]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
detect/parse: error out on unused sticky buffers 3580/head
authorVictor Julien <victor@inliniac.net>
Wed, 28 Nov 2018 09:02:57 +0000 (10:02 +0100)
committerVictor Julien <victor@inliniac.net>
Tue, 11 Dec 2018 06:05:50 +0000 (07:05 +0100)
src/detect-dns-query.c
src/detect-parse.c

index e22e19ba133fbad67cfc68f8027f56d5bff82a42..e57a7875d1b9e211d8b3cf40635fbbe2cb35e492 100644 (file)
@@ -627,7 +627,7 @@ static int DetectDnsQueryTest03(void)
 
     s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any "
                               "(msg:\"Test dns_query option\"; "
-                              "content:\"google\"; nocase; dns_query; sid:1;)");
+                              "dns_query; content:\"google\"; nocase; sid:1;)");
     FAIL_IF_NULL(s);
 
     SigGroupBuild(de_ctx);
index c2ab03586a65639f6a71221314a12edf1ff16ddd..77608269628b99ae68a957e6eea450d8847f7ea5 100644 (file)
@@ -1548,6 +1548,16 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
 
     SCEnter();
 
+    /* check for sticky buffers that were set w/o matches
+     * e.g. alert ... (file_data; sid:1;) */
+    if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
+        if (s->init_data->smlists[s->init_data->list] == NULL) {
+            SCLogError(SC_ERR_INVALID_SIGNATURE, "rule %u setup buffer %s but didn't add matches to it",
+                    s->id, DetectBufferTypeGetNameById(de_ctx, s->init_data->list));
+            SCReturnInt(0);
+        }
+    }
+
     /* run buffer type validation callbacks if any */
     if (s->init_data->smlists[DETECT_SM_LIST_PMATCH]) {
         if (DetectContentPMATCHValidateCallback(s) == FALSE)