Merge pull request #640 in SNORT/snort3 from sd_pattern_from to master

Squashed commit of the following:

commit 8c9f3f7e17accb55731074226ba7325f8ad717cc
Author: Victor Roemer <viroemer@cisco.com>
Date:   Tue Sep 27 12:33:33 2016 -0400

    Slide validation input data to the start of match.

diff --git a/src/ips_options/ips_sd_pattern.cc b/src/ips_options/ips_sd_pattern.cc
index 62be4b6e7efd8168a6dbd6b9e626da5d13f721ff..7cce0a0d27b24bcf63b888779db58c6743197377 100644 (file)
--- a/src/ips_options/ips_sd_pattern.cc
+++ b/src/ips_options/ips_sd_pattern.cc
@@ -43,9 +43,9 @@
 #define s_name "sd_pattern"
 #define s_help "rule option for detecting sensitive data"
 
-#define SD_SOCIAL_PATTERN          "\\b\\d{3}-\\d{2}-\\d{4}\\b"
-#define SD_SOCIAL_NODASHES_PATTERN "\\b\\d{9}\\b"
-#define SD_CREDIT_PATTERN_ALL      "\\b\\d{4}[- ]?\\d{4}[- ]?\\d{2}[- ]?\\d{2}[- ]?\\d{3,4}\\b"
+#define SD_SOCIAL_PATTERN          R"(\b\d{3}-\d{2}-\d{4}\b)"
+#define SD_SOCIAL_NODASHES_PATTERN R"(\b\d{9}\b)"
+#define SD_CREDIT_PATTERN_ALL      R"(\b\d{4}[- ]?\d{4}[- ]?\d{2}[- ]?\d{2}[- ]?\d{3,4}\b)"
 
 // we need to update scratch in the main thread as each pattern is processed
 // and then clone to thread specific after all rules are loaded.  s_scratch is
@@ -186,8 +186,6 @@ struct hsContext
     const uint8_t* buf = nullptr;
 };
 
-// FIXIT-H Count matches
-// FIXIT-H afix this to SdPatternOption
 static int hs_match(unsigned int /*id*/, unsigned long long from,
         unsigned long long to, unsigned int /*flags*/, void *context)
 {
@@ -198,7 +196,7 @@ static int hs_match(unsigned int /*id*/, unsigned long long from,
     assert(ctx->start);
 
     unsigned long long len = to - from;
-    if ( ctx->config.validate && ctx->config.validate(ctx->buf, len) != 1 )
+    if ( ctx->config.validate && ctx->config.validate(ctx->buf+from, len) != 1 )
         return 0;
 
     ctx->count++;