Don't attempt to load the rule files if the rule-files configuration

author Jason Ish <ish@unx.ca>

Thu, 15 Jan 2015 20:43:45 +0000 (14:43 -0600)

committer Victor Julien <victor@inliniac.net>

Wed, 11 Mar 2015 14:44:09 +0000 (15:44 +0100)
author Jason Ish <ish@unx.ca>
Thu, 15 Jan 2015 20:43:45 +0000 (14:43 -0600)
committer Victor Julien <victor@inliniac.net>
Wed, 11 Mar 2015 14:44:09 +0000 (15:44 +0100)
diff --git a/src/conf.c b/src/conf.c

index 50a9d13ec74e3fcabc9021ffe562f873b70bb090..bc8e145880cbde8efaa8c8665800b13fc8f3d858 100644 (file)
--- a/src/conf.c
+++ b/src/conf.c
@@ -1414,18 +1414,26 @@ end:
  int
  ConfNodeIsSequenceTest(void)
  {
+    int retval = 0;
      ConfNode *node = ConfNodeNew();
      if (node == NULL) {
-        return 0;
+        goto end;
      }
      if (ConfNodeIsSequence(node)) {
-        return 0;
+        goto end;
      }
      node->is_seq = 1;
      if (!ConfNodeIsSequence(node)) {
-        return 0;
+        goto end;
      }
-    return 1;
+
+    retval = 1;
+
+end:
+    if (node != NULL) {
+        ConfNodeFree(node);
+    }
+    return retval;
  }
  
  void
diff --git a/src/detect.c b/src/detect.c

index afb6b6d0f8e82668971c6c0a11fb9be4139972cd..a3f7d3406f0c5767e8e7eaee8e006b14bf2a334b 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -405,22 +405,30 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl
      if (!(sig_file != NULL && sig_file_exclusive == TRUE)) {
          rule_files = ConfGetNode("rule-files");
          if (rule_files != NULL) {
-            TAILQ_FOREACH(file, &rule_files->head, next) {
-                sfile = DetectLoadCompleteSigPath(file->val);
-                SCLogDebug("Loading rule file: %s", sfile);
-
-                cntf++;
-                r = DetectLoadSigFile(de_ctx, sfile, &goodsigs, &badsigs);
-                if (r < 0) {
-                    badfiles++;
-                }
-                if (goodsigs == 0) {
-                    SCLogWarning(SC_ERR_NO_RULES, "No rules loaded from %s", sfile);
-                }
-                SCFree(sfile);
+            if (!ConfNodeIsSequence(rule_files)) {
+                SCLogWarning(SC_ERR_INVALID_ARGUMENT,
+                    "Invalid rule-files configuration section: "
+                    "expected a list of filenames.");
+            }
+            else {
+                TAILQ_FOREACH(file, &rule_files->head, next) {
+                    sfile = DetectLoadCompleteSigPath(file->val);
+                    SCLogDebug("Loading rule file: %s", sfile);
+
+                    cntf++;
+                    r = DetectLoadSigFile(de_ctx, sfile, &goodsigs, &badsigs);
+                    if (r < 0) {
+                        badfiles++;
+                    }
+                    if (goodsigs == 0) {
+                        SCLogWarning(SC_ERR_NO_RULES,
+                            "No rules loaded from %s", sfile);
+                    }
+                    SCFree(sfile);
  
-                goodtotal += goodsigs;
-                badtotal += badsigs;
+                    goodtotal += goodsigs;
+                    badtotal += badsigs;
+                }
              }
          }
      }
author	Jason Ish <ish@unx.ca>
	Thu, 15 Jan 2015 20:43:45 +0000 (14:43 -0600)
committer	Victor Julien <victor@inliniac.net>
	Wed, 11 Mar 2015 14:44:09 +0000 (15:44 +0100)
src/conf.c		patch \| blob \| blame \| history
src/detect.c		patch \| blob \| blame \| history