From 3eec088d3181e800c1ff3623d4c352dad77111d3 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Wed, 28 Nov 2018 10:02:57 +0100 Subject: [PATCH] detect/parse: error out on unused sticky buffers --- src/detect-dns-query.c | 2 +- src/detect-parse.c | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index e22e19ba13..e57a7875d1 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -627,7 +627,7 @@ static int DetectDnsQueryTest03(void) s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " "(msg:\"Test dns_query option\"; " - "content:\"google\"; nocase; dns_query; sid:1;)"); + "dns_query; content:\"google\"; nocase; sid:1;)"); FAIL_IF_NULL(s); SigGroupBuild(de_ctx); diff --git a/src/detect-parse.c b/src/detect-parse.c index c2ab03586a..7760826962 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -1548,6 +1548,16 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s) SCEnter(); + /* check for sticky buffers that were set w/o matches + * e.g. alert ... (file_data; sid:1;) */ + if (s->init_data->list != DETECT_SM_LIST_NOTSET) { + if (s->init_data->smlists[s->init_data->list] == NULL) { + SCLogError(SC_ERR_INVALID_SIGNATURE, "rule %u setup buffer %s but didn't add matches to it", + s->id, DetectBufferTypeGetNameById(de_ctx, s->init_data->list)); + SCReturnInt(0); + } + } + /* run buffer type validation callbacks if any */ if (s->init_data->smlists[DETECT_SM_LIST_PMATCH]) { if (DetectContentPMATCHValidateCallback(s) == FALSE) -- 2.47.2