|
|
|
@ -81,6 +81,7 @@ static InspectionBuffer *GetKrb5SNameData(DetectEngineThreadCtx *det_ctx,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
InspectionBufferSetupMulti(buffer, transforms, b, b_len);
|
|
|
|
InspectionBufferSetupMulti(buffer, transforms, b, b_len);
|
|
|
|
|
|
|
|
buffer->flags = DETECT_CI_FLAGS_SINGLE;
|
|
|
|
|
|
|
|
|
|
|
|
SCReturnPtr(buffer, "InspectionBuffer");
|
|
|
|
SCReturnPtr(buffer, "InspectionBuffer");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@ -100,13 +101,11 @@ static uint8_t DetectEngineInspectKrb5SName(DetectEngineCtx *de_ctx, DetectEngin
|
|
|
|
struct Krb5PrincipalNameDataArgs cbdata = { local_id, txv, };
|
|
|
|
struct Krb5PrincipalNameDataArgs cbdata = { local_id, txv, };
|
|
|
|
InspectionBuffer *buffer =
|
|
|
|
InspectionBuffer *buffer =
|
|
|
|
GetKrb5SNameData(det_ctx, transforms, f, &cbdata, engine->sm_list);
|
|
|
|
GetKrb5SNameData(det_ctx, transforms, f, &cbdata, engine->sm_list);
|
|
|
|
|
|
|
|
|
|
|
|
if (buffer == NULL || buffer->inspect == NULL)
|
|
|
|
if (buffer == NULL || buffer->inspect == NULL)
|
|
|
|
break;
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
|
|
const bool match = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f,
|
|
|
|
const bool match = DetectEngineContentInspectionBuffer(de_ctx, det_ctx, s, engine->smd,
|
|
|
|
buffer->inspect, buffer->inspect_len, buffer->inspect_offset,
|
|
|
|
NULL, f, buffer, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
|
|
|
|
DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
|
|
|
|
|
|
|
|
if (match) {
|
|
|
|
if (match) {
|
|
|
|
return DETECT_ENGINE_INSPECT_SIG_MATCH;
|
|
|
|
return DETECT_ENGINE_INSPECT_SIG_MATCH;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Victor Julien
1 year ago
committed by
Victor Julien