From: Victor Julien <victor@inliniac.net>
Date: Mon, 6 Mar 2017 09:54:57 +0000 (+0100)
Subject: bytejump: don't print errors when matching
X-Git-Tag: suricata-4.0.0-beta1~259
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3626ecb4748f7c68fd56d13de1c2e0476f17f892;p=thirdparty%2Fsuricata.git

bytejump: don't print errors when matching

When bytejump was told to convert some payload data to int from a
string it would print an error to the screen if the conversion
failed. This is unwanted as the payload is controlled by an attacker
and printing is expensive.
---

diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c
index 8db0adfefb..272b23ebdd 100644
--- a/src/detect-bytejump.c
+++ b/src/detect-bytejump.c
@@ -137,18 +137,18 @@ int DetectBytejumpDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s,
         extbytes = ByteExtractStringUint64(&val, data->base,
                                            data->nbytes, (const char *)ptr);
         if(extbytes <= 0) {
-            SCLogError(SC_ERR_BYTE_EXTRACT_FAILED,"Error extracting %d bytes "
-                   "of string data: %d", data->nbytes, extbytes);
-            SCReturnInt(-1);
+            SCLogDebug("error extracting %d bytes of string data: %d",
+                    data->nbytes, extbytes);
+            SCReturnInt(0);
         }
     }
     else {
         int endianness = (flags & DETECT_BYTEJUMP_LITTLE) ? BYTE_LITTLE_ENDIAN : BYTE_BIG_ENDIAN;
         extbytes = ByteExtractUint64(&val, endianness, data->nbytes, ptr);
         if (extbytes != data->nbytes) {
-            SCLogError(SC_ERR_BYTE_EXTRACT_FAILED,"Error extracting %d bytes "
-                   "of numeric data: %d", data->nbytes, extbytes);
-            SCReturnInt(-1);
+            SCLogDebug("error extracting %d bytes of numeric data: %d",
+                    data->nbytes, extbytes);
+            SCReturnInt(0);
         }
     }