Bug #3806: Rule filename mutation when reading file hash files from a directory other than the default-rule-directory - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #3806

closed

Rule filename mutation when reading file hash files from a directory other than the default-rule-directory

Added by Jeff Lucovsky over 4 years ago. Updated about 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Jeff Lucovsky

Target version:

5.0.4

Affected Versions:

4.1.8, 5.0.3

Effort:

Difficulty:

Label:

Description

When a filename for a file hash refers to a file that is relative to the rule file, and is not in the default-rule-directory, the dirname(3) call is used to determine the directory name. This function will mutate the value passed to it, usually chopping off the last component in the path. So subsequent calls get a different value and Suricata will mostly likely fail to load the file hash file.

The fix is to first copy the rule filename and operate on that.

Fixed in master:
https://github.com/OISF/suricata/pull/5107

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #3806

Rule filename mutation when reading file hash files from a directory other than the default-rule-directory

Updated by Jeff Lucovsky over 4 years ago

Updated by Jeff Lucovsky over 4 years ago

Updated by Jeff Lucovsky about 4 years ago