From ce8aeffa537a6fcdf277924cf12ac519d363a397 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Sat, 13 Apr 2013 18:40:58 -0400
Subject: Fix logic bug in rule updates (triggered by unique conditions).

---
 config/snort/snort.inc                        | 16 +++++++++
 config/snort/snort_check_for_rule_updates.php | 52 ++++++++++++---------------
 2 files changed, 39 insertions(+), 29 deletions(-)

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 6bf73f24..ff822085 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -911,11 +911,19 @@ function snort_merge_reference_configs($cfg_in, $cfg_out) {
         /* Sort the new reference map.  */
         uksort($outMap,'strnatcasecmp');
 
+	/**********************************************************/
+	/* Do NOT write an empty references.config file, just     */
+	/* exit instead.                                          */
+	/**********************************************************/
+	if (empty($outMap))
+		return false;
+
         /* Format and write it to the supplied output file.  */
         $format = "config reference: %-12s %s\n";
         foreach ($outMap as $key=>$value)
                 $outMap[$key] = sprintf($format, $key, $value);
         @file_put_contents($cfg_out, array_values($outMap));
+	return true;
 }
 
 function snort_merge_classification_configs($cfg_in, $cfg_out) {
@@ -948,11 +956,19 @@ function snort_merge_classification_configs($cfg_in, $cfg_out) {
         /* Sort the new classification map.  */
         uksort($outMap,'strnatcasecmp');
 
+	/**********************************************************/
+	/* Do NOT write an empty classification.config file, just */
+	/* exit instead.                                          */
+	/**********************************************************/
+	if (empty($outMap))
+		return false;
+
         /* Format and write it to the supplied output file.  */
         $format = "config classification: %s,%s\n";
         foreach ($outMap as $key=>$value)
                 $outMap[$key] = sprintf($format, $key, $value);
         @file_put_contents($cfg_out, array_values($outMap));
+	return true;
 }
 
 function snort_load_rules_map($rules_path) {
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 740dc591..cd0a09e6 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -456,10 +456,10 @@ function snort_apply_customizations($snortcfg, $if_real) {
 	snort_prepare_rule_files($snortcfg, "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}");
 
 	/* Copy the master config and map files to the interface directory */
-	@copy("{$snortdir}/tmp/classification.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/classification.config");
-	@copy("{$snortdir}/tmp/gen-msg.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/gen-msg.map");
-	@copy("{$snortdir}/tmp/reference.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/reference.config");
-	@copy("{$snortdir}/tmp/unicode.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/unicode.map");
+	@copy("{$snortdir}/classification.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/classification.config");
+	@copy("{$snortdir}/gen-msg.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/gen-msg.map");
+	@copy("{$snortdir}/reference.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/reference.config");
+	@copy("{$snortdir}/unicode.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/unicode.map");
 }
 
 if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules == 'on') {
@@ -470,42 +470,36 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
         /* Determine which config and map file set to use for the master copy. */
         /* If the Snort VRT rules are not enabled, then use Emerging Threats.  */
         if (($vrt_enabled == 'off') && ($et_enabled == 'on')) {
-		foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) {
-			if (file_exists("{$snortdir}/tmp/ET_{$file}"))
-				@rename("{$snortdir}/tmp/ET_{$file}", "{$snortdir}/tmp/{$file}");
-		}
+		$cfgs = glob("{$snortdir}/tmp/*reference.config");
+		$cfgs[] = "{$snortdir}/reference.config";
+		snort_merge_reference_configs($cfgs, "{$snortdir}/reference.config");
+		$cfgs = glob("{$snortdir}/tmp/*classification.config");
+		$cfgs[] = "{$snortdir}/classification.config";
+		snort_merge_classification_configs($cfgs, "{$snortdir}/classification.config");
         }
         elseif (($vrt_enabled == 'on') && ($et_enabled == 'off')) {
 		foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) {
 			if (file_exists("{$snortdir}/tmp/VRT_{$file}"))
-				@rename("{$snortdir}/tmp/VRT_{$file}", "{$snortdir}/tmp/{$file}");
+				@copy("{$snortdir}/tmp/VRT_{$file}", "{$snortdir}/{$file}");
                 }
         }
         elseif (($vrt_enabled == 'on') && ($et_enabled == 'on')) {
-               /* Both VRT and ET rules are enabled, so build combined  */
-               /* reference.config and classification.config files.     */
-                $cfgs = glob("{$snortdir}/tmp/*reference.config");
-                snort_merge_reference_configs($cfgs, "{$snortdir}/tmp/reference.config");
-                $cfgs = glob("{$snortdir}/tmp/*classification.config");
-                snort_merge_classification_configs($cfgs, "{$snortdir}/tmp/classification.config");
-
+		/* Both VRT and ET rules are enabled, so build combined  */
+		/* reference.config and classification.config files, but */
+		/* only if we downloaded both rule sets.  Otherwise we   */
+		/* risk creating an incomplete file.                     */
+		$cfgs = glob("{$snortdir}/tmp/*reference.config");
+		$cfgs[] = "{$snortdir}/reference.config";
+		snort_merge_reference_configs($cfgs, "{$snortdir}/reference.config");
+		$cfgs = glob("{$snortdir}/tmp/*classification.config");
+		$cfgs[] = "{$snortdir}/classification.config";
+		snort_merge_classification_configs($cfgs, "{$snortdir}/classification.config");
 		/* Use the unicode.map and gen-msg.map files from VRT rules. */
 		if (file_exists("{$snortdir}/tmp/VRT_unicode.map"))
-			@rename("{$snortdir}/tmp/VRT_unicode.map", "{$snortdir}/tmp/gen-msg.map");
+			@copy("{$snortdir}/tmp/VRT_unicode.map", "{$snortdir}/unicode.map");
 		if (file_exists("{$snortdir}/tmp/VRT_gen-msg.map"))
-			@rename("{$snortdir}/tmp/VRT_gen-msg.map", "{$snortdir}/tmp/gen-msg.map");
+			@copy("{$snortdir}/tmp/VRT_gen-msg.map", "{$snortdir}/gen-msg.map");
         }
-	else {
-		/* Just Snort GPLv2 Community Rules may be enabled, so make sure required */
-		/* default config files are present in the rules extraction tmp working   */
-		/* directory. Only copy missing files not captured in logic above.        */
-
-		$snort_files = array("gen-msg.map", "classification.config", "reference.config", "unicode.map");
-		foreach ($snort_files as $file) {
-			if (file_exists("{$snortdir}/{$file}") && !file_exists("{$snortdir}/tmp/{$file}"))
-				@copy("{$snortdir}/{$file}", "{$snortdir}/tmp/{$file}");
-		}
-	}
 
 	/* Start the rules rebuild proccess for each configured interface */
 	if (is_array($config['installedpackages']['snortglobal']['rule'])) {
-- 
cgit v1.2.3