detect/filehash: try to open data file from rulefile dir

If the data file can't be found in the default location, which
normally is 'default-rule-path', try to see if it can be found
in the path of the rule file that references it.

This makes QA much easier.

diff --git a/configure.ac b/configure.ac
index 01589b19ec002d81d9e4b06a32e2ffeaf621408e..5cc742fa4c5f0228d11c7e2b2e10a359897b0571 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -131,6 +131,7 @@
     AC_CHECK_HEADERS([dirent.h fnmatch.h])
     AC_CHECK_HEADERS([sys/resource.h sys/types.h sys/un.h])
     AC_CHECK_HEADERS([sys/random.h])
+    AC_CHECK_HEADERS([libgen.h])
 
     AC_CHECK_HEADERS([sys/socket.h net/if.h sys/mman.h linux/if_arp.h], [], [],
     [[#ifdef HAVE_SYS_SOCKET_H

diff --git a/src/detect-file-hash-common.c b/src/detect-file-hash-common.c
index c9f7ab2918387fe88910d64e5dc286be2c4b9d5f..9ac2a47e1de5e7ef2bdbc6138853b0d9e9bbb293 100644 (file)
--- a/src/detect-file-hash-common.c
+++ b/src/detect-file-hash-common.c
@@ -186,7 +186,7 @@ int DetectFileHashMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
 }
 
 static const char *hexcodes = "ABCDEFabcdef0123456789";
-
+#include "libgen.h"
 /**
  * \brief Parse the filemd5, filesha1 or filesha256 keyword
  *
@@ -239,8 +239,27 @@ static DetectFileHashData *DetectFileHashParse (const DetectEngineCtx *de_ctx,
     char line[8192] = "";
     fp = fopen(filename, "r");
     if (fp == NULL) {
-        SCLogError(SC_ERR_OPENING_RULE_FILE, "opening hash file %s: %s", filename, strerror(errno));
-        goto error;
+#ifdef HAVE_LIBGEN_H
+        if (de_ctx->rule_file != NULL) {
+            char *dir = dirname(de_ctx->rule_file);
+            if (dir != NULL) {
+                char path[PATH_MAX];
+                snprintf(path, sizeof(path), "%s/%s", dir, str);
+                fp = fopen(path, "r");
+                if (fp == NULL) {
+                    SCLogError(SC_ERR_OPENING_RULE_FILE,
+                            "opening hash file %s: %s", path, strerror(errno));
+                    goto error;
+                }
+            }
+        }
+        if (fp == NULL) {
+#endif
+            SCLogError(SC_ERR_OPENING_RULE_FILE, "opening hash file %s: %s", filename, strerror(errno));
+            goto error;
+#ifdef HAVE_LIBGEN_H
+        }
+#endif
     }
 
     int line_no = 0;

diff --git a/src/suricata-common.h b/src/suricata-common.h
index ec34a8c6cea2191a0befee183c501f3d0f7b409b..cee6d005872cb438d8fc328d29b4051d97e66693 100644 (file)
--- a/src/suricata-common.h
+++ b/src/suricata-common.h
@@ -196,6 +196,10 @@
 #include <pcap/bpf.h>
 #endif
 
+#ifdef HAVE_LIBGEN_H
+#include <libgen.h>
+#endif
+
 #if __CYGWIN__
 #if !defined _X86_ && !defined __x86_64
 #define _X86_