From: Victor Julien <vjulien@oisf.net>
Date: Sun, 16 Jul 2023 08:44:18 +0000 (+0200)
Subject: reference: fix multi-tenant loading issues
X-Git-Tag: suricata-7.0.0~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e2f4c751aa1fa7cbf499712b0829f8df61d14787;p=thirdparty%2Fsuricata.git

reference: fix multi-tenant loading issues

Bug: #4797.
---

diff --git a/src/detect-engine.c b/src/detect-engine.c
index 346060f383..f4a0aa8c9d 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -2523,6 +2523,7 @@ static DetectEngineCtx *DetectEngineCtxInitReal(enum DetectEngineType type, cons
     if (ActionInitConfig() < 0) {
         goto error;
     }
+    SCReferenceConfInit(de_ctx);
     if (SCRConfLoadReferenceConfigFile(de_ctx, NULL) < 0) {
         if (RunmodeGetCurrent() == RUNMODE_CONF_TEST)
             goto error;
@@ -2660,6 +2661,7 @@ void DetectEngineCtxFree(DetectEngineCtx *de_ctx)
     /* freed our var name hash */
     VarNameStoreFree(de_ctx->version);
     SCClassConfDeinit(de_ctx);
+    SCReferenceConfDeinit(de_ctx);
 
     SCFree(de_ctx);
     //DetectAddressGroupPrintMemory();
diff --git a/src/detect.h b/src/detect.h
index 1a5fac560f..fe2bbfa6e2 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -853,9 +853,6 @@ typedef struct DetectEngineCtx_ {
     /* used by the signature ordering module */
     struct SCSigOrderFunc_ *sc_sig_order_funcs;
 
-    /* hash table used for holding the reference config info */
-    HashTable *reference_conf_ht;
-
     /* main sigs */
     DetectEngineLookupFlow flow_gh[FLOW_STATES];
 
@@ -1016,6 +1013,14 @@ typedef struct DetectEngineCtx_ {
     HashTable *class_conf_ht;
     pcre2_code *class_conf_regex;
     pcre2_match_data *class_conf_regex_match;
+
+    /* reference config parsing */
+
+    /* hash table used for holding the reference config info */
+    HashTable *reference_conf_ht;
+    pcre2_code *reference_conf_regex;
+    pcre2_match_data *reference_conf_regex_match;
+
 } DetectEngineCtx;
 
 /* Engine groups profiles (low, medium, high, custom) */
diff --git a/src/runmode-unittests.c b/src/runmode-unittests.c
index fa69d48f84..1150bad895 100644
--- a/src/runmode-unittests.c
+++ b/src/runmode-unittests.c
@@ -253,7 +253,6 @@ void RunUnittests(int list_unittests, const char *regex_arg)
     TmqhSetup();
 
     TagInitCtx();
-    SCReferenceConfInit();
 
     UtInitialize();
 
diff --git a/src/suricata.c b/src/suricata.c
index 2aa633363f..48aadfa770 100644
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -383,9 +383,6 @@ static void GlobalsDestroy(SCInstance *suri)
     FeatureTrackingRelease();
     SCProtoNameRelease();
     TimeDeinit();
-    if (!suri->disabled_detect) {
-        SCReferenceConfDeinit();
-    }
     TmqhCleanup();
     TmModuleRunDeInit();
     ParseSizeDeinit();
@@ -2549,7 +2546,6 @@ void PostConfLoadedDetectSetup(SCInstance *suri)
 {
     DetectEngineCtx *de_ctx = NULL;
     if (!suri->disabled_detect) {
-        SCReferenceConfInit();
         SetupDelayedDetect(suri);
         int mt_enabled = 0;
         (void)ConfGetBool("multi-detect.enabled", &mt_enabled);
diff --git a/src/tests/fuzz/fuzz_siginit.c b/src/tests/fuzz/fuzz_siginit.c
index d37aa5cae6..80514b2d9a 100644
--- a/src/tests/fuzz/fuzz_siginit.c
+++ b/src/tests/fuzz/fuzz_siginit.c
@@ -28,7 +28,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         SpmTableSetup();
         EngineModeSetIDS();
         SigTableSetup();
-        SCReferenceConfInit();
     }
     if (cnt++ == 1024) {
         DetectEngineCtxFree(de_ctx);
diff --git a/src/util-reference-config.c b/src/util-reference-config.c
index a0e25a7520..0a31098252 100644
--- a/src/util-reference-config.c
+++ b/src/util-reference-config.c
@@ -41,9 +41,6 @@
 /* Default path for the reference.conf file */
 #define SC_RCONF_DEFAULT_FILE_PATH CONFIG_DIR "/reference.config"
 
-static pcre2_code *regex = NULL;
-static pcre2_match_data *regex_match = NULL;
-
 /* the hash functions */
 uint32_t SCRConfReferenceHashFunc(HashTable *ht, void *data, uint16_t datalen);
 char SCRConfReferenceHashCompareFunc(void *data1, uint16_t datalen1,
@@ -53,14 +50,15 @@ void SCRConfReferenceHashFree(void *ch);
 /* used to get the reference.config file path */
 static const char *SCRConfGetConfFilename(const DetectEngineCtx *de_ctx);
 
-void SCReferenceConfInit(void)
+void SCReferenceConfInit(DetectEngineCtx *de_ctx)
 {
     int en;
     PCRE2_SIZE eo;
     int opts = 0;
 
-    regex = pcre2_compile((PCRE2_SPTR8)SC_RCONF_REGEX, PCRE2_ZERO_TERMINATED, opts, &en, &eo, NULL);
-    if (regex == NULL) {
+    de_ctx->reference_conf_regex =
+            pcre2_compile((PCRE2_SPTR8)SC_RCONF_REGEX, PCRE2_ZERO_TERMINATED, opts, &en, &eo, NULL);
+    if (de_ctx->reference_conf_regex == NULL) {
         PCRE2_UCHAR errbuffer[256];
         pcre2_get_error_message(en, errbuffer, sizeof(errbuffer));
         SCLogWarning("pcre2 compile of \"%s\" failed at "
@@ -68,20 +66,20 @@ void SCReferenceConfInit(void)
                 SC_RCONF_REGEX, (int)eo, errbuffer);
         return;
     }
-    regex_match = pcre2_match_data_create_from_pattern(regex, NULL);
-
+    de_ctx->reference_conf_regex_match =
+            pcre2_match_data_create_from_pattern(de_ctx->reference_conf_regex, NULL);
     return;
 }
 
-void SCReferenceConfDeinit(void)
+void SCReferenceConfDeinit(DetectEngineCtx *de_ctx)
 {
-    if (regex != NULL) {
-        pcre2_code_free(regex);
-        regex = NULL;
+    if (de_ctx->reference_conf_regex != NULL) {
+        pcre2_code_free(de_ctx->reference_conf_regex);
+        de_ctx->reference_conf_regex = NULL;
     }
-    if (regex_match != NULL) {
-        pcre2_match_data_free(regex_match);
-        regex_match = NULL;
+    if (de_ctx->reference_conf_regex_match != NULL) {
+        pcre2_match_data_free(de_ctx->reference_conf_regex_match);
+        de_ctx->reference_conf_regex_match = NULL;
     }
 }
 
@@ -235,7 +233,8 @@ int SCRConfAddReference(DetectEngineCtx *de_ctx, const char *line)
 
     int ret = 0;
 
-    ret = pcre2_match(regex, (PCRE2_SPTR8)line, strlen(line), 0, 0, regex_match, NULL);
+    ret = pcre2_match(de_ctx->reference_conf_regex, (PCRE2_SPTR8)line, strlen(line), 0, 0,
+            de_ctx->reference_conf_regex_match, NULL);
     if (ret < 0) {
         SCLogError("Invalid Reference Config in "
                    "reference.config file");
@@ -244,7 +243,8 @@ int SCRConfAddReference(DetectEngineCtx *de_ctx, const char *line)
 
     /* retrieve the reference system */
     size_t copylen = sizeof(system);
-    ret = pcre2_substring_copy_bynumber(regex_match, 1, (PCRE2_UCHAR8 *)system, &copylen);
+    ret = pcre2_substring_copy_bynumber(
+            de_ctx->reference_conf_regex_match, 1, (PCRE2_UCHAR8 *)system, &copylen);
     if (ret < 0) {
         SCLogError("pcre2_substring_copy_bynumber() failed");
         goto error;
@@ -252,7 +252,8 @@ int SCRConfAddReference(DetectEngineCtx *de_ctx, const char *line)
 
     /* retrieve the reference url */
     copylen = sizeof(url);
-    ret = pcre2_substring_copy_bynumber(regex_match, 2, (PCRE2_UCHAR8 *)url, &copylen);
+    ret = pcre2_substring_copy_bynumber(
+            de_ctx->reference_conf_regex_match, 2, (PCRE2_UCHAR8 *)url, &copylen);
     if (ret < 0) {
         SCLogError("pcre2_substring_copy_bynumber() failed");
         goto error;
diff --git a/src/util-reference-config.h b/src/util-reference-config.h
index 890b2c883a..5334fd7c42 100644
--- a/src/util-reference-config.h
+++ b/src/util-reference-config.h
@@ -53,7 +53,7 @@ FILE *SCRConfGenerateValidDummyReferenceConfigFD01(void);
 FILE *SCRConfGenerateInvalidDummyReferenceConfigFD02(void);
 FILE *SCRConfGenerateInvalidDummyReferenceConfigFD03(void);
 
-void SCReferenceConfInit(void);
-void SCReferenceConfDeinit(void);
+void SCReferenceConfInit(DetectEngineCtx *de_ctx);
+void SCReferenceConfDeinit(DetectEngineCtx *de_ctx);
 
 #endif /* __UTIL_REFERENCE_CONFIG_H__ */