From: Victor Julien Date: Wed, 19 Jul 2017 10:45:39 +0000 (+0200) Subject: detect: more gracefully handle mpm prepare failure X-Git-Tag: suricata-4.0.0~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dbd2d7c05805e2033018abb7412275cfa815b109;p=thirdparty%2Fsuricata.git detect: more gracefully handle mpm prepare failure Exit with error instead of using the detection engine in a broken state. Bug #2187 --- diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index 82f53dbbe2..6351455319 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -167,8 +167,9 @@ void DetectMpmInitializeAppMpms(DetectEngineCtx *de_ctx) * \brief initialize mpm contexts for applayer buffers that are in * "single or "shared" mode. */ -void DetectMpmPrepareAppMpms(DetectEngineCtx *de_ctx) +int DetectMpmPrepareAppMpms(DetectEngineCtx *de_ctx) { + int r = 0; DetectMpmAppLayerKeyword *am = de_ctx->app_mpms; while (am->reg != NULL) { int dir = (am->reg->direction == SIG_FLAG_TOSERVER) ? 1 : 0; @@ -178,12 +179,13 @@ void DetectMpmPrepareAppMpms(DetectEngineCtx *de_ctx) MpmCtx *mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, am->sgh_mpm_context, dir); if (mpm_ctx != NULL) { if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); } } } am++; } + return r; } static int32_t SetupBuiltinMpm(DetectEngineCtx *de_ctx, const char *name) @@ -223,49 +225,52 @@ void DetectMpmInitializeBuiltinMpms(DetectEngineCtx *de_ctx) * \brief initialize mpm contexts for builtin buffers that are in * "single or "shared" mode. */ -void DetectMpmPrepareBuiltinMpms(DetectEngineCtx *de_ctx) +int DetectMpmPrepareBuiltinMpms(DetectEngineCtx *de_ctx) { + int r = 0; MpmCtx *mpm_ctx = NULL; if (de_ctx->sgh_mpm_context_proto_tcp_packet != MPM_CTX_FACTORY_UNIQUE_CONTEXT) { mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_tcp_packet, 0); if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); } mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_tcp_packet, 1); if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); } } if (de_ctx->sgh_mpm_context_proto_udp_packet != MPM_CTX_FACTORY_UNIQUE_CONTEXT) { mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_udp_packet, 0); if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); } mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_udp_packet, 1); if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); } } if (de_ctx->sgh_mpm_context_proto_other_packet != MPM_CTX_FACTORY_UNIQUE_CONTEXT) { mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_other_packet, 0); if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); } } if (de_ctx->sgh_mpm_context_stream != MPM_CTX_FACTORY_UNIQUE_CONTEXT) { mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_stream, 0); if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); } mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_stream, 1); if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); } } + + return r; } /** @@ -404,12 +409,6 @@ void PatternMatchDestroy(MpmCtx *mpm_ctx, uint16_t mpm_matcher) mpm_table[mpm_matcher].DestroyCtx(mpm_ctx); } -void PatternMatchPrepare(MpmCtx *mpm_ctx, uint16_t mpm_matcher) -{ - SCLogDebug("mpm_ctx %p, mpm_matcher %"PRIu16"", mpm_ctx, mpm_matcher); - MpmInitCtx(mpm_ctx, mpm_matcher); -} - void PatternMatchThreadPrint(MpmThreadCtx *mpm_thread_ctx, uint16_t mpm_matcher) { SCLogDebug("mpm_thread_ctx %p, mpm_matcher %"PRIu16" defunct", mpm_thread_ctx, mpm_matcher); diff --git a/src/detect-engine-mpm.h b/src/detect-engine-mpm.h index 91511689f0..80ce0bdd99 100644 --- a/src/detect-engine-mpm.h +++ b/src/detect-engine-mpm.h @@ -33,9 +33,9 @@ #include "stream.h" void DetectMpmInitializeAppMpms(DetectEngineCtx *de_ctx); -void DetectMpmPrepareAppMpms(DetectEngineCtx *de_ctx); +int DetectMpmPrepareAppMpms(DetectEngineCtx *de_ctx); void DetectMpmInitializeBuiltinMpms(DetectEngineCtx *de_ctx); -void DetectMpmPrepareBuiltinMpms(DetectEngineCtx *de_ctx); +int DetectMpmPrepareBuiltinMpms(DetectEngineCtx *de_ctx); uint32_t PatternStrength(uint8_t *, uint16_t); diff --git a/src/detect.c b/src/detect.c index fdf2a11d27..730cc6c21b 100644 --- a/src/detect.c +++ b/src/detect.c @@ -3574,8 +3574,12 @@ int SigGroupBuild(DetectEngineCtx *de_ctx) } #endif - DetectMpmPrepareBuiltinMpms(de_ctx); - DetectMpmPrepareAppMpms(de_ctx); + int r = DetectMpmPrepareBuiltinMpms(de_ctx); + r |= DetectMpmPrepareAppMpms(de_ctx); + if (r != 0) { + SCLogError(SC_ERR_DETECT_PREPARE, "initializing the detection engine failed"); + exit(EXIT_FAILURE); + } if (SigMatchPrepare(de_ctx) != 0) { SCLogError(SC_ERR_DETECT_PREPARE, "initializing the detection engine failed");