From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 27 Apr 2023 14:39:31 +0000 (+0200)
Subject: detect: allow 0-sized non-NULL buffers to match
X-Git-Tag: suricata-7.0.0-rc2~287
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e80974966dc46aeaac69e6f0665480c2dd112d2e;p=thirdparty%2Fsuricata.git

detect: allow 0-sized non-NULL buffers to match

Such as a HTTP1 header with an empty value

Ticket: #6025
---

diff --git a/src/detect-engine-content-inspection.c b/src/detect-engine-content-inspection.c
index f639b4f81f..edb7804b24 100644
--- a/src/detect-engine-content-inspection.c
+++ b/src/detect-engine-content-inspection.c
@@ -118,7 +118,8 @@ uint8_t DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThrea
         SCReturnInt(0);
     }
 
-    if (smd == NULL || buffer_len == 0) {
+    // we want the ability to match on bsize: 0
+    if (smd == NULL || buffer == NULL) {
         KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
         SCReturnInt(0);
     }