From: Alessandro Guido Date: Fri, 20 Jun 2014 12:01:11 +0000 (+0200) Subject: Fix issue #1214 X-Git-Tag: suricata-2.0.2~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F995%2Fhead;p=thirdparty%2Fsuricata.git Fix issue #1214 When applying wildcard thresholds (with sid = 0 and/or gid = 0) it's wrong to exit on the first signature already having an event filter. Indeed, doing so results in the theshold not being applied to all subsequent signatures. Change the code in order to skip signatures with event filters instead of breaking out of the loop. --- diff --git a/src/util-threshold-config.c b/src/util-threshold-config.c index b354e80aa8..59e04be9e9 100644 --- a/src/util-threshold-config.c +++ b/src/util-threshold-config.c @@ -461,7 +461,7 @@ static int SetupThresholdRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid "an event var set. The signature event var is " "given precedence over the threshold.conf one. " "We'll change this in the future though.", s->id); - goto end; + continue; } sm = SigMatchGetLastSMFromLists(s, 2, @@ -471,7 +471,7 @@ static int SetupThresholdRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid "an event var set. The signature event var is " "given precedence over the threshold.conf one. " "We'll change this in the future though.", s->id); - goto end; + continue; } de = SCMalloc(sizeof(DetectThresholdData)); @@ -525,7 +525,7 @@ static int SetupThresholdRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid "an event var set. The signature event var is " "given precedence over the threshold.conf one. " "We'll change this in the future though.", id); - goto end; + continue; } sm = SigMatchGetLastSMFromLists(s, 2, @@ -535,7 +535,7 @@ static int SetupThresholdRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid "an event var set. The signature event var is " "given precedence over the threshold.conf one. " "We'll change this in the future though.", id); - goto end; + continue; } de = SCMalloc(sizeof(DetectThresholdData));