rule-parser: detect duplicate sid keyword

author Andreas Herz <andi@geekosphere.org>

Fri, 11 Aug 2017 21:24:22 +0000 (23:24 +0200)

committer Victor Julien <victor@inliniac.net>

Tue, 29 Aug 2017 11:02:24 +0000 (13:02 +0200)
author Andreas Herz <andi@geekosphere.org>
Fri, 11 Aug 2017 21:24:22 +0000 (23:24 +0200)
committer Victor Julien <victor@inliniac.net>
Tue, 29 Aug 2017 11:02:24 +0000 (13:02 +0200)
diff --git a/src/detect-sid.c b/src/detect-sid.c

index a356f23fdc2d15968545c570271ab598e0481c72..58d352d9c9ed9b77c1cdcfa6913a8cb5c7157c05 100644 (file)
--- a/src/detect-sid.c
+++ b/src/detect-sid.c
@@ -60,6 +60,14 @@ static int DetectSidSetup (DetectEngineCtx *de_ctx, Signature *s, const char *si
          SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "sid value to high, max %u", UINT_MAX);
          goto error;
      }
+    if (id == 0) {
+        SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "sid value 0 is invalid");
+        goto error;
+    }
+    if (s->id > 0) {
+        SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "duplicated 'sid' keyword detected");
+        goto error;
+    }
  
      s->id = (uint32_t)id;
      return 0;
author	Andreas Herz <andi@geekosphere.org>
	Fri, 11 Aug 2017 21:24:22 +0000 (23:24 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 29 Aug 2017 11:02:24 +0000 (13:02 +0200)