From 6d169fa90982239c5717ae85ae986f22a324496f Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Thu, 11 Jun 2020 09:08:42 -0400
Subject: [PATCH] detect/content: Validate content byte array

This commit checks whether the content byte array is compatible with the
transforms, if any, for the rule.

(cherry picked from commit 051465ee74422eb7578bdb8ef92f76037d7c47ec)
---
 src/detect-content.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/detect-content.c b/src/detect-content.c
index edfbada6f7..8f7ddea461 100644
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -335,6 +335,17 @@ int DetectContentSetup(DetectEngineCtx *de_ctx, Signature *s, const char *conten
     int sm_list = s->init_data->list;
     if (sm_list == DETECT_SM_LIST_NOTSET) {
         sm_list = DETECT_SM_LIST_PMATCH;
+    } else if (sm_list > DETECT_SM_LIST_MAX &&
+            0 == (cd->flags & DETECT_CONTENT_NEGATED)) {
+        /* Check transform compatibility */
+        const char *tstr;
+        if (!DetectBufferTypeValidateTransform(de_ctx, sm_list, cd->content,
+                    cd->content_len, &tstr)) {
+            SCLogError(SC_ERR_INVALID_SIGNATURE,
+                    "content string \"%s\" incompatible with %s transform",
+                    contentstr, tstr);
+            goto error;
+        }
     }
 
     sm = SigMatchAlloc();
-- 
2.47.2