From 81dbbf72f5c3385f0750999ea3138ad10b2fcfe1 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Wed, 31 Oct 2012 15:51:41 +0100 Subject: [PATCH] filestore: fix logic flag in continued stateful detection Backport from 70bc9e2494f287312a2ecc137e6ae1b98ba2a510 from master branch. --- src/detect-filestore.c | 11 +++++------ src/detect-filestore.h | 2 +- src/detect.c | 4 +++- src/detect.h | 2 +- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/src/detect-filestore.c b/src/detect-filestore.c index be811e6434..289c7ba2ed 100644 --- a/src/detect-filestore.c +++ b/src/detect-filestore.c @@ -191,7 +191,7 @@ static int FilestorePostMatchWithOptions(Packet *p, Flow *f, DetectFilestoreData * When we are sure all parts of the signature matched, we run this function * to finalize the filestore. */ -int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p) { +int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s) { uint8_t flags = 0; SCEnter(); @@ -200,7 +200,7 @@ int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack SCReturnInt(0); } - if (det_ctx->filestore_sm == NULL || p->flow == NULL) { + if (s->filestore_sm == NULL || p->flow == NULL) { #ifndef DEBUG SCReturnInt(0); #else @@ -218,13 +218,13 @@ int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack FileContainer *ffc = AppLayerGetFilesFromFlow(p->flow, flags); /* filestore for single files only */ - if (det_ctx->filestore_sm->ctx == NULL) { + if (s->filestore_sm->ctx == NULL) { uint16_t u; for (u = 0; u < det_ctx->filestore_cnt; u++) { FileStoreFileById(ffc, det_ctx->filestore[u].file_id); } } else { - DetectFilestoreData *filestore = det_ctx->filestore_sm->ctx; + DetectFilestoreData *filestore = s->filestore_sm->ctx; uint16_t u; for (u = 0; u < det_ctx->filestore_cnt; u++) { @@ -277,8 +277,6 @@ int DetectFilestoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f det_ctx->filestore[det_ctx->filestore_cnt].tx_id); det_ctx->filestore_cnt++; - - det_ctx->filestore_sm = m; SCReturnInt(1); } @@ -400,6 +398,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, char *st } SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); + s->filestore_sm = sm; if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); diff --git a/src/detect-filestore.h b/src/detect-filestore.h index cd3f014400..1879b87532 100644 --- a/src/detect-filestore.h +++ b/src/detect-filestore.h @@ -41,5 +41,5 @@ typedef struct DetectFilestoreData_ { /* prototypes */ void DetectFilestoreRegister (void); -int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p); +int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *); #endif /* __DETECT_FILESTORE_H__ */ diff --git a/src/detect.c b/src/detect.c index 6a733d056b..74e997c612 100644 --- a/src/detect.c +++ b/src/detect.c @@ -1022,7 +1022,9 @@ static int SigMatchSignaturesRunPostMatch(ThreadVars *tv, DetectReplaceExecute(p, det_ctx->replist); det_ctx->replist = NULL; - DetectFilestorePostMatch(tv, det_ctx,p); + + if (s->flags & SIG_FLAG_FILESTORE) + DetectFilestorePostMatch(tv, det_ctx, p, s); return 1; } diff --git a/src/detect.h b/src/detect.h index 2b0041aafe..a40e902f07 100644 --- a/src/detect.h +++ b/src/detect.h @@ -449,6 +449,7 @@ typedef struct Signature_ { /* used to hold flags that are predominantly used during init */ uint32_t init_flags; + SigMatch *filestore_sm; /** ptr to the next sig in the list */ struct Signature_ *next; @@ -780,7 +781,6 @@ typedef struct DetectionEngineThreadCtx_ { uint16_t file_id; uint16_t tx_id; } filestore[DETECT_FILESTORE_MAX]; - SigMatch *filestore_sm; DetectEngineCtx *de_ctx; #ifdef __SC_CUDA_SUPPORT__