warn users that we don't support content strings whose length's > 255.

diff --git a/src/detect-content.c b/src/detect-content.c
index 2263c30fb2a8ad7d7cf87bf378a577c8d63e3c18..5e6371d3bc90679787c0c612817d1871ee4b6b6b 100644 (file)
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -222,6 +222,13 @@ DetectContentData *DetectContentParse (char *contentstr)
     if (ret == -1) {
         return NULL;
     }
+    if (len > 255) {
+        SCLogError(SC_ERR_NOT_SUPPORTED, "Currently we don't support content "
+                   "length greater than 255.  Please split the pattern, if "
+                   "length > 255.  The length of the content after "
+                   "normalization is \"%"PRIu16"\".", len);
+        return NULL;
+    }
 
     cd = SCMalloc(sizeof(DetectContentData) + len);
     if (unlikely(cd == NULL)) {
@@ -2066,6 +2073,122 @@ end:
     return result;
 }
 
+int DetectContentParseTest41(void)
+{
+    int result = 1;
+    DetectContentData *cd = NULL;
+    int patlen = 257;
+    char *teststring = SCMalloc(sizeof(char) * (patlen + 1));
+    if (teststring == NULL)
+        return 0;
+    int idx = 0;
+    teststring[idx++] = '\"';
+    for (int i = 0; i < (patlen - 2); idx++, i++) {
+        teststring[idx] = 'a';
+    }
+    teststring[idx++] = '\"';
+    teststring[idx++] = '\0';
+
+    cd = DetectContentParse(teststring);
+    if (cd == NULL) {
+        SCLogDebug("expected not NULL");
+        result = 0;
+    }
+
+    SCFree(teststring);
+    DetectContentFree(cd);
+    return result;
+}
+
+int DetectContentParseTest42(void)
+{
+    int result = 1;
+    DetectContentData *cd = NULL;
+    int patlen = 258;
+    char *teststring = SCMalloc(sizeof(char) * (patlen + 1));
+    if (teststring == NULL)
+        return 0;
+    int idx = 0;
+    teststring[idx++] = '\"';
+    for (int i = 0; i < (patlen - 2); idx++, i++) {
+        teststring[idx] = 'a';
+    }
+    teststring[idx++] = '\"';
+    teststring[idx++] = '\0';
+
+    cd = DetectContentParse(teststring);
+    if (cd != NULL) {
+        SCLogDebug("expected NULL got %p: ", cd);
+        result = 0;
+    }
+
+    SCFree(teststring);
+    DetectContentFree(cd);
+    return result;
+}
+
+int DetectContentParseTest43(void)
+{
+    int result = 1;
+    DetectContentData *cd = NULL;
+    int patlen = 260;
+    char *teststring = SCMalloc(sizeof(char) * (patlen + 1));
+    if (teststring == NULL)
+        return 0;
+    int idx = 0;
+    teststring[idx++] = '\"';
+    teststring[idx++] = '|';
+    teststring[idx++] = '4';
+    teststring[idx++] = '6';
+    teststring[idx++] = '|';
+    for (int i = 0; i < (patlen - 6); idx++, i++) {
+        teststring[idx] = 'a';
+    }
+    teststring[idx++] = '\"';
+    teststring[idx++] = '\0';
+
+    cd = DetectContentParse(teststring);
+    if (cd == NULL) {
+        SCLogDebug("expected not NULL");
+        result = 0;
+    }
+
+    SCFree(teststring);
+    DetectContentFree(cd);
+    return result;
+}
+
+int DetectContentParseTest44(void)
+{
+    int result = 1;
+    DetectContentData *cd = NULL;
+    int patlen = 261;
+    char *teststring = SCMalloc(sizeof(char) * (patlen + 1));
+    if (teststring == NULL)
+        return 0;
+    int idx = 0;
+    teststring[idx++] = '\"';
+    teststring[idx++] = '|';
+    teststring[idx++] = '4';
+    teststring[idx++] = '6';
+    teststring[idx++] = '|';
+    for (int i = 0; i < (patlen - 6); idx++, i++) {
+        teststring[idx] = 'a';
+    }
+    teststring[idx++] = '\"';
+    teststring[idx++] = '\0';
+
+    cd = DetectContentParse(teststring);
+    if (cd != NULL) {
+        SCLogDebug("expected NULL got %p: ", cd);
+        result = 0;
+    }
+
+    SCFree(teststring);
+    DetectContentFree(cd);
+    return result;
+}
+
 static int SigTestNegativeTestContent(char *rule, uint8_t *buf)
 {
     uint16_t buflen = strlen((char *)buf);
@@ -2490,6 +2613,10 @@ void DetectContentRegisterTests(void)
     UtRegisterTest("DetectContentParseTest38", DetectContentParseTest38, 1);
     UtRegisterTest("DetectContentParseTest39", DetectContentParseTest39, 1);
     UtRegisterTest("DetectContentParseTest40", DetectContentParseTest40, 1);
+    UtRegisterTest("DetectContentParseTest41", DetectContentParseTest41, 1);
+    UtRegisterTest("DetectContentParseTest42", DetectContentParseTest42, 1);
+    UtRegisterTest("DetectContentParseTest43", DetectContentParseTest43, 1);
+    UtRegisterTest("DetectContentParseTest44", DetectContentParseTest44, 1);
 
     /* The reals */
     UtRegisterTest("DetectContentLongPatternMatchTest01", DetectContentLongPatternMatchTest01, 1);

diff --git a/src/util-error.c b/src/util-error.c
index 005e34ece2bccffe24a42b67bbc6629b035825c9..0a5e02b40d9ed676f74c8ec1cdf4eeeead8d4097 100644 (file)
--- a/src/util-error.c
+++ b/src/util-error.c
@@ -240,6 +240,7 @@ const char * SCErrorToString(SCError err)
         CASE_CODE (SC_ERR_LUAJIT_ERROR);
         CASE_CODE (SC_ERR_DEFRAG_INIT);
         CASE_CODE (SC_ERR_NO_REPUTATION);
+        CASE_CODE (SC_ERR_NOT_SUPPORTED);
         default:
             return "UNKNOWN_ERROR";
     }

diff --git a/src/util-error.h b/src/util-error.h
index 3b3f8b1475098dca0ade5adcb333aa873a28c50b..b9b0f0b2fdf7ca662854ac41f0a0d7805ccf2005 100644 (file)
--- a/src/util-error.h
+++ b/src/util-error.h
@@ -254,6 +254,7 @@ typedef enum {
     SC_ERR_NAPATECH_STAT_DROPS_FAILED,
     SC_ERR_NAPATECH_PARSE_CONFIG,
     SC_ERR_NO_REPUTATION,
+    SC_ERR_NOT_SUPPORTED,
 } SCError;
 
 const char *SCErrorToString(SCError);