From: Victor Julien Date: Wed, 2 Oct 2019 19:47:29 +0000 (+0200) Subject: detect/reference: allow undefined references X-Git-Tag: suricata-5.0.0~63 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0b40d4ae93e6f5214e4d3e5c3cbd277a08fb3a2f;p=thirdparty%2Fsuricata.git detect/reference: allow undefined references References are currently not used in Suricata, so erroring out on rules using a undefined reference is too harsh. Just issue a warning once per unique missing reference. --- diff --git a/src/detect-reference.c b/src/detect-reference.c index d7aabf629c..5a1dbcc31e 100644 --- a/src/detect-reference.c +++ b/src/detect-reference.c @@ -134,10 +134,17 @@ static DetectReference *DetectReferenceParse(const char *rawstr, DetectEngineCtx if (lookup_ref_conf != NULL) { ref->key = lookup_ref_conf->url; } else { - SCLogError(SC_ERR_REFERENCE_UNKNOWN, "unknown reference key \"%s\". " - "Supported keys are defined in reference.config file. Please " - "have a look at the conf param \"reference-config-file\"", key); - goto error; + SCLogWarning(SC_ERR_REFERENCE_UNKNOWN, + "unknown reference key \"%s\"", key); + + char str[2048]; + snprintf(str, sizeof(str), "config reference: %s undefined\n", key); + + if (SCRConfAddReference(de_ctx, str) < 0) + goto error; + lookup_ref_conf = SCRConfGetReference(key, de_ctx); + if (lookup_ref_conf == NULL) + goto error; } /* make a copy so we can free pcre's substring */ @@ -282,7 +289,7 @@ static int DetectReferenceParseTest03(void) Signature *s = DetectEngineAppendSig(de_ctx, "alert icmp any any -> any any " "(msg:\"invalid ref\"; " "reference:unknownkey,001-2010; sid:2;)"); - FAIL_IF_NOT_NULL(s); + FAIL_IF_NULL(s); DetectEngineCtxFree(de_ctx); PASS; } diff --git a/src/util-reference-config.c b/src/util-reference-config.c index 5951d637aa..4519b7b019 100644 --- a/src/util-reference-config.c +++ b/src/util-reference-config.c @@ -100,13 +100,13 @@ void SCReferenceConfDeinit(void) * * \param de_ctx Pointer to the Detection Engine Context. * + * \note if file open fails, we leave de_ctx->reference_conf_ht initialized + * * \retval 0 On success. * \retval -1 On failure. */ static FILE *SCRConfInitContextAndLocalResources(DetectEngineCtx *de_ctx, FILE *fd) { - const char *filename = NULL; - /* init the hash table to be used by the reference config references */ de_ctx->reference_conf_ht = HashTableInit(128, SCRConfReferenceHashFunc, SCRConfReferenceHashCompareFunc, @@ -114,7 +114,7 @@ static FILE *SCRConfInitContextAndLocalResources(DetectEngineCtx *de_ctx, FILE * if (de_ctx->reference_conf_ht == NULL) { SCLogError(SC_ERR_HASH_TABLE_INIT, "Error initializing the hash " "table"); - goto error; + return NULL; } /* if it is not NULL, use the file descriptor. The hack so that we can @@ -122,31 +122,19 @@ static FILE *SCRConfInitContextAndLocalResources(DetectEngineCtx *de_ctx, FILE * * instead use an input stream against a buffer containing the * reference strings */ if (fd == NULL) { - filename = SCRConfGetConfFilename(de_ctx); + const char *filename = SCRConfGetConfFilename(de_ctx); if ((fd = fopen(filename, "r")) == NULL) { #ifdef UNITTESTS if (RunmodeIsUnittests()) - goto error; // silently fail + return NULL; // silently fail #endif SCLogError(SC_ERR_FOPEN, "Error opening file: \"%s\": %s", filename, strerror(errno)); - goto error; + return NULL; } } return fd; - - error: - if (de_ctx->reference_conf_ht != NULL) { - HashTableFree(de_ctx->reference_conf_ht); - de_ctx->reference_conf_ht = NULL; - } - if (fd != NULL) { - fclose(fd); - fd = NULL; - } - - return NULL; }