reject mixed relative and non-relative keywords

reject signatures using relative and non-relative positional keywords for the same content (depth or offset with distance or within)

diff --git a/src/detect-depth.c b/src/detect-depth.c
index 8c393a50e84d144887ef0f50f2f90ca5ef475660..e7afbbb397c1772478aeb7dd2a2eea022d302db8 100644 (file)
--- a/src/detect-depth.c
+++ b/src/detect-depth.c
@@ -136,6 +136,12 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
                 }
             }
 
+            if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) {
+                SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use a relative keyword "
+                               "with a non-relative keyword for the same content." );
+                goto error;
+            }
+
             if (str[0] != '-' && isalpha(str[0])) {
                 SigMatch *bed_sm =
                     DetectByteExtractRetrieveSMVar(str, s,

diff --git a/src/detect-distance.c b/src/detect-distance.c
index 5600bb7a98226c5ac087cdbdd819535d08ebf7fe..37f85b25e7ed38c55f4e4ce123858a490e181e05 100644 (file)
--- a/src/detect-distance.c
+++ b/src/detect-distance.c
@@ -210,6 +210,12 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
                 }
             }
 
+            if (cd->flags & DETECT_CONTENT_DEPTH || cd->flags & DETECT_CONTENT_OFFSET) {
+                SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use a relative keyword "
+                               "with a non-relative keyword for the same content." );
+                goto error;
+            }
+
             if (str[0] != '-' && isalpha(str[0])) {
                 SigMatch *bed_sm =
                     DetectByteExtractRetrieveSMVar(str, s,

diff --git a/src/detect-offset.c b/src/detect-offset.c
index dec956b5172e01ae1060fdd1680837cdbfa0d1fe..15c241313eb17c9a64f7994069adf63ba42ad958 100644 (file)
--- a/src/detect-offset.c
+++ b/src/detect-offset.c
@@ -135,6 +135,12 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr)
                 }
             }
 
+            if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) {
+                SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use a relative keyword "
+                               "with a non-relative keyword for the same content." );
+                goto error;
+            }
+
             if (str[0] != '-' && isalpha(str[0])) {
                 SigMatch *bed_sm =
                     DetectByteExtractRetrieveSMVar(str, s,
@@ -163,7 +169,6 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr)
 
             break;
 
-
         default:
             SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs a preceeding"
                     " content or uricontent option");

diff --git a/src/detect-within.c b/src/detect-within.c
index 525422f46aeccb34f28ef1bae0d6ab63b3bc704b..96a644ccdd71470018a03c86dc71b5c32b391a9e 100644 (file)
--- a/src/detect-within.c
+++ b/src/detect-within.c
@@ -212,6 +212,12 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
                 }
             }
 
+            if (cd->flags & DETECT_CONTENT_DEPTH || cd->flags & DETECT_CONTENT_OFFSET) {
+                SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use a relative keyword "
+                               "with a non-relative keyword for the same content." );
+                goto error;
+            }
+
             if (str[0] != '-' && isalpha(str[0])) {
                 SigMatch *bed_sm =
                     DetectByteExtractRetrieveSMVar(str, s,