[Oisf-devel] [COMMIT] OISF branch, master-1.3.x, updated. suricata-1.3.2-6-g2cdbdab

noreply at openinfosecfoundation.org noreply at openinfosecfoundation.org
Fri Oct 12 15:09:15 UTC 2012

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master-1.3.x has been updated
       via  2cdbdab38c878da01518ae932a55984538786e81 (commit)
      from  0e7c9af4431f993280d5b369f4e6827d4018f89d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2cdbdab38c878da01518ae932a55984538786e81
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Oct 12 16:40:43 2012 +0200

    libhtp: don't use internal iterator
    It violates thread safety. #601.
    Suricata assures thread safety on the flow level for HTTP tracking. Part of the flow is (in case of HTTP) libhtp's htp_connp_t state. At startup the libhtp glue layer, app-layer-htp initializes as many htp_cfg_t instances as there are libhtp server configurations in the yaml. At HTTP session start, we look up the proper htp_cfg_t based on the server ip and pass it to htp_connp_create.  A ptr to the relevant htp_cfg_t is part of the htp_connp_t. The htp_cfg_t contains "hooks". The are registered based on yaml config at init time.
    The hooks have lists of type list_t. The list is run with a built in iterator. The iterator is reset at the start of each "hook_run_all". Since multiple flows share the same htp_cfg_t flow A can reset the iterator while flow B is using it. The flow lock has no effect as flows share the htp_cfg_t.
    This has been observed in real traffic. hook_response_body_data was run on the same data multiple times, leading to corrupt extracted files.


Summary of changes:
 libhtp/htp/hooks.c |   31 +++++++++++++++++++++++++++++--
 1 files changed, 29 insertions(+), 2 deletions(-)


More information about the Oisf-devel mailing list