From ced401b554ae539dfe0575acd21400c682d65ef6 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Thu, 8 Apr 2010 21:41:18 +0200
Subject: [PATCH] Update http_client_body code to recent changes.

---
 src/detect-content.c          | 29 ++----------------
 src/detect-http-client-body.c |  2 +-
 src/detect-nocase.c           | 57 ++++++++++++++++++++++++++++++++++-
 3 files changed, 60 insertions(+), 28 deletions(-)

diff --git a/src/detect-content.c b/src/detect-content.c
index 683127c0be..d3db773d5e 100644
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -338,42 +338,19 @@ SigMatch *SigMatchGetLastPattern(Signature *s) {
 
     BUG_ON(s == NULL);
 
-    SigMatch *co_sm = DetectContentFindPrevApplicableSM(s->pmatch_tail);
-    SigMatch *ur_sm = SigMatchGetLastSM(s->match_tail, DETECT_URICONTENT);
-    /* http client body SigMatch */
-    SigMatch *hcbd_sm = SigMatchGetLastSM(s->match_tail, DETECT_AL_HTTP_CLIENT_BODY);
+    SigMatch *co_sm = DetectContentGetLastPattern(s->pmatch_tail);
+    SigMatch *ur_sm = SigMatchGetLastSM(s->umatch_tail, DETECT_URICONTENT);
     SigMatch *sm = NULL;
 
-    if (co_sm != NULL && ur_sm != NULL && hcbd_sm != NULL) {
-        BUG_ON(co_sm->idx == ur_sm->idx);
-
-        if (co_sm->idx > ur_sm->idx && ur_sm > hcbd_sm)
-            sm = co_sm;
-        else if (ur_sm->idx > co_sm->idx && co_sm > hcbd_sm)
-            sm = ur_sm;
-        else
-            sm = hcbd_sm;
-    } else if (co_sm != NULL && ur_sm != NULL) {
+    if (co_sm != NULL && ur_sm != NULL) {
         if (co_sm->idx > ur_sm->idx)
             sm = co_sm;
         else
             sm = ur_sm;
-    } else if (co_sm != NULL && hcbd_sm != NULL) {
-        if (co_sm->idx > hcbd_sm->idx)
-            sm = co_sm;
-        else
-            sm = hcbd_sm;
-    } else if (ur_sm != NULL && hcbd_sm != NULL) {
-        if (ur_sm->idx > hcbd_sm->idx)
-            sm = ur_sm;
-        else
-            sm = hcbd_sm;
     } else if (co_sm != NULL) {
         sm = co_sm;
     } else if (ur_sm != NULL) {
         sm = ur_sm;
-    } else if (hcbd_sm != NULL) {
-        sm = hcbd_sm;
     }
 
     SCReturnPtr(sm, "SigMatch");
diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c
index 2ed7036ae1..b555d09a74 100644
--- a/src/detect-http-client-body.c
+++ b/src/detect-http-client-body.c
@@ -164,7 +164,7 @@ int DetectHttpClientBodySetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
         return -1;
     }
 
-    sm = DetectContentFindPrevApplicableSM(s->pmatch_tail);
+    sm = DetectContentGetLastPattern(s->pmatch_tail);
     /* if still we are unable to find any content previous keywords, it is an
      * invalid rule */
     if (sm == NULL) {
diff --git a/src/detect-nocase.c b/src/detect-nocase.c
index 45aa7a4384..b80f628680 100644
--- a/src/detect-nocase.c
+++ b/src/detect-nocase.c
@@ -28,6 +28,61 @@ void DetectNocaseRegister (void) {
     sigmatch_table[DETECT_NOCASE].flags |= SIGMATCH_PAYLOAD;
 }
 
+/** \internal
+ *  \brief get the last pattern sigmatch that supports nocase:
+ *         content, uricontent, http_client_body
+ *
+ *  \param s signature
+ *
+ *  \retval sm sigmatch of either content or uricontent that is the last
+ *             or NULL if none was found
+ */
+static SigMatch *SigMatchGetLastNocasePattern(Signature *s) {
+    SCEnter();
+
+    BUG_ON(s == NULL);
+
+    SigMatch *co_sm = DetectContentGetLastPattern(s->pmatch_tail);
+    SigMatch *ur_sm = SigMatchGetLastSM(s->umatch_tail, DETECT_URICONTENT);
+    /* http client body SigMatch */
+    SigMatch *hcbd_sm = SigMatchGetLastSM(s->match_tail, DETECT_AL_HTTP_CLIENT_BODY);
+    SigMatch *sm = NULL;
+
+    if (co_sm != NULL && ur_sm != NULL && hcbd_sm != NULL) {
+        BUG_ON(co_sm->idx == ur_sm->idx);
+
+        if (co_sm->idx > ur_sm->idx && ur_sm > hcbd_sm)
+            sm = co_sm;
+        else if (ur_sm->idx > co_sm->idx && co_sm > hcbd_sm)
+            sm = ur_sm;
+        else
+            sm = hcbd_sm;
+    } else if (co_sm != NULL && ur_sm != NULL) {
+        if (co_sm->idx > ur_sm->idx)
+            sm = co_sm;
+        else
+            sm = ur_sm;
+    } else if (co_sm != NULL && hcbd_sm != NULL) {
+        if (co_sm->idx > hcbd_sm->idx)
+            sm = co_sm;
+        else
+            sm = hcbd_sm;
+    } else if (ur_sm != NULL && hcbd_sm != NULL) {
+        if (ur_sm->idx > hcbd_sm->idx)
+            sm = ur_sm;
+        else
+            sm = hcbd_sm;
+    } else if (co_sm != NULL) {
+        sm = co_sm;
+    } else if (ur_sm != NULL) {
+        sm = ur_sm;
+    } else if (hcbd_sm != NULL) {
+        sm = hcbd_sm;
+    }
+
+    SCReturnPtr(sm, "SigMatch");
+}
+
 /** \internal
  *  \brief Apply the nocase keyword to the last pattern match, either content or uricontent
  *  \param det_ctx detection engine ctx
@@ -46,7 +101,7 @@ static int DetectNocaseSetup (DetectEngineCtx *de_ctx, Signature *s, char *nulls
     }
     /** Search for the first previous DetectContent or uricontent
      * SigMatch (it can be the same as this one) */
-    SigMatch *pm = SigMatchGetLastPattern(s);
+    SigMatch *pm = SigMatchGetLastNocasePattern(s);
     if (pm == NULL) {
         SCLogError(SC_ERR_NOCASE_MISSING_PATTERN, "nocase needs a preceeding content option");
         SCReturnInt(-1);