Fix broken unittest, improve within error messaging.

16 years ago · 4fd4c1331e
parent c54b91ed94
commit 4fd4c1331e
4 changed files with 17 additions and 6 deletions
--- a/src/detect-engine-payload.c
+++ b/src/detect-engine-payload.c
@ -361,7 +361,7 @@ static int PayloadTestSig03 (void) {
    Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
    int result = 0;

-    char sig[] = "alert tcp any any -> any any (content:\"aBc\"; nocase; content:\"abca\"; distance:-10; within:1; sid:1;)";
+    char sig[] = "alert tcp any any -> any any (content:\"aBc\"; nocase; content:\"abca\"; distance:-10; within:4; sid:1;)";
    if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
        result = 0;
        goto end;
--- a/src/detect-within.c
+++ b/src/detect-within.c
@ -28,6 +28,13 @@ void DetectWithinRegister (void) {
    sigmatch_table[DETECT_WITHIN].flags |= SIGMATCH_PAYLOAD;
 }

+/** \brief Setup within pattern (content/uricontent) modifier.
+ *
+ *  \todo apply to uricontent
+ *
+ *  \retval 0 ok
+ *  \retval -1 error, sig needs to be invalidated
+ */
 static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withinstr)
 {
    char *str = withinstr;
@ -45,7 +52,7 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
        goto error;
    }

-    /** Search for the first previous DetectContent
+    /* Search for the first previous DetectContent
     * SigMatch (it can be the same as this one) */
    SigMatch *pm = DetectContentFindPrevApplicableSM(s->pmatch_tail);
    if (pm == NULL || DetectContentHasPrevSMPattern(pm) == NULL) {
@ -60,12 +67,14 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
    }

    cd->within = strtol(str, NULL, 10);
-    if (cd->within < cd->content_len) {
-        SCLogError(SC_ERR_INVALID_SIGNATURE, "within argument \"%d\" is less "
-                   "than the content length \"%s\" which is invalid, since this "
-                   "will never match.  Invalidating signature", cd->within, cd->content);
+    if (cd->within < (int32_t)cd->content_len) {
+        SCLogError(SC_ERR_WITHIN_INVALID, "within argument \"%"PRIi32"\" is "
+                "less than the content length \"%"PRIu32"\" which is invalid, since "
+                "this will never match.  Invalidating signature", cd->within,
+                cd->content_len);
        goto error;
    }
+
    cd->flags |= DETECT_CONTENT_WITHIN;

    if (cd->flags & DETECT_CONTENT_DISTANCE) {
--- a/src/util-error.c
+++ b/src/util-error.c
@ -88,6 +88,7 @@ const char * SCErrorToString(SCError err)
        CASE_CODE (SC_ERR_BYTETEST_MISSING_CONTENT);
        CASE_CODE (SC_ERR_BYTEJUMP_MISSING_CONTENT);
        CASE_CODE (SC_ERR_WITHIN_MISSING_CONTENT);
+        CASE_CODE (SC_ERR_WITHIN_INVALID);
        CASE_CODE (SC_ERR_DEPTH_MISSING_CONTENT);
        CASE_CODE (SC_ERR_OFFSET_MISSING_CONTENT);
        CASE_CODE (SC_ERR_NOCASE_MISSING_PATTERN);
--- a/src/util-error.h
+++ b/src/util-error.h
@ -109,6 +109,7 @@ typedef enum {
    SC_ERR_FLAGS_MODIFIER,
    SC_ERR_DISTANCE_MISSING_CONTENT,
    SC_ERR_WITHIN_MISSING_CONTENT,
+    SC_ERR_WITHIN_INVALID,
    SC_ERR_OFFSET_MISSING_CONTENT,
    SC_ERR_DEPTH_MISSING_CONTENT,
    SC_ERR_BYTETEST_MISSING_CONTENT,