Project

General

Profile

Actions
Copy link

Bug #3805

closed

Rule filename mutation when reading file hash files from a directory other than the default-rule-directory

Added by Jeff Lucovsky over 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
4.1.9
Affected Versions:
4.1.8, 5.0.3
Effort:
Difficulty:
Label:

Description

When a filename for a file hash refers to a file that is relative to the rule file, and is not in the default-rule-directory, the dirname(3) call is used to determine the directory name. This function will mutate the value passed to it, usually chopping off the last component in the path. So subsequent calls get a different value and Suricata will mostly likely fail to load the file hash file.

The fix is to first copy the rule filename and operate on that.

Fixed in master:
https://github.com/OISF/suricata/pull/5107

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #3802: Rule filename mutation when reading file hash files from a directory other than the default-rule-directoryClosedJason IshActions
Actions
Copy link
 #1

Updated by Jeff Lucovsky over 4 years ago

  • Copied from Bug #3802: Rule filename mutation when reading file hash files from a directory other than the default-rule-directory added
Actions
Copy link
 #2

Updated by Shivani Bhardwaj over 4 years ago

  • Status changed from Assigned to In Review
Actions
Copy link
 #3

Updated by Shivani Bhardwaj about 4 years ago

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: Atom PDF