From: Eric Leblond Date: Fri, 16 Sep 2016 11:34:09 +0000 (+0200) Subject: detect: fix setup for some keywords X-Git-Tag: suricata-3.1.3~24 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed90a16e8986d46686efbc608b2c9611db90034d;p=thirdparty%2Fsuricata.git detect: fix setup for some keywords Fix problems found by siginit.cocci. --- diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c index 3e89feb557..06ae77c1f6 100644 --- a/src/detect-dce-iface.c +++ b/src/detect-dce-iface.c @@ -336,13 +336,13 @@ static int DetectDceIfaceSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) sm->type = DETECT_DCE_IFACE; sm->ctx = (void *)did; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); - if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_DCERPC) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); goto error; } + SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); + s->alproto = ALPROTO_DCERPC; /* Flagged the signature as to inspect the app layer data */ s->flags |= SIG_FLAG_APPLAYER; diff --git a/src/detect-dce-opnum.c b/src/detect-dce-opnum.c index b650fe27ce..f250108935 100644 --- a/src/detect-dce-opnum.c +++ b/src/detect-dce-opnum.c @@ -306,13 +306,13 @@ static int DetectDceOpnumSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) sm->type = DETECT_DCE_OPNUM; sm->ctx = (void *)dod; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); - if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_DCERPC) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); goto error; } + SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); + s->alproto = ALPROTO_DCERPC; /* Flagged the signature as to inspect the app layer data */ s->flags |= SIG_FLAG_APPLAYER; diff --git a/src/detect-fileext.c b/src/detect-fileext.c index e4f146e29f..484e6b8ab7 100644 --- a/src/detect-fileext.c +++ b/src/detect-fileext.c @@ -209,13 +209,13 @@ static int DetectFileextSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) sm->type = DETECT_FILEEXT; sm->ctx = (void *)fileext; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); - if (s->alproto != ALPROTO_HTTP && s->alproto != ALPROTO_SMTP) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); goto error; } + SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); + if (s->alproto == ALPROTO_HTTP) { AppLayerHtpNeedFileInspection(); } diff --git a/src/detect-filemd5.c b/src/detect-filemd5.c index faedb11c0b..af149b4147 100644 --- a/src/detect-filemd5.c +++ b/src/detect-filemd5.c @@ -322,13 +322,13 @@ static int DetectFileMd5Setup (DetectEngineCtx *de_ctx, Signature *s, char *str) sm->type = DETECT_FILEMD5; sm->ctx = (void *)filemd5; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); - if (s->alproto != ALPROTO_HTTP && s->alproto != ALPROTO_SMTP) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); goto error; } + SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); + if (s->alproto == ALPROTO_HTTP) { AppLayerHtpNeedFileInspection(); } diff --git a/src/detect-filename.c b/src/detect-filename.c index 2bc9a09d4f..780f073f95 100644 --- a/src/detect-filename.c +++ b/src/detect-filename.c @@ -213,13 +213,13 @@ static int DetectFilenameSetup (DetectEngineCtx *de_ctx, Signature *s, char *str sm->type = DETECT_FILENAME; sm->ctx = (void *)filename; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); - if (s->alproto != ALPROTO_HTTP && s->alproto != ALPROTO_SMTP) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); goto error; } + SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); + if (s->alproto == ALPROTO_HTTP) { AppLayerHtpNeedFileInspection(); } diff --git a/src/detect-filesize.c b/src/detect-filesize.c index 92dcfebb9b..6e9fe5fbb3 100644 --- a/src/detect-filesize.c +++ b/src/detect-filesize.c @@ -287,13 +287,13 @@ static int DetectFilesizeSetup (DetectEngineCtx *de_ctx, Signature *s, char *str sm->type = DETECT_FILESIZE; sm->ctx = (SigMatchCtx *)fsd; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); - if (s->alproto != ALPROTO_HTTP && s->alproto != ALPROTO_SMTP) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); goto error; } + SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); + if (s->alproto == ALPROTO_HTTP) { AppLayerHtpNeedFileInspection(); } diff --git a/src/detect-ssl-version.c b/src/detect-ssl-version.c index 5259187eb6..e5957c1211 100644 --- a/src/detect-ssl-version.c +++ b/src/detect-ssl-version.c @@ -292,13 +292,13 @@ static int DetectSslVersionSetup (DetectEngineCtx *de_ctx, Signature *s, char *s sm->type = DETECT_AL_SSL_VERSION; sm->ctx = (void *)ssl; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); - if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_TLS) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); goto error; } + SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); + s->alproto = ALPROTO_TLS; return 0; diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c index 200ba959f8..745bedefca 100644 --- a/src/detect-tls-version.c +++ b/src/detect-tls-version.c @@ -228,13 +228,13 @@ static int DetectTlsVersionSetup (DetectEngineCtx *de_ctx, Signature *s, char *s sm->type = DETECT_AL_TLS_VERSION; sm->ctx = (void *)tls; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); - if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_TLS) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); goto error; } + SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); + s->alproto = ALPROTO_TLS; return 0;