From 24f2387b238e4d82ea0a9a1ec5eb12b8238b022e Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Tue, 13 Sep 2016 10:57:09 -0600 Subject: [PATCH] flowbits: validate that there are no spaces in the name Fixes issue: https://redmine.openinfosecfoundation.org/issues/1889 To catch the issue where the ';' is missing we have to expand the regex to capture the whole name string, not just the leading valid stuff. Then verify that there are no spaces in the name (Snort has the same restriction) and fail if there is. --- src/detect-flowbits.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c index 9752f03e8b..5100f7f998 100644 --- a/src/detect-flowbits.c +++ b/src/detect-flowbits.c @@ -45,7 +45,7 @@ #include "util-unittest.h" #include "util-debug.h" -#define PARSE_REGEX "([a-z]+)(?:,\\s*([^\\s]*))?" +#define PARSE_REGEX "([a-z]+)(?:,\\s*(.*))?" static pcre *parse_regex; static pcre_extra *parse_regex_study; @@ -182,6 +182,20 @@ static int DetectFlowbitParse(char *str, char *cmd, int cmd_len, char *name, SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); return 0; } + + /* Trim trailing whitespace. */ + while (strlen(name) > 0 && isblank(name[strlen(name) - 1])) { + name[strlen(name) - 1] = '\0'; + } + + /* Validate name, spaces are not allowed. */ + for (size_t i = 0; i < strlen(name); i++) { + if (isblank(name[i])) { + SCLogError(SC_ERR_INVALID_SIGNATURE, + "spaces not allowed in flowbit names"); + return 0; + } + } } return 1; @@ -324,6 +338,10 @@ static int FlowBitsTestParse01(void) FAIL_IF(strcmp(command, "set") != 0); FAIL_IF(strcmp(name, "flowbit") != 0); + /* Spaces are not allowed in the name. */ + FAIL_IF(DetectFlowbitParse("set,namewith space", command, sizeof(command), + name, sizeof(name))); + PASS; } -- 2.47.2