Bug #801
closed
deadlock in flowvar capture code
Added by Victor Julien about 11 years ago.
Updated about 11 years ago.
Description
Flowvars can be captured using pcre statements, from any buffer pcre can inspect. Problem is that the pcre match code is called both with locked and unlocked flows. Locked in case of inspection of http buffers, unlocked in case of packets and stream chunks. The flowvar storage code tries to lock the flow as well, so in the case of http buffers, we deadlock.
This affects only rules that have a construct like:
pcre:"/(?P<flow_uri>.*)/Ui";
This captures the entire uri into a flowvar called "uri".
As no public ruleset uses this impact is low.
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Fixed by:
commit dbe0c0eb77f400be68e24a477153c7ebf507db26
Author: Victor Julien <victor@inliniac.net>
Date: Wed Apr 17 11:58:00 2013 +0200
flowvar: clean up properly on signature clean up.
commit e3593ea6db6a9622362e88a75a3d63eb3d5c8aba
Author: Victor Julien <victor@inliniac.net>
Date: Wed Apr 17 11:05:08 2013 +0200
flowvar: add unittests for #801.
commit cfd017f3c1df82a34885b595ab54be0c00e24405
Author: Victor Julien <victor@inliniac.net>
Date: Tue Apr 16 21:47:42 2013 +0200
flowvar: fix deadlock with http buffers
Bug #801
Flowvars are set from pcre, and lock the flow when being set. However
when HTTP buffers were inspected, flow was already locked: deadlock.
This patch introduces a post-match list in the detection engine thread
ctx, where store candidates are kept. Then a post-match function is used
to finalize the storing if the rule matches.
Solves the deadlock and brings the handling of flowvars more in line
with flowbits and flowints.
commit dfac447969a983d880a2f0e67d7277551e520002
Author: Victor Julien <victor@inliniac.net>
Date: Tue Apr 16 14:53:23 2013 +0200
flowvars: update funcs to accept u16 id
All id's are u16, but flowvar functions would only accept u8.
Minor cleanups.
-----------------------------------------------------------------------
Summary of changes:
src/detect-flowvar.c | 143 ++++++++++++++++++-
src/detect-flowvar.h | 4 +
src/detect-pcre.c | 391 +++++++++++++++++++++++++++++++++++++++++++++++++-
src/detect.c | 1 +
src/detect.h | 13 ++
src/flow-var.c | 30 ++---
src/flow-var.h | 23 ++--
7 files changed, 573 insertions(+), 32 deletions(-)
Also available in: Atom
PDF