From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Thu, 11 Jun 2020 13:08:42 +0000 (-0400)
Subject: detect/content: Validate content byte array
X-Git-Tag: suricata-5.0.4~49
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F5130%2Fhead;p=thirdparty%2Fsuricata.git

detect/content: Validate content byte array

This commit checks whether the content byte array is compatible with the
transforms, if any, for the rule.

(cherry picked from commit 051465ee74422eb7578bdb8ef92f76037d7c47ec)
---

diff --git a/src/detect-content.c b/src/detect-content.c
index edfbada6f7..8f7ddea461 100644
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -335,6 +335,17 @@ int DetectContentSetup(DetectEngineCtx *de_ctx, Signature *s, const char *conten
     int sm_list = s->init_data->list;
     if (sm_list == DETECT_SM_LIST_NOTSET) {
         sm_list = DETECT_SM_LIST_PMATCH;
+    } else if (sm_list > DETECT_SM_LIST_MAX &&
+            0 == (cd->flags & DETECT_CONTENT_NEGATED)) {
+        /* Check transform compatibility */
+        const char *tstr;
+        if (!DetectBufferTypeValidateTransform(de_ctx, sm_list, cd->content,
+                    cd->content_len, &tstr)) {
+            SCLogError(SC_ERR_INVALID_SIGNATURE,
+                    "content string \"%s\" incompatible with %s transform",
+                    contentstr, tstr);
+            goto error;
+        }
     }
 
     sm = SigMatchAlloc();