From: Victor Julien Date: Thu, 9 Aug 2018 15:33:19 +0000 (+0200) Subject: detect/prefilter: fix alias for fast_pattern X-Git-Tag: suricata-4.0.6~46 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4fc04f17d8d45e36d7bfbb4be31dae90890483a3;p=thirdparty%2Fsuricata.git detect/prefilter: fix alias for fast_pattern If prefilter is used on a content keyword, it acts as a simple fast_pattern statement. This was broken because the SIG_FLAG_PREFILTER flag bypasses MPM for a sig. This commits fixes this by not setting the flag when it should act as fast_pattern. --- diff --git a/src/detect-prefilter.c b/src/detect-prefilter.c index f2beac3d32..8eca6efb70 100644 --- a/src/detect-prefilter.c +++ b/src/detect-prefilter.c @@ -59,27 +59,23 @@ static int DetectPrefilterSetup (DetectEngineCtx *de_ctx, Signature *s, const ch { SCEnter(); - SigMatch *sm = NULL; - int ret = -1; - if (nullstr != NULL) { SCLogError(SC_ERR_INVALID_VALUE, "prefilter has value"); - goto end; + SCReturnInt(-1); } if (s->flags & SIG_FLAG_PREFILTER) { SCLogError(SC_ERR_INVALID_SIGNATURE, "prefilter already set"); - goto end; + SCReturnInt(-1); } - sm = DetectGetLastSM(s); + SigMatch *sm = DetectGetLastSM(s); if (sm == NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "prefilter needs preceding match"); - goto end; + SCReturnInt(-1); } s->init_data->prefilter_sm = sm; - s->flags |= SIG_FLAG_PREFILTER; /* if the sig match is content, prefilter should act like * 'fast_pattern' w/o options. */ @@ -93,12 +89,12 @@ static int DetectPrefilterSetup (DetectEngineCtx *de_ctx, Signature *s, const ch { SCLogError(SC_ERR_INVALID_SIGNATURE, "prefilter; cannot be " "used with negated content, along with relative modifiers"); - goto end; + SCReturnInt(-1); } cd->flags |= DETECT_CONTENT_FAST_PATTERN; + } else { + s->flags |= SIG_FLAG_PREFILTER; } - ret = 0; - end: - SCReturnInt(ret); + SCReturnInt(0); }