nfs: add test for memleak w file_data

diff --git a/tests/nfs-file-data-4894/README b/tests/nfs-file-data-4894/README
new file mode 100644 (file)
index 0000000..4f8cc35
--- /dev/null
+++ b/tests/nfs-file-data-4894/README
@@ -0,0 +1,14 @@
+Description
+===========
+A test to demonstrate https://redmine.openinfosecfoundation.org/issues/4894 and
+https://redmine.openinfosecfoundation.org/issues/4895.
+
+Rule
+====
+
+Faulty rule provided by Jeff Lucovsky.
+
+PCAP
+====
+
+Pcap from https://wiki.wireshark.org/SampleCaptures#NFS_Protocol_Family

diff --git a/tests/nfs-file-data-4894/input.pcap b/tests/nfs-file-data-4894/input.pcap
new file mode 100644 (file)
index 0000000..9a94efd
Binary files /dev/null and b/tests/nfs-file-data-4894/input.pcap differ

diff --git a/tests/nfs-file-data-4894/test.rules b/tests/nfs-file-data-4894/test.rules
new file mode 100644 (file)
index 0000000..0521b3e
--- /dev/null
+++ b/tests/nfs-file-data-4894/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"NFS support";file.data;content:" ";nfs_procedure: < 14900000;sid:2;)

diff --git a/tests/nfs-file-data-4894/test.yaml b/tests/nfs-file-data-4894/test.yaml
new file mode 100644 (file)
index 0000000..d7095e5
--- /dev/null
+++ b/tests/nfs-file-data-4894/test.yaml
@@ -0,0 +1,15 @@
+requires:
+    lt-version: 7
+
+exit-code: 0
+
+command: |
+  ${SRCDIR}/src/suricata --set classification-file="${SRCDIR}/etc/classification.config"    \
+      --set reference-config-file="${SRCDIR}/etc/reference.config" -l ${OUTPUT_DIR}         \
+      --set threshold-file="${TEST_DIR}/threshold.config"                                   \
+      -c "${SRCDIR}/suricata.yaml" -r ${TEST_DIR}/input.pcap -S ${TEST_DIR}/test.rules 
+
+checks:
+    - shell:
+        args: grep "Can't use file_data with NFS keywords" stderr | wc -l | xargs
+        expect: 1