aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect-tls-cert-serial: add warning if nocase is used

Browse Source
pull/3368/head
Mats Klepsland 8 years ago committed by Victor Julien
parent 2c5d5bbdaa
commit 2501d48ac8
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File

9
src/detect-tls-cert-serial.c
Unescape Escape View File

@ -153,7 +153,14 @@ static _Bool DetectTlsSerialValidateCallback(const Signature *s,
if (sm->type != DETECT_CONTENT)
continue;
DetectContentData *cd = (DetectContentData *)sm->ctx;
const DetectContentData *cd = (DetectContentData *)sm->ctx;
if (cd->flags & DETECT_CONTENT_NOCASE) {
*sigerror = "tls_cert_serial should not be used together "
"with nocase, since the rule is automatically "
"uppercased anyway which makes nocase redundant.";
SCLogWarning(SC_WARN_POOR_RULE, "rule %u: %s", s->id, *sigerror);
}
/* no need to worry about this if the content is short enough */
if (cd->content_len <= 2)

Write Preview
Loading…
Cancel
Save