc4c04b2e98aa50648e4b38e6855..315cf0d416b19b4684eea4da2c37f352af8f7951 100644 (file)
--- a/src/file_api/file_lib.cc
+++ b/src/file_api/file_lib.cc
@@ -464,6 +464,19 @@ bool FileContext::process(Packet* p, const uint8_t* file_data, int data_size,
         }
 
         finish_signature_lookup(p, ( file_state.sig_state != FILE_SIG_FLUSH ), policy);
+
+        if (file_state.sig_state == FILE_SIG_DEPTH_FAIL)
+        {
+            verdict = policy->signature_lookup(p, this);
+            if ( verdict != FILE_VERDICT_UNKNOWN )
+            {
+                FileCache* file_cache = FileService::get_file_cache();
+                if (file_cache)
+                    file_cache->apply_verdict(p, this , verdict, false, policy);
+
+                log_file_event(flow, policy);
+            }
+        }
     }
     else
     {

diff --git a/src/file_api/file_policy.cc b/src/file_api/file_policy.cc
index 8387d7b761a726bbe022e30d7e47703c959bc07b..e11cbd2efbddec53d780c64a27590b0a7aaa3ca2 100644 (file)
--- a/src/file_api/file_policy.cc
+++ b/src/file_api/file_policy.cc
@@ -179,6 +179,10 @@ FileVerdict FilePolicy::signature_lookup(Packet*, FileInfo* file)
             captured->store_file_async();
         else
             delete captured;
+
+        FileState state = file->get_file_state();
+        if (state.sig_state == FILE_SIG_DEPTH_FAIL)
+            return FILE_VERDICT_LOG;
     }
 
     return match_file_signature(nullptr, file);