detect/file_data: Reject invalid protocols

Issue: #4895

This commit causes Suricata to reject signatures that combine TCP-based
alerts using file_data with NFS keywords.

file_data doesn't support the NFS protocol.

(cherry picked from commit 215335fdc6431e1c5de6155aa64c152bda507b72)

diff --git a/src/detect-file-data.c b/src/detect-file-data.c
index ce0223ceac32b4d1d3fcc071c1688257f58fb7ca..8536b9394223e11615f16f7e24443c0aea56ad14 100644 (file)
--- a/src/detect-file-data.c
+++ b/src/detect-file-data.c
@@ -55,6 +55,7 @@ static int DetectFiledataSetup (DetectEngineCtx *, Signature *, const char *);
 #ifdef UNITTESTS
 static void DetectFiledataRegisterTests(void);
 #endif
+static _Bool DetectFiledataValidateCallback(const Signature *s, const char **sigerror);
 static void DetectFiledataSetupCallback(const DetectEngineCtx *de_ctx,
                                         Signature *s);
 static int g_file_data_buffer_id = 0;
@@ -118,6 +119,7 @@ void DetectFiledataRegister(void)
             DetectEngineInspectFiledata, NULL);
     DetectBufferTypeRegisterSetupCallback("file_data",
             DetectFiledataSetupCallback);
+    DetectBufferTypeRegisterValidateCallback("file_data", DetectFiledataValidateCallback);
     DetectAppLayerInspectEngineRegister2("file_data",
             ALPROTO_SMB, SIG_FLAG_TOSERVER, 0,
             DetectEngineInspectFiledata, NULL);
@@ -207,6 +209,16 @@ static int DetectFiledataSetup (DetectEngineCtx *de_ctx, Signature *s, const cha
     return 0;
 }
 
+static _Bool DetectFiledataValidateCallback(const Signature *s, const char **sigerror)
+{
+    if (s->alproto == ALPROTO_NFS) {
+        *sigerror = "Can't use file_data with NFS keywords";
+        SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use file_data with NFS keywords");
+        return FALSE;
+    }
+    return TRUE;
+}
+
 static void DetectFiledataSetupCallback(const DetectEngineCtx *de_ctx,
                                         Signature *s)
 {