detect/base64: move content inspection logic

Integrate with rest of content inspect code.
2 years ago · e9b33c48f0
parent 6a01f40d40
commit e9b33c48f0
3 changed files with 10 additions and 19 deletions
--- a/src/detect-base64-data.c
+++ b/src/detect-base64-data.c
@ -61,19 +61,6 @@ static int DetectBase64DataSetup(DetectEngineCtx *de_ctx, Signature *s,
    return 0;
 }

-int DetectBase64DataDoMatch(DetectEngineCtx *de_ctx,
-    DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f)
-{
-    if (det_ctx->base64_decoded_len) {
-        return DetectEngineContentInspectionInternal(de_ctx, det_ctx, s,
-                s->sm_arrays[DETECT_SM_LIST_BASE64_DATA], NULL, f, det_ctx->base64_decoded,
-                det_ctx->base64_decoded_len, 0, DETECT_CI_FLAGS_SINGLE,
-                DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
-    }
-
-    return 0;
-}
-
 #ifdef UNITTESTS

 static int g_file_data_buffer_id = 0;
--- a/src/detect-base64-data.h
+++ b/src/detect-base64-data.h
@ -19,7 +19,5 @@
 #define __DETECT_BASE64_DATA_H__

 void DetectBase64DataRegister(void);
-int DetectBase64DataDoMatch(DetectEngineCtx *, DetectEngineThreadCtx *,
-        const Signature *, Flow *);

 #endif /* __DETECT_BASE64_DATA_H__ */
--- a/src/detect-engine-content-inspection.c
+++ b/src/detect-engine-content-inspection.c
@ -651,10 +651,16 @@ int DetectEngineContentInspectionInternal(DetectEngineCtx *de_ctx, DetectEngineT
    } else if (smd->type == DETECT_BASE64_DECODE) {
        if (DetectBase64DecodeDoMatch(det_ctx, s, smd, buffer, buffer_len)) {
            if (s->sm_arrays[DETECT_SM_LIST_BASE64_DATA] != NULL) {
-                KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
-                if (DetectBase64DataDoMatch(de_ctx, det_ctx, s, f) == 1) {
-                    /* Base64 is a terminal list. */
-                    goto final_match;
+                if (det_ctx->base64_decoded_len) {
+                    KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
+                    int r = DetectEngineContentInspectionInternal(de_ctx, det_ctx, s,
+                            s->sm_arrays[DETECT_SM_LIST_BASE64_DATA], NULL, f,
+                            det_ctx->base64_decoded, det_ctx->base64_decoded_len, 0,
+                            DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
+                    if (r == 1) {
+                        /* Base64 is a terminal list. */
+                        goto final_match;
+                    }
                }
            }
        }