From: Victor Julien <victor@inliniac.net>
Date: Tue, 14 Aug 2018 08:17:37 +0000 (+0200)
Subject: detect/filehash: try to open data file from rulefile dir
X-Git-Tag: suricata-4.0.6~50
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=acd30a4397931cfe70aa451d1edddd09c86ae339;p=thirdparty%2Fsuricata.git

detect/filehash: try to open data file from rulefile dir

If the data file can't be found in the default location, which
normally is 'default-rule-path', try to see if it can be found
in the path of the rule file that references it.

This makes QA much easier.
---

diff --git a/configure.ac b/configure.ac
index 01589b19ec..5cc742fa4c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -131,6 +131,7 @@
     AC_CHECK_HEADERS([dirent.h fnmatch.h])
     AC_CHECK_HEADERS([sys/resource.h sys/types.h sys/un.h])
     AC_CHECK_HEADERS([sys/random.h])
+    AC_CHECK_HEADERS([libgen.h])
 
     AC_CHECK_HEADERS([sys/socket.h net/if.h sys/mman.h linux/if_arp.h], [], [],
     [[#ifdef HAVE_SYS_SOCKET_H
diff --git a/src/detect-file-hash-common.c b/src/detect-file-hash-common.c
index c9f7ab2918..9ac2a47e1d 100644
--- a/src/detect-file-hash-common.c
+++ b/src/detect-file-hash-common.c
@@ -186,7 +186,7 @@ int DetectFileHashMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
 }
 
 static const char *hexcodes = "ABCDEFabcdef0123456789";
-
+#include "libgen.h"
 /**
  * \brief Parse the filemd5, filesha1 or filesha256 keyword
  *
@@ -239,8 +239,27 @@ static DetectFileHashData *DetectFileHashParse (const DetectEngineCtx *de_ctx,
     char line[8192] = "";
     fp = fopen(filename, "r");
     if (fp == NULL) {
-        SCLogError(SC_ERR_OPENING_RULE_FILE, "opening hash file %s: %s", filename, strerror(errno));
-        goto error;
+#ifdef HAVE_LIBGEN_H
+        if (de_ctx->rule_file != NULL) {
+            char *dir = dirname(de_ctx->rule_file);
+            if (dir != NULL) {
+                char path[PATH_MAX];
+                snprintf(path, sizeof(path), "%s/%s", dir, str);
+                fp = fopen(path, "r");
+                if (fp == NULL) {
+                    SCLogError(SC_ERR_OPENING_RULE_FILE,
+                            "opening hash file %s: %s", path, strerror(errno));
+                    goto error;
+                }
+            }
+        }
+        if (fp == NULL) {
+#endif
+            SCLogError(SC_ERR_OPENING_RULE_FILE, "opening hash file %s: %s", filename, strerror(errno));
+            goto error;
+#ifdef HAVE_LIBGEN_H
+        }
+#endif
     }
 
     int line_no = 0;
diff --git a/src/suricata-common.h b/src/suricata-common.h
index ec34a8c6ce..cee6d00587 100644
--- a/src/suricata-common.h
+++ b/src/suricata-common.h
@@ -196,6 +196,10 @@
 #include <pcap/bpf.h>
 #endif
 
+#ifdef HAVE_LIBGEN_H
+#include <libgen.h>
+#endif
+
 #if __CYGWIN__
 #if !defined _X86_ && !defined __x86_64
 #define _X86_