detect-flowbits: error on some invalid syntax

The regular expression was accepting something like
"flowbits:!isset,isma;" without complaining even if it is not
correct and don't have the expected result.

diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c
index 23cd2036d3a166883132331be83494ac9dedfa7d..efb946d66c3d2fddee534b94a675b54641876d96 100644 (file)
--- a/src/detect-flowbits.c
+++ b/src/detect-flowbits.c
@@ -45,7 +45,7 @@
 #include "util-unittest.h"
 #include "util-debug.h"
 
-#define PARSE_REGEX         "([a-z]+)(?:,\\s*(.*))?"
+#define PARSE_REGEX         "^([a-z]+)(?:,\\s*(.*))?"
 static pcre *parse_regex;
 static pcre_extra *parse_regex_study;
 
@@ -769,6 +769,9 @@ static int FlowBitsTestSig02(void)
     s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"toggle rule need an option\"; flowbits:toggle; content:\"GET \"; sid:5;)");
     FAIL_IF_NOT_NULL(s);
 
+    s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"!set is not an option\"; flowbits:!set,myerr; content:\"GET \"; sid:6;)");
+    FAIL_IF_NOT_NULL(s);
+
     SigGroupBuild(de_ctx);
     DetectEngineCtxFree(de_ctx);