From: Anoop Saldanha Date: Sat, 16 Jun 2012 08:46:10 +0000 (+0530) Subject: cookie header now inspects Set-Cookie headers as well X-Git-Tag: suricata-1.3rc1~50 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5bb347106b4bf1925f4fb606d771b98e84cebad2;p=thirdparty%2Fsuricata.git cookie header now inspects Set-Cookie headers as well --- diff --git a/src/detect-engine-hcd.c b/src/detect-engine-hcd.c index d23585467b..b7ad2b88ea 100644 --- a/src/detect-engine-hcd.c +++ b/src/detect-engine-hcd.c @@ -88,11 +88,21 @@ int DetectEngineRunHttpCookieMpm(DetectEngineThreadCtx *det_ctx, Flow *f, if (tx == NULL) continue; - htp_header_t *h = (htp_header_t *)table_getc(tx->request_headers, - "Cookie"); - if (h == NULL) { - SCLogDebug("HTTP cookie header not present in this request"); - continue; + htp_header_t *h = NULL; + if (flags & STREAM_TOSERVER) { + h = (htp_header_t *)table_getc(tx->request_headers, + "Cookie"); + if (h == NULL) { + SCLogDebug("HTTP cookie header not present in this request"); + continue; + } + } else { + h = (htp_header_t *)table_getc(tx->response_headers, + "Set-Cookie"); + if (h == NULL) { + SCLogDebug("HTTP Set-Cookie header not present in this request"); + continue; + } } cnt += HttpCookiePatternSearch(det_ctx, @@ -153,11 +163,21 @@ int DetectEngineInspectHttpCookie(DetectEngineCtx *de_ctx, if (tx == NULL) continue; - htp_header_t *h = (htp_header_t *)table_getc(tx->request_headers, - "Cookie"); - if (h == NULL) { - SCLogDebug("HTTP cookie header not present in this request"); - continue; + htp_header_t *h = NULL; + if (flags & STREAM_TOSERVER) { + h = (htp_header_t *)table_getc(tx->request_headers, + "Cookie"); + if (h == NULL) { + SCLogDebug("HTTP cookie header not present in this request"); + continue; + } + } else { + h = (htp_header_t *)table_getc(tx->response_headers, + "Set-Cookie"); + if (h == NULL) { + SCLogDebug("HTTP Set-Cookie header not present in this request"); + continue; + } } det_ctx->buffer_offset = 0;