One more thing.
I applied the "list_value_matches.patch" to v2.6 manually (it's
intended for v2.5.1). And I discovered a bug in the patch. This will
be a problem even if you apply the patch to v2.5.1. analysisd could
crash if you have list that looks up address_match_key_value.
In OS_DBSearchKeyAddressValue(), as I pasted below, the
"free(tmpkey);" should be outside of the while loop, and the
"tmpkey[strlen(tmpkey) - 1] = '\0';" should be outside of the outer-
most if statement.
Steve
+ while(strlen(tmpkey) > 0)
+ {
+ if(tmpkey[strlen(tmpkey) - 1] == '.')
+ {
+ if( cdb_find(&lrule->db->cdb, tmpkey, strlen(tmpkey))
> 0 ) {
+ if(cdb_match_value(&lrule->db->cdb, lrule-
>matcher)) {
+ free(tmpkey);
+ return 1;
+ }
+ }
+ tmpkey[strlen(tmpkey) - 1] = '\0';
+ }
+ free(tmpkey);
+ }
