detect/icmp: reject invalid rules for icode/itype

4 years ago · 68f8b2f40f
parent 7d6835958b
commit 68f8b2f40f
2 changed files with 40 additions and 6 deletions
--- a/src/detect-icode.c
+++ b/src/detect-icode.c
@ -191,8 +191,25 @@ static DetectICodeData *DetectICodeParse(DetectEngineCtx *de_ctx, const char *ic
                                        "valid", args[1]);
            goto error;
        }
-        if ((strcmp(args[0], ">")) == 0) icd->mode = DETECT_ICODE_GT;
-        else icd->mode = DETECT_ICODE_LT;
+        if ((strcmp(args[0], ">")) == 0) {
+            if (icd->code1 == 255) {
+                SCLogError(SC_ERR_INVALID_ARGUMENT,
+                        "specified icmp code >%s is not "
+                        "valid",
+                        args[1]);
+                goto error;
+            }
+            icd->mode = DETECT_ICODE_GT;
+        } else {
+            if (icd->code1 == 0) {
+                SCLogError(SC_ERR_INVALID_ARGUMENT,
+                        "specified icmp code <%s is not "
+                        "valid",
+                        args[1]);
+                goto error;
+            }
+            icd->mode = DETECT_ICODE_LT;
+        }
    } else { /* no "<", ">" */
        /* we have a range ("<>") */
        if (args[2] != NULL) {
@ -590,4 +607,4 @@ void DetectICodeRegisterTests(void)
    UtRegisterTest("DetectICodeParseTest08", DetectICodeParseTest08);
    UtRegisterTest("DetectICodeMatchTest01", DetectICodeMatchTest01);
 }
-#endif /* UNITTESTS */
+#endif /* UNITTESTS */
--- a/src/detect-itype.c
+++ b/src/detect-itype.c
@ -191,8 +191,25 @@ static DetectITypeData *DetectITypeParse(DetectEngineCtx *de_ctx, const char *it
                                                "valid", args[1]);
            goto error;
        }
-        if ((strcmp(args[0], ">")) == 0) itd->mode = DETECT_ITYPE_GT;
-        else itd->mode = DETECT_ITYPE_LT;
+        if ((strcmp(args[0], ">")) == 0) {
+            if (itd->type1 == 255) {
+                SCLogError(SC_ERR_INVALID_ARGUMENT,
+                        "specified icmp type >%s is not "
+                        "valid",
+                        args[1]);
+                goto error;
+            }
+            itd->mode = DETECT_ITYPE_GT;
+        } else {
+            if (itd->type1 == 0) {
+                SCLogError(SC_ERR_INVALID_ARGUMENT,
+                        "specified icmp type <%s is not "
+                        "valid",
+                        args[1]);
+                goto error;
+            }
+            itd->mode = DETECT_ITYPE_LT;
+        }
    } else { /* no "<", ">" */
        /* we have a range ("<>") */
        if (args[2] != NULL) {
@ -595,4 +612,4 @@ void DetectITypeRegisterTests(void)
    UtRegisterTest("DetectITypeParseTest08", DetectITypeParseTest08);
    UtRegisterTest("DetectITypeMatchTest01", DetectITypeMatchTest01);
 }
-#endif /* UNITTESTS */
+#endif /* UNITTESTS */