From: Andreas Herz <andi@geekosphere.org>
Date: Fri, 11 Aug 2017 21:25:44 +0000 (+0200)
Subject: rule-parser: detect duplicate rev keyword
X-Git-Tag: suricata-4.0.1~33
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a0ec5fe9b7ae9508c3ba2baab66fae694eecb16b;p=thirdparty%2Fsuricata.git

rule-parser: detect duplicate rev keyword
---

diff --git a/src/detect-rev.c b/src/detect-rev.c
index d558e75477..faa066393f 100644
--- a/src/detect-rev.c
+++ b/src/detect-rev.c
@@ -56,6 +56,14 @@ static int DetectRevSetup (DetectEngineCtx *de_ctx, Signature *s, const char *ra
         SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "rev value to high, max %u", UINT_MAX);
         goto error;
     }
+    if (rev == 0) {
+        SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "rev value 0 is invalid");
+        goto error;
+    }
+    if (s->rev > 0) {
+        SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "duplicated 'rev' keyword detected");
+        goto error;
+    }
 
     s->rev = (uint32_t)rev;