aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: tcp.flags rejects non-sensical values

Browse Source 
ignored flags are only meaningful for equal mode
pull/14067/head
Philippe Antoine 4 weeks ago committed by Victor Julien
parent 31e9cb55be
commit a1613fecb4
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File

8
rust/src/detect/tcp.rs
Unescape Escape View File

@ -64,6 +64,10 @@ pub fn tcp_flags_parse(s: &str) -> Option<DetectUintData<u8>> {
SCLogError!("Too many commas"); SCLogError!("Too many commas");
return None; return None;
} }
if modifier != DetectBitflagModifier::Equal {
SCLogError!("Ignored flags are only meaningful with equal mode");
return None;
}
ignoring = true; ignoring = true;
} else if let Some(enum_val) = TcpFlag::from_str(vals) { } else if let Some(enum_val) = TcpFlag::from_str(vals) {
let val = enum_val.into_u(); let val = enum_val.into_u();
@ -142,5 +146,9 @@ mod test {
assert!(tcp_flags_parse("+S*").is_none()); assert!(tcp_flags_parse("+S*").is_none());
let ctx = tcp_flags_parse("CE").unwrap(); let ctx = tcp_flags_parse("CE").unwrap();
assert_eq!(ctx.arg2, 0xC0); assert_eq!(ctx.arg2, 0xC0);
assert!(tcp_flags_parse("A,A").is_none());
assert!(tcp_flags_parse("+A,U").is_none());
assert!(tcp_flags_parse("*A,U").is_none());
assert!(tcp_flags_parse("-A,U").is_none());
} }
} }

Write Preview
Loading…
Cancel
Save