From: Victor Julien Date: Thu, 10 Mar 2016 08:56:15 +0000 (+0100) Subject: file logging: fix bad end of file check X-Git-Tag: suricata-3.0.1RC1~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c19412243a7f1c9cf3d07de0999c026bba313c69;p=thirdparty%2Fsuricata.git file logging: fix bad end of file check File storage could end file storing when the logger was invoked while no new data chunks were available. --- diff --git a/src/output-filedata.c b/src/output-filedata.c index 9818339dfc..1e19cc9f7e 100644 --- a/src/output-filedata.c +++ b/src/output-filedata.c @@ -191,7 +191,7 @@ static TmEcode OutputFiledataLog(ThreadVars *tv, Packet *p, void *thread_data, P * case we already logged the current ffd, which * is the last in our list. */ if (ffd->stored == 1) { - if (!(file_close == 1 || ffd->next == NULL)) { + if (!(file_close == 1 && ffd->next == NULL)) { continue; } @@ -199,6 +199,7 @@ static TmEcode OutputFiledataLog(ThreadVars *tv, Packet *p, void *thread_data, P // so really a 'close' msg write_ffd = NULL; flags |= OUTPUT_FILEDATA_FLAG_CLOSE; + SCLogDebug("OUTPUT_FILEDATA_FLAG_CLOSE set"); } /* store */ @@ -216,13 +217,17 @@ static TmEcode OutputFiledataLog(ThreadVars *tv, Packet *p, void *thread_data, P * loggers */ if ((file_close || file_trunc) && ff->state < FILE_STATE_CLOSED) { ff->state = FILE_STATE_TRUNCATED; + SCLogDebug("ff->state = FILE_STATE_TRUNCATED set"); } /* for the last data chunk we have, also tell the logger * we're closing up */ - if (ffd->next == NULL && ff->state >= FILE_STATE_CLOSED) + if (ffd->next == NULL && ff->state >= FILE_STATE_CLOSED) { flags |= OUTPUT_FILEDATA_FLAG_CLOSE; + SCLogDebug("OUTPUT_FILEDATA_FLAG_CLOSE set"); + } + SCLogDebug("ff %p ffd %p flags %02x", ff, write_ffd, flags); /* do the actual logging */ file_logged = CallLoggers(tv, store, p, ff, write_ffd, flags);