detect: fix fileext and filename negated match

fix bug in fileext and filename preventing negated match to work
correctly. Previously, negated fileext (such as !"php") would cause a
match anyway on files that have extension php, as the last if would not
be accessed.

Using the same workflow as detect-filemagic we remove the final
isolated if and set it as a branch of the previous if.

diff --git a/src/detect-fileext.c b/src/detect-fileext.c
index 223ebfc216837bb020da39ed6a0f679a0f89c7f6..817a5fe859f8141594e978fee0bb35407e20b8b6 100644 (file)
--- a/src/detect-fileext.c
+++ b/src/detect-fileext.c
@@ -116,9 +116,7 @@ static int DetectFileextMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
             ret = 1;
             SCLogDebug("File ext found");
         }
-    }
-
-    if (ret == 0 && (fileext->flags & DETECT_CONTENT_NEGATED)) {
+    } else if (fileext->flags & DETECT_CONTENT_NEGATED) {
         SCLogDebug("negated match");
         ret = 1;
     }

diff --git a/src/detect-filename.c b/src/detect-filename.c
index 27e8dd2b10390fbb00fd4e827e37bd388417aad9..190096e59394e60711961362d93effe1dceced9b 100644 (file)
--- a/src/detect-filename.c
+++ b/src/detect-filename.c
@@ -141,7 +141,7 @@ static int DetectFilenameMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
         }
     }
 
-    if (ret == 0 && (filename->flags & DETECT_CONTENT_NEGATED)) {
+    else if (filename->flags & DETECT_CONTENT_NEGATED) {
         SCLogDebug("negated match");
         ret = 1;
     }