detect/krb5.sname: use new content inspect entry

author Victor Julien <vjulien@oisf.net>

Sat, 2 Dec 2023 08:45:15 +0000 (09:45 +0100)

committer Victor Julien <victor@inliniac.net>

Thu, 7 Dec 2023 08:56:59 +0000 (09:56 +0100)
author Victor Julien <vjulien@oisf.net>
Sat, 2 Dec 2023 08:45:15 +0000 (09:45 +0100)
committer Victor Julien <victor@inliniac.net>
Thu, 7 Dec 2023 08:56:59 +0000 (09:56 +0100)
diff --git a/src/detect-krb5-sname.c b/src/detect-krb5-sname.c

index 9fbe550b02f9ed207759055f37f6d22d1ada6ced..dae5c46e52152d3b4abd824fef02df8bc5758ad0 100644 (file)
--- a/src/detect-krb5-sname.c
+++ b/src/detect-krb5-sname.c
@@ -81,6 +81,7 @@ static InspectionBuffer *GetKrb5SNameData(DetectEngineThreadCtx *det_ctx,
      }
  
      InspectionBufferSetupMulti(buffer, transforms, b, b_len);
+    buffer->flags = DETECT_CI_FLAGS_SINGLE;
  
      SCReturnPtr(buffer, "InspectionBuffer");
  }
@@ -100,13 +101,11 @@ static uint8_t DetectEngineInspectKrb5SName(DetectEngineCtx *de_ctx, DetectEngin
          struct Krb5PrincipalNameDataArgs cbdata = { local_id, txv, };
          InspectionBuffer *buffer =
                  GetKrb5SNameData(det_ctx, transforms, f, &cbdata, engine->sm_list);
-
          if (buffer == NULL || buffer->inspect == NULL)
              break;
  
-        const bool match = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f,
-                buffer->inspect, buffer->inspect_len, buffer->inspect_offset,
-                DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
+        const bool match = DetectEngineContentInspectionBuffer(de_ctx, det_ctx, s, engine->smd,
+                NULL, f, buffer, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
          if (match) {
              return DETECT_ENGINE_INSPECT_SIG_MATCH;
          }
author	Victor Julien <vjulien@oisf.net>
	Sat, 2 Dec 2023 08:45:15 +0000 (09:45 +0100)
committer	Victor Julien <victor@inliniac.net>
	Thu, 7 Dec 2023 08:56:59 +0000 (09:56 +0100)