]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 63f2032)
detect-filename: avoid multiple inspections of buf
authorEric Leblond <eric@regit.org>
Sun, 21 Apr 2019 07:40:28 +0000 (09:40 +0200)
committerVictor Julien <victor@inliniac.net>
Tue, 23 Apr 2019 09:11:50 +0000 (11:11 +0200)
If the filename inspection function is returning nomatch this will
trigger iterative inspections with same content (aka filename) being
inspected. To avoid this we change the return as the buffer inspection
has not to be inspected anymore.

src/detect-filename.c patch | blob | blame | history

diff --git a/src/detect-filename.c b/src/detect-filename.c
index 1ffb55d5f2ea7da013f9d848f17880de9d280dd3..41c695fc2cf43542883f3bab5bbe45b61837e5b9 100644 (file)
--- a/src/detect-filename.c
+++ b/src/detect-filename.c
@@ -418,7 +418,7 @@ static int DetectEngineInspectFilename(
     if (r == 1)
         return DETECT_ENGINE_INSPECT_SIG_MATCH;
     else
-        return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
+        return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH_FILESTORE;
 }
 
 typedef struct PrefilterMpmFilename {
Mirror of https://github.com/OISF/suricata.git