From b93c70fbd84f4d8135080104f9582f7734917730 Mon Sep 17 00:00:00 2001 From: Jeff Lucovsky Date: Wed, 5 Feb 2025 16:38:03 -0500 Subject: [PATCH] detect/entropy: Use entropy matching when needed This commit causes the content inspection engine to recognize and invoke the entropy "match" function when the entropy keyword is used. Issue: 4162 --- src/detect-engine-content-inspection.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/detect-engine-content-inspection.c b/src/detect-engine-content-inspection.c index 6ccc5e533e..7ee7c19d48 100644 --- a/src/detect-engine-content-inspection.c +++ b/src/detect-engine-content-inspection.c @@ -41,6 +41,7 @@ #include "detect-bytemath.h" #include "detect-bytejump.h" #include "detect-byte-extract.h" +#include "detect-entropy.h" #include "detect-replace.h" #include "detect-engine-content-inspection.h" #include "detect-uricontent.h" @@ -486,6 +487,11 @@ static int DetectEngineContentInspectionInternal(DetectEngineThreadCtx *det_ctx, det_ctx->pcre_match_start_offset = prev_offset; } while (1); + } else if (smd->type == DETECT_ENTROPY) { + if (!DetectEntropyDoMatch(det_ctx, s, smd->ctx, buffer, buffer_len)) { + goto no_match; + } + goto match; } else if (smd->type == DETECT_BYTETEST) { const DetectBytetestData *btd = (const DetectBytetestData *)smd->ctx; uint16_t btflags = btd->flags; -- 2.47.3