[Oisf-devel] patch for (my) ticket #164 content+offset+depth
Victor Julien
victor at inliniac.net
Tue May 25 15:58:39 EDT 2010
Hi Rmkml, thanks for pointing out the issue. I ended up fixing it
slightly differently:
diff --git a/src/detect-depth.c b/src/detect-depth.c
index 31a8d16..954fcec 100644
--- a/src/detect-depth.c
+++ b/src/detect-depth.c
@@ -72,6 +72,7 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx,
Signature *s, char *depths
DetectUricontentData *ud = NULL;
DetectContentData *cd = NULL;
+
switch (pm->type) {
case DETECT_URICONTENT:
ud = (DetectUricontentData *)pm->ctx;
@@ -82,9 +83,12 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx,
Signature *s, char *depths
}
ud->depth = (uint32_t)atoi(str);
if (ud->uricontent_len + ud->offset > ud->depth) {
+ uint32_t depth = (ud->depth > ud->uricontent_len) ?
+ ud->depth : ud->uricontent_len;
+ cd->depth = cd->offset + depth;
+
SCLogDebug("depth increased to %"PRIu32" to match
pattern len "
- "and offset", ud->uricontent_len + ud->offset);
- ud->depth = ud->uricontent_len + ud->offset;
+ "and offset", ud->depth);
}
break;
@@ -97,9 +101,12 @@ static int DetectDepthSetup (DetectEngineCtx
*de_ctx, Signature *s, char *depths
}
cd->depth = (uint32_t)atoi(str);
if (cd->content_len + cd->offset > cd->depth) {
+ uint32_t depth = (cd->depth > cd->content_len) ?
+ cd->depth : cd->content_len;
+ cd->depth = cd->offset + depth;
+
SCLogDebug("depth increased to %"PRIu32" to match
pattern len "
- "and offset", cd->content_len + cd->offset);
- cd->depth = cd->content_len + cd->offset;
+ "and offset", cd->depth);
}
break;
Current master should work!
Cheers,
Victor
rmkml wrote:
> Hi,
> I have created a small patch for src/detect-depth.c:
>
> @@ -98,8 +98,8 @@
> cd->depth = (uint32_t)atoi(str);
> if (cd->content_len + cd->offset > cd->depth) {
> SCLogDebug("depth increased to %"PRIu32" to match pattern len "
> - "and offset", cd->content_len + cd->offset);
> - cd->depth = cd->content_len + cd->offset;
> + "and offset", cd->content_len + cd->offset +
> (cd->depth - cd->content_len));
> + cd->depth = cd->content_len + cd->offset + (cd->depth -
> cd->content_len);
> }
> break;
>
> Apply on suricata git 20 May 2010
> (b629b7c5c1e2ad6c91b97b6708ad9ddc6a674502)
> Not tested(/modified) with uricontent and depth/offset...
> Regards
> Rmkml
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list