return;
}
-SigMatch *DetectByteExtractRetrieveSMVar(const char *arg, Signature *s, int list)
+/**
+ * \brief Lookup the SigMatch for a named byte_extract variable.
+ *
+ * \param arg The name of the byte_extract variable to lookup.
+ * \param s Pointer the signature to look in.
+ *
+ * \retval A pointer to the SigMatch if found, otherwise NULL.
+ */
+SigMatch *DetectByteExtractRetrieveSMVar(const char *arg, Signature *s)
{
- if (list == -1)
- return NULL;
-
DetectByteExtractData *bed = NULL;
- SigMatch *sm = s->sm_lists[list];
-
- while (sm != NULL) {
- if (sm->type == DETECT_BYTE_EXTRACT) {
- bed = (DetectByteExtractData *)sm->ctx;
- if (strcmp(bed->name, arg) == 0) {
- return sm;
+ int list;
+
+ for (list = 0; list < DETECT_SM_LIST_MAX; list++) {
+ SigMatch *sm = s->sm_lists[list];
+ while (sm != NULL) {
+ if (sm->type == DETECT_BYTE_EXTRACT) {
+ bed = (DetectByteExtractData *)sm->ctx;
+ if (strcmp(bed->name, arg) == 0) {
+ return sm;
+ }
}
+ sm = sm->next;
}
- sm = sm->next;
}
return NULL;
void DetectByteExtractFree(void *);
int DetectByteExtractMatch(ThreadVars *, DetectEngineThreadCtx *,
Packet *, Signature *, SigMatch *);
-SigMatch *DetectByteExtractRetrieveSMVar(const char *, Signature *, int);
+SigMatch *DetectByteExtractRetrieveSMVar(const char *, Signature *);
int DetectByteExtractDoMatch(DetectEngineThreadCtx *, SigMatch *, Signature *,
uint8_t *, uint16_t, uint64_t *, uint8_t);
}
if (offset != NULL) {
- SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(offset, s, sm_list);
+ SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(offset, s);
if (bed_sm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
"seen in byte_jump - %s\n", offset);
}
if (value != NULL) {
- SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(value, s, sm_list);
+ SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(value, s);
if (bed_sm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
"seen in byte_test - %s\n", value);
}
if (offset != NULL) {
- SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(offset, s, sm_list);
+ SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(offset, s);
if (bed_sm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
"seen in byte_test - %s\n", offset);
goto end;
}
if (str[0] != '-' && isalpha((unsigned char)str[0])) {
- SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(str, s, SigMatchListSMBelongsTo(s, pm));
+ SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(str, s);
if (bed_sm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_extract var "
"seen in depth - %s\n", str);
goto end;
}
if (str[0] != '-' && isalpha((unsigned char)str[0])) {
- SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(str, s, SigMatchListSMBelongsTo(s, pm));
+ SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(str, s);
if (bed_sm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_extract var "
"seen in distance - %s\n", str);
}
if (offset != NULL) {
- SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(offset, s, sm_list);
+ SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(offset, s);
if (bed_sm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
"seen in isdataat - %s\n", offset);
}
if (str[0] != '-' && isalpha((unsigned char)str[0])) {
SigMatch *bed_sm =
- DetectByteExtractRetrieveSMVar(str, s, SigMatchListSMBelongsTo(s, pm));
+ DetectByteExtractRetrieveSMVar(str, s);
if (bed_sm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_extract var "
"seen in offset - %s\n", str);
goto end;
}
if (str[0] != '-' && isalpha((unsigned char)str[0])) {
- SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(str, s, SigMatchListSMBelongsTo(s, pm));
+ SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(str, s);
if (bed_sm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_extract var "
"seen in within - %s\n", str);
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
-#if 1 /* FAILs */
char sig[] = "alert tcp any any -> any any ( "
"msg:\"test rule\"; "
"content:\"abc\"; "
"within:somevar; "
"http_client_body; "
"sid:4; rev:1;)";
-#else /* WORKs */
- char sig[] = "alert tcp any any -> any any ( "
- "msg:\"test rule\"; "
- "content:\"abc\"; "
- "http_client_body; "
- "byte_extract:2,0,somevar,relative; "
- "content:\"def\"; "
- "http_client_body; "
- "within:somevar; "
- "sid:4; rev:1;)";
-#endif
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
projects / thirdparty / suricata.git / commitdiff
