signature: adds file flag for file_data keyword

So that SigValidate can check if a protocol not supporting
files was set after this keyword

(cherry picked from commit e5d4332ede1201c44b40d655b51dcc0062d5cfc1)

diff --git a/src/detect-file-data.c b/src/detect-file-data.c
index 755a6151a2ddb15778efae68e5a06781aea9f58e..b939bd7c9324afe8266c452b0db59093a83b0bd7 100644 (file)
--- a/src/detect-file-data.c
+++ b/src/detect-file-data.c
@@ -171,6 +171,7 @@ static int DetectFiledataSetup (DetectEngineCtx *de_ctx, Signature *s, const cha
 
     DetectBufferSetActiveList(s, DetectBufferTypeGetByName("file_data"));
 
+    s->init_data->init_flags |= SIG_FLAG_INIT_FILEDATA;
     SetupDetectEngineConfig(de_ctx);
     return 0;
 }

diff --git a/src/detect-parse.c b/src/detect-parse.c
index b4cc3d0863de693b1c35eec20b1dd87bb014a7c1..f713cd9c27294d0d187ceb15eac6e9053c317d47 100644 (file)
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1766,7 +1766,8 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
     }
 #endif
 
-    if ((s->flags & SIG_FLAG_FILESTORE) || s->file_flags != 0) {
+    if ((s->flags & SIG_FLAG_FILESTORE) || s->file_flags != 0 ||
+        (s->init_data->init_flags & SIG_FLAG_INIT_FILEDATA)) {
         if (s->alproto != ALPROTO_UNKNOWN &&
                 !AppLayerParserSupportsFiles(IPPROTO_TCP, s->alproto))
         {

diff --git a/src/detect.h b/src/detect.h
index aa59f5c6f12eea394b9dffe506e210f18908f0f1..c73aecfb09a4be50ab42b054ed719344bf2a3687 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -268,6 +268,7 @@ typedef struct DetectPort_ {
 #define SIG_FLAG_INIT_HAS_TRANSFORM         (1<<5)
 #define SIG_FLAG_INIT_STATE_MATCH           (1<<6)  /**< signature has matches that require stateful inspection */
 #define SIG_FLAG_INIT_NEED_FLUSH            (1<<7)
+#define SIG_FLAG_INIT_FILEDATA              BIT_U32(9)  /**< signature has filedata keyword */
 
 /* signature mask flags */
 /** \note: additions should be added to the rule analyzer as well */