aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix uricontent scan for copied siggroupheads.

Browse Source
remotes/origin/master-1.0.x
Victor Julien 16 years ago
parent 69e056e33f
commit 21364b34dc
3 changed files with 10 additions and 11 deletions
Show Stats Download Patch File Download Diff File

11
src/detect-engine-mpm.c
Unescape Escape View File

@ -313,7 +313,7 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
if (sh->mpm_content_maxlen > content_maxlen) if (sh->mpm_content_maxlen > content_maxlen)
sh->mpm_content_maxlen = content_maxlen; sh->mpm_content_maxlen = content_maxlen;
} }
if (uricontent_maxlen) { if (uricontent_cnt) {
if (sh->mpm_uricontent_maxlen == 0) sh->mpm_uricontent_maxlen = uricontent_maxlen; if (sh->mpm_uricontent_maxlen == 0) sh->mpm_uricontent_maxlen = uricontent_maxlen;
if (sh->mpm_uricontent_maxlen > uricontent_maxlen) if (sh->mpm_uricontent_maxlen > uricontent_maxlen)
sh->mpm_uricontent_maxlen = uricontent_maxlen; sh->mpm_uricontent_maxlen = uricontent_maxlen;
@ -341,9 +341,9 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
if (sh->mpm_uricontent_maxlen >= ud->uricontent_len) { if (sh->mpm_uricontent_maxlen >= ud->uricontent_len) {
if (ud->flags & DETECT_URICONTENT_NOCASE) { if (ud->flags & DETECT_URICONTENT_NOCASE) {
sh->mpm_uri_ctx->AddPatternNocase(sh->mpm_uri_scan_ctx, ud->uricontent, ud->uricontent_len, ud->id); sh->mpm_uri_scan_ctx->AddPatternNocase(sh->mpm_uri_scan_ctx, ud->uricontent, ud->uricontent_len, ud->id);
} else { } else {
sh->mpm_uri_ctx->AddPattern(sh->mpm_uri_scan_ctx, ud->uricontent, ud->uricontent_len, ud->id); sh->mpm_uri_scan_ctx->AddPattern(sh->mpm_uri_scan_ctx, ud->uricontent, ud->uricontent_len, ud->id);
} }
break; break;
} }
@ -424,11 +424,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
//sh->mpm_uri_ctx->PrintCtx(sh->mpm_uri_ctx); //sh->mpm_uri_ctx->PrintCtx(sh->mpm_uri_ctx);
} }
//printf("Printing info...\n");
//sh->mpm_ctx.PrintCtx(&sh->mpm_ctx);
//sh->mpm_uri_ctx.PrintCtx(&sh->mpm_uri_ctx);
//printf("mpm_ctx %p\n", &sh->mpm_uri_ctx);
return 0; return 0;
error: error:
/* XXX */ /* XXX */

8
src/detect-uricontent.c
Unescape Escape View File

@ -240,9 +240,13 @@ int DetectUricontentMatch (ThreadVars *t, PatternMatcherThread *pmt, Packet *p,
return 0; return 0;
if (pmt->de_have_httpuri == 1 && pmt->de_scanned_httpuri == 0) { if (pmt->de_have_httpuri == 1 && pmt->de_scanned_httpuri == 0) {
pmt->de_scanned_httpuri = 1;
//printf("DetectUricontentMatch: pmt->sgh %p, pmt->mcu %p, pmt->mcu_scan %p\n", pmt->sgh, pmt->mcu, pmt->mcu_scan);
/* don't bother scanning if we don't have a pattern matcher ctx /* don't bother scanning if we don't have a pattern matcher ctx
* which means we don't have uricontent sigs */ * which means we don't have uricontent sigs */
if (pmt->mcu == NULL) if (pmt->mcu == NULL || pmt->mcu_scan == NULL)
return 0; return 0;
//printf("DetectUricontentMatch: going to scan uri buffer(s)\n"); //printf("DetectUricontentMatch: going to scan uri buffer(s)\n");
@ -251,7 +255,6 @@ int DetectUricontentMatch (ThreadVars *t, PatternMatcherThread *pmt, Packet *p,
u_int8_t i; u_int8_t i;
for (i = 0; i < p->http_uri.cnt; i++) { for (i = 0; i < p->http_uri.cnt; i++) {
//printf("p->http_uri.raw_size[%u] %u, %p, %s\n", i, p->http_uri.raw_size[i], p->http_uri.raw[i], p->http_uri.raw[i]); //printf("p->http_uri.raw_size[%u] %u, %p, %s\n", i, p->http_uri.raw_size[i], p->http_uri.raw[i], p->http_uri.raw[i]);
//printf("pmt->mcu %p, pmt->mcu_scan %p\n", pmt->mcu, pmt->mcu_scan);
if (pmt->sgh->mpm_uricontent_maxlen <= p->http_uri.raw_size[i]) { if (pmt->sgh->mpm_uricontent_maxlen <= p->http_uri.raw_size[i]) {
if (pmt->sgh->mpm_uricontent_maxlen == 1) pmt->pkts_uri_scanned1++; if (pmt->sgh->mpm_uricontent_maxlen == 1) pmt->pkts_uri_scanned1++;
@ -273,7 +276,6 @@ int DetectUricontentMatch (ThreadVars *t, PatternMatcherThread *pmt, Packet *p,
//printf("DetectUricontentMatch: ret %u\n", ret); //printf("DetectUricontentMatch: ret %u\n", ret);
} }
} }
pmt->de_scanned_httpuri = 1;
//printf("DetectUricontentMatch: final ret %u\n", ret); //printf("DetectUricontentMatch: final ret %u\n", ret);
if (ret == 0) if (ret == 0)

2
src/detect.c
Unescape Escape View File

@ -1410,6 +1410,7 @@ static int BuildDestinationAddressHeads(DetectEngineCtx *de_ctx, DetectAddressGr
de_ctx->mpm_uri_unique++; de_ctx->mpm_uri_unique++;
} else { } else {
sgr->sh->mpm_uri_ctx = mpmsh->mpm_uri_ctx; sgr->sh->mpm_uri_ctx = mpmsh->mpm_uri_ctx;
sgr->sh->mpm_uri_scan_ctx = mpmsh->mpm_uri_scan_ctx;
sgr->sh->flags |= SIG_GROUP_HEAD_MPM_URI_COPY; sgr->sh->flags |= SIG_GROUP_HEAD_MPM_URI_COPY;
SigGroupHeadClearUricontent(sgr->sh); SigGroupHeadClearUricontent(sgr->sh);
@ -1809,6 +1810,7 @@ static int BuildDestinationAddressHeadsWithBothPorts(DetectEngineCtx *de_ctx, De
de_ctx->mpm_uri_unique++; de_ctx->mpm_uri_unique++;
} else { } else {
dp->sh->mpm_uri_ctx = mpmsh->mpm_uri_ctx; dp->sh->mpm_uri_ctx = mpmsh->mpm_uri_ctx;
dp->sh->mpm_uri_scan_ctx = mpmsh->mpm_uri_scan_ctx;
dp->sh->flags |= SIG_GROUP_HEAD_MPM_URI_COPY; dp->sh->flags |= SIG_GROUP_HEAD_MPM_URI_COPY;
SigGroupHeadClearUricontent(dp->sh); SigGroupHeadClearUricontent(dp->sh);

Write Preview
Loading…
Cancel
Save