From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Wed, 21 Apr 2021 13:16:00 +0000 (+0000)
Subject: Merge pull request #2811 in SNORT/snort3 from ~RUCOMBS/snort3:nfp to master
X-Git-Tag: 3.1.4.0~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=991fd879e0debdc0911c0d1d5a8aeb71b96ee8cf;p=thirdparty%2Fsnort3.git

Merge pull request #2811 in SNORT/snort3 from ~RUCOMBS/snort3:nfp to master

Squashed commit of the following:

commit 0349a07ec2d2ff74a3810a2952c8f642b7f0fd44
Author: russ <rucombs@cisco.com>
Date:   Thu Apr 1 09:37:30 2021 -0400

    pcre: revert change that disabled jit

commit 3e5c3aa8a6115c14b1fe2cad67a290c8c0ce8a0b
Author: russ <rucombs@cisco.com>
Date:   Tue Mar 23 11:38:38 2021 -0400

    ips: allow null detection trees with negated lists
---

diff --git a/src/detection/fp_detect.cc b/src/detection/fp_detect.cc
index 685bd597c..1015d5db0 100644
--- a/src/detection/fp_detect.cc
+++ b/src/detection/fp_detect.cc
@@ -350,10 +350,7 @@ static void rule_tree_match(
 {
     PMX* pmx = (PMX*)user;
 
-    detection_option_tree_root_t* root = (detection_option_tree_root_t*)tree;
     detection_option_eval_data_t eval_data;
-    NCListNode* ncl;
-
     eval_data.p = context->packet;
     eval_data.pmd = pmx->pmd;
     eval_data.flowbit_failed = 0;
@@ -367,7 +364,7 @@ static void rule_tree_match(
          * may muck with an unintended rule */
 
         /* Set flag for not contents so they aren't evaluated */
-        for (ncl = (NCListNode*)neg_list; ncl != nullptr; ncl = ncl->next)
+        for ( NCListNode* ncl = (NCListNode*)neg_list; ncl != nullptr; ncl = ncl->next)
         {
             PMX* neg_pmx = (PMX*)ncl->pmx;
             assert(neg_pmx->pmd->last_check);
@@ -382,6 +379,10 @@ static void rule_tree_match(
             last_check->rebuild_flag = (eval_data.p->packet_flags & PKT_REBUILT_STREAM);
         }
 
+        if ( !tree )
+            return;
+
+        detection_option_tree_root_t* root = (detection_option_tree_root_t*)tree;
         int ret = detection_option_tree_evaluate(root, eval_data);
 
         if ( ret )
@@ -729,7 +730,7 @@ private:
 bool MpseStash::push(void* user, void* tree, int index, void* context, void* list)
 {
     detection_option_tree_root_t* root = (detection_option_tree_root_t*)tree;
-    bool checker = root->otn->checks_flowbits();
+    bool checker = !root or root->otn->checks_flowbits();
     MatchStore& store = checker ? defer : queue;
 
     for ( auto it = store.rbegin(); it != store.rend(); it++ )
diff --git a/src/ips_options/ips_pcre.cc b/src/ips_options/ips_pcre.cc
index f4379a3f8..b51f0540a 100644
--- a/src/ips_options/ips_pcre.cc
+++ b/src/ips_options/ips_pcre.cc
@@ -47,7 +47,7 @@ using namespace snort;
 #define PCRE_STUDY_JIT_COMPILE 0
 #endif
 
-#define NO_JIT // uncomment to disable JIT for Xcode
+//#define NO_JIT // uncomment to disable JIT for Xcode
 
 #ifdef NO_JIT
 #define PCRE_STUDY_FLAGS 0