detect/content: Validate content byte array

This commit checks whether the content byte array is compatible with the
transforms, if any, for the rule.

diff --git a/src/detect-content.c b/src/detect-content.c
index 7ab5ba6e12b64e2acca87d16b7dca94075fc8293..bfadd6ddc6dbc35e7d80b51ce2430eea7b2f7da5 100644 (file)
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -335,6 +335,17 @@ int DetectContentSetup(DetectEngineCtx *de_ctx, Signature *s, const char *conten
     int sm_list = s->init_data->list;
     if (sm_list == DETECT_SM_LIST_NOTSET) {
         sm_list = DETECT_SM_LIST_PMATCH;
+    } else if (sm_list > DETECT_SM_LIST_MAX &&
+            0 == (cd->flags & DETECT_CONTENT_NEGATED)) {
+        /* Check transform compatibility */
+        const char *tstr;
+        if (!DetectBufferTypeValidateTransform(de_ctx, sm_list, cd->content,
+                    cd->content_len, &tstr)) {
+            SCLogError(SC_ERR_INVALID_SIGNATURE,
+                    "content string \"%s\" incompatible with %s transform",
+                    contentstr, tstr);
+            goto error;
+        }
     }
 
     sm = SigMatchAlloc();