From 77f3964d74b5c3a97fbef8d4407c97ba86c0cd9c Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Fri, 8 Dec 2023 09:38:38 +0100
Subject: [PATCH] detect/bytejump: don't reuse content flag

To avoid future problems with overlapping flag values, give bytejump
its own DETECT_BYTEJUMP_OFFSET_VAR flag.

The values are currently not overlapping, so this patch should have
no side effects.

(cherry picked from commit 101452056d559b4e5eab27c2d9fb651d2e32c412)
---
 src/detect-byte-extract.c              | 21 +++++++--------------
 src/detect-bytejump.c                  |  2 +-
 src/detect-bytejump.h                  |  1 +
 src/detect-engine-content-inspection.c |  2 +-
 4 files changed, 10 insertions(+), 16 deletions(-)

diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c
index ec9b27fc64..81bf37a455 100644
--- a/src/detect-byte-extract.c
+++ b/src/detect-byte-extract.c
@@ -3519,8 +3519,7 @@ static int DetectByteExtractTest53(void)
         goto end;
     }
     bjd = (DetectBytejumpData *)sm->ctx;
-    if (bjd->flags != DETECT_CONTENT_OFFSET_VAR ||
-        bjd->offset != 0) {
+    if (bjd->flags != DETECT_BYTEJUMP_OFFSET_VAR || bjd->offset != 0) {
         printf("three failed\n");
         result = 0;
         goto end;
@@ -3624,8 +3623,7 @@ static int DetectByteExtractTest54(void)
         goto end;
     }
     bjd = (DetectBytejumpData *)sm->ctx;
-    if (bjd->flags != DETECT_CONTENT_OFFSET_VAR ||
-        bjd->offset != 0) {
+    if (bjd->flags != DETECT_BYTEJUMP_OFFSET_VAR || bjd->offset != 0) {
         printf("three failed\n");
         result = 0;
         goto end;
@@ -3637,8 +3635,7 @@ static int DetectByteExtractTest54(void)
         goto end;
     }
     bjd = (DetectBytejumpData *)sm->ctx;
-    if (bjd->flags != DETECT_CONTENT_OFFSET_VAR ||
-        bjd->offset != 1) {
+    if (bjd->flags != DETECT_BYTEJUMP_OFFSET_VAR || bjd->offset != 1) {
         printf("four failed\n");
         result = 0;
         goto end;
@@ -4171,8 +4168,7 @@ static int DetectByteExtractTest58(void)
         goto end;
     }
     bjd = (DetectBytejumpData *)sm->ctx;
-    if (bjd->flags != DETECT_CONTENT_OFFSET_VAR ||
-        bjd->offset != 0) {
+    if (bjd->flags != DETECT_BYTEJUMP_OFFSET_VAR || bjd->offset != 0) {
         printf("three failed\n");
         result = 0;
         goto end;
@@ -4184,8 +4180,7 @@ static int DetectByteExtractTest58(void)
         goto end;
     }
     bjd = (DetectBytejumpData *)sm->ctx;
-    if (bjd->flags != DETECT_CONTENT_OFFSET_VAR ||
-        bjd->offset != 1) {
+    if (bjd->flags != DETECT_BYTEJUMP_OFFSET_VAR || bjd->offset != 1) {
         printf("four failed\n");
         result = 0;
         goto end;
@@ -4304,8 +4299,7 @@ static int DetectByteExtractTest59(void)
         goto end;
     }
     bjd = (DetectBytejumpData *)sm->ctx;
-    if (bjd->flags != DETECT_CONTENT_OFFSET_VAR ||
-        bjd->offset != 0) {
+    if (bjd->flags != DETECT_BYTEJUMP_OFFSET_VAR || bjd->offset != 0) {
         printf("three failed\n");
         result = 0;
         goto end;
@@ -4317,8 +4311,7 @@ static int DetectByteExtractTest59(void)
         goto end;
     }
     bjd = (DetectBytejumpData *)sm->ctx;
-    if (bjd->flags != DETECT_CONTENT_OFFSET_VAR ||
-        bjd->offset != 1) {
+    if (bjd->flags != DETECT_BYTEJUMP_OFFSET_VAR || bjd->offset != 1) {
         printf("four failed\n");
         result = 0;
         goto end;
diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c
index b0b0347746..c20e49d9c5 100644
--- a/src/detect-bytejump.c
+++ b/src/detect-bytejump.c
@@ -564,7 +564,7 @@ static int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, const char
             goto error;
         }
         data->offset = index;
-        data->flags |= DETECT_CONTENT_OFFSET_VAR;
+        data->flags |= DETECT_BYTEJUMP_OFFSET_VAR;
         SCFree(offset);
         offset = NULL;
     }
diff --git a/src/detect-bytejump.h b/src/detect-bytejump.h
index f8ee530b38..15f6103443 100644
--- a/src/detect-bytejump.h
+++ b/src/detect-bytejump.h
@@ -41,6 +41,7 @@
 #define DETECT_BYTEJUMP_OFFSET_BE BIT_U16(7) /**< "byte extract" enabled */
 #define DETECT_BYTEJUMP_END       BIT_U16(8) /**< "from_end" jump */
 #define DETECT_BYTEJUMP_NBYTES_VAR BIT_U16(9) /**< nbytes string*/
+#define DETECT_BYTEJUMP_OFFSET_VAR BIT_U16(10) /**< byte extract value enabled */
 
 typedef struct DetectBytejumpData_ {
     uint8_t nbytes;                   /**< Number of bytes to compare */
diff --git a/src/detect-engine-content-inspection.c b/src/detect-engine-content-inspection.c
index 8c5feb61a2..06b18283fb 100644
--- a/src/detect-engine-content-inspection.c
+++ b/src/detect-engine-content-inspection.c
@@ -515,7 +515,7 @@ uint8_t DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThrea
         int32_t offset = bjd->offset;
         int32_t nbytes;
 
-        if (bjflags & DETECT_CONTENT_OFFSET_VAR) {
+        if (bjflags & DETECT_BYTEJUMP_OFFSET_VAR) {
             offset = det_ctx->byte_values[offset];
         }
 
-- 
2.47.2