Pull request #4233: file_api: do not clear the file capture and user file data pointe...

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:file_api to master

Squashed commit of the following:

commit 791c1a09f14d4cd4ebb4d9094c445a7a44b6c30e
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Thu Feb 29 08:16:59 2024 -0500

    file_api: do not clear the file capture and user file data pointers when updating the verdict from the cache

diff --git a/src/file_api/file_cache.cc b/src/file_api/file_cache.cc
index ca1e5be16067853b7478fae9f1750a50969fbf99..0256594d309efb043f1dadfaea23166bd398af44 100644 (file)
--- a/src/file_api/file_cache.cc
+++ b/src/file_api/file_cache.cc
@@ -284,7 +284,7 @@ FileVerdict FileCache::check_verdict(Packet* p, FileInfo* file,
         verdict = FILE_VERDICT_UNKNOWN;
     }
 
-    if ( file->get_file_sig_sha256() and verdict == FILE_VERDICT_UNKNOWN )
+    if ( file->get_file_sig_sha256() and verdict <= FILE_VERDICT_LOG )
     {
         file->user_file_data_mutex.lock();
         verdict = policy->signature_lookup(p, file);
@@ -510,7 +510,7 @@ FileVerdict FileCache::cached_verdict_lookup(Packet* p, FileInfo* file,
             "cached_verdict_lookup:Verdict received from cached_verdict_lookup %d\n", verdict);
         apply_verdict(p, file_found, verdict, true, policy);
         // Update the current file context from cached context
-        *file = *(FileInfo*)file_found;
+        file->copy(*(FileInfo*)file_found, false);
     }
 
     return verdict;

diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc
index 759a033724a76f1ba157dc03d8e171e8a518de3f..2c2f402ce9d643bcf454f6771bfb2023d6742934 100644 (file)
--- a/src/file_api/file_lib.cc
+++ b/src/file_api/file_lib.cc
@@ -109,8 +109,11 @@ FileInfo::~FileInfo ()
         delete[] sha256;
 }
 
-void FileInfo::copy(const FileInfo& other)
+void FileInfo::copy(const FileInfo& other, bool clear_data)
 {
+    if (&other == this)
+        return;
+
     if (other.sha256)
     {
         sha256 = new uint8_t[SHA256_HASH_SIZE];
@@ -131,10 +134,13 @@ void FileInfo::copy(const FileInfo& other)
     file_capture_enabled = other.file_capture_enabled;
     file_state = other.file_state;
     pending_expire_time = other.pending_expire_time;
-    // only one copy of file capture
-    file_capture = nullptr;
-    policy_id = 0;
-    user_file_data = nullptr;
+    if (clear_data)
+    {
+        // only one copy of file capture
+        file_capture = nullptr;
+        policy_id = 0;
+        user_file_data = nullptr;
+    }
 }
 
 FileInfo::FileInfo(const FileInfo& other)
@@ -311,7 +317,7 @@ void FileInfo::set_file_data(UserFileDataBase* fd)
     user_file_data = fd;
 }
 
-UserFileDataBase* FileInfo::get_file_data()
+UserFileDataBase* FileInfo::get_file_data() const
 {
     return user_file_data;
 }

diff --git a/src/file_api/file_lib.h b/src/file_api/file_lib.h
index f67b2e2ed98d297689ec5ccadb5834a11ada52e4..7f7faed1782cdd0f5cd0ab8b0f5e39ba3bfeb01e 100644 (file)
--- a/src/file_api/file_lib.h
+++ b/src/file_api/file_lib.h
@@ -82,7 +82,8 @@ public:
     void set_policy_id(uint32_t id);
     uint32_t get_policy_id();
     void set_file_data(UserFileDataBase* fd);
-    UserFileDataBase* get_file_data();
+    UserFileDataBase* get_file_data() const;
+    void copy(const FileInfo& other, bool clear_data = true);
     // Preserve the file in memory until it is released
     // The file reserved will be returned and it will be detached from file context/session
     FileCaptureState reserve_file(FileCapture*& dest);
@@ -112,9 +113,6 @@ protected:
     FileState file_state = { FILE_CAPTURE_SUCCESS, FILE_SIG_PROCESSING };
     uint32_t policy_id = 0;
     UserFileDataBase* user_file_data = nullptr;
-
-private:
-    void copy(const FileInfo& other);
 };
 
 class SO_PUBLIC FileContext : public FileInfo