From: Eric Leblond <eric@regit.org>
Date: Mon, 18 Feb 2019 22:06:10 +0000 (+0100)
Subject: detect-hostbits: error on some invalid config
X-Git-Tag: suricata-5.0.0-beta1~169
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b1fa53c66a1db4b5c057394a44ab6aef10bac52;p=thirdparty%2Fsuricata.git

detect-hostbits: error on some invalid config
---

diff --git a/src/detect-hostbits.c b/src/detect-hostbits.c
index f1978588b0..76aa7fa2e0 100644
--- a/src/detect-hostbits.c
+++ b/src/detect-hostbits.c
@@ -61,7 +61,7 @@ TODO:
     hostbits:set,bitname,both,120;
  */
 
-#define PARSE_REGEX "([a-z]+)"          /* Action */                    \
+#define PARSE_REGEX "^([a-z]+)"          /* Action */                    \
     "(?:\\s*,\\s*([^\\s,]+))?(?:\\s*)?" /* Name. */                     \
     "(?:\\s*,\\s*([^,\\s]+))?(?:\\s*)?" /* Direction. */                \
     "(.+)?"                             /* Any remainding data. */
@@ -619,6 +619,10 @@ static int HostBitsTestSig02(void)
             "alert ip any any -> any any (hostbits:isnotset,abc,dst; content:\"GET \"; sid:2;)");
     FAIL_IF_NULL(s);
 
+    s = DetectEngineAppendSig(de_ctx,
+            "alert ip any any -> any any (hostbits:!isset,abc,dst; content:\"GET \"; sid:3;)");
+    FAIL_IF_NOT_NULL(s);
+
 /* TODO reenable after both is supported
     s = DetectEngineAppendSig(de_ctx,
             "alert ip any any -> any any (hostbits:set,abc,both; content:\"GET \"; sid:3;)");