From 52d9d457472947090287a34965cb66bc0d50851a Mon Sep 17 00:00:00 2001
From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Sat, 24 Mar 2018 13:00:31 +0100
Subject: [PATCH] detect-tls-cert-fingerprint: add setup callback to lowercase
 content

Add setup callback that lowercase the content that follows
'tls_cert_fingerprint'.
---
 src/detect-tls-cert-fingerprint.c | 35 +++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/src/detect-tls-cert-fingerprint.c b/src/detect-tls-cert-fingerprint.c
index 25eb75a1ee..4cb2127175 100644
--- a/src/detect-tls-cert-fingerprint.c
+++ b/src/detect-tls-cert-fingerprint.c
@@ -60,6 +60,8 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
         const DetectEngineTransforms *transforms,
         Flow *_f, const uint8_t _flow_flags,
         void *txv, const int list_id);
+static void DetectTlsFingerprintSetupCallback(const DetectEngineCtx *de_ctx,
+        Signature *s);
 static _Bool DetectTlsFingerprintValidateCallback(const Signature *s,
         const char **sigerror);
 static int g_tls_cert_fingerprint_buffer_id = 0;
@@ -90,6 +92,9 @@ void DetectTlsFingerprintRegister(void)
     DetectBufferTypeSetDescriptionByName("tls_cert_fingerprint",
             "TLS certificate fingerprint");
 
+    DetectBufferTypeRegisterSetupCallback("tls_cert_fingerprint",
+            DetectTlsFingerprintSetupCallback);
+
     DetectBufferTypeRegisterValidateCallback("tls_cert_fingerprint",
             DetectTlsFingerprintValidateCallback);
 
@@ -181,6 +186,36 @@ static _Bool DetectTlsFingerprintValidateCallback(const Signature *s,
     return TRUE;
 }
 
+static void DetectTlsFingerprintSetupCallback(const DetectEngineCtx *de_ctx,
+                                              Signature *s)
+{
+    SigMatch *sm = s->init_data->smlists[g_tls_cert_fingerprint_buffer_id];
+    for ( ; sm != NULL; sm = sm->next)
+    {
+        if (sm->type != DETECT_CONTENT)
+            continue;
+
+        DetectContentData *cd = (DetectContentData *)sm->ctx;
+
+        _Bool changed = FALSE;
+        uint32_t u;
+        for (u = 0; u < cd->content_len; u++)
+        {
+            if (isupper(cd->content[u])) {
+                cd->content[u] = tolower(cd->content[u]);
+                changed = TRUE;
+            }
+        }
+
+        /* recreate the context if changes were made */
+        if (changed) {
+            SpmDestroyCtx(cd->spm_ctx);
+            cd->spm_ctx = SpmInitCtx(cd->content, cd->content_len, 1,
+                                     de_ctx->spm_global_thread_ctx);
+        }
+    }
+}
+
 #ifdef UNITTESTS
 
 /**
-- 
2.47.2