From: Eric Leblond <eric@regit.org>
Date: Sun, 21 Apr 2019 07:40:28 +0000 (+0200)
Subject: detect-filename: avoid multiple inspections of buf
X-Git-Tag: suricata-5.0.0-beta1~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=497f35164b6689012c5f448a35f47b3b8aa514a4;p=thirdparty%2Fsuricata.git

detect-filename: avoid multiple inspections of buf

If the filename inspection function is returning nomatch this will
trigger iterative inspections with same content (aka filename) being
inspected. To avoid this we change the return as the buffer inspection
has not to be inspected anymore.
---

diff --git a/src/detect-filename.c b/src/detect-filename.c
index 1ffb55d5f2..41c695fc2c 100644
--- a/src/detect-filename.c
+++ b/src/detect-filename.c
@@ -418,7 +418,7 @@ static int DetectEngineInspectFilename(
     if (r == 1)
         return DETECT_ENGINE_INSPECT_SIG_MATCH;
     else
-        return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
+        return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH_FILESTORE;
 }
 
 typedef struct PrefilterMpmFilename {