filestore: fix logic flag in continued stateful detection

src/detect-filestore.c

@@ -196,7 +196,7 @@ static int FilestorePostMatchWithOptions(Packet *p, Flow *f, DetectFilestoreData
  *  When we are sure all parts of the signature matched, we run this function
  *  to finalize the filestore.
  */
-int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p) {
+int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s) {
     uint8_t flags = 0;
 
     SCEnter();
@@ -205,7 +205,7 @@ int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack
         SCReturnInt(0);
     }
 
-    if (det_ctx->filestore_sm == NULL || p->flow == NULL) {
+    if (s->filestore_sm == NULL || p->flow == NULL) {
 #ifndef DEBUG
         SCReturnInt(0);
 #else
@@ -223,13 +223,13 @@ int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack
     FileContainer *ffc = AppLayerGetFilesFromFlow(p->flow, flags);
 
     /* filestore for single files only */
-    if (det_ctx->filestore_sm->ctx == NULL) {
+    if (s->filestore_sm->ctx == NULL) {
         uint16_t u;
         for (u = 0; u < det_ctx->filestore_cnt; u++) {
             FileStoreFileById(ffc, det_ctx->filestore[u].file_id);
         }
     } else {
-        DetectFilestoreData *filestore = det_ctx->filestore_sm->ctx;
+        DetectFilestoreData *filestore = s->filestore_sm->ctx;
         uint16_t u;
 
         for (u = 0; u < det_ctx->filestore_cnt; u++) {
@@ -284,8 +284,6 @@ static int DetectFilestoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
         det_ctx->filestore[det_ctx->filestore_cnt].tx_id);
 
     det_ctx->filestore_cnt++;
-
-    det_ctx->filestore_sm = m;
     SCReturnInt(1);
 }
 
@@ -407,6 +405,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, char *st
     }
 
     SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
+    s->filestore_sm = sm;
 
     if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
         SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");

src/detect-filestore.h

@@ -41,5 +41,5 @@ typedef struct DetectFilestoreData_ {
 /* prototypes */
 void DetectFilestoreRegister (void);
 
-int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p);
+int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *);
 #endif /* __DETECT_FILESTORE_H__ */

src/detect.c

@@ -771,7 +771,7 @@ static int SigMatchSignaturesRunPostMatch(ThreadVars *tv,
     det_ctx->replist = NULL;
 
     if (s->flags & SIG_FLAG_FILESTORE)
-        DetectFilestorePostMatch(tv, det_ctx, p);
+        DetectFilestorePostMatch(tv, det_ctx, p, s);
 
     return 1;
 }
@@ -1596,7 +1596,6 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
 next:
         DetectReplaceFree(det_ctx->replist);
         det_ctx->replist = NULL;
-        det_ctx->filestore_sm = NULL;
         RULE_PROFILING_END(det_ctx, s, smatch);
 
         det_ctx->flags = 0;

src/detect.h

@@ -446,6 +446,7 @@ typedef struct Signature_ {
     uint16_t sm_cnt;
 
     SigMatch *dsize_sm;
+    SigMatch *filestore_sm;
     /* the fast pattern added from this signature */
     SigMatch *mpm_sm;
     /* helper for init phase */
@@ -810,7 +811,6 @@ typedef struct DetectionEngineThreadCtx_ {
         uint16_t file_id;
         uint16_t tx_id;
     } filestore[DETECT_FILESTORE_MAX];
-    SigMatch *filestore_sm;
 
     DetectEngineCtx *de_ctx;
 #ifdef __SC_CUDA_SUPPORT__