From: Anoop Saldanha <anoopsaldanha@gmail.com>
Date: Thu, 13 Jun 2013 14:54:55 +0000 (+0530)
Subject: Fix the bug specified in the previous commit.
X-Git-Tag: suricata-1.4.3~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F388%2Fhead;p=thirdparty%2Fsuricata.git

Fix the bug specified in the previous commit.

Bug emanates from byte_test, byte_jump and byte_extract keyword being
unable to handle negative offsets when the inspection pointer is at the
end of the buffer.
---

diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c
index 558822671c..87eb69eba7 100644
--- a/src/detect-byte-extract.c
+++ b/src/detect-byte-extract.c
@@ -156,14 +156,13 @@ int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, SigMatch *sm,
         ptr = payload + det_ctx->buffer_offset;
         len = payload_len - det_ctx->buffer_offset;
 
-        /* No match if there is no relative base */
-        if (len == 0) {
-            return 0;
-        }
-
         ptr += data->offset;
         len -= data->offset;
 
+        /* No match if there is no relative base */
+        if (len <= 0) {
+            return 0;
+        }
         //PrintRawDataFp(stdout,ptr,len);
     } else {
         SCLogDebug("absolute, data->offset %"PRIu32"", data->offset);
diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c
index 9b7a051a5d..9d414101c2 100644
--- a/src/detect-bytejump.c
+++ b/src/detect-bytejump.c
@@ -129,13 +129,13 @@ int DetectBytejumpDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s,
         ptr = payload + det_ctx->buffer_offset;
         len = payload_len - det_ctx->buffer_offset;
 
+        ptr += offset;
+        len -= offset;
+
         /* No match if there is no relative base */
-        if (ptr == NULL || len == 0) {
+        if (ptr == NULL || len <= 0) {
             SCReturnInt(0);
         }
-
-        ptr += offset;
-        len -= offset;
     }
     else {
         ptr = payload + offset;
diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c
index 297ac08c46..f531be55a1 100644
--- a/src/detect-bytetest.c
+++ b/src/detect-bytetest.c
@@ -136,14 +136,13 @@ int DetectBytetestDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s, SigMatch
         ptr = payload + det_ctx->buffer_offset;
         len = payload_len - det_ctx->buffer_offset;
 
-        /* No match if there is no relative base */
-        if (ptr == NULL || len == 0) {
-            SCReturnInt(0);
-        }
-
         ptr += offset;
         len -= offset;
 
+        /* No match if there is no relative base */
+        if (ptr == NULL || len <= 0) {
+            SCReturnInt(0);
+        }
         //PrintRawDataFp(stdout,ptr,len);
     }
     else {