aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect-tls-cert-fingerprint: add warning if nocase is used

Browse Source
pull/3368/head
Mats Klepsland 7 years ago committed by Victor Julien
parent 4c9d448fa1
commit 2c5d5bbdaa
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File

8
src/detect-tls-cert-fingerprint.c
Unescape Escape View File

@ -154,7 +154,7 @@ static _Bool DetectTlsFingerprintValidateCallback(const Signature *s,
if (sm->type != DETECT_CONTENT)
continue;
DetectContentData *cd = (DetectContentData *)sm->ctx;
const DetectContentData *cd = (DetectContentData *)sm->ctx;
if (cd->content_len != 59) {
*sigerror = "Invalid length of the specified fingerprint. "
@ -181,6 +181,12 @@ static _Bool DetectTlsFingerprintValidateCallback(const Signature *s,
return FALSE;
}
if (cd->flags & DETECT_CONTENT_NOCASE) {
*sigerror = "tls_cert_fingerprint should not be used together "
"with nocase, since the rule is automatically "
"lowercased anyway which makes nocase redundant.";
SCLogWarning(SC_WARN_POOR_RULE, "rule %u: %s", s->id, *sigerror);
}
}
return TRUE;

Write Preview
Loading…
Cancel
Save