flowbits: validate that there are no spaces in the name

Fixes issue: https://redmine.openinfosecfoundation.org/issues/1889 To catch the issue where the ';' is missing we have to expand the regex to capture the whole name string, not just the leading valid stuff. Then verify that there are no spaces in the name (Snort has the same restriction) and fail if there is.
9 years ago · 24f2387b23
parent 1cdd062dc6
commit 24f2387b23
1 changed files with 19 additions and 1 deletions
--- a/src/detect-flowbits.c
+++ b/src/detect-flowbits.c
@ -45,7 +45,7 @@
 #include "util-unittest.h"
 #include "util-debug.h"

-#define PARSE_REGEX         "([a-z]+)(?:,\\s*([^\\s]*))?"
+#define PARSE_REGEX         "([a-z]+)(?:,\\s*(.*))?"
 static pcre *parse_regex;
 static pcre_extra *parse_regex_study;

@ -182,6 +182,20 @@ static int DetectFlowbitParse(char *str, char *cmd, int cmd_len, char *name,
            SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
            return 0;
        }
+
+        /* Trim trailing whitespace. */
+        while (strlen(name) > 0 && isblank(name[strlen(name) - 1])) {
+            name[strlen(name) - 1] = '\0';
+        }
+
+        /* Validate name, spaces are not allowed. */
+        for (size_t i = 0; i < strlen(name); i++) {
+            if (isblank(name[i])) {
+                SCLogError(SC_ERR_INVALID_SIGNATURE,
+                    "spaces not allowed in flowbit names");
+                return 0;
+            }
+        }
    }

    return 1;
@ -324,6 +338,10 @@ static int FlowBitsTestParse01(void)
    FAIL_IF(strcmp(command, "set") != 0);
    FAIL_IF(strcmp(name, "flowbit") != 0);

+    /* Spaces are not allowed in the name. */
+    FAIL_IF(DetectFlowbitParse("set,namewith space", command, sizeof(command),
+            name, sizeof(name)));
+
    PASS;
 }