detect/mpm: Improved handling of variable values

author Jeff Lucovsky <jeff@lucovsky.org>

Sat, 23 Nov 2019 19:33:38 +0000 (14:33 -0500)

committer Victor Julien <victor@inliniac.net>

Mon, 25 Nov 2019 19:03:37 +0000 (20:03 +0100)
author Jeff Lucovsky <jeff@lucovsky.org>
Sat, 23 Nov 2019 19:33:38 +0000 (14:33 -0500)
committer Victor Julien <victor@inliniac.net>
Mon, 25 Nov 2019 19:03:37 +0000 (20:03 +0100)
diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c

index ed9abae24d4920cdcf5171338a3ec7863595ad88..b8bf2572c5f48322095ccf653ce78b37d1b63b26 100644 (file)
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@@ -736,6 +736,13 @@ static void PopulateMpmHelperAddPattern(MpmCtx *mpm_ctx,
          }
      }
  
+    /* We have to effectively "wild card" values that will be coming from
+     * byte_extract variables
+     */
+    if (cd->flags & (DETECT_CONTENT_DEPTH_BE | DETECT_CONTENT_OFFSET_BE)) {
+        pat_depth = pat_offset = 0;
+    }
+
      if (cd->flags & DETECT_CONTENT_NOCASE) {
          if (chop) {
              MpmAddPatternCI(mpm_ctx,
author	Jeff Lucovsky <jeff@lucovsky.org>
	Sat, 23 Nov 2019 19:33:38 +0000 (14:33 -0500)
committer	Victor Julien <victor@inliniac.net>
	Mon, 25 Nov 2019 19:03:37 +0000 (20:03 +0100)