From: Ron Dempster (rdempste) Date: Wed, 6 Mar 2024 14:58:27 +0000 (+0000) Subject: Pull request #4233: file_api: do not clear the file capture and user file data pointe... X-Git-Tag: 3.1.82.0~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f89950a3e35dfda7bf08364737a2ea8dc875ae0f;p=thirdparty%2Fsnort3.git Pull request #4233: file_api: do not clear the file capture and user file data pointers when updating the verdict from the cache Merge in SNORT/snort3 from ~RDEMPSTE/snort3:file_api to master Squashed commit of the following: commit 791c1a09f14d4cd4ebb4d9094c445a7a44b6c30e Author: Ron Dempster (rdempste) Date: Thu Feb 29 08:16:59 2024 -0500 file_api: do not clear the file capture and user file data pointers when updating the verdict from the cache --- diff --git a/src/file_api/file_cache.cc b/src/file_api/file_cache.cc index ca1e5be16..0256594d3 100644 --- a/src/file_api/file_cache.cc +++ b/src/file_api/file_cache.cc @@ -284,7 +284,7 @@ FileVerdict FileCache::check_verdict(Packet* p, FileInfo* file, verdict = FILE_VERDICT_UNKNOWN; } - if ( file->get_file_sig_sha256() and verdict == FILE_VERDICT_UNKNOWN ) + if ( file->get_file_sig_sha256() and verdict <= FILE_VERDICT_LOG ) { file->user_file_data_mutex.lock(); verdict = policy->signature_lookup(p, file); @@ -510,7 +510,7 @@ FileVerdict FileCache::cached_verdict_lookup(Packet* p, FileInfo* file, "cached_verdict_lookup:Verdict received from cached_verdict_lookup %d\n", verdict); apply_verdict(p, file_found, verdict, true, policy); // Update the current file context from cached context - *file = *(FileInfo*)file_found; + file->copy(*(FileInfo*)file_found, false); } return verdict; diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc index 759a03372..2c2f402ce 100644 --- a/src/file_api/file_lib.cc +++ b/src/file_api/file_lib.cc @@ -109,8 +109,11 @@ FileInfo::~FileInfo () delete[] sha256; } -void FileInfo::copy(const FileInfo& other) +void FileInfo::copy(const FileInfo& other, bool clear_data) { + if (&other == this) + return; + if (other.sha256) { sha256 = new uint8_t[SHA256_HASH_SIZE]; @@ -131,10 +134,13 @@ void FileInfo::copy(const FileInfo& other) file_capture_enabled = other.file_capture_enabled; file_state = other.file_state; pending_expire_time = other.pending_expire_time; - // only one copy of file capture - file_capture = nullptr; - policy_id = 0; - user_file_data = nullptr; + if (clear_data) + { + // only one copy of file capture + file_capture = nullptr; + policy_id = 0; + user_file_data = nullptr; + } } FileInfo::FileInfo(const FileInfo& other) @@ -311,7 +317,7 @@ void FileInfo::set_file_data(UserFileDataBase* fd) user_file_data = fd; } -UserFileDataBase* FileInfo::get_file_data() +UserFileDataBase* FileInfo::get_file_data() const { return user_file_data; } diff --git a/src/file_api/file_lib.h b/src/file_api/file_lib.h index f67b2e2ed..7f7faed17 100644 --- a/src/file_api/file_lib.h +++ b/src/file_api/file_lib.h @@ -82,7 +82,8 @@ public: void set_policy_id(uint32_t id); uint32_t get_policy_id(); void set_file_data(UserFileDataBase* fd); - UserFileDataBase* get_file_data(); + UserFileDataBase* get_file_data() const; + void copy(const FileInfo& other, bool clear_data = true); // Preserve the file in memory until it is released // The file reserved will be returned and it will be detached from file context/session FileCaptureState reserve_file(FileCapture*& dest); @@ -112,9 +113,6 @@ protected: FileState file_state = { FILE_CAPTURE_SUCCESS, FILE_SIG_PROCESSING }; uint32_t policy_id = 0; UserFileDataBase* user_file_data = nullptr; - -private: - void copy(const FileInfo& other); }; class SO_PUBLIC FileContext : public FileInfo