]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 593b0cb)
cookie header now inspects Set-Cookie headers as well
authorAnoop Saldanha <poonaatsoc@gmail.com>
Sat, 16 Jun 2012 08:46:10 +0000 (14:16 +0530)
committerVictor Julien <victor@inliniac.net>
Wed, 20 Jun 2012 15:55:34 +0000 (17:55 +0200)
src/detect-engine-hcd.c patch | blob | blame | history

diff --git a/src/detect-engine-hcd.c b/src/detect-engine-hcd.c
index d23585467b17775110806fa1797fbc7897e729ab..b7ad2b88eaf9b894cab542df70ebda058f936ec4 100644 (file)
--- a/src/detect-engine-hcd.c
+++ b/src/detect-engine-hcd.c
@@ -88,11 +88,21 @@ int DetectEngineRunHttpCookieMpm(DetectEngineThreadCtx *det_ctx, Flow *f,
         if (tx == NULL)
             continue;
 
-        htp_header_t *h = (htp_header_t *)table_getc(tx->request_headers,
-                                                     "Cookie");
-        if (h == NULL) {
-            SCLogDebug("HTTP cookie header not present in this request");
-            continue;
+        htp_header_t *h = NULL;
+        if (flags & STREAM_TOSERVER) {
+            h = (htp_header_t *)table_getc(tx->request_headers,
+                                           "Cookie");
+            if (h == NULL) {
+                SCLogDebug("HTTP cookie header not present in this request");
+                continue;
+            }
+        } else {
+            h = (htp_header_t *)table_getc(tx->response_headers,
+                                           "Set-Cookie");
+            if (h == NULL) {
+                SCLogDebug("HTTP Set-Cookie header not present in this request");
+                continue;
+            }
         }
 
         cnt += HttpCookiePatternSearch(det_ctx,
@@ -153,11 +163,21 @@ int DetectEngineInspectHttpCookie(DetectEngineCtx *de_ctx,
         if (tx == NULL)
             continue;
 
-        htp_header_t *h = (htp_header_t *)table_getc(tx->request_headers,
-                                                     "Cookie");
-        if (h == NULL) {
-            SCLogDebug("HTTP cookie header not present in this request");
-            continue;
+        htp_header_t *h = NULL;
+        if (flags & STREAM_TOSERVER) {
+            h = (htp_header_t *)table_getc(tx->request_headers,
+                                           "Cookie");
+            if (h == NULL) {
+                SCLogDebug("HTTP cookie header not present in this request");
+                continue;
+            }
+        } else {
+            h = (htp_header_t *)table_getc(tx->response_headers,
+                                           "Set-Cookie");
+            if (h == NULL) {
+                SCLogDebug("HTTP Set-Cookie header not present in this request");
+                continue;
+            }
         }
 
         det_ctx->buffer_offset = 0;
Mirror of https://github.com/OISF/suricata.git