From: Jason Ish <ish@unx.ca>
Date: Thu, 15 Jan 2015 20:43:45 +0000 (-0600)
Subject: Don't attempt to load the rule files if the rule-files configuration
X-Git-Tag: suricata-2.1beta4~170
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6ed246c041b9d08e0616401d011cea4d28378763;p=thirdparty%2Fsuricata.git

Don't attempt to load the rule files if the rule-files configuration
node is not a sequence.  Instead log a warning as this is usually
a configuration error.
---

diff --git a/src/conf.c b/src/conf.c
index 50a9d13ec7..bc8e145880 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -1414,18 +1414,26 @@ end:
 int
 ConfNodeIsSequenceTest(void)
 {
+    int retval = 0;
     ConfNode *node = ConfNodeNew();
     if (node == NULL) {
-        return 0;
+        goto end;
     }
     if (ConfNodeIsSequence(node)) {
-        return 0;
+        goto end;
     }
     node->is_seq = 1;
     if (!ConfNodeIsSequence(node)) {
-        return 0;
+        goto end;
     }
-    return 1;
+
+    retval = 1;
+
+end:
+    if (node != NULL) {
+        ConfNodeFree(node);
+    }
+    return retval;
 }
 
 void
diff --git a/src/detect.c b/src/detect.c
index afb6b6d0f8..a3f7d3406f 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -405,22 +405,30 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl
     if (!(sig_file != NULL && sig_file_exclusive == TRUE)) {
         rule_files = ConfGetNode("rule-files");
         if (rule_files != NULL) {
-            TAILQ_FOREACH(file, &rule_files->head, next) {
-                sfile = DetectLoadCompleteSigPath(file->val);
-                SCLogDebug("Loading rule file: %s", sfile);
-
-                cntf++;
-                r = DetectLoadSigFile(de_ctx, sfile, &goodsigs, &badsigs);
-                if (r < 0) {
-                    badfiles++;
-                }
-                if (goodsigs == 0) {
-                    SCLogWarning(SC_ERR_NO_RULES, "No rules loaded from %s", sfile);
-                }
-                SCFree(sfile);
+            if (!ConfNodeIsSequence(rule_files)) {
+                SCLogWarning(SC_ERR_INVALID_ARGUMENT,
+                    "Invalid rule-files configuration section: "
+                    "expected a list of filenames.");
+            }
+            else {
+                TAILQ_FOREACH(file, &rule_files->head, next) {
+                    sfile = DetectLoadCompleteSigPath(file->val);
+                    SCLogDebug("Loading rule file: %s", sfile);
+
+                    cntf++;
+                    r = DetectLoadSigFile(de_ctx, sfile, &goodsigs, &badsigs);
+                    if (r < 0) {
+                        badfiles++;
+                    }
+                    if (goodsigs == 0) {
+                        SCLogWarning(SC_ERR_NO_RULES,
+                            "No rules loaded from %s", sfile);
+                    }
+                    SCFree(sfile);
 
-                goodtotal += goodsigs;
-                badtotal += badsigs;
+                    goodtotal += goodsigs;
+                    badtotal += badsigs;
+                }
             }
         }
     }