From: Eileen Donlon <emdonlo@gmail.com>
Date: Tue, 13 Mar 2012 00:31:58 +0000 (-0400)
Subject: reject http_client_body with inconsistent flow dir
X-Git-Tag: suricata-1.3beta1~105
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=617edf469c9961f026bc2804230c3124c1c35d7d;p=thirdparty%2Fsuricata.git

reject http_client_body with inconsistent flow dir

reject http_client_body with flow: to_client or from_server
---

diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c
index 5ce8a12959..90546a5619 100644
--- a/src/detect-http-client-body.c
+++ b/src/detect-http-client-body.c
@@ -128,6 +128,11 @@ int DetectHttpClientBodySetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
         goto error;
     }
 
+    if (s->flags & SIG_FLAG_TOCLIENT) {
+        SCLogError(SC_ERR_INVALID_SIGNATURE, "http_client_body can not be used with flow:to_client or flow:from_server. ");
+        goto error;
+    }
+
     if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) {
         SigMatch *pm =  SigMatchGetLastSMFromLists(s, 4,
                                                    DETECT_CONTENT, sm->prev,