Bug #3802: Rule filename mutation when reading file hash files from a directory other than the default-rule-directory - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #3802

closed

Rule filename mutation when reading file hash files from a directory other than the default-rule-directory

Added by Jason Ish almost 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Jason Ish

Target version:

6.0.0beta1

Affected Versions:

4.1.8, 5.0.3

Effort:

Difficulty:

Label:

Needs backport to 4.1, Needs backport to 5.0

Description

When a filename for a file hash refers to a file that is relative to the rule file, and is not in the default-rule-directory, the dirname(3) call is used to determine the directory name. This function will mutate the value passed to it, usually chopping off the last component in the path. So subsequent calls get a different value and Suricata will mostly likely fail to load the file hash file.

The fix is to first copy the rule filename and operate on that.

Fixed in master:
https://github.com/OISF/suricata/pull/5107

Related issues 2 (0 open — 2 closed)

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #3802

Rule filename mutation when reading file hash files from a directory other than the default-rule-directory

Updated by Jeff Lucovsky almost 4 years ago

Updated by Jeff Lucovsky almost 4 years ago