reject rules with an invalid ttl range

author Eileen Donlon <emdonlo@gmail.com>

Wed, 21 Mar 2012 16:12:38 +0000 (12:12 -0400)

committer Victor Julien <victor@inliniac.net>

Thu, 22 Mar 2012 11:41:19 +0000 (12:41 +0100)
author Eileen Donlon <emdonlo@gmail.com>
Wed, 21 Mar 2012 16:12:38 +0000 (12:12 -0400)
committer Victor Julien <victor@inliniac.net>
Thu, 22 Mar 2012 11:41:19 +0000 (12:41 +0100)
diff --git a/src/detect-ttl.c b/src/detect-ttl.c

index 89f890bda91a7aad78f57659a905ddd941d982d9..a83451bbc71c04b5c358170a0cf38f853aae7a47 100644 (file)
--- a/src/detect-ttl.c
+++ b/src/detect-ttl.c
@@ -219,8 +219,11 @@ DetectTtlData *DetectTtlParse (char *ttlstr) {
                  ttld->ttl1 = (uint8_t) atoi(arg1);
  
                  ttld->ttl2 = (uint8_t) atoi(arg3);
-                SCLogDebug("ttl is %"PRIu8" and %"PRIu8"",ttld->ttl1, ttld->ttl2);
-
+                SCLogDebug("ttl is %"PRIu8" to %"PRIu8"",ttld->ttl1, ttld->ttl2);
+                if (ttld->ttl1 >= ttld->ttl2) {
+                    SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid ttl range. ");
+                    goto error;
+                }
                  break;
              default:
                  ttld->mode = DETECT_TTL_EQ;
author	Eileen Donlon <emdonlo@gmail.com>
	Wed, 21 Mar 2012 16:12:38 +0000 (12:12 -0400)
committer	Victor Julien <victor@inliniac.net>
	Thu, 22 Mar 2012 11:41:19 +0000 (12:41 +0100)