From: Philippe Antoine <contact@catenacyber.fr>
Date: Tue, 8 Mar 2022 11:50:16 +0000 (+0100)
Subject: detect: makes config keyword really require a flow
X-Git-Tag: suricata-6.0.5~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d4d8b4c5b3db148a8ce1b92426392cae4f0dda4d;p=thirdparty%2Fsuricata.git

detect: makes config keyword really require a flow

Ticket: 4972

Completes commit c3a220647

DETECT_CONFIG is added as DETECT_SM_LIST_POSTMATCH and not
as DETECT_SM_LIST_MATCH as other keywords handled in SignatureCreateMask

(cherry picked from commit 00da0d3420fd6ebbdbe7990b26eebf7650856eca)
---

diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
index 9d8f05c98e..b7b344cbaa 100644
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -563,6 +563,11 @@ static int SignatureCreateMask(Signature *s)
             case DETECT_ENGINE_EVENT:
                 s->mask |= SIG_MASK_REQUIRE_ENGINE_EVENT;
                 break;
+        }
+    }
+
+    for (sm = s->init_data->smlists[DETECT_SM_LIST_POSTMATCH]; sm != NULL; sm = sm->next) {
+        switch (sm->type) {
             case DETECT_CONFIG: {
                 DetectConfigData *fd = (DetectConfigData *)sm->ctx;
                 if (fd->scope == CONFIG_SCOPE_FLOW) {