[Oisf-devel] patch for (my) ticket #164 content+offset+depth

Victor Julien victor at inliniac.net
Tue May 25 15:58:39 EDT 2010


Hi Rmkml, thanks for pointing out the issue. I ended up fixing it
slightly differently:



diff --git a/src/detect-depth.c b/src/detect-depth.c
index 31a8d16..954fcec 100644
--- a/src/detect-depth.c
+++ b/src/detect-depth.c
@@ -72,6 +72,7 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx,
Signature *s, char *depths

     DetectUricontentData *ud = NULL;
     DetectContentData *cd = NULL;
+
     switch (pm->type) {
         case DETECT_URICONTENT:
             ud = (DetectUricontentData *)pm->ctx;
@@ -82,9 +83,12 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx,
Signature *s, char *depths
             }
             ud->depth = (uint32_t)atoi(str);
             if (ud->uricontent_len + ud->offset > ud->depth) {
+                uint32_t depth = (ud->depth > ud->uricontent_len) ?
+                    ud->depth : ud->uricontent_len;
+                cd->depth = cd->offset + depth;
+
                 SCLogDebug("depth increased to %"PRIu32" to match
pattern len "
-                        "and offset", ud->uricontent_len + ud->offset);
-                ud->depth = ud->uricontent_len + ud->offset;
+                        "and offset", ud->depth);
             }
         break;

@@ -97,9 +101,12 @@ static int DetectDepthSetup (DetectEngineCtx
*de_ctx, Signature *s, char *depths
             }
             cd->depth = (uint32_t)atoi(str);
             if (cd->content_len + cd->offset > cd->depth) {
+                uint32_t depth = (cd->depth > cd->content_len) ?
+                    cd->depth : cd->content_len;
+                cd->depth = cd->offset + depth;
+
                 SCLogDebug("depth increased to %"PRIu32" to match
pattern len "
-                        "and offset", cd->content_len + cd->offset);
-                cd->depth = cd->content_len + cd->offset;
+                        "and offset", cd->depth);
             }
         break;


Current master should work!

Cheers,
Victor

rmkml wrote:
> Hi,
> I have created a small patch for src/detect-depth.c:
> 
> @@ -98,8 +98,8 @@
>       cd->depth = (uint32_t)atoi(str);
>       if (cd->content_len + cd->offset > cd->depth) {
>           SCLogDebug("depth increased to %"PRIu32" to match pattern len "
> -                 "and offset", cd->content_len + cd->offset);
> -         cd->depth = cd->content_len + cd->offset;
> +                 "and offset", cd->content_len + cd->offset +
> (cd->depth - cd->content_len));
> +         cd->depth = cd->content_len + cd->offset + (cd->depth -
> cd->content_len);
>       }
>   break;
> 
> Apply on suricata git 20 May 2010
> (b629b7c5c1e2ad6c91b97b6708ad9ddc6a674502)
> Not tested(/modified) with uricontent and depth/offset...
> Regards
> Rmkml
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------



More information about the Oisf-devel mailing list