aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/icmp: reject invalid rules for icode/itype

Browse Source
pull/5953/head
Victor Julien 5 years ago
parent 7d6835958b
commit 68f8b2f40f
2 changed files with 40 additions and 6 deletions
Show Stats Download Patch File Download Diff File

23
src/detect-icode.c
Unescape Escape View File

@ -191,8 +191,25 @@ static DetectICodeData *DetectICodeParse(DetectEngineCtx *de_ctx, const char *ic
"valid", args[1]); "valid", args[1]);
goto error; goto error;
} }
if ((strcmp(args[0], ">")) == 0) icd->mode = DETECT_ICODE_GT; if ((strcmp(args[0], ">")) == 0) {
else icd->mode = DETECT_ICODE_LT; if (icd->code1 == 255) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"specified icmp code >%s is not "
"valid",
args[1]);
goto error;
}
icd->mode = DETECT_ICODE_GT;
} else {
if (icd->code1 == 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"specified icmp code <%s is not "
"valid",
args[1]);
goto error;
}
icd->mode = DETECT_ICODE_LT;
}
} else { /* no "<", ">" */ } else { /* no "<", ">" */
/* we have a range ("<>") */ /* we have a range ("<>") */
if (args[2] != NULL) { if (args[2] != NULL) {
@ -590,4 +607,4 @@ void DetectICodeRegisterTests(void)
UtRegisterTest("DetectICodeParseTest08", DetectICodeParseTest08); UtRegisterTest("DetectICodeParseTest08", DetectICodeParseTest08);
UtRegisterTest("DetectICodeMatchTest01", DetectICodeMatchTest01); UtRegisterTest("DetectICodeMatchTest01", DetectICodeMatchTest01);
} }
#endif /* UNITTESTS */ #endif /* UNITTESTS */

23
src/detect-itype.c
Unescape Escape View File

@ -191,8 +191,25 @@ static DetectITypeData *DetectITypeParse(DetectEngineCtx *de_ctx, const char *it
"valid", args[1]); "valid", args[1]);
goto error; goto error;
} }
if ((strcmp(args[0], ">")) == 0) itd->mode = DETECT_ITYPE_GT; if ((strcmp(args[0], ">")) == 0) {
else itd->mode = DETECT_ITYPE_LT; if (itd->type1 == 255) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"specified icmp type >%s is not "
"valid",
args[1]);
goto error;
}
itd->mode = DETECT_ITYPE_GT;
} else {
if (itd->type1 == 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"specified icmp type <%s is not "
"valid",
args[1]);
goto error;
}
itd->mode = DETECT_ITYPE_LT;
}
} else { /* no "<", ">" */ } else { /* no "<", ">" */
/* we have a range ("<>") */ /* we have a range ("<>") */
if (args[2] != NULL) { if (args[2] != NULL) {
@ -595,4 +612,4 @@ void DetectITypeRegisterTests(void)
UtRegisterTest("DetectITypeParseTest08", DetectITypeParseTest08); UtRegisterTest("DetectITypeParseTest08", DetectITypeParseTest08);
UtRegisterTest("DetectITypeMatchTest01", DetectITypeMatchTest01); UtRegisterTest("DetectITypeMatchTest01", DetectITypeMatchTest01);
} }
#endif /* UNITTESTS */ #endif /* UNITTESTS */

Write Preview
Loading…
Cancel
Save