allow only one flow option in a rule

author Eileen Donlon <emdonlo@gmail.com>

Mon, 30 Apr 2012 15:54:25 +0000 (11:54 -0400)

committer Victor Julien <victor@inliniac.net>

Tue, 1 May 2012 14:11:25 +0000 (16:11 +0200)
author Eileen Donlon <emdonlo@gmail.com>
Mon, 30 Apr 2012 15:54:25 +0000 (11:54 -0400)
committer Victor Julien <victor@inliniac.net>
Tue, 1 May 2012 14:11:25 +0000 (16:11 +0200)
diff --git a/src/detect-flow.c b/src/detect-flow.c

index 65fe1de59a0b8f94cb21eef83221cfee9a58b9bb..d437421d52259d786d02386a8f7ec4827685360f 100644 (file)
--- a/src/detect-flow.c
+++ b/src/detect-flow.c
@@ -309,6 +309,12 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, char *flowstr)
      if (fd == NULL)
          goto error;
  
+    /*ensure only one flow option*/
+    if (s->init_flags & SIG_FLAG_INIT_FLOW) {
+        SCLogError (SC_ERR_INVALID_SIGNATURE, "A signature may have only one flow option.");
+        goto error;
+    }
+
      /* Okay so far so good, lets get this into a SigMatch
       * and put it in the Signature. */
      sm = SigMatchAlloc();
@@ -329,7 +335,6 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, char *flowstr)
          s->flags |= SIG_FLAG_TOSERVER;
          s->flags |= SIG_FLAG_TOCLIENT;
      }
-
      if (fd->flags & FLOW_PKT_ONLYSTREAM) {
          s->flags |= SIG_FLAG_REQUIRE_STREAM;
      }
author	Eileen Donlon <emdonlo@gmail.com>
	Mon, 30 Apr 2012 15:54:25 +0000 (11:54 -0400)
committer	Victor Julien <victor@inliniac.net>
	Tue, 1 May 2012 14:11:25 +0000 (16:11 +0200)