rule-parser: detect duplicate rev keyword

author Andreas Herz <andi@geekosphere.org>

Fri, 11 Aug 2017 21:25:44 +0000 (23:25 +0200)

committer Victor Julien <victor@inliniac.net>

Tue, 29 Aug 2017 11:02:24 +0000 (13:02 +0200)
author Andreas Herz <andi@geekosphere.org>
Fri, 11 Aug 2017 21:25:44 +0000 (23:25 +0200)
committer Victor Julien <victor@inliniac.net>
Tue, 29 Aug 2017 11:02:24 +0000 (13:02 +0200)
diff --git a/src/detect-rev.c b/src/detect-rev.c

index d558e75477b5e7c4715bfbba65f753a782a9b544..faa066393f45778abfed3cc611f2dd9a69679def 100644 (file)
--- a/src/detect-rev.c
+++ b/src/detect-rev.c
@@ -56,6 +56,14 @@ static int DetectRevSetup (DetectEngineCtx *de_ctx, Signature *s, const char *ra
          SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "rev value to high, max %u", UINT_MAX);
          goto error;
      }
+    if (rev == 0) {
+        SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "rev value 0 is invalid");
+        goto error;
+    }
+    if (s->rev > 0) {
+        SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "duplicated 'rev' keyword detected");
+        goto error;
+    }
  
      s->rev = (uint32_t)rev;
author	Andreas Herz <andi@geekosphere.org>
	Fri, 11 Aug 2017 21:25:44 +0000 (23:25 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 29 Aug 2017 11:02:24 +0000 (13:02 +0200)