detect/bytejump: Improve end-of-buffer handling

Issue: 4623

This commit addresses the issues reported in issue 4623 when the jump
value points at the last byte in the buffer.

(cherry picked from commit f363b99fd7592824dbcbec465f1968c6f615ccaa)

diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c
index b4d61252c59a6b80ca6c044f57d72487b919b10d..e632501d94f7f58a10e61001959673baa3d28c04 100644 (file)
--- a/src/detect-bytejump.c
+++ b/src/detect-bytejump.c
@@ -113,24 +113,19 @@ int DetectBytejumpDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s,
     /* Calculate the ptr value for the bytejump and length remaining in
      * the packet from that point.
      */
-    ptr = payload;
-    len = payload_len;
+    ptr = payload + offset;
+    len = payload_len - offset;
     if (flags & DETECT_BYTEJUMP_RELATIVE) {
         ptr += det_ctx->buffer_offset;
         len -= det_ctx->buffer_offset;
 
-        ptr += offset;
-        len -= offset;
+        SCLogDebug("[relative] after: ptr %p [len %d]", ptr, len);
 
         /* No match if there is no relative base */
-        if (ptr == NULL || len <= 0) {
+        if (ptr == NULL || (data->nbytes && len <= 0)) {
             SCReturnInt(0);
         }
     }
-    else {
-        ptr += offset;
-        len -= offset;
-    }
 
     /* Verify the to-be-extracted data is within the packet */
     if (ptr < payload || data->nbytes > len) {
@@ -193,7 +188,7 @@ int DetectBytejumpDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s,
     if (jumpptr < payload) {
         jumpptr = payload;
         SCLogDebug("jump location is before buffer start; resetting to buffer start");
-    } else if (jumpptr >= (payload + payload_len)) {
+    } else if (jumpptr > (payload + payload_len)) {
         SCLogDebug("Jump location (%" PRIu64 ") is not within payload (%" PRIu32 ")",
                 payload_len + val, payload_len);
         SCReturnInt(0);