diff options
| author | Martin Mathieson <martin.r.mathieson@googlemail.com> | 2017-09-10 18:03:14 +0100 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2017-09-20 05:48:54 +0000 |
| commit | 4458d0b59f41382783820d90b99a5687ca0ccd33 (patch) | |
| tree | 791dfa914f4ebea39faf6567281c82cc31813756 /epan | |
| parent | a17bbc184170cf2faf4752f63f4dce0bba9e0dd5 (diff) | |
Snort: check executable and config files exist before trying to run.
Change-Id: I63986a61b392a74406ccefeaa001c110793c340a
Reviewed-on: https://code.wireshark.org/review/23469
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-snort.c | 33 | ||||
| -rw-r--r-- | epan/dissectors/snort-config.c | 19 | ||||
| -rw-r--r-- | epan/dissectors/snort-config.h | 8 |
3 files changed, 40 insertions, 20 deletions
diff --git a/epan/dissectors/packet-snort.c b/epan/dissectors/packet-snort.c index 563ac2ae30..616f38bd00 100644 --- a/epan/dissectors/packet-snort.c +++ b/epan/dissectors/packet-snort.c @@ -50,6 +50,7 @@ #include <epan/prefs.h> #include <epan/expert.h> #include <epan/wmem/wmem.h> +#include <wsutil/file_util.h> #include <wiretap/wtap-int.h> #include "snort-config.h" @@ -144,7 +145,6 @@ static gboolean snort_show_alert_expert_info = FALSE; static gboolean snort_alert_in_reassembled_frame = FALSE; - /********************************************************/ /* Global variable with single parsed snort config */ static SnortConfig_t *g_snort_config = NULL; @@ -791,6 +791,8 @@ static void snort_show_alert(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo } } + snort_debug_printf("Showing alert (sid=%u) in frame %u\n", alert->sid, pinfo->num); + /* Show in expert info if configured to. */ if (snort_show_alert_expert_info) { expert_add_info_format(pinfo, alert_ti, &ei_snort_alert, "Alert %u: \"%s\"", alert->sid, alert->msg); @@ -1279,7 +1281,7 @@ static void snort_start(void) if (current_session.running) { return; } - current_session.running = TRUE; + current_session.running = FALSE; /* Reset global stats */ reset_global_rule_stats(g_snort_config); @@ -1287,12 +1289,32 @@ static void snort_start(void) /* Need to test that we can run snort --version and that config can be parsed... */ /* Does nothing at present */ if (!snort_config_ok) { - current_session.running = FALSE; /* Can carry on without snort... */ return; } + /* About to run snort, so check that configured files exist, and that binary could be executed. */ + ws_statb64 binary_stat, config_stat; + + if (ws_stat64(pref_snort_binary_filename, &binary_stat) != 0) { + snort_debug_printf("Can't run snort - executable '%s' not found\n", pref_snort_binary_filename); + return; + } + + if (ws_stat64(pref_snort_config_filename, &config_stat) != 0) { + snort_debug_printf("Can't run snort - config file '%s' not found\n", pref_snort_config_filename); + return; + } + +#ifdef S_IXUSR + if (!(binary_stat.st_mode & S_IXUSR)) { + snort_debug_printf("Snort binary '%s' is not executable\n", pref_snort_binary_filename); + return; + } +#endif + /* Create snort process and set up pipes */ + snort_debug_printf("\nRunning %s with config file %s\n", pref_snort_binary_filename, pref_snort_config_filename); if (!g_spawn_async_with_pipes(NULL, /* working_directory */ (char **)argv, NULL, /* envp */ @@ -1309,6 +1331,10 @@ static void snort_start(void) current_session.working = FALSE; return; } + else { + current_session.running = TRUE; + current_session.working = TRUE; + } /* Setup handler for when process goes away */ g_child_watch_add(current_session.pid, snort_reaper, ¤t_session); @@ -1532,7 +1558,6 @@ proto_register_snort(void) "Attempt to show alert in reassembled frame where possible", &snort_alert_in_reassembled_frame); - snort_handle = create_dissector_handle(snort_dissector, proto_snort); register_init_routine(snort_start); diff --git a/epan/dissectors/snort-config.c b/epan/dissectors/snort-config.c index 7b5ea08019..9a05305eee 100644 --- a/epan/dissectors/snort-config.c +++ b/epan/dissectors/snort-config.c @@ -33,12 +33,6 @@ #include "snort-config.h" -/* #define SNORT_CONFIG_DEBUG */ -#ifdef SNORT_CONFIG_DEBUG -#define snort_debug_printf printf -#else -#define snort_debug_printf(...) -#endif #ifndef _WIN32 const char* g_file_separator = "/"; @@ -46,7 +40,6 @@ const char* g_file_separator = "/"; const char* g_file_separator = "\\"; #endif - /* Forward declaration */ static void parse_config_file(SnortConfig_t *snort_config, FILE *config_file_fd, const char *filename, const char *dirname, int recursion_level); @@ -320,12 +313,10 @@ void rule_set_relevant_vars(SnortConfig_t *snort_config, Rule_t *rule) /* Read source address */ field = read_token(rule->rule_string+accumulated_length, ' ', &length, &accumulated_length, FALSE); - snort_debug_printf("source address is (%s)\n", field); rule_check_ip_vars(snort_config, rule, field); /* Read source port */ field = read_token(rule->rule_string+accumulated_length, ' ', &length, &accumulated_length, FALSE); - snort_debug_printf("source port is (%s)\n", field); rule_check_port_vars(snort_config, rule, field); /* Read direction */ @@ -333,12 +324,10 @@ void rule_set_relevant_vars(SnortConfig_t *snort_config, Rule_t *rule) /* Dest address */ field = read_token(rule->rule_string+accumulated_length, ' ', &length, &accumulated_length, FALSE); - snort_debug_printf("dest address is (%s)\n", field); rule_check_ip_vars(snort_config, rule, field); /* Dest port */ field = read_token(rule->rule_string+accumulated_length, ' ', &length, &accumulated_length, FALSE); - snort_debug_printf("dest port is (%s)\n", field); rule_check_port_vars(snort_config, rule, field); /* Set flag so won't do again for this rule */ @@ -557,7 +546,7 @@ static gboolean parse_include_file(SnortConfig_t *snort_config, char *line, cons g_snprintf(substituted_filename, 512, "%s%s%s", snort_config->rule_path, g_file_separator, - include_filename + 10); + include_filename + 11); } else { /* Rule path is relative to config directory, so it goes first */ @@ -566,7 +555,7 @@ static gboolean parse_include_file(SnortConfig_t *snort_config, char *line, cons g_file_separator, snort_config->rule_path, g_file_separator, - include_filename + 10); + include_filename + 11); } is_rule_file = TRUE; } @@ -582,7 +571,6 @@ static gboolean parse_include_file(SnortConfig_t *snort_config, char *line, cons } /* Try to open the file. */ - snort_debug_printf("Trying to open: %s\n", substituted_filename); new_config_fd = ws_fopen(substituted_filename, "r"); if (new_config_fd == NULL) { snort_debug_printf("Failed to open config file %s\n", substituted_filename); @@ -823,6 +811,7 @@ static gboolean parse_rule(SnortConfig_t *snort_config, char *line, const char * /* Add rule to map of rules. */ g_hash_table_insert(snort_config->rules, GUINT_TO_POINTER((guint)rule->sid), rule); + snort_debug_printf("Snort rule with SID=%u added to table\n", rule->sid); return TRUE; } @@ -835,8 +824,6 @@ static gboolean delete_rule(gpointer key _U_, Rule_t *rule = (Rule_t*)value; unsigned int n; - snort_debug_printf("delete_rule(value=%p)\n", value); - /* Delete strings on heap. */ g_free(rule->rule_string); g_free(rule->file); diff --git a/epan/dissectors/snort-config.h b/epan/dissectors/snort-config.h index 411f26a63a..d8576e0a16 100644 --- a/epan/dissectors/snort-config.h +++ b/epan/dissectors/snort-config.h @@ -29,6 +29,13 @@ #include "ws_attributes.h" +/* #define SNORT_CONFIG_DEBUG */ +#ifdef SNORT_CONFIG_DEBUG +#define snort_debug_printf printf +#else +#define snort_debug_printf(...) +#endif + /************************************************************************/ /* Rule related data types */ @@ -160,6 +167,7 @@ typedef struct SnortConfig_t /*************************************************************************************/ /* API functions */ + void create_config(SnortConfig_t **snort_config, const char *snort_config_file); void delete_config(SnortConfig_t **snort_config); |