diff --git a/src/util-threshold-config.c b/src/util-threshold-config.c index c6685fe43a..b5e56b5b35 100644 --- a/src/util-threshold-config.c +++ b/src/util-threshold-config.c @@ -306,6 +306,25 @@ static int SetupSuppressRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid, BUG_ON(parsed_type != TYPE_SUPPRESS); + DetectThresholdData *orig_de = NULL; + if (parsed_track != TRACK_RULE) { + orig_de = SCCalloc(1, sizeof(DetectThresholdData)); + if (unlikely(orig_de == NULL)) + goto error; + + orig_de->type = TYPE_SUPPRESS; + orig_de->track = parsed_track; + orig_de->count = parsed_count; + orig_de->seconds = parsed_seconds; + orig_de->new_action = parsed_new_action; + orig_de->timeout = parsed_timeout; + if (DetectAddressParse((const DetectEngineCtx *)de_ctx, &orig_de->addrs, (char *)th_ip) < + 0) { + SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "failed to parse %s", th_ip); + goto error; + } + } + /* Install it */ if (id == 0 && gid == 0) { if (parsed_track == TRACK_RULE) { @@ -320,24 +339,9 @@ static int SetupSuppressRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid, continue; } - de = SCMalloc(sizeof(DetectThresholdData)); + de = DetectThresholdDataCopy(orig_de); if (unlikely(de == NULL)) goto error; - memset(de,0,sizeof(DetectThresholdData)); - - de->type = TYPE_SUPPRESS; - de->track = parsed_track; - de->count = parsed_count; - de->seconds = parsed_seconds; - de->new_action = parsed_new_action; - de->timeout = parsed_timeout; - - if (parsed_track != TRACK_RULE) { - if (DetectAddressParse((const DetectEngineCtx *)de_ctx, &de->addrs, (char *)th_ip) < 0) { - SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "failed to parse %s", th_ip); - goto error; - } - } sm = SigMatchAlloc(); if (sm == NULL) { @@ -364,26 +368,10 @@ static int SetupSuppressRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid, continue; } - de = SCMalloc(sizeof(DetectThresholdData)); + de = DetectThresholdDataCopy(orig_de); if (unlikely(de == NULL)) goto error; - memset(de,0,sizeof(DetectThresholdData)); - - de->type = TYPE_SUPPRESS; - de->track = parsed_track; - de->count = parsed_count; - de->seconds = parsed_seconds; - de->new_action = parsed_new_action; - de->timeout = parsed_timeout; - - if (parsed_track != TRACK_RULE) { - if (DetectAddressParse((const DetectEngineCtx *)de_ctx, &de->addrs, (char *)th_ip) < 0) { - SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "failed to parse %s", th_ip); - goto error; - } - } - sm = SigMatchAlloc(); if (sm == NULL) { SCLogError(SC_ERR_MEM_ALLOC, "Error allocating SigMatch"); @@ -411,22 +399,9 @@ static int SetupSuppressRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid, goto end; } - de = SCMalloc(sizeof(DetectThresholdData)); + de = DetectThresholdDataCopy(orig_de); if (unlikely(de == NULL)) goto error; - memset(de,0,sizeof(DetectThresholdData)); - - de->type = TYPE_SUPPRESS; - de->track = parsed_track; - de->count = parsed_count; - de->seconds = parsed_seconds; - de->new_action = parsed_new_action; - de->timeout = parsed_timeout; - - if (DetectAddressParse((const DetectEngineCtx *)de_ctx, &de->addrs, (char *)th_ip) < 0) { - SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "failed to parse %s", th_ip); - goto error; - } sm = SigMatchAlloc(); if (sm == NULL) { @@ -442,8 +417,16 @@ static int SetupSuppressRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid, } end: + if (orig_de != NULL) { + DetectAddressHeadCleanup(&orig_de->addrs); + SCFree(orig_de); + } return 0; error: + if (orig_de != NULL) { + DetectAddressHeadCleanup(&orig_de->addrs); + SCFree(orig_de); + } if (de != NULL) { DetectAddressHeadCleanup(&de->addrs); SCFree(de);