From: Tom Peters (thopeter) <thopeter@cisco.com>
Date: Tue, 6 Nov 2018 21:59:50 +0000 (-0500)
Subject: Merge pull request #1409 in SNORT/snort3 from reload_fname to master
X-Git-Tag: 3.0.0-249~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ead809bf99ebd74b32f865551be0b4854b0544f2;p=thirdparty%2Fsnort3.git

Merge pull request #1409 in SNORT/snort3 from reload_fname to master

Squashed commit of the following:

commit a105a63d69690ef36649c21b977a1dab62f14774
Author: mdagon <mdagon@cisco.com>
Date:   Wed Aug 29 18:07:04 2018 -0400

    parser: bad filename during reload is not a fatal error
---

diff --git a/src/main/shell.cc b/src/main/shell.cc
index 90176b50d..206e5a484 100644
--- a/src/main/shell.cc
+++ b/src/main/shell.cc
@@ -72,13 +72,19 @@ static int get_line_number(lua_State* L)
 
 #endif
 
-static void load_config(lua_State* L, const char* file, const char* tweaks)
+static bool load_config(lua_State* L, const char* file, const char* tweaks, bool is_fatal)
 {
     Lua::ManageStack ms(L);
-
     if ( luaL_loadfile(L, file) )
-        FatalError("can't load %s: %s\n", file, lua_tostring(L, -1));
-
+    {
+        if (is_fatal)
+            FatalError("can't load %s: %s\n", file, lua_tostring(L, -1));
+        else
+        {
+            ParseError("can't load %s: %s\n", file, lua_tostring(L, -1));
+            return false;
+        }
+    }
     if ( tweaks and *tweaks )
     {
         lua_pushstring(L, tweaks);
@@ -87,6 +93,8 @@ static void load_config(lua_State* L, const char* file, const char* tweaks)
 
     if ( lua_pcall(L, 0, 0, 0) )
         FatalError("can't init %s: %s\n", file, lua_tostring(L, -1));
+
+    return true;
 }
 
 static void load_overrides(lua_State* L, string& s)
@@ -122,16 +130,19 @@ static void run_config(lua_State* L, const char* t)
     }
 }
 
-static void config_lua(
-    lua_State* L, const char* file, string& s, const char* tweaks)
+static bool config_lua(
+    lua_State* L, const char* file, string& s, const char* tweaks, bool is_fatal)
 {
     if ( file && *file )
-        load_config(L, file, tweaks);
+        if (!load_config(L, file, tweaks, is_fatal))
+            return false;
 
     if ( !s.empty() )
         load_overrides(L, s);
 
     run_config(L, "_G");
+
+    return true;
 }
 
 //-------------------------------------------------------------------------
@@ -189,7 +200,7 @@ void Shell::set_overrides(Shell* sh)
     overrides += sh->overrides;
 }
 
-void Shell::configure(SnortConfig* sc)
+bool Shell::configure(SnortConfig* sc, bool is_fatal)
 {
     assert(file.size());
     ModuleManager::set_config(sc);
@@ -207,13 +218,15 @@ void Shell::configure(SnortConfig* sc)
     }
 
     const char* base_name = push_relative_path(file.c_str());
-    config_lua(lua, base_name, overrides, sc->tweaks.c_str());
+    if(! config_lua(lua, base_name, overrides, sc->tweaks.c_str(), is_fatal))
+        return false;
 
     set_default_policy(sc);
     ModuleManager::set_config(nullptr);
     loaded = true;
 
     pop_relative_path();
+    return true;
 }
 
 void Shell::install(const char* name, const luaL_Reg* reg)
diff --git a/src/main/shell.h b/src/main/shell.h
index a8eb5d968..f64f18cdc 100644
--- a/src/main/shell.h
+++ b/src/main/shell.h
@@ -41,7 +41,7 @@ public:
     void set_overrides(const char*);
     void set_overrides(Shell*);
 
-    void configure(snort::SnortConfig*);
+    bool configure(snort::SnortConfig*, bool is_fatal = true);
     void install(const char*, const struct luaL_Reg*);
     void execute(const char*, std::string&);
 
diff --git a/src/main/snort.cc b/src/main/snort.cc
index e3c201ec9..7f643aebc 100644
--- a/src/main/snort.cc
+++ b/src/main/snort.cc
@@ -291,7 +291,8 @@ void Snort::init(int argc, char** argv)
     if ( !Piglet::piglet_mode() )
 #endif
     if ( !SnortConfig::get_conf()->output.empty() )
-        EventManager::instantiate(SnortConfig::get_conf()->output.c_str(), SnortConfig::get_conf());
+        EventManager::instantiate(SnortConfig::get_conf()->output.c_str(),
+            SnortConfig::get_conf());
 
     if (SnortConfig::alert_before_pass())
     {
@@ -332,8 +333,10 @@ void Snort::init(int argc, char** argv)
     Trough::setup();
 
     // FIXIT-L refactor stuff done here and in snort_config.cc::VerifyReload()
-    if ( SnortConfig::get_conf()->bpf_filter.empty() && !SnortConfig::get_conf()->bpf_file.empty() )
-        SnortConfig::get_conf()->bpf_filter = read_infile("bpf_file", SnortConfig::get_conf()->bpf_file.c_str());
+    if ( SnortConfig::get_conf()->bpf_filter.empty() &&
+        !SnortConfig::get_conf()->bpf_file.empty() )
+        SnortConfig::get_conf()->bpf_filter = read_infile("bpf_file",
+            SnortConfig::get_conf()->bpf_file.c_str());
 
     if ( !SnortConfig::get_conf()->bpf_filter.empty() )
         LogMessage("Snort BPF option: %s\n", SnortConfig::get_conf()->bpf_filter.c_str());
@@ -558,10 +561,10 @@ SnortConfig* Snort::get_reload_config(const char* fname)
     trim_heap();
 
     parser_init();
-    SnortConfig* sc = ParseSnortConf(snort_cmd_line_conf, fname);
+    SnortConfig* sc = ParseSnortConf(snort_cmd_line_conf, fname, false);
     sc->merge(snort_cmd_line_conf);
 
-    if ( ModuleManager::get_errors() || !sc->verify() )
+    if ( get_parse_errors() || ModuleManager::get_errors() || !sc->verify() )
     {
         parser_term(sc);
         delete sc;
diff --git a/src/parser/parser.cc b/src/parser/parser.cc
index 8f235962d..a11b8d532 100644
--- a/src/parser/parser.cc
+++ b/src/parser/parser.cc
@@ -249,10 +249,9 @@ static void DefineIfaceVar(SnortConfig* sc, char* iname, const uint8_t* network,
 // Find all up interfaces and define iface_ADDRESS vars for them
 static void DefineAllIfaceVars(SnortConfig* sc)
 {
-
     // FIXIT-L don't come back here on reload unless we are going to find
     // new ifaces.  Cache retrieved devs so if user is running with dropped
-    // privs and does a reload, we can use previous values 
+    // privs and does a reload, we can use previous values
     static int num_vars = 0;
 
     // should be more than enough to cover the number of interfaces on a machine
@@ -348,16 +347,17 @@ static void printRuleListOrder(RuleListNode* node)
     LogMessage("%s\n", buf);
 }
 
-static void parse_file(SnortConfig* sc, Shell* sh)
+static bool parse_file(SnortConfig* sc, Shell* sh, bool is_fatal)
 {
     const char* fname = sh->get_file();
 
     if ( !fname || !*fname )
-        return;
+        return false;
 
     push_parse_location(fname, 0);
-    sh->configure(sc);
+    bool success = sh->configure(sc, is_fatal);
     pop_parse_location();
+    return success;
 }
 
 //-------------------------------------------------------------------------
@@ -382,7 +382,7 @@ void parser_term(SnortConfig* sc)
     sc->free_rule_state_list();
 }
 
-SnortConfig* ParseSnortConf(const SnortConfig* boot_conf, const char* fname)
+SnortConfig* ParseSnortConf(const SnortConfig* boot_conf, const char* fname, bool is_fatal)
 {
     SnortConfig* sc = new SnortConfig(SnortConfig::get_conf()->proto_ref);
 
@@ -440,8 +440,11 @@ SnortConfig* ParseSnortConf(const SnortConfig* boot_conf, const char* fname)
             break;
 
         set_policies(sc, sh);
-        parse_file(sc, sh);
+
+        if (!parse_file(sc, sh, is_fatal))
+            return sc;
     }
+
     set_default_policy(sc);
     return sc;
 }
@@ -737,7 +740,7 @@ RuleTreeNode* deleteRtnFromOtn(OptTreeNode* otn, PolicyId policyId, SnortConfig*
 
         if ( remove && rtn )
         {
-            RuleTreeNodeKey key{ rtn, policyId };
+            RuleTreeNodeKey key { rtn, policyId };
             if ( sc && sc->rtn_hash_table )
                 xhash_remove(sc->rtn_hash_table, &key);
         }
@@ -753,7 +756,7 @@ RuleTreeNode* deleteRtnFromOtn(OptTreeNode* otn, SnortConfig* sc)
     return deleteRtnFromOtn(otn, get_ips_policy()->policy_id, sc);
 }
 
-static uint32_t rtn_hash_func(HashFnc*, const unsigned char *k, int)
+static uint32_t rtn_hash_func(HashFnc*, const unsigned char* k, int)
 {
     uint32_t a,b,c;
     const RuleTreeNodeKey* rtnk = (const RuleTreeNodeKey*)k;
@@ -774,7 +777,7 @@ static uint32_t rtn_hash_func(HashFnc*, const unsigned char *k, int)
     return c;
 }
 
-static int rtn_compare_func(const void *k1, const void *k2, size_t)
+static int rtn_compare_func(const void* k1, const void* k2, size_t)
 {
     const RuleTreeNodeKey* rtnk1 = (const RuleTreeNodeKey*)k1;
     const RuleTreeNodeKey* rtnk2 = (const RuleTreeNodeKey*)k2;
@@ -787,7 +790,7 @@ static int rtn_compare_func(const void *k1, const void *k2, size_t)
 
     if (same_headers(rtnk1->rtn, rtnk2->rtn))
         return 0;
-    
+
     return 1;
 }
 
@@ -854,7 +857,7 @@ int addRtnToOtn(SnortConfig* sc, OptTreeNode* otn, RuleTreeNode* rtn, PolicyId p
     return 0; //success
 }
 
-int addRtnToOtn(SnortConfig*sc, OptTreeNode* otn, RuleTreeNode* rtn)
+int addRtnToOtn(SnortConfig* sc, OptTreeNode* otn, RuleTreeNode* rtn)
 {
     return addRtnToOtn(sc, otn, rtn, get_ips_policy()->policy_id);
 }
diff --git a/src/parser/parser.h b/src/parser/parser.h
index a6411b573..bbb2dba42 100644
--- a/src/parser/parser.h
+++ b/src/parser/parser.h
@@ -41,7 +41,8 @@ void push_parse_location(const char* name, unsigned line = 1);
 void pop_parse_location();
 void inc_parse_position();
 
-snort::SnortConfig* ParseSnortConf(const snort::SnortConfig*, const char* fname = nullptr);
+snort::SnortConfig* ParseSnortConf(const snort::SnortConfig*, const char* fname = nullptr,
+    bool is_fatal = true);
 void ParseRules(snort::SnortConfig*);
 
 void OrderRuleLists(snort::SnortConfig*, const char*);