From: Jeff Lucovsky Date: Thu, 13 Jan 2022 15:39:12 +0000 (-0500) Subject: detect/file_data: Reject invalid protocols X-Git-Tag: suricata-6.0.5~126 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c9bed6e0b2b1f16ec176c1ae2e622f1f62307fd1;p=thirdparty%2Fsuricata.git detect/file_data: Reject invalid protocols Issue: #4895 This commit causes Suricata to reject signatures that combine TCP-based alerts using file_data with NFS keywords. file_data doesn't support the NFS protocol. (cherry picked from commit 215335fdc6431e1c5de6155aa64c152bda507b72) --- diff --git a/src/detect-file-data.c b/src/detect-file-data.c index ce0223ceac..8536b93942 100644 --- a/src/detect-file-data.c +++ b/src/detect-file-data.c @@ -55,6 +55,7 @@ static int DetectFiledataSetup (DetectEngineCtx *, Signature *, const char *); #ifdef UNITTESTS static void DetectFiledataRegisterTests(void); #endif +static _Bool DetectFiledataValidateCallback(const Signature *s, const char **sigerror); static void DetectFiledataSetupCallback(const DetectEngineCtx *de_ctx, Signature *s); static int g_file_data_buffer_id = 0; @@ -118,6 +119,7 @@ void DetectFiledataRegister(void) DetectEngineInspectFiledata, NULL); DetectBufferTypeRegisterSetupCallback("file_data", DetectFiledataSetupCallback); + DetectBufferTypeRegisterValidateCallback("file_data", DetectFiledataValidateCallback); DetectAppLayerInspectEngineRegister2("file_data", ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectFiledata, NULL); @@ -207,6 +209,16 @@ static int DetectFiledataSetup (DetectEngineCtx *de_ctx, Signature *s, const cha return 0; } +static _Bool DetectFiledataValidateCallback(const Signature *s, const char **sigerror) +{ + if (s->alproto == ALPROTO_NFS) { + *sigerror = "Can't use file_data with NFS keywords"; + SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use file_data with NFS keywords"); + return FALSE; + } + return TRUE; +} + static void DetectFiledataSetupCallback(const DetectEngineCtx *de_ctx, Signature *s) {