From: Hui Cao (huica) <huica@cisco.com>
Date: Wed, 12 Oct 2016 20:12:51 +0000 (-0400)
Subject: Merge pull request #672 in SNORT/snort3 from smb2_reg to master
X-Git-Tag: 3.0.0-233~224
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d631e17c2aca8c87adc9fd89a93cb36de4a012d2;p=thirdparty%2Fsnort3.git

Merge pull request #672 in SNORT/snort3 from smb2_reg to master

Squashed commit of the following:

commit 22586ce0622cef8b4d1cf292fd2ebec071e1bb18
Author: huica <huica@cisco.com>
Date:   Tue Oct 11 14:27:32 2016 -0400

    Fixed file hash prune issue
---

diff --git a/src/file_api/file_enforcer.cc b/src/file_api/file_enforcer.cc
index 049a3f96f..fac8117e9 100644
--- a/src/file_api/file_enforcer.cc
+++ b/src/file_api/file_enforcer.cc
@@ -42,10 +42,19 @@
 #include "utils/util.h"
 #include "utils/snort_bounds.h"
 
+static int file_node_free_func(void*, void* data)
+{
+    FileEnforcer::FileNode* node = (FileEnforcer::FileNode*)data;
+    assert(node);
+    delete node->file;
+    node->file = nullptr;
+    return 0;
+}
+
 FileEnforcer::FileEnforcer()
 {
     fileHash = sfxhash_new(MAX_FILES_TRACKED, sizeof(FileHashKey), sizeof(FileNode),
-        MAX_MEMORY_USED, 1, nullptr, nullptr, 1);
+        MAX_MEMORY_USED, 1, nullptr, file_node_free_func, 1);
     if (!fileHash)
         FatalError("Failed to create the expected channel hash table.\n");
 }
@@ -60,7 +69,7 @@ FileEnforcer::~FileEnforcer()
 
 void FileEnforcer::update_file_node(FileNode* node, FileInfo* file)
 {
-    node->file = *file;
+    *(node->file) = *file;
 }
 
 FileVerdict FileEnforcer::check_verdict(Flow* flow, FileNode* node, SFXHASH_NODE* hash_node)
@@ -71,18 +80,20 @@ FileVerdict FileEnforcer::check_verdict(Flow* flow, FileNode* node, SFXHASH_NODE
     // Check file type first
     FilePolicy& inspect = FileService::get_inspect();
 
-    verdict = inspect.type_lookup(flow, &(node->file));
+    assert(node->file);
+
+    verdict = inspect.type_lookup(flow, node->file);
 
     if ((verdict == FILE_VERDICT_UNKNOWN) ||
         (verdict == FILE_VERDICT_STOP_CAPTURE))
     {
-        verdict = inspect.signature_lookup(flow, &(node->file));
+        verdict = inspect.signature_lookup(flow, node->file);
     }
 
     if ((verdict == FILE_VERDICT_UNKNOWN) ||
         (verdict == FILE_VERDICT_STOP_CAPTURE))
     {
-        verdict = node->file.verdict;
+        verdict = node->file->verdict;
     }
 
     if (verdict == FILE_VERDICT_LOG)
@@ -127,6 +138,8 @@ int FileEnforcer::store_verdict(Flow* flow, FileInfo* file)
         FileNode new_node;
         DebugMessage(DEBUG_FILE, "Adding file node\n");
 
+        new_node.file = new FileInfo();
+
         update_file_node(&new_node, file);
 
         /*
@@ -215,7 +228,7 @@ FileVerdict FileEnforcer::cached_verdict_lookup(Flow* flow, FileInfo* file)
     else
         return verdict;
 
-    if (node)
+    if (node && node->file)
     {
         DebugMessage(DEBUG_FILE, "Found resumed file\n");
         if (node->expires && packet_time() > node->expires)
diff --git a/src/file_api/file_enforcer.h b/src/file_api/file_enforcer.h
index e4d215bc6..02a8eb474 100644
--- a/src/file_api/file_enforcer.h
+++ b/src/file_api/file_enforcer.h
@@ -45,16 +45,16 @@ class FileEnforcer
         size_t file_sig;
     };
 
+    #define MAX_FILES_TRACKED 16384
+    #define MAX_MEMORY_USED (10*1024*1024)  // 10M
+
+public:
     struct FileNode
     {
         time_t expires;
-        FileInfo file;
+        FileInfo* file;
     };
 
-    #define MAX_FILES_TRACKED 16384
-    #define MAX_MEMORY_USED 10*1024*1024  // 10M
-
-public:
     FileEnforcer();
     ~FileEnforcer();
     FileVerdict cached_verdict_lookup(Flow*, FileInfo*);
diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc
index ecc3d3ac1..43e773fe7 100644
--- a/src/file_api/file_lib.cc
+++ b/src/file_api/file_lib.cc
@@ -329,7 +329,8 @@ bool FileContext::process(Flow* flow, const uint8_t* file_data, int data_size,
     /* file signature calculation */
     if (is_file_signature_enabled())
     {
-        process_file_signature_sha256(file_data, data_size, position);
+        if (!sha256)
+            process_file_signature_sha256(file_data, data_size, position);
 
         file_stats.data_processed[get_file_type()][get_file_direction()]
             += data_size;
@@ -418,27 +419,27 @@ void FileContext::process_file_signature_sha256(const uint8_t* file_data, int si
     switch (position)
     {
     case SNORT_FILE_START:
-        file_signature_context = snort_calloc(sizeof(SHA256_CTX));
+        if (!file_signature_context)
+            file_signature_context = snort_calloc(sizeof(SHA256_CTX));
         SHA256_Init((SHA256_CTX*)file_signature_context);
         SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
         break;
     case SNORT_FILE_MIDDLE:
         if (!file_signature_context)
-            file_signature_context = snort_calloc(sizeof(SHA256_CTX));
+            return;
         SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
         break;
     case SNORT_FILE_END:
         if (!file_signature_context)
-            file_signature_context = snort_calloc(sizeof(SHA256_CTX));
-        if (processed_bytes == 0)
-            SHA256_Init((SHA256_CTX*)file_signature_context);
+            return;
         SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
         sha256 = new uint8_t[SHA256_HASH_SIZE];
         SHA256_Final(sha256, (SHA256_CTX*)file_signature_context);
         file_state.sig_state = FILE_SIG_DONE;
         break;
     case SNORT_FILE_FULL:
-        file_signature_context = snort_calloc(sizeof (SHA256_CTX));
+        if (!file_signature_context)
+            file_signature_context = snort_calloc(sizeof (SHA256_CTX));
         SHA256_Init((SHA256_CTX*)file_signature_context);
         SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
         sha256 = new uint8_t[SHA256_HASH_SIZE];