From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Sat, 23 Nov 2019 19:33:38 +0000 (-0500)
Subject: detect/mpm: Improved handling of variable values
X-Git-Tag: suricata-5.0.1~81
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db8527e7b39162799c2997cfc2683d4a0473274e;p=thirdparty%2Fsuricata.git

detect/mpm: Improved handling of variable values

This commit removes the offset and depth if either of these values are
dependent upon a byte-extract operation.
---

diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c
index ed9abae24d..b8bf2572c5 100644
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@@ -736,6 +736,13 @@ static void PopulateMpmHelperAddPattern(MpmCtx *mpm_ctx,
         }
     }
 
+    /* We have to effectively "wild card" values that will be coming from
+     * byte_extract variables
+     */
+    if (cd->flags & (DETECT_CONTENT_DEPTH_BE | DETECT_CONTENT_OFFSET_BE)) {
+        pat_depth = pat_offset = 0;
+    }
+
     if (cd->flags & DETECT_CONTENT_NOCASE) {
         if (chop) {
             MpmAddPatternCI(mpm_ctx,