detect/icmp: reject invalid rules for icode/itype

author Victor Julien <victor@inliniac.net>

Wed, 3 Mar 2021 13:01:55 +0000 (14:01 +0100)

committer Victor Julien <victor@inliniac.net>

Fri, 5 Mar 2021 10:42:23 +0000 (11:42 +0100)
author Victor Julien <victor@inliniac.net>
Wed, 3 Mar 2021 13:01:55 +0000 (14:01 +0100)
committer Victor Julien <victor@inliniac.net>
Fri, 5 Mar 2021 10:42:23 +0000 (11:42 +0100)
diff --git a/src/detect-icode.c b/src/detect-icode.c

index a0cadbdacf7c60b0eef7b0a7eddfdfe03601a5d1..460389f8fc2a27cde2ecdf03578077540b01a750 100644 (file)
--- a/src/detect-icode.c
+++ b/src/detect-icode.c
@@ -191,8 +191,25 @@ static DetectICodeData *DetectICodeParse(DetectEngineCtx *de_ctx, const char *ic
                                          "valid", args[1]);
              goto error;
          }
-        if ((strcmp(args[0], ">")) == 0) icd->mode = DETECT_ICODE_GT;
-        else icd->mode = DETECT_ICODE_LT;
+        if ((strcmp(args[0], ">")) == 0) {
+            if (icd->code1 == 255) {
+                SCLogError(SC_ERR_INVALID_ARGUMENT,
+                        "specified icmp code >%s is not "
+                        "valid",
+                        args[1]);
+                goto error;
+            }
+            icd->mode = DETECT_ICODE_GT;
+        } else {
+            if (icd->code1 == 0) {
+                SCLogError(SC_ERR_INVALID_ARGUMENT,
+                        "specified icmp code <%s is not "
+                        "valid",
+                        args[1]);
+                goto error;
+            }
+            icd->mode = DETECT_ICODE_LT;
+        }
      } else { /* no "<", ">" */
          /* we have a range ("<>") */
          if (args[2] != NULL) {
@@ -590,4 +607,4 @@ void DetectICodeRegisterTests(void)
      UtRegisterTest("DetectICodeParseTest08", DetectICodeParseTest08);
      UtRegisterTest("DetectICodeMatchTest01", DetectICodeMatchTest01);
  }
-#endif /* UNITTESTS */
-\ No newline at end of file
+#endif /* UNITTESTS */
diff --git a/src/detect-itype.c b/src/detect-itype.c

index ba0f2f1397c6ce3165eccd269f7095aecdf6cb75..21309f804595dbecf58b49e7455ae63aebd1acbd 100644 (file)
--- a/src/detect-itype.c
+++ b/src/detect-itype.c
@@ -191,8 +191,25 @@ static DetectITypeData *DetectITypeParse(DetectEngineCtx *de_ctx, const char *it
                                                  "valid", args[1]);
              goto error;
          }
-        if ((strcmp(args[0], ">")) == 0) itd->mode = DETECT_ITYPE_GT;
-        else itd->mode = DETECT_ITYPE_LT;
+        if ((strcmp(args[0], ">")) == 0) {
+            if (itd->type1 == 255) {
+                SCLogError(SC_ERR_INVALID_ARGUMENT,
+                        "specified icmp type >%s is not "
+                        "valid",
+                        args[1]);
+                goto error;
+            }
+            itd->mode = DETECT_ITYPE_GT;
+        } else {
+            if (itd->type1 == 0) {
+                SCLogError(SC_ERR_INVALID_ARGUMENT,
+                        "specified icmp type <%s is not "
+                        "valid",
+                        args[1]);
+                goto error;
+            }
+            itd->mode = DETECT_ITYPE_LT;
+        }
      } else { /* no "<", ">" */
          /* we have a range ("<>") */
          if (args[2] != NULL) {
@@ -595,4 +612,4 @@ void DetectITypeRegisterTests(void)
      UtRegisterTest("DetectITypeParseTest08", DetectITypeParseTest08);
      UtRegisterTest("DetectITypeMatchTest01", DetectITypeMatchTest01);
  }
-#endif /* UNITTESTS */
-\ No newline at end of file
+#endif /* UNITTESTS */
author	Victor Julien <victor@inliniac.net>
	Wed, 3 Mar 2021 13:01:55 +0000 (14:01 +0100)
committer	Victor Julien <victor@inliniac.net>
	Fri, 5 Mar 2021 10:42:23 +0000 (11:42 +0100)
src/detect-icode.c		patch \| blob \| blame \| history
src/detect-itype.c		patch \| blob \| blame \| history