]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cade604)
files: always initialize inspect_window and min_inspect_depth
authorVictor Julien <vjulien@oisf.net>
Wed, 23 Nov 2022 13:29:39 +0000 (14:29 +0100)
committerVictor Julien <vjulien@oisf.net>
Fri, 25 Nov 2022 13:02:57 +0000 (14:02 +0100)
This is to make sure the files buffers are properly managed even
when there are no rules or when there are no file.data rules.

Bug: #5703.

src/detect-file-data.c patch | blob | blame | history
src/util-file.c patch | blob | blame | history
src/util-file.h patch | blob | blame | history

diff --git a/src/detect-file-data.c b/src/detect-file-data.c
index 5954d2e7d223abdb93cba51c5e86bb81bc1bd72b..9227b5a6ed5f94c714773291f340852ff3a7b961 100644 (file)
--- a/src/detect-file-data.c
+++ b/src/detect-file-data.c
@@ -163,10 +163,6 @@ void DetectFiledataRegister(void)
     g_file_data_buffer_id = DetectBufferTypeGetByName("file_data");
 }
 
-#define FILEDATA_CONTENT_LIMIT 100000
-#define FILEDATA_CONTENT_INSPECT_MIN_SIZE 32768
-#define FILEDATA_CONTENT_INSPECT_WINDOW 4096
-
 static void SetupDetectEngineConfig(DetectEngineCtx *de_ctx) {
     if (de_ctx->filedata_config_initialized)
         return;
diff --git a/src/util-file.c b/src/util-file.c
index fe97a4cac37a40059ce164e33e7db4ae66d302cf..ba8ea39469d806153c91bcd96110a33c00dd6645 100644 (file)
--- a/src/util-file.c
+++ b/src/util-file.c
@@ -955,6 +955,9 @@ static File *FileOpenFile(FileContainer *ffc, const StreamingBufferConfig *sbcfg
 
     FileContainerAdd(ffc, ff);
 
+    /* set default window and min inspection size */
+    FileSetInspectSizes(ff, FILEDATA_CONTENT_INSPECT_WINDOW, FILEDATA_CONTENT_INSPECT_MIN_SIZE);
+
     ff->size += data_len;
     if (data != NULL) {
         if (AppendData(ff, data, data_len) != 0) {
diff --git a/src/util-file.h b/src/util-file.h
index 5bd1a186064d3ac2206ec6daa80818e3ccd58443..e68baf142282a0f0d20499a85150db642233cc43 100644 (file)
--- a/src/util-file.h
+++ b/src/util-file.h
@@ -61,6 +61,10 @@ typedef struct SCMd5 SCMd5;
 // to be used instead of PATH_MAX which depends on the OS
 #define SC_FILENAME_MAX 4096
 
+#define FILEDATA_CONTENT_LIMIT            100000
+#define FILEDATA_CONTENT_INSPECT_MIN_SIZE 32768
+#define FILEDATA_CONTENT_INSPECT_WINDOW   4096
+
 typedef enum FileState_ {
     FILE_STATE_NONE = 0,    /**< no state */
     FILE_STATE_OPENED,      /**< flow file is opened */
Mirror of https://github.com/OISF/suricata.git