From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Wed, 19 Feb 2020 14:16:36 +0000 (-0500)
Subject: pcre: Sticky buffer check
X-Git-Tag: suricata-6.0.0-beta1~713
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F4598%2Fhead;p=thirdparty%2Fsuricata.git

pcre: Sticky buffer check

This commit adds logic checking if the sticky buffer in effect provides
the required content.

If the sticky buffer doesn't, the rule will not load and a diagnostic
message with follow-on steps is displayed.
---

diff --git a/src/detect-pcre.c b/src/detect-pcre.c
index 4e8f9cdb76..7ca3c9c5a7 100644
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@@ -842,6 +842,13 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, const char *r
 
     int sm_list = -1;
     if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
+        if (parsed_sm_list != DETECT_SM_LIST_NOTSET && parsed_sm_list != s->init_data->list) {
+            SCLogError(SC_ERR_INVALID_SIGNATURE,
+                    "Expression seen with a sticky buffer still set; either (1) reset sticky "
+                    "buffer with pkt_data or (2) use a sticky buffer providing \"%s\".",
+                    DetectBufferTypeGetDescriptionById(de_ctx, parsed_sm_list));
+            goto error;
+        }
         if (DetectBufferGetActiveList(de_ctx, s) == -1)
             goto error;