filestore: fix logic flag in continued stateful detection

Backport from 70bc9e2494 from master branch.
14 years ago · 81dbbf72f5
parent 5be687f7b5
commit 81dbbf72f5
4 changed files with 10 additions and 9 deletions
--- a/src/detect-filestore.c
+++ b/src/detect-filestore.c
@ -191,7 +191,7 @@ static int FilestorePostMatchWithOptions(Packet *p, Flow *f, DetectFilestoreData
 *  When we are sure all parts of the signature matched, we run this function
 *  to finalize the filestore.
 */
-int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p) {
+int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s) {
    uint8_t flags = 0;

    SCEnter();
@ -200,7 +200,7 @@ int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack
        SCReturnInt(0);
    }

-    if (det_ctx->filestore_sm == NULL || p->flow == NULL) {
+    if (s->filestore_sm == NULL || p->flow == NULL) {
 #ifndef DEBUG
        SCReturnInt(0);
 #else
@ -218,13 +218,13 @@ int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack
    FileContainer *ffc = AppLayerGetFilesFromFlow(p->flow, flags);

    /* filestore for single files only */
-    if (det_ctx->filestore_sm->ctx == NULL) {
+    if (s->filestore_sm->ctx == NULL) {
        uint16_t u;
        for (u = 0; u < det_ctx->filestore_cnt; u++) {
            FileStoreFileById(ffc, det_ctx->filestore[u].file_id);
        }
    } else {
-        DetectFilestoreData *filestore = det_ctx->filestore_sm->ctx;
+        DetectFilestoreData *filestore = s->filestore_sm->ctx;
        uint16_t u;

        for (u = 0; u < det_ctx->filestore_cnt; u++) {
@ -277,8 +277,6 @@ int DetectFilestoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f
        det_ctx->filestore[det_ctx->filestore_cnt].tx_id);

    det_ctx->filestore_cnt++;
-
-    det_ctx->filestore_sm = m;
    SCReturnInt(1);
 }

@ -400,6 +398,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, char *st
    }

    SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
+    s->filestore_sm = sm;

    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
--- a/src/detect-filestore.h
+++ b/src/detect-filestore.h
@ -41,5 +41,5 @@ typedef struct DetectFilestoreData_ {
 /* prototypes */
 void DetectFilestoreRegister (void);

-int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p);
+int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *);
 #endif /* __DETECT_FILESTORE_H__ */
--- a/src/detect.c
+++ b/src/detect.c
@ -1022,7 +1022,9 @@ static int SigMatchSignaturesRunPostMatch(ThreadVars *tv,

    DetectReplaceExecute(p, det_ctx->replist);
    det_ctx->replist = NULL;
-    DetectFilestorePostMatch(tv, det_ctx,p);
+
+    if (s->flags & SIG_FLAG_FILESTORE)
+        DetectFilestorePostMatch(tv, det_ctx, p, s);

    return 1;
 }
--- a/src/detect.h
+++ b/src/detect.h
@ -449,6 +449,7 @@ typedef struct Signature_ {

    /* used to hold flags that are predominantly used during init */
    uint32_t init_flags;
+    SigMatch *filestore_sm;

    /** ptr to the next sig in the list */
    struct Signature_ *next;
@ -780,7 +781,6 @@ typedef struct DetectionEngineThreadCtx_ {
        uint16_t file_id;
        uint16_t tx_id;
    } filestore[DETECT_FILESTORE_MAX];
-    SigMatch *filestore_sm;

    DetectEngineCtx *de_ctx;
 #ifdef __SC_CUDA_SUPPORT__