From: Jeff Lucovsky Date: Wed, 4 Mar 2020 14:35:54 +0000 (-0500) Subject: detect/threshold: Don't allow duplicates X-Git-Tag: suricata-5.0.3~59 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=90de3c62cc35752aaca68f906e0fa6064e9b8daa;p=thirdparty%2Fsuricata.git detect/threshold: Don't allow duplicates This commit detects duplicate threshold rule options. When duplicates are found in a rule, an error message is displayed and the rule is rejected. (cherry picked from commit ff9a01ee1b63452d1b047f9bcc7522e3ab1eda10) --- diff --git a/src/detect-threshold.c b/src/detect-threshold.c index 505d9459b7..356160e150 100644 --- a/src/detect-threshold.c +++ b/src/detect-threshold.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2013 Open Information Security Foundation +/* Copyright (C) 2007-2020 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -229,10 +229,15 @@ static int DetectThresholdSetup(DetectEngineCtx *de_ctx, Signature *s, const cha SigMatch *tmpm = NULL; /* checks if there is a previous instance of detection_filter */ - tmpm = DetectGetLastSMFromLists(s, DETECT_DETECTION_FILTER, -1); + tmpm = DetectGetLastSMFromLists(s, DETECT_THRESHOLD, DETECT_DETECTION_FILTER, -1); if (tmpm != NULL) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "\"detection_filter\" and " - "\"threshold\" are not allowed in the same rule"); + if (tmpm->type == DETECT_DETECTION_FILTER) { + SCLogError(SC_ERR_INVALID_SIGNATURE, "\"detection_filter\" and " + "\"threshold\" are not allowed in the same rule"); + } else { + SCLogError(SC_ERR_INVALID_SIGNATURE, "multiple \"threshold\" " + "options are not allowed in the same rule"); + } SCReturnInt(-1); }