aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

reject mixed relative and non-relative keywords

Browse Source 
reject signatures using relative and non-relative positional keywords for the same content (depth or offset with distance or within)
remotes/origin/master
Eileen Donlon 14 years ago committed by Victor Julien
parent 0b09416a48
commit 0bcbd23343
4 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File

6
src/detect-depth.c
Unescape Escape View File

@ -136,6 +136,12 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
} }
} }
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use a relative keyword "
"with a non-relative keyword for the same content." );
goto error;
}
if (str[0] != '-' && isalpha(str[0])) { if (str[0] != '-' && isalpha(str[0])) {
SigMatch *bed_sm = SigMatch *bed_sm =
DetectByteExtractRetrieveSMVar(str, s, DetectByteExtractRetrieveSMVar(str, s,

6
src/detect-distance.c
Unescape Escape View File

@ -210,6 +210,12 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
} }
} }
if (cd->flags & DETECT_CONTENT_DEPTH || cd->flags & DETECT_CONTENT_OFFSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use a relative keyword "
"with a non-relative keyword for the same content." );
goto error;
}
if (str[0] != '-' && isalpha(str[0])) { if (str[0] != '-' && isalpha(str[0])) {
SigMatch *bed_sm = SigMatch *bed_sm =
DetectByteExtractRetrieveSMVar(str, s, DetectByteExtractRetrieveSMVar(str, s,

7
src/detect-offset.c
Unescape Escape View File

@ -135,6 +135,12 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr)
} }
} }
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use a relative keyword "
"with a non-relative keyword for the same content." );
goto error;
}
if (str[0] != '-' && isalpha(str[0])) { if (str[0] != '-' && isalpha(str[0])) {
SigMatch *bed_sm = SigMatch *bed_sm =
DetectByteExtractRetrieveSMVar(str, s, DetectByteExtractRetrieveSMVar(str, s,
@ -163,7 +169,6 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr)
break; break;
default: default:
SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs a preceeding" SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs a preceeding"
" content or uricontent option"); " content or uricontent option");

6
src/detect-within.c
Unescape Escape View File

@ -212,6 +212,12 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
} }
} }
if (cd->flags & DETECT_CONTENT_DEPTH || cd->flags & DETECT_CONTENT_OFFSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use a relative keyword "
"with a non-relative keyword for the same content." );
goto error;
}
if (str[0] != '-' && isalpha(str[0])) { if (str[0] != '-' && isalpha(str[0])) {
SigMatch *bed_sm = SigMatch *bed_sm =
DetectByteExtractRetrieveSMVar(str, s, DetectByteExtractRetrieveSMVar(str, s,

Write Preview
Loading…
Cancel
Save