From: Eileen Donlon <emdonlo@gmail.com>
Date: Mon, 30 Apr 2012 15:52:20 +0000 (-0400)
Subject: disallow file_data with flow:to_server/from_client
X-Git-Tag: suricata-1.3beta2~63
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7879f81e8ec3825d7e23cb370018cb568346c50;p=thirdparty%2Fsuricata.git

disallow file_data with flow:to_server/from_client
---

diff --git a/src/detect-file-data.c b/src/detect-file-data.c
index f4e2842a7a..d302c8bfcf 100644
--- a/src/detect-file-data.c
+++ b/src/detect-file-data.c
@@ -72,7 +72,10 @@ void DetectFiledataRegister(void) {
 static int DetectFiledataSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
 {
     SCEnter();
-
+    if (s->init_flags & SIG_FLAG_INIT_FLOW && s->flags & SIG_FLAG_TOSERVER && !(s->flags & SIG_FLAG_TOCLIENT)) {
+        SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use file_data with flow:to_server or from_client with http.");
+        return -1;
+    }
     s->init_flags |= SIG_FLAG_INIT_FILE_DATA;
 
     return 0;