From e601ebdfd8efa9a36e5d0d9a1539945c6498bd7c Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Wed, 23 Nov 2022 14:29:39 +0100 Subject: [PATCH] files: always initialize inspect_window and min_inspect_depth This is to make sure the files buffers are properly managed even when there are no rules or when there are no file.data rules. Bug: #5703. --- src/detect-file-data.c | 4 ---- src/util-file.c | 3 +++ src/util-file.h | 4 ++++ 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/detect-file-data.c b/src/detect-file-data.c index 5954d2e7d2..9227b5a6ed 100644 --- a/src/detect-file-data.c +++ b/src/detect-file-data.c @@ -163,10 +163,6 @@ void DetectFiledataRegister(void) g_file_data_buffer_id = DetectBufferTypeGetByName("file_data"); } -#define FILEDATA_CONTENT_LIMIT 100000 -#define FILEDATA_CONTENT_INSPECT_MIN_SIZE 32768 -#define FILEDATA_CONTENT_INSPECT_WINDOW 4096 - static void SetupDetectEngineConfig(DetectEngineCtx *de_ctx) { if (de_ctx->filedata_config_initialized) return; diff --git a/src/util-file.c b/src/util-file.c index fe97a4cac3..ba8ea39469 100644 --- a/src/util-file.c +++ b/src/util-file.c @@ -955,6 +955,9 @@ static File *FileOpenFile(FileContainer *ffc, const StreamingBufferConfig *sbcfg FileContainerAdd(ffc, ff); + /* set default window and min inspection size */ + FileSetInspectSizes(ff, FILEDATA_CONTENT_INSPECT_WINDOW, FILEDATA_CONTENT_INSPECT_MIN_SIZE); + ff->size += data_len; if (data != NULL) { if (AppendData(ff, data, data_len) != 0) { diff --git a/src/util-file.h b/src/util-file.h index 5bd1a18606..e68baf1422 100644 --- a/src/util-file.h +++ b/src/util-file.h @@ -61,6 +61,10 @@ typedef struct SCMd5 SCMd5; // to be used instead of PATH_MAX which depends on the OS #define SC_FILENAME_MAX 4096 +#define FILEDATA_CONTENT_LIMIT 100000 +#define FILEDATA_CONTENT_INSPECT_MIN_SIZE 32768 +#define FILEDATA_CONTENT_INSPECT_WINDOW 4096 + typedef enum FileState_ { FILE_STATE_NONE = 0, /**< no state */ FILE_STATE_OPENED, /**< flow file is opened */