detect-tls-cert-fingerprint: add setup callback to lowercase content

Add setup callback that lowercase the content that follows 'tls_cert_fingerprint'.
8 years ago · 52d9d45747
parent f788719348
commit 52d9d45747
1 changed files with 35 additions and 0 deletions
--- a/src/detect-tls-cert-fingerprint.c
+++ b/src/detect-tls-cert-fingerprint.c
@ -60,6 +60,8 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
        const DetectEngineTransforms *transforms,
        Flow *_f, const uint8_t _flow_flags,
        void *txv, const int list_id);
+static void DetectTlsFingerprintSetupCallback(const DetectEngineCtx *de_ctx,
+        Signature *s);
 static _Bool DetectTlsFingerprintValidateCallback(const Signature *s,
        const char **sigerror);
 static int g_tls_cert_fingerprint_buffer_id = 0;
@ -90,6 +92,9 @@ void DetectTlsFingerprintRegister(void)
    DetectBufferTypeSetDescriptionByName("tls_cert_fingerprint",
            "TLS certificate fingerprint");

+    DetectBufferTypeRegisterSetupCallback("tls_cert_fingerprint",
+            DetectTlsFingerprintSetupCallback);
+
    DetectBufferTypeRegisterValidateCallback("tls_cert_fingerprint",
            DetectTlsFingerprintValidateCallback);

@ -181,6 +186,36 @@ static _Bool DetectTlsFingerprintValidateCallback(const Signature *s,
    return TRUE;
 }

+static void DetectTlsFingerprintSetupCallback(const DetectEngineCtx *de_ctx,
+                                              Signature *s)
+{
+    SigMatch *sm = s->init_data->smlists[g_tls_cert_fingerprint_buffer_id];
+    for ( ; sm != NULL; sm = sm->next)
+    {
+        if (sm->type != DETECT_CONTENT)
+            continue;
+
+        DetectContentData *cd = (DetectContentData *)sm->ctx;
+
+        _Bool changed = FALSE;
+        uint32_t u;
+        for (u = 0; u < cd->content_len; u++)
+        {
+            if (isupper(cd->content[u])) {
+                cd->content[u] = tolower(cd->content[u]);
+                changed = TRUE;
+            }
+        }
+
+        /* recreate the context if changes were made */
+        if (changed) {
+            SpmDestroyCtx(cd->spm_ctx);
+            cd->spm_ctx = SpmInitCtx(cd->content, cd->content_len, 1,
+                                     de_ctx->spm_global_thread_ctx);
+        }
+    }
+}
+
 #ifdef UNITTESTS

 /**