detect/content: Validate content byte array

This commit checks whether the content byte array is compatible with the
transforms, if any, for the rule.

(cherry picked from commit 051465ee74422eb7578bdb8ef92f76037d7c47ec)

diff --git a/src/detect-content.c b/src/detect-content.c
index edfbada6f79b9294a0bcc2a6727a808fa574eb5e..8f7ddea46165c38adc027f4b8354cc965027135c 100644 (file)
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -335,6 +335,17 @@ int DetectContentSetup(DetectEngineCtx *de_ctx, Signature *s, const char *conten
     int sm_list = s->init_data->list;
     if (sm_list == DETECT_SM_LIST_NOTSET) {
         sm_list = DETECT_SM_LIST_PMATCH;
+    } else if (sm_list > DETECT_SM_LIST_MAX &&
+            0 == (cd->flags & DETECT_CONTENT_NEGATED)) {
+        /* Check transform compatibility */
+        const char *tstr;
+        if (!DetectBufferTypeValidateTransform(de_ctx, sm_list, cd->content,
+                    cd->content_len, &tstr)) {
+            SCLogError(SC_ERR_INVALID_SIGNATURE,
+                    "content string \"%s\" incompatible with %s transform",
+                    contentstr, tstr);
+            goto error;
+        }
     }
 
     sm = SigMatchAlloc();