From: Philippe Antoine Date: Fri, 1 May 2020 08:54:51 +0000 (+0200) Subject: signature: adds file flag for file_data keyword X-Git-Tag: suricata-6.0.0-beta1~337 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5d4332ede1201c44b40d655b51dcc0062d5cfc1;p=thirdparty%2Fsuricata.git signature: adds file flag for file_data keyword So that SigValidate can check if a protocol not supporting files was set after this keyword --- diff --git a/src/detect-file-data.c b/src/detect-file-data.c index beb3974840..fab29513f3 100644 --- a/src/detect-file-data.c +++ b/src/detect-file-data.c @@ -189,6 +189,7 @@ static int DetectFiledataSetup (DetectEngineCtx *de_ctx, Signature *s, const cha if (DetectBufferSetActiveList(s, DetectBufferTypeGetByName("file_data")) < 0) return -1; + s->init_data->init_flags |= SIG_FLAG_INIT_FILEDATA; SetupDetectEngineConfig(de_ctx); return 0; } diff --git a/src/detect-parse.c b/src/detect-parse.c index c4705de37b..c3ef093757 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -1845,7 +1845,8 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s) } #endif - if ((s->flags & SIG_FLAG_FILESTORE) || s->file_flags != 0) { + if ((s->flags & SIG_FLAG_FILESTORE) || s->file_flags != 0 || + (s->init_data->init_flags & SIG_FLAG_INIT_FILEDATA)) { if (s->alproto != ALPROTO_UNKNOWN && !AppLayerParserSupportsFiles(IPPROTO_TCP, s->alproto)) { diff --git a/src/detect.h b/src/detect.h index dbb8091840..3d90519b73 100644 --- a/src/detect.h +++ b/src/detect.h @@ -262,6 +262,7 @@ typedef struct DetectPort_ { #define SIG_FLAG_INIT_STATE_MATCH BIT_U32(6) /**< signature has matches that require stateful inspection */ #define SIG_FLAG_INIT_NEED_FLUSH BIT_U32(7) #define SIG_FLAG_INIT_PRIO_EXPLICT BIT_U32(8) /**< priority is explicitly set by the priority keyword */ +#define SIG_FLAG_INIT_FILEDATA BIT_U32(9) /**< signature has filedata keyword */ /* signature mask flags */ /** \note: additions should be added to the rule analyzer as well */