From: Victor Julien <victor@inliniac.net>
Date: Mon, 18 Jan 2021 09:46:37 +0000 (+0100)
Subject: tests: add issue 3341 test
X-Git-Tag: suricata-6.0.4~180
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ef6b13ace933e17b53441ca0422a85619f76c08a;p=thirdparty%2Fsuricata-verify.git

tests: add issue 3341 test
---

diff --git a/tests/issue-3341-tcphdr-01/test.rules b/tests/issue-3341-tcphdr-01/test.rules
new file mode 100644
index 000000000..746d1be35
--- /dev/null
+++ b/tests/issue-3341-tcphdr-01/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"EXPLOIT - Suricata 5.0 tcp.hdr test for CVE-2019-12260"; flow:to_server; tcp.hdr; content:"|1d 03 61 00|"; offset:20; depth:4; sid:1; rev:1;)
diff --git a/tests/issue-3341-tcphdr-01/test.yaml b/tests/issue-3341-tcphdr-01/test.yaml
new file mode 100644
index 000000000..2d936f5db
--- /dev/null
+++ b/tests/issue-3341-tcphdr-01/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 5.0.0
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+
+args:
+- -k none
diff --git a/tests/issue-3341-tcphdr-01/urgent11_cve_2019_12260.pcap b/tests/issue-3341-tcphdr-01/urgent11_cve_2019_12260.pcap
new file mode 100644
index 000000000..5e3d30188
Binary files /dev/null and b/tests/issue-3341-tcphdr-01/urgent11_cve_2019_12260.pcap differ