From: Victor Julien <vjulien@oisf.net>
Date: Wed, 23 Nov 2022 13:29:39 +0000 (+0100)
Subject: files: always initialize inspect_window and min_inspect_depth
X-Git-Tag: suricata-6.0.9~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5db0ef4415ca9c6cf596f4c8c06376a220d242fb;p=thirdparty%2Fsuricata.git

files: always initialize inspect_window and min_inspect_depth

This is to make sure the files buffers are properly managed even
when there are no rules or when there are no file.data rules.

Bug: #5703.
(cherry picked from commit e601ebdfd8efa9a36e5d0d9a1539945c6498bd7c)
---

diff --git a/src/detect-file-data.c b/src/detect-file-data.c
index 8536b93942..b326e0c92f 100644
--- a/src/detect-file-data.c
+++ b/src/detect-file-data.c
@@ -139,10 +139,6 @@ void DetectFiledataRegister(void)
     g_file_data_buffer_id = DetectBufferTypeGetByName("file_data");
 }
 
-#define FILEDATA_CONTENT_LIMIT 100000
-#define FILEDATA_CONTENT_INSPECT_MIN_SIZE 32768
-#define FILEDATA_CONTENT_INSPECT_WINDOW 4096
-
 static void SetupDetectEngineConfig(DetectEngineCtx *de_ctx) {
     if (de_ctx->filedata_config_initialized)
         return;
diff --git a/src/util-file.c b/src/util-file.c
index f41c1b0750..9e8e64c376 100644
--- a/src/util-file.c
+++ b/src/util-file.c
@@ -913,6 +913,9 @@ static File *FileOpenFile(FileContainer *ffc, const StreamingBufferConfig *sbcfg
 
     FileContainerAdd(ffc, ff);
 
+    /* set default window and min inspection size */
+    FileSetInspectSizes(ff, FILEDATA_CONTENT_INSPECT_WINDOW, FILEDATA_CONTENT_INSPECT_MIN_SIZE);
+
     ff->size += data_len;
     if (data != NULL) {
         if (AppendData(ff, data, data_len) != 0) {
diff --git a/src/util-file.h b/src/util-file.h
index a4e3c6a10e..5730e94fad 100644
--- a/src/util-file.h
+++ b/src/util-file.h
@@ -49,6 +49,10 @@
 #define FILE_USE_DETECT BIT_U16(13) /**< use content_inspected tracker */
 #define FILE_HAS_GAPS   BIT_U16(15)
 
+#define FILEDATA_CONTENT_LIMIT            100000
+#define FILEDATA_CONTENT_INSPECT_MIN_SIZE 32768
+#define FILEDATA_CONTENT_INSPECT_WINDOW   4096
+
 typedef enum FileState_ {
     FILE_STATE_NONE = 0,    /**< no state */
     FILE_STATE_OPENED,      /**< flow file is opened */