From a781f8b8b0eee6379880822933b9966ffed5492f Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 18 Oct 2013 10:07:22 +0200 Subject: bugfix: invalid property filter was not properly disabled in ruleset Note that this bugfix introduces a very slight memory leak, which is cosmetic, as it just holds data until termination that is no longer needed. It is just the part of the config that was invalid. We will "fix" this "issue" in the devel version first, as the fix is a bit too intrusive to do without hard need in the stable version. --- ChangeLog | 6 ++++++ grammar/rainerscript.c | 5 +++-- runtime/conf.c | 1 + 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7f7574bf..b2653fac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,12 @@ Version 7.4.5 [v7.4-stable] 2013-09-?? - now requires libestr 0.1.8 as early versions had a nasty bug in string comparisons - omelasticsearch: add failed.httprequests stats counter +- bugfix: invalid property filter was not properly disabled in ruleset + Note that this bugfix introduces a very slight memory leak, which is + cosmetic, as it just holds data until termination that is no longer + needed. It is just the part of the config that was invalid. We will + "fix" this "issue" in the devel version first, as the fix is a bit + too intrusive to do without hard need in the stable version. - bugfix: segfault if re_extract() function was used and no match found - bugfix: potential misadressing on startup if property-filter was used This could happen if the property name was longer than 127 chars, a case diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c index f9c5047c..63bb6f67 100644 --- a/grammar/rainerscript.c +++ b/grammar/rainerscript.c @@ -2570,14 +2570,15 @@ struct cnfstmt * cnfstmtNewPROPFILT(char *propfilt, struct cnfstmt *t_then) { struct cnfstmt* cnfstmt; - rsRetVal lRet; if((cnfstmt = cnfstmtNew(S_PROPFILT)) != NULL) { cnfstmt->printable = (uchar*)propfilt; cnfstmt->d.s_propfilt.t_then = t_then; cnfstmt->d.s_propfilt.propName = NULL; cnfstmt->d.s_propfilt.regex_cache = NULL; cnfstmt->d.s_propfilt.pCSCompValue = NULL; - lRet = DecodePropFilter((uchar*)propfilt, cnfstmt); + if(DecodePropFilter((uchar*)propfilt, cnfstmt) != RS_RET_OK) { + cnfstmt->nodetype = S_NOP; /* disable action! */ + } } return cnfstmt; } diff --git a/runtime/conf.c b/runtime/conf.c index c3c7e447..c01715cb 100644 --- a/runtime/conf.c +++ b/runtime/conf.c @@ -573,6 +573,7 @@ rsRetVal DecodePropFilter(uchar *pline, struct cnfstmt *stmt) } else { errmsg.LogError(0, NO_ERRCODE, "error: invalid compare operation '%s' - ignoring selector", (char*) rsCStrGetSzStrNoNULL(pCSCompOp)); + return(RS_RET_ERR); } rsCStrDestruct(&pCSCompOp); /* no longer needed */ -- cgit v1.2.3