diff --git a/src/output-json-alert.c b/src/output-json-alert.c index bd8f93e9a6..a54d66a2b0 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -35,6 +35,7 @@ #include "threadvars.h" #include "util-debug.h" +#include "util-misc.h" #include "util-unittest.h" #include "util-unittest-helper.h" @@ -83,6 +84,7 @@ typedef struct AlertJsonOutputCtx_ { LogFileCtx* file_ctx; uint8_t flags; + uint32_t payload_buffer_size; HttpXFFCfg *xff_cfg; } AlertJsonOutputCtx; @@ -285,7 +287,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) (void *)payload); if (json_output_ctx->flags & LOG_JSON_PAYLOAD_BASE64) { - unsigned long len = JSON_STREAM_BUFFER_SIZE * 2; + unsigned long len = json_output_ctx->payload_buffer_size * 2; uint8_t encoded[len]; Base64Encode(payload->buffer, payload->offset, encoded, &len); json_object_set_new(js, "payload", json_string((char *)encoded)); @@ -479,17 +481,17 @@ static TmEcode JsonAlertLogThreadInit(ThreadVars *t, void *initdata, void **data return TM_ECODE_FAILED; } - aft->payload_buffer = MemBufferCreateNew(JSON_STREAM_BUFFER_SIZE); - if (aft->payload_buffer == NULL) { - SCFree(aft); - return TM_ECODE_FAILED; - } - /** Use the Output Context (file pointer and mutex) */ AlertJsonOutputCtx *json_output_ctx = ((OutputCtx *)initdata)->data; aft->file_ctx = json_output_ctx->file_ctx; aft->json_output_ctx = json_output_ctx; + aft->payload_buffer = MemBufferCreateNew(json_output_ctx->payload_buffer_size); + if (aft->payload_buffer == NULL) { + SCFree(aft); + return TM_ECODE_FAILED; + } + *data = (void *)aft; return TM_ECODE_OK; } @@ -556,8 +558,11 @@ static void XffSetup(AlertJsonOutputCtx *json_output_ctx, ConfNode *conf) json_output_ctx->xff_cfg = xff_cfg; + uint32_t payload_buffer_size = JSON_STREAM_BUFFER_SIZE; + if (conf != NULL) { const char *payload = ConfNodeLookupChildValue(conf, "payload"); + const char *payload_buffer_value = ConfNodeLookupChildValue(conf, "payload-buffer-size"); const char *packet = ConfNodeLookupChildValue(conf, "packet"); const char *payload_printable = ConfNodeLookupChildValue(conf, "payload-printable"); const char *http = ConfNodeLookupChildValue(conf, "http"); @@ -595,12 +600,24 @@ static void XffSetup(AlertJsonOutputCtx *json_output_ctx, ConfNode *conf) json_output_ctx->flags |= LOG_JSON_PAYLOAD_BASE64; } } + if (payload_buffer_value != NULL) { + uint32_t value; + if (ParseSizeStringU32(payload_buffer_value, &value) < 0) { + SCLogError(SC_ERR_ALERT_PAYLOAD_BUFFER, "Error parsing " + "payload-buffer-size - %s. Killing engine", + payload_buffer_value); + exit(EXIT_FAILURE); + } else { + payload_buffer_size = value; + } + } if (packet != NULL) { if (ConfValIsTrue(packet)) { json_output_ctx->flags |= LOG_JSON_PACKET; } } + json_output_ctx->payload_buffer_size = payload_buffer_size; HttpXFFGetCfg(conf, xff_cfg); } } diff --git a/src/util-error.c b/src/util-error.c index 3706789b2b..ea1d74d9d0 100644 --- a/src/util-error.c +++ b/src/util-error.c @@ -317,6 +317,7 @@ const char * SCErrorToString(SCError err) CASE_CODE (SC_ERR_DEPRECATED_CONF); CASE_CODE (SC_WARN_FASTER_CAPTURE_AVAILABLE); CASE_CODE (SC_WARN_POOR_RULE); + CASE_CODE (SC_ERR_ALERT_PAYLOAD_BUFFER); } return "UNKNOWN_ERROR"; diff --git a/src/util-error.h b/src/util-error.h index 1e9ef4f026..00eadd09b3 100644 --- a/src/util-error.h +++ b/src/util-error.h @@ -307,6 +307,7 @@ typedef enum { SC_ERR_DEPRECATED_CONF, /**< Deprecated configuration parameter. */ SC_WARN_FASTER_CAPTURE_AVAILABLE, SC_WARN_POOR_RULE, + SC_ERR_ALERT_PAYLOAD_BUFFER, } SCError; const char *SCErrorToString(SCError);