reject http_client_body with inconsistent flow dir

author Eileen Donlon <emdonlo@gmail.com>

Tue, 13 Mar 2012 00:31:58 +0000 (20:31 -0400)

committer Victor Julien <victor@inliniac.net>

Mon, 19 Mar 2012 09:46:17 +0000 (10:46 +0100)
author Eileen Donlon <emdonlo@gmail.com>
Tue, 13 Mar 2012 00:31:58 +0000 (20:31 -0400)
committer Victor Julien <victor@inliniac.net>
Mon, 19 Mar 2012 09:46:17 +0000 (10:46 +0100)
diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c

index 5ce8a129597114ce3d223d9d4285be3bc3749aa6..90546a56192a2483b04b390383f8d1810c66f9ad 100644 (file)
--- a/src/detect-http-client-body.c
+++ b/src/detect-http-client-body.c
@@ -128,6 +128,11 @@ int DetectHttpClientBodySetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
          goto error;
      }
  
+    if (s->flags & SIG_FLAG_TOCLIENT) {
+        SCLogError(SC_ERR_INVALID_SIGNATURE, "http_client_body can not be used with flow:to_client or flow:from_server. ");
+        goto error;
+    }
+
      if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) {
          SigMatch *pm =  SigMatchGetLastSMFromLists(s, 4,
                                                     DETECT_CONTENT, sm->prev,
author	Eileen Donlon <emdonlo@gmail.com>
	Tue, 13 Mar 2012 00:31:58 +0000 (20:31 -0400)
committer	Victor Julien <victor@inliniac.net>
	Mon, 19 Mar 2012 09:46:17 +0000 (10:46 +0100)