From: Victor Julien <victor@inliniac.net>
Date: Tue, 13 Dec 2016 09:23:21 +0000 (+0100)
Subject: http: allow lower/mixed case in proto detect
X-Git-Tag: suricata-3.2.1~98
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2454%2Fhead;p=thirdparty%2Fsuricata.git

http: allow lower/mixed case in proto detect

In HTTP detection registered patterns were upper case only. Since the
detection is based on both sides this would still work for sessions
where one of the talkers misbehaved. If both sides misbehave this
would fail however, so this patch introduces case insensive matching.
---

diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c
index 0f297df1fc..4d435cc236 100644
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@@ -2737,7 +2737,7 @@ static int HTPRegisterPatternsForProtocolDetection(void)
              * 3 is subtracted from the length since the spacing is hex typed as |xx|
              * but the pattern matching should only be one char
             */
-            register_result = AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP,
+            register_result = AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP,
                     ALPROTO_HTTP, method_buffer, strlen(method_buffer)-3, 0, STREAM_TOSERVER);
             if (register_result < 0) {
                 return -1;
@@ -2747,7 +2747,7 @@ static int HTPRegisterPatternsForProtocolDetection(void)
 
     /* Loop through all the http verions patterns that are TO_CLIENT */
     for (versions_pos = 0; versions[versions_pos]; versions_pos++) {
-        register_result = AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP,
+        register_result = AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP,
                 ALPROTO_HTTP, versions[versions_pos], strlen(versions[versions_pos]),
                 0, STREAM_TOCLIENT);
         if (register_result < 0) {