From: Victor Julien Date: Wed, 31 Oct 2012 14:51:41 +0000 (+0100) Subject: filestore: fix logic flag in continued stateful detection X-Git-Tag: suricata-1.4beta3~48 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=70bc9e2494f287312a2ecc137e6ae1b98ba2a510;p=thirdparty%2Fsuricata.git filestore: fix logic flag in continued stateful detection --- diff --git a/src/detect-filestore.c b/src/detect-filestore.c index 535e22d44c..20157bb3d8 100644 --- a/src/detect-filestore.c +++ b/src/detect-filestore.c @@ -196,7 +196,7 @@ static int FilestorePostMatchWithOptions(Packet *p, Flow *f, DetectFilestoreData * When we are sure all parts of the signature matched, we run this function * to finalize the filestore. */ -int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p) { +int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s) { uint8_t flags = 0; SCEnter(); @@ -205,7 +205,7 @@ int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack SCReturnInt(0); } - if (det_ctx->filestore_sm == NULL || p->flow == NULL) { + if (s->filestore_sm == NULL || p->flow == NULL) { #ifndef DEBUG SCReturnInt(0); #else @@ -223,13 +223,13 @@ int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack FileContainer *ffc = AppLayerGetFilesFromFlow(p->flow, flags); /* filestore for single files only */ - if (det_ctx->filestore_sm->ctx == NULL) { + if (s->filestore_sm->ctx == NULL) { uint16_t u; for (u = 0; u < det_ctx->filestore_cnt; u++) { FileStoreFileById(ffc, det_ctx->filestore[u].file_id); } } else { - DetectFilestoreData *filestore = det_ctx->filestore_sm->ctx; + DetectFilestoreData *filestore = s->filestore_sm->ctx; uint16_t u; for (u = 0; u < det_ctx->filestore_cnt; u++) { @@ -284,8 +284,6 @@ static int DetectFilestoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, det_ctx->filestore[det_ctx->filestore_cnt].tx_id); det_ctx->filestore_cnt++; - - det_ctx->filestore_sm = m; SCReturnInt(1); } @@ -407,6 +405,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, char *st } SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); + s->filestore_sm = sm; if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); diff --git a/src/detect-filestore.h b/src/detect-filestore.h index cd3f014400..1879b87532 100644 --- a/src/detect-filestore.h +++ b/src/detect-filestore.h @@ -41,5 +41,5 @@ typedef struct DetectFilestoreData_ { /* prototypes */ void DetectFilestoreRegister (void); -int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p); +int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *); #endif /* __DETECT_FILESTORE_H__ */ diff --git a/src/detect.c b/src/detect.c index dab006c030..3e274f2352 100644 --- a/src/detect.c +++ b/src/detect.c @@ -771,7 +771,7 @@ static int SigMatchSignaturesRunPostMatch(ThreadVars *tv, det_ctx->replist = NULL; if (s->flags & SIG_FLAG_FILESTORE) - DetectFilestorePostMatch(tv, det_ctx, p); + DetectFilestorePostMatch(tv, det_ctx, p, s); return 1; } @@ -1596,7 +1596,6 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh next: DetectReplaceFree(det_ctx->replist); det_ctx->replist = NULL; - det_ctx->filestore_sm = NULL; RULE_PROFILING_END(det_ctx, s, smatch); det_ctx->flags = 0; diff --git a/src/detect.h b/src/detect.h index 4182d13fd1..1a49106b40 100644 --- a/src/detect.h +++ b/src/detect.h @@ -446,6 +446,7 @@ typedef struct Signature_ { uint16_t sm_cnt; SigMatch *dsize_sm; + SigMatch *filestore_sm; /* the fast pattern added from this signature */ SigMatch *mpm_sm; /* helper for init phase */ @@ -810,7 +811,6 @@ typedef struct DetectionEngineThreadCtx_ { uint16_t file_id; uint16_t tx_id; } filestore[DETECT_FILESTORE_MAX]; - SigMatch *filestore_sm; DetectEngineCtx *de_ctx; #ifdef __SC_CUDA_SUPPORT__