From 8ec005afd6da5e88afdf7165647e1419abc08308 Mon Sep 17 00:00:00 2001 From: Maurizio Abba Date: Tue, 31 Jul 2018 07:08:10 +0100 Subject: [PATCH] detect: fix fileext and filename negated match fix bug in fileext and filename preventing negated match to work correctly. Previously, negated fileext (such as !"php") would cause a match anyway on files that have extension php, as the last if would not be accessed. Using the same workflow as detect-filemagic we remove the final isolated if and set it as a branch of the previous if. --- src/detect-fileext.c | 4 +--- src/detect-filename.c | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/detect-fileext.c b/src/detect-fileext.c index 223ebfc216..817a5fe859 100644 --- a/src/detect-fileext.c +++ b/src/detect-fileext.c @@ -116,9 +116,7 @@ static int DetectFileextMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, ret = 1; SCLogDebug("File ext found"); } - } - - if (ret == 0 && (fileext->flags & DETECT_CONTENT_NEGATED)) { + } else if (fileext->flags & DETECT_CONTENT_NEGATED) { SCLogDebug("negated match"); ret = 1; } diff --git a/src/detect-filename.c b/src/detect-filename.c index 27e8dd2b10..190096e593 100644 --- a/src/detect-filename.c +++ b/src/detect-filename.c @@ -141,7 +141,7 @@ static int DetectFilenameMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, } } - if (ret == 0 && (filename->flags & DETECT_CONTENT_NEGATED)) { + else if (filename->flags & DETECT_CONTENT_NEGATED) { SCLogDebug("negated match"); ret = 1; } -- 2.47.2