[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-1.4beta2-9-g0b68da0
noreply at openinfosecfoundation.org
noreply at openinfosecfoundation.org
Fri Oct 12 15:09:15 UTC 2012
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 0b68da0b31815aa9509592c6628c7a961d4609a4 (commit)
from d68fd54a763a2633bf920b70688dc2a019833076 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0b68da0b31815aa9509592c6628c7a961d4609a4
Author: Victor Julien <victor at inliniac.net>
Date: Fri Oct 12 16:40:43 2012 +0200
libhtp: don't use internal iterator
It violates thread safety. #601.
Suricata assures thread safety on the flow level for HTTP tracking. Part of the flow is (in case of HTTP) libhtp's htp_connp_t state. At startup the libhtp glue layer, app-layer-htp initializes as many htp_cfg_t instances as there are libhtp server configurations in the yaml. At HTTP session start, we look up the proper htp_cfg_t based on the server ip and pass it to htp_connp_create. A ptr to the relevant htp_cfg_t is part of the htp_connp_t. The htp_cfg_t contains "hooks". The are registered based on yaml config at init time.
The hooks have lists of type list_t. The list is run with a built in iterator. The iterator is reset at the start of each "hook_run_all". Since multiple flows share the same htp_cfg_t flow A can reset the iterator while flow B is using it. The flow lock has no effect as flows share the htp_cfg_t.
This has been observed in real traffic. hook_response_body_data was run on the same data multiple times, leading to corrupt extracted files.
-----------------------------------------------------------------------
Summary of changes:
libhtp/htp/hooks.c | 31 +++++++++++++++++++++++++++++--
1 files changed, 29 insertions(+), 2 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list