From: Shivani Bhardwaj <shivani@oisf.net>
Date: Wed, 18 Jan 2023 01:35:08 +0000 (+0530)
Subject: rules/decoder: add udp.len_invalid rule
X-Git-Tag: suricata-6.0.10~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9f4dcc43344ae6cd5f43af2ccf1b7ee23cf7aa07;p=thirdparty%2Fsuricata.git

rules/decoder: add udp.len_invalid rule

(cherry picked from commit b5b05b8fce68ac18e7ea6330508afc3ad0c35866)
---

diff --git a/rules/decoder-events.rules b/rules/decoder-events.rules
index 19ae61d6c4..612058f48a 100644
--- a/rules/decoder-events.rules
+++ b/rules/decoder-events.rules
@@ -68,6 +68,7 @@ alert pkthdr any any -> any any (msg:"SURICATA TCP duplicated option"; decode-ev
 alert pkthdr any any -> any any (msg:"SURICATA UDP packet too small"; decode-event:udp.pkt_too_small; classtype:protocol-command-decode; sid:2200038; rev:2;)
 alert pkthdr any any -> any any (msg:"SURICATA UDP header length too small"; decode-event:udp.hlen_too_small; classtype:protocol-command-decode; sid:2200039; rev:2;)
 alert pkthdr any any -> any any (msg:"SURICATA UDP invalid header length"; decode-event:udp.hlen_invalid; classtype:protocol-command-decode; sid:2200040; rev:2;)
+alert pkthdr any any -> any any (msg:"SURICATA UDP invalid length field in the header"; decode-event:udp.len_invalid; classtype:protocol-command-decode; sid:2200120; rev:2;)
 alert pkthdr any any -> any any (msg:"SURICATA SLL packet too small"; decode-event:sll.pkt_too_small; classtype:protocol-command-decode; sid:2200041; rev:2;)
 alert pkthdr any any -> any any (msg:"SURICATA Ethernet packet too small"; decode-event:ethernet.pkt_too_small; classtype:protocol-command-decode; sid:2200042; rev:2;)
 alert pkthdr any any -> any any (msg:"SURICATA PPP packet too small"; decode-event:ppp.pkt_too_small; classtype:protocol-command-decode; sid:2200043; rev:2;)
@@ -150,5 +151,5 @@ alert pkthdr any any -> any any (msg:"SURICATA CHDLC packet too small"; decode-e
 
 alert pkthdr any any -> any any (msg:"SURICATA packet with too many layers"; decode-event:too_many_layers; classtype:protocol-command-decode; sid:2200116; rev:1;)
 
-# next sid is 2200120
+# next sid is 2200121