From c3d98f96402064b67d67b9481431010e8fd3f42e Mon Sep 17 00:00:00 2001
From: Anoop Saldanha <anoopsaldanha@gmail.com>
Date: Thu, 13 Jun 2013 20:24:55 +0530
Subject: [PATCH] Fix the bug specified in the previous commit.

Bug emanates from byte_test, byte_jump and byte_extract keyword being
unable to handle negative offsets when the inspection pointer is at the
end of the buffer.
---
 src/detect-byte-extract.c | 9 ++++-----
 src/detect-bytejump.c     | 8 ++++----
 src/detect-bytetest.c     | 9 ++++-----
 3 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c
index f70dc79ac0..6a20b188d0 100644
--- a/src/detect-byte-extract.c
+++ b/src/detect-byte-extract.c
@@ -156,14 +156,13 @@ int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, SigMatch *sm,
         ptr = payload + det_ctx->buffer_offset;
         len = payload_len - det_ctx->buffer_offset;
 
-        /* No match if there is no relative base */
-        if (len == 0) {
-            return 0;
-        }
-
         ptr += data->offset;
         len -= data->offset;
 
+        /* No match if there is no relative base */
+        if (len <= 0) {
+            return 0;
+        }
         //PrintRawDataFp(stdout,ptr,len);
     } else {
         SCLogDebug("absolute, data->offset %"PRIu32"", data->offset);
diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c
index 185089445b..ac65197b65 100644
--- a/src/detect-bytejump.c
+++ b/src/detect-bytejump.c
@@ -129,13 +129,13 @@ int DetectBytejumpDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s,
         ptr = payload + det_ctx->buffer_offset;
         len = payload_len - det_ctx->buffer_offset;
 
+        ptr += offset;
+        len -= offset;
+
         /* No match if there is no relative base */
-        if (ptr == NULL || len == 0) {
+        if (ptr == NULL || len <= 0) {
             SCReturnInt(0);
         }
-
-        ptr += offset;
-        len -= offset;
     }
     else {
         ptr = payload + offset;
diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c
index 109837400f..7e849f1777 100644
--- a/src/detect-bytetest.c
+++ b/src/detect-bytetest.c
@@ -136,14 +136,13 @@ int DetectBytetestDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s, SigMatch
         ptr = payload + det_ctx->buffer_offset;
         len = payload_len - det_ctx->buffer_offset;
 
-        /* No match if there is no relative base */
-        if (ptr == NULL || len == 0) {
-            SCReturnInt(0);
-        }
-
         ptr += offset;
         len -= offset;
 
+        /* No match if there is no relative base */
+        if (ptr == NULL || len <= 0) {
+            SCReturnInt(0);
+        }
         //PrintRawDataFp(stdout,ptr,len);
     }
     else {