base64_data: reject fast_pattern use

If a rule has fast_pattern on base64_data, it is anyway not applied, so,
consider any such rules invalid.

Bug 5220

diff --git a/src/detect-fast-pattern.c b/src/detect-fast-pattern.c
index 6748186727c9f7847077f890c8d3994608636a27..52a7466551409724582869d91c5dd961f6f34162 100644 (file)
--- a/src/detect-fast-pattern.c
+++ b/src/detect-fast-pattern.c
@@ -272,6 +272,10 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
                 }
             }
         }
+        if (SigMatchListSMBelongsTo(s, pm) == DETECT_SM_LIST_BASE64_DATA) {
+            SCLogError("fast_pattern cannot be used with base64_data");
+            goto error;
+        }
         cd->flags |= DETECT_CONTENT_FAST_PATTERN;
         return 0;
     }