From: George Koikara (gkoikara) Date: Tue, 3 Dec 2019 10:01:18 +0000 (+0000) Subject: Merge pull request #1868 in SNORT/snort3 from ~VKAMBALA/snort3:vkambala_test to master X-Git-Tag: 3.0.0-266~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=685dfb1a7f4beb573ed241e9f480a0f3fc958937;p=thirdparty%2Fsnort3.git Merge pull request #1868 in SNORT/snort3 from ~VKAMBALA/snort3:vkambala_test to master Squashed commit of the following: commit adce4923e61c0258762b54d8cd716f7cebdd27c4 Author: krishnakanth Date: Mon Nov 18 00:12:32 2019 -0500 file_api: Fixed eventing when FILE_SIG_DEPTH failed when store files enabled --- diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc index 6dac8279d..315cf0d41 100644 --- a/src/file_api/file_lib.cc +++ b/src/file_api/file_lib.cc @@ -464,6 +464,19 @@ bool FileContext::process(Packet* p, const uint8_t* file_data, int data_size, } finish_signature_lookup(p, ( file_state.sig_state != FILE_SIG_FLUSH ), policy); + + if (file_state.sig_state == FILE_SIG_DEPTH_FAIL) + { + verdict = policy->signature_lookup(p, this); + if ( verdict != FILE_VERDICT_UNKNOWN ) + { + FileCache* file_cache = FileService::get_file_cache(); + if (file_cache) + file_cache->apply_verdict(p, this , verdict, false, policy); + + log_file_event(flow, policy); + } + } } else { diff --git a/src/file_api/file_policy.cc b/src/file_api/file_policy.cc index 8387d7b76..e11cbd2ef 100644 --- a/src/file_api/file_policy.cc +++ b/src/file_api/file_policy.cc @@ -179,6 +179,10 @@ FileVerdict FilePolicy::signature_lookup(Packet*, FileInfo* file) captured->store_file_async(); else delete captured; + + FileState state = file->get_file_state(); + if (state.sig_state == FILE_SIG_DEPTH_FAIL) + return FILE_VERDICT_LOG; } return match_file_signature(nullptr, file);