From: Antti Tönkyrä Date: Tue, 19 May 2015 20:07:21 +0000 (+0000) Subject: Allow colon in SSH version, at least some trojaned PuTTY clients have version like... X-Git-Tag: suricata-3.0RC1~186 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=834c36659e881aa9b140683151309e4229600b09;p=thirdparty%2Fsuricata.git Allow colon in SSH version, at least some trojaned PuTTY clients have version like Putty-Local: Timestamp HH:MM:SS --- diff --git a/src/detect-ssh-software-version.c b/src/detect-ssh-software-version.c index f2df5a5383..4197bfffff 100644 --- a/src/detect-ssh-software-version.c +++ b/src/detect-ssh-software-version.c @@ -61,7 +61,7 @@ /** * \brief Regex for parsing the softwareversion string */ -#define PARSE_REGEX "^\\s*\"?\\s*?([0-9a-zA-Z\\.\\-\\_\\+\\s+]+)\\s*\"?\\s*$" +#define PARSE_REGEX "^\\s*\"?\\s*?([0-9a-zA-Z\\:\\.\\-\\_\\+\\s+]+)\\s*\"?\\s*$" static pcre *parse_regex; static pcre_extra *parse_regex_study;