detect: create more strict rule validation

Don't allow control characters other than LF, CR, TAB.

diff --git a/src/detect-parse.c b/src/detect-parse.c
index 2c7d8f2ec6fa981b8af85fd8f7c44f6a1c37ee6d..152a821c56d28a0350ddb1ec150eee2dc3a7ffe8 100644 (file)
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1320,6 +1320,22 @@ error:
     return -1;
 }
 
+static inline bool CheckAscii(const char *str)
+{
+    for (size_t i = 0; i < strlen(str); i++) {
+        if (str[i] < 0x20) {
+            // LF CR TAB
+            if (str[i] == 0x0a || str[i] == 0x0d || str[i] == 0x09) {
+                continue;
+            }
+            return false;
+        } else if (str[i] == 0x7f) {
+            return false;
+        }
+    }
+    return true;
+}
+
 /**
  *  \brief parse a signature
  *
@@ -1341,6 +1357,11 @@ static int SigParse(DetectEngineCtx *de_ctx, Signature *s,
         SCReturnInt(-1);
     }
 
+    if (!CheckAscii(sigstr)) {
+        SCLogError("rule contains invalid (control) characters");
+        SCReturnInt(-1);
+    }
+
     s->sig_str = SCStrdup(sigstr);
     if (unlikely(s->sig_str == NULL)) {
         SCReturnInt(-1);