reject rules with duplicate content modifiers

author Eileen Donlon <emdonlo@gmail.com>

Mon, 12 Mar 2012 22:41:53 +0000 (18:41 -0400)

committer Victor Julien <victor@inliniac.net>

Mon, 19 Mar 2012 09:49:16 +0000 (10:49 +0100)
author Eileen Donlon <emdonlo@gmail.com>
Mon, 12 Mar 2012 22:41:53 +0000 (18:41 -0400)
committer Victor Julien <victor@inliniac.net>
Mon, 19 Mar 2012 09:49:16 +0000 (10:49 +0100)
diff --git a/src/detect-depth.c b/src/detect-depth.c

index e7afbbb397c1772478aeb7dd2a2eea022d302db8..94bfcc042f0a13fa1d5b0c24a9e80d30ad851726 100644 (file)
--- a/src/detect-depth.c
+++ b/src/detect-depth.c
@@ -142,6 +142,11 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
                  goto error;
              }
  
+            if (cd->flags & DETECT_CONTENT_DEPTH) {
+                SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use multiple depths for the same content.");
+                goto error;
+            }
+
              if (str[0] != '-' && isalpha(str[0])) {
                  SigMatch *bed_sm =
                      DetectByteExtractRetrieveSMVar(str, s,
diff --git a/src/detect-distance.c b/src/detect-distance.c

index 37f85b25e7ed38c55f4e4ce123858a490e181e05..55df9f39edb51ba7ba0910933fe3b5a1ad4fc4e2 100644 (file)
--- a/src/detect-distance.c
+++ b/src/detect-distance.c
@@ -216,6 +216,11 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
                  goto error;
              }
  
+            if (cd->flags & DETECT_CONTENT_DISTANCE) {
+                SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use multiple distances with the same content. ");
+                goto error;
+            }
+
              if (str[0] != '-' && isalpha(str[0])) {
                  SigMatch *bed_sm =
                      DetectByteExtractRetrieveSMVar(str, s,
diff --git a/src/detect-fast-pattern.c b/src/detect-fast-pattern.c

index 8f57583cd2553eb237f65c0aecdaf9f82dd89d4b..dab7ee35ed106a2228638d833c7fcb3cbee9918e 100644 (file)
--- a/src/detect-fast-pattern.c
+++ b/src/detect-fast-pattern.c
@@ -269,6 +269,10 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, char *a
      }
  
      if (arg == NULL|| strcmp(arg, "") == 0) {
+        if (cd->flags & DETECT_CONTENT_FAST_PATTERN) {
+            SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use multiple fast_pattern options for the same content. ");
+            goto error;
+        }
          cd->flags |= DETECT_CONTENT_FAST_PATTERN;
          return 0;
      }
diff --git a/src/detect-nocase.c b/src/detect-nocase.c

index c9bed180df61f1cc75f721985425f580fbb01ddf..69b07f7ca1e152cd9b404e70871b4f86e5769ad8 100644 (file)
--- a/src/detect-nocase.c
+++ b/src/detect-nocase.c
@@ -103,6 +103,10 @@ static int DetectNocaseSetup (DetectEngineCtx *de_ctx, Signature *s, char *nulls
                  SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid argument");
                  SCReturnInt(-1);
              }
+            if (cd->flags & DETECT_CONTENT_NOCASE) {
+                SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use multiple nocase modifiers with the same content; ignoring this option. ");
+                SCReturnInt(-1);
+            }
              cd->flags |= DETECT_CONTENT_NOCASE;
              /* Recreate the context with nocase chars */
              BoyerMooreCtxToNocase(cd->bm_ctx, cd->content, cd->content_len);
diff --git a/src/detect-offset.c b/src/detect-offset.c

index 15c241313eb17c9a64f7994069adf63ba42ad958..dcb21b3826ec9d3f7788ae2829b047ee44f3cc16 100644 (file)
--- a/src/detect-offset.c
+++ b/src/detect-offset.c
@@ -141,6 +141,11 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr)
                  goto error;
              }
  
+            if (cd->flags & DETECT_CONTENT_OFFSET) {
+                SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use multiple offsets for the same content. ");
+                goto error;
+            }
+
              if (str[0] != '-' && isalpha(str[0])) {
                  SigMatch *bed_sm =
                      DetectByteExtractRetrieveSMVar(str, s,
diff --git a/src/detect-rawbytes.c b/src/detect-rawbytes.c

index 480c9ba40ce51346700776c3c7dcad9f838cdf85..0952a85795989c9ebc7da9c3719ade479d9171c5 100644 (file)
--- a/src/detect-rawbytes.c
+++ b/src/detect-rawbytes.c
@@ -75,6 +75,10 @@ static int DetectRawbytesSetup (DetectEngineCtx *de_ctx, Signature *s, char *nul
          case DETECT_CONTENT:
          {
              DetectContentData *cd = (DetectContentData *)pm->ctx;
+            if (cd->flags & DETECT_CONTENT_RAWBYTES) {
+                SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use multiple rawbytes modifiers for the same content. ");
+                SCReturnInt(-1);
+            }
              cd->flags |= DETECT_CONTENT_RAWBYTES;
              break;
          }
author	Eileen Donlon <emdonlo@gmail.com>
	Mon, 12 Mar 2012 22:41:53 +0000 (18:41 -0400)
committer	Victor Julien <victor@inliniac.net>
	Mon, 19 Mar 2012 09:49:16 +0000 (10:49 +0100)
src/detect-depth.c		patch \| blob \| blame \| history
src/detect-distance.c		patch \| blob \| blame \| history
src/detect-fast-pattern.c		patch \| blob \| blame \| history
src/detect-nocase.c		patch \| blob \| blame \| history
src/detect-offset.c		patch \| blob \| blame \| history
src/detect-rawbytes.c		patch \| blob \| blame \| history