]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6ab323d)
dcerpc: check app proto for signature keywords
authorPhilippe Antoine <contact@catenacyber.fr>
Mon, 13 Jul 2020 14:42:56 +0000 (16:42 +0200)
committerVictor Julien <victor@inliniac.net>
Fri, 24 Jul 2020 11:04:42 +0000 (13:04 +0200)
src/detect-dce-iface.c patch | blob | blame | history
src/detect-dce-opnum.c patch | blob | blame | history
src/detect-dce-stub-data.c patch | blob | blame | history

diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c
index e3236dfadaf935bb654be953af1bcb68bc05a298..434ceb3ffe4279edbf1e5fab48ee12653cd0cccc 100644 (file)
--- a/src/detect-dce-iface.c
+++ b/src/detect-dce-iface.c
@@ -160,7 +160,9 @@ static int DetectDceIfaceSetup(DetectEngineCtx *de_ctx, Signature *s, const char
 {
     SCEnter();
 
-    if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) != 0) {
+    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_DCERPC &&
+        s->alproto != ALPROTO_SMB) {
+        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
         return -1;
     }
     void *did = rs_dcerpc_iface_parse(arg);
diff --git a/src/detect-dce-opnum.c b/src/detect-dce-opnum.c
index 6344e3aea5f4a485ffec9cc2941d5070ef8d642b..509f1d3882cb04c95b924b1f235a01913d8f5fe9 100644 (file)
--- a/src/detect-dce-opnum.c
+++ b/src/detect-dce-opnum.c
@@ -132,6 +132,11 @@ static int DetectDceOpnumSetup(DetectEngineCtx *de_ctx, Signature *s, const char
         return -1;
     }
 
+    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_DCERPC &&
+        s->alproto != ALPROTO_SMB) {
+        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
+        return -1;
+    }
     void *dod = rs_dcerpc_opnum_parse(arg);
     if (dod == NULL) {
         SCLogError(SC_ERR_INVALID_SIGNATURE, "Error parsing dce_opnum option in "
diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c
index ace1346d841ebb9a07fea380bdbeba7ae94f664e..a4145452f94788474a401b99b2660f595bfb2852 100644 (file)
--- a/src/detect-dce-stub-data.c
+++ b/src/detect-dce-stub-data.c
@@ -171,6 +171,11 @@ void DetectDceStubDataRegister(void)
 
 static int DetectDceStubDataSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
 {
+    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_DCERPC &&
+        s->alproto != ALPROTO_SMB) {
+        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
+        return -1;
+    }
     if (DetectBufferSetActiveList(s, g_dce_stub_data_buffer_id) < 0)
         return -1;
     return 0;
Mirror of https://github.com/OISF/suricata.git