From: Eileen Donlon <emdonlo@gmail.com>
Date: Mon, 30 Apr 2012 16:01:41 +0000 (-0400)
Subject: disallow pcre /P/I/U with flow:to_client/from_svr
X-Git-Tag: suricata-1.3beta2~60
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b22529d6f458232eaf9c3453fd98cfc464e55e76;p=thirdparty%2Fsuricata.git

disallow pcre /P/I/U with flow:to_client/from_svr
---

diff --git a/src/detect-pcre.c b/src/detect-pcre.c
index d8dcf4230f..36209eee32 100644
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@@ -1071,6 +1071,17 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, char *regexst
     if (pd == NULL)
         goto error;
 
+    if (pd->flags & DETECT_PCRE_HTTP_CLIENT_BODY && s->init_flags & SIG_FLAG_INIT_FLOW
+        && s->flags & SIG_FLAG_TOCLIENT && !(s->flags & SIG_FLAG_TOSERVER)) {
+        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Can't use pcre /P with flow:from_server or flow:to_client");
+        goto error;
+    }
+    if ((pd->flags & DETECT_PCRE_URI || pd->flags & DETECT_PCRE_HTTP_RAW_URI)
+        && s->init_flags & SIG_FLAG_INIT_FLOW && s->flags & SIG_FLAG_TOCLIENT && !(s->flags & SIG_FLAG_TOSERVER)) {
+        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Can't use pcre /U or /I with flow:from_server or flow:to_client");
+        goto error;
+    }
+
     /* check pcre modifiers against the signature alproto.  In case they conflict
      * chuck out invalid signature */
     switch (s->alproto) {