From: Victor Julien Date: Tue, 1 Oct 2019 08:23:17 +0000 (+0200) Subject: detect/classtype: warn on duplicate classtype X-Git-Tag: suricata-5.0.0~82 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e5761a29c98b8cbdeb575199cf2295f09891db2;p=thirdparty%2Fsuricata.git detect/classtype: warn on duplicate classtype Issue warning instead of erroring and invalidating the rule. It's not a very serious issue, so don't error out. --- diff --git a/src/detect-classtype.c b/src/detect-classtype.c index b01870ac35..13e8452ca2 100644 --- a/src/detect-classtype.c +++ b/src/detect-classtype.c @@ -108,6 +108,12 @@ static int DetectClasstypeSetup(DetectEngineCtx *de_ctx, Signature *s, const cha char parsed_ct_name[1024] = ""; SCClassConfClasstype *ct = NULL; + if ((s->class > 0) || (s->class_msg != NULL)) { + SCLogWarning(SC_ERR_CONFLICTING_RULE_KEYWORDS, "duplicated 'classtype' " + "keyword detected. Using first occurence in the rule"); + return 0; + } + if (DetectClasstypeParseRawString(rawstr, parsed_ct_name, sizeof(parsed_ct_name)) < 0) { SCLogError(SC_ERR_PCRE_PARSE, "invalid value for classtype keyword: " "\"%s\"", rawstr); @@ -121,12 +127,6 @@ static int DetectClasstypeSetup(DetectEngineCtx *de_ctx, Signature *s, const cha goto error; } - if ((s->class > 0) || (s->class_msg != NULL)) - { - SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "duplicated 'classtype' keyword detected"); - goto error; - } - /* if we have retrieved the classtype, assign the message to be displayed * for this Signature by fast.log, if a Packet matches this Signature */ s->class = ct->classtype_id;