fix for #529

author Anoop Saldanha <anoopsaldanha@gmail.com>

Fri, 21 Sep 2012 18:44:01 +0000 (00:14 +0530)

committer Victor Julien <victor@inliniac.net>

Mon, 24 Sep 2012 11:46:44 +0000 (13:46 +0200)
author Anoop Saldanha <anoopsaldanha@gmail.com>
Fri, 21 Sep 2012 18:44:01 +0000 (00:14 +0530)
committer Victor Julien <victor@inliniac.net>
Mon, 24 Sep 2012 11:46:44 +0000 (13:46 +0200)
diff --git a/src/detect-pcre.c b/src/detect-pcre.c

index ad3ba3f96ee703c32daf70f1b144bb7d970817a3..e12880efa2ba7e6bc6cbd288e4fe6030826aca3f 100644 (file)
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@@ -188,10 +188,6 @@ int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, Signature *s,
  
      DetectPcreData *pe = (DetectPcreData *)sm->ctx;
  
-    /* If we want to inspect the http body, we will use HTP L7 parser */
-    //if (pe->flags & DETECT_PCRE_HTTP_BODY_AL)
-    //    SCReturnInt(0);
-
      if (pe->flags & DETECT_PCRE_RELATIVE) {
          ptr = payload + det_ctx->buffer_offset;
          len = payload_len - det_ctx->buffer_offset;
@@ -200,13 +196,13 @@ int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, Signature *s,
          len = payload_len;
      }
  
+    int start_offset = 0;
      if (det_ctx->pcre_match_start_offset != 0) {
-        ptr = payload + det_ctx->pcre_match_start_offset;
-        len = payload_len - det_ctx->pcre_match_start_offset;
+        start_offset = (payload + det_ctx->pcre_match_start_offset - ptr);
      }
  
      /* run the actual pcre detection */
-    ret = pcre_exec(pe->re, pe->sd, (char *)ptr, len, 0, 0, ov, MAX_SUBSTRINGS);
+    ret = pcre_exec(pe->re, pe->sd, (char *)ptr, len, start_offset, 0, ov, MAX_SUBSTRINGS);
      SCLogDebug("ret %d (negating %s)", ret, (pe->flags & DETECT_PCRE_NEGATE) ? "set" : "not set");
  
      if (ret == PCRE_ERROR_NOMATCH) {
author	Anoop Saldanha <anoopsaldanha@gmail.com>
	Fri, 21 Sep 2012 18:44:01 +0000 (00:14 +0530)
committer	Victor Julien <victor@inliniac.net>
	Mon, 24 Sep 2012 11:46:44 +0000 (13:46 +0200)