Project

General

Profile

Actions

Bug #3805

closed

Rule filename mutation when reading file hash files from a directory other than the default-rule-directory

Added by Jeff Lucovsky over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

When a filename for a file hash refers to a file that is relative to the rule file, and is not in the default-rule-directory, the dirname(3) call is used to determine the directory name. This function will mutate the value passed to it, usually chopping off the last component in the path. So subsequent calls get a different value and Suricata will mostly likely fail to load the file hash file.

The fix is to first copy the rule filename and operate on that.

Fixed in master:
https://github.com/OISF/suricata/pull/5107


Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #3802: Rule filename mutation when reading file hash files from a directory other than the default-rule-directoryClosedJason IshActions
Actions

Also available in: Atom PDF