It violates thread safety. #601.
Suricata assures thread safety on the flow level for HTTP tracking. Part of the flow is (in case of HTTP) libhtp's htp_connp_t state. At startup the libhtp glue layer, app-layer-htp initializes as many htp_cfg_t instances as there are libhtp server configurations in the yaml. At HTTP session start, we look up the proper htp_cfg_t based on the server ip and pass it to htp_connp_create. A ptr to the relevant htp_cfg_t is part of the htp_connp_t. The htp_cfg_t contains "hooks". The are registered based on yaml config at init time.
The hooks have lists of type list_t. The list is run with a built in iterator. The iterator is reset at the start of each "hook_run_all". Since multiple flows share the same htp_cfg_t flow A can reset the iterator while flow B is using it. The flow lock has no effect as flows share the htp_cfg_t.
This has been observed in real traffic. hook_response_body_data was run on the same data multiple times, leading to corrupt extracted files.
Patches applied are:
commit 85f5bbc39dda2eaf03ccb6111cbf5daf1c7b75f9
Author: Craig Forbes <cforbes@qualys.com>
Date: Wed Mar 21 16:45:04 2012 +0000
Backport of STREAM_STATE_TUNNEL fix to 0.2.x.
Return STREAM_STATE_TUNNEL after entering a tunnel.
commit cfbe28cd4ddde6d77c5b0d5935c8717834971441
Author: Craig Forbes <cforbes@qualys.com>
Date: Wed Feb 29 16:52:44 2012 +0000
Backport of the fix for HTP_AMBIGUOUS_HOST flag.
The flag is only set when the URI host on the request line is different
than the value in the Host: request header.
Resolves https://github.com/ironbee/libhtp/issues/20
commit 196dfb1c8b7a5996389c719e2c912163c5607916
Author: Brian Rectanus <brectanus@qualys.com>
Date: Wed Feb 8 08:35:46 2012 -0600
Add missing function declaration in header.
commit 7878fec818167fcdf7c8c4852ac0dafa1ae445f1
Author: Brian Rectanus <brectanus@qualys.com>
Date: Wed Feb 8 08:35:07 2012 -0600
Revert part of previous patch, which was invalid.
commit bafef3d4cbfc307960677c6bd682ae195fe986cd
Author: Brian Rectanus <brectanus@qualys.com>
Date: Wed Feb 8 08:36:06 2012 -0600
Update version to next dev release.
commit 62cfdb41ba84f2666c7526e2e5d9e10ab8e220f1
Author: William Metcalf <wmetcalf@qualys.com>
Date: Wed Feb 1 13:19:48 2012 -0600
Many thanks to Will, Brian and Craig.
Eric Leblond
Victor Julien
pi-rho
Anoop Saldanha
Gerardo Iglesias Galvan
William Metcalf