s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any "
"(msg:\"Test dns_query option\"; "
- "content:\"google\"; nocase; dns_query; sid:1;)");
+ "dns_query; content:\"google\"; nocase; sid:1;)");
FAIL_IF_NULL(s);
SigGroupBuild(de_ctx);
SCEnter();
+ /* check for sticky buffers that were set w/o matches
+ * e.g. alert ... (file_data; sid:1;) */
+ if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
+ if (s->init_data->smlists[s->init_data->list] == NULL) {
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "rule %u setup buffer %s but didn't add matches to it",
+ s->id, DetectBufferTypeGetNameById(de_ctx, s->init_data->list));
+ SCReturnInt(0);
+ }
+ }
+
/* run buffer type validation callbacks if any */
if (s->init_data->smlists[DETECT_SM_LIST_PMATCH]) {
if (DetectContentPMATCHValidateCallback(s) == FALSE)