[ossec-cvs] ossec-hids: syscheck.c (HEAD) [dcid]

[OSSEC CVS <cvs-commit@xxxxxxxxx>]

Module name:	ossec-hids
Changes by:	dcid	07/10/06 22:27:07

Modified files:
	syscheck.c

Log message:
Description: Finally fixing syscheck (not working with the match keyword). Thankks to Dustin Lenz for the help and debug info.
Reviewed by: dcid
Bug:

Index: syscheck.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/analysisd/decoders/syscheck.c,v
diff -u -r1.47 -r1.48
--- syscheck.c	4 Oct 2007 01:41:35 -0000	1.47
+++ syscheck.c	7 Oct 2007 01:27:06 -0000	1.48
@@ -247,7 +247,7 @@
 /* DB_Search
  * Search the DB for any entry related to the file being received
  */
-int DB_Search(char *f_name, char *new_sum, Eventinfo *lf)
+int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
 {
     int p = 0;
     int sn_size;
@@ -340,7 +340,7 @@
 
 
         /* checksum match, we can just return and keep going */
-        if(strcmp(saved_sum, new_sum) == 0)
+        if(strcmp(saved_sum, c_sum) == 0)
             return(0);
 
 
@@ -398,14 +398,14 @@
                 '!',
                 p >= 1? '!' : '+',
                 p == 2? '!' : (p > 2)?'?':'+',
-                new_sum,
+                c_sum,
                 lf->time,
                 f_name);
         fflush(fp);
 
 
         /* File deleted */
-        if(new_sum[0] == '-' && new_sum[1] == '1')
+        if(c_sum[0] == '-' && c_sum[1] == '1')
         {
             sdb.syscheck_dec->id = sdb.idd;
             snprintf(sdb.comment, OS_MAXSTR,
@@ -432,10 +432,6 @@
             char *oldmd5 = NULL, *newmd5 = NULL;
             char *oldsha1 = NULL, *newsha1 = NULL;
 
-            char c_sum[256];
-            c_sum[255] = '\0';
-            strncpy(c_sum, new_sum, 255);
-
             oldsize = saved_sum;
             newsize = c_sum;
 
@@ -625,14 +621,13 @@
         /* Creating a new log message */
         free(lf->full_log);
         os_strdup(sdb.comment, lf->full_log);
+        lf->log = lf->full_log;
 
         
         /* Setting decoder */
         lf->decoder_info = sdb.syscheck_dec;
                         
 
-        f_name--;
-        *f_name = ' ';
         return(1); 
 
     } /* continuiing... */
@@ -641,7 +636,7 @@
     /* If we reach here, this file is not present on our database */
     fseek(fp, 0, SEEK_END);
     
-    fprintf(fp,"+++%s !%d %s\n", new_sum, lf->time, f_name);
+    fprintf(fp,"+++%s !%d %s\n", c_sum, lf->time, f_name);
 
 
     /* Alert if configured to notify on new files */
@@ -658,14 +653,11 @@
         /* Creating a new log message */
         free(lf->full_log);
         os_strdup(sdb.comment, lf->full_log);
+        lf->log = lf->full_log;
 
 
         /* Setting decoder */
         lf->decoder_info = sdb.syscheck_dec;
-
-        f_name--;
-        *f_name = ' ';
-                        
 
         return(1);
     }