aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

disallow pcre /P/I/U with flow:to_client/from_svr

Browse Source
remotes/origin/master
Eileen Donlon 13 years ago committed by Victor Julien
parent c7807a21b6
commit b22529d6f4
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File

11
src/detect-pcre.c
Unescape Escape View File

@ -1071,6 +1071,17 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, char *regexst
if (pd == NULL)
goto error;
if (pd->flags & DETECT_PCRE_HTTP_CLIENT_BODY && s->init_flags & SIG_FLAG_INIT_FLOW
&& s->flags & SIG_FLAG_TOCLIENT && !(s->flags & SIG_FLAG_TOSERVER)) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Can't use pcre /P with flow:from_server or flow:to_client");
goto error;
}
if ((pd->flags & DETECT_PCRE_URI || pd->flags & DETECT_PCRE_HTTP_RAW_URI)
&& s->init_flags & SIG_FLAG_INIT_FLOW && s->flags & SIG_FLAG_TOCLIENT && !(s->flags & SIG_FLAG_TOSERVER)) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Can't use pcre /U or /I with flow:from_server or flow:to_client");
goto error;
}
/* check pcre modifiers against the signature alproto. In case they conflict
* chuck out invalid signature */
switch (s->alproto) {

Write Preview
Loading…
Cancel
Save