From: Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
Date: Wed, 23 Nov 2022 12:21:12 +0000 (+0000)
Subject: Pull request #3673: IPS options: mismatched option keeps cursor intact
X-Git-Tag: 3.1.48.0~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6d26a884ac2c29f38724166238f6d3e8bc49094f;p=thirdparty%2Fsnort3.git

Pull request #3673: IPS options: mismatched option keeps cursor intact

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:sse_negation_handling to master

Squashed commit of the following:

commit 5c65144c0dc2126e58aecd2148ac2c09d3645bbd
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date:   Thu Nov 17 18:52:18 2022 +0200

    ips_option: keep cursor intact for a negated hash mismatched

commit 02eb93f9bfea0bf4d657de2aa3b94a714f4cdc52
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date:   Thu Nov 17 17:12:37 2022 +0200

    ips_option: keep cursor intact for a negated content mismatched
---

diff --git a/src/ips_options/ips_content.cc b/src/ips_options/ips_content.cc
index acd2e19e4..eb02d597b 100644
--- a/src/ips_options/ips_content.cc
+++ b/src/ips_options/ips_content.cc
@@ -353,8 +353,11 @@ static int uniSearchReal(ContentData* cd, Cursor& c)
 
     if ( found >= 0 )
     {
-        c.set_delta(c.get_delta() + found + cd->match_delta);
-        c.set_pos(pos + found + cd->pmd.pattern_size);
+        if ( !cd->pmd.is_negated() )
+        {
+            c.set_delta(c.get_delta() + found + cd->match_delta);
+            c.set_pos(pos + found + cd->pmd.pattern_size);
+        }
         return 1;
     }
 
diff --git a/src/ips_options/ips_hash.cc b/src/ips_options/ips_hash.cc
index 5870e85ec..79cae4694 100644
--- a/src/ips_options/ips_hash.cc
+++ b/src/ips_options/ips_hash.cc
@@ -183,7 +183,9 @@ int HashOption::match(Cursor& c)
 
     if ( !found )
     {
-        c.set_pos(pos + config->length);
+        if ( !config->negated )
+            c.set_pos(pos + config->length);
+
         return 1;
     }