From: Victor Julien <victor@inliniac.net>
Date: Wed, 28 Nov 2018 09:02:57 +0000 (+0100)
Subject: detect/parse: error out on unused sticky buffers
X-Git-Tag: suricata-4.1.1~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3eec088d3181e800c1ff3623d4c352dad77111d3;p=thirdparty%2Fsuricata.git

detect/parse: error out on unused sticky buffers
---

diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c
index e22e19ba13..e57a7875d1 100644
--- a/src/detect-dns-query.c
+++ b/src/detect-dns-query.c
@@ -627,7 +627,7 @@ static int DetectDnsQueryTest03(void)
 
     s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any "
                               "(msg:\"Test dns_query option\"; "
-                              "content:\"google\"; nocase; dns_query; sid:1;)");
+                              "dns_query; content:\"google\"; nocase; sid:1;)");
     FAIL_IF_NULL(s);
 
     SigGroupBuild(de_ctx);
diff --git a/src/detect-parse.c b/src/detect-parse.c
index c2ab03586a..7760826962 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1548,6 +1548,16 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
 
     SCEnter();
 
+    /* check for sticky buffers that were set w/o matches
+     * e.g. alert ... (file_data; sid:1;) */
+    if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
+        if (s->init_data->smlists[s->init_data->list] == NULL) {
+            SCLogError(SC_ERR_INVALID_SIGNATURE, "rule %u setup buffer %s but didn't add matches to it",
+                    s->id, DetectBufferTypeGetNameById(de_ctx, s->init_data->list));
+            SCReturnInt(0);
+        }
+    }
+
     /* run buffer type validation callbacks if any */
     if (s->init_data->smlists[DETECT_SM_LIST_PMATCH]) {
         if (DetectContentPMATCHValidateCallback(s) == FALSE)