diff --git a/rust/src/asn1/mod.rs b/rust/src/asn1/mod.rs index 4b77b0ca28..cf382cf607 100644 --- a/rust/src/asn1/mod.rs +++ b/rust/src/asn1/mod.rs @@ -218,7 +218,7 @@ fn asn1_decode<'a>( /// pointer must be freed using `rs_asn1_free` #[no_mangle] pub unsafe extern "C" fn rs_asn1_decode( - input: *const u8, input_len: u16, buffer_offset: u32, ad_ptr: *const DetectAsn1Data, + input: *const u8, input_len: u32, buffer_offset: u32, ad_ptr: *const DetectAsn1Data, ) -> *mut Asn1<'static> { if input.is_null() || input_len == 0 || ad_ptr.is_null() { return std::ptr::null_mut(); diff --git a/src/detect-asn1.c b/src/detect-asn1.c index 5b3a3a2229..c70bf8921f 100644 --- a/src/detect-asn1.c +++ b/src/detect-asn1.c @@ -36,8 +36,6 @@ #include "util-byte.h" #include "util-debug.h" -static int DetectAsn1Match(DetectEngineThreadCtx *, Packet *, - const Signature *, const SigMatchCtx *); static int DetectAsn1Setup (DetectEngineCtx *, Signature *, const char *); #ifdef UNITTESTS static void DetectAsn1RegisterTests(void); @@ -50,7 +48,6 @@ static void DetectAsn1Free(DetectEngineCtx *, void *); void DetectAsn1Register(void) { sigmatch_table[DETECT_ASN1].name = "asn1"; - sigmatch_table[DETECT_ASN1].Match = DetectAsn1Match; sigmatch_table[DETECT_ASN1].Setup = DetectAsn1Setup; sigmatch_table[DETECT_ASN1].Free = DetectAsn1Free; #ifdef UNITTESTS @@ -58,37 +55,14 @@ void DetectAsn1Register(void) #endif } -/** - * \brief This function will decode the asn1 data and inspect the resulting - * nodes to detect if any of the specified checks match this data - * - * \param det_ctx pointer to the detect engine thread context - * \param p pointer to the current packet - * \param s pointer to the signature - * \param ctx pointer to the sigmatch that we will cast into `DetectAsn1Data` - * - * \retval 1 match - * \retval 0 no match - */ -static int DetectAsn1Match(DetectEngineThreadCtx *det_ctx, Packet *p, - const Signature *s, const SigMatchCtx *ctx) +bool DetectAsn1Match(const SigMatchData *smd, const uint8_t *buffer, const uint32_t buffer_len, + const uint32_t offset) { - uint8_t ret = 0; - - if (p->payload_len == 0) { - /* No error, parser done, no data in bounds to decode */ - return 0; - } - - const DetectAsn1Data *ad = (const DetectAsn1Data *)ctx; - - Asn1 *asn1 = rs_asn1_decode(p->payload, p->payload_len, det_ctx->buffer_offset, ad); - - ret = rs_asn1_checks(asn1, ad); - + const DetectAsn1Data *ad = (const DetectAsn1Data *)smd->ctx; + Asn1 *asn1 = rs_asn1_decode(buffer, buffer_len, offset, ad); + uint8_t ret = rs_asn1_checks(asn1, ad); rs_asn1_free(asn1); - - return ret; + return ret == 1; } /** @@ -127,12 +101,13 @@ static int DetectAsn1Setup(DetectEngineCtx *de_ctx, Signature *s, const char *as if (ad == NULL) return -1; - if (SigMatchAppendSMToList(de_ctx, s, DETECT_ASN1, (SigMatchCtx *)ad, DETECT_SM_LIST_MATCH) == + if (SigMatchAppendSMToList(de_ctx, s, DETECT_ASN1, (SigMatchCtx *)ad, DETECT_SM_LIST_PMATCH) == NULL) { DetectAsn1Free(de_ctx, ad); return -1; } + s->flags |= SIG_FLAG_REQUIRE_PACKET; return 0; } diff --git a/src/detect-asn1.h b/src/detect-asn1.h index a7b67340aa..8c81ddcb30 100644 --- a/src/detect-asn1.h +++ b/src/detect-asn1.h @@ -26,4 +26,7 @@ /* prototypes */ void DetectAsn1Register (void); +bool DetectAsn1Match(const SigMatchData *smd, const uint8_t *buffer, const uint32_t buffer_len, + const uint32_t offset); + #endif /* __DETECT_ASN1_H__ */ diff --git a/src/detect-engine-content-inspection.c b/src/detect-engine-content-inspection.c index 1ec78fb550..0070494380 100644 --- a/src/detect-engine-content-inspection.c +++ b/src/detect-engine-content-inspection.c @@ -31,6 +31,7 @@ #include "detect.h" #include "detect-engine.h" #include "detect-parse.h" +#include "detect-asn1.h" #include "detect-content.h" #include "detect-pcre.h" #include "detect-isdataat.h" @@ -656,6 +657,13 @@ int DetectEngineContentInspectionInternal(DetectEngineCtx *de_ctx, DetectEngineT } } } + } else if (smd->type == DETECT_ASN1) { + if (!DetectAsn1Match(smd, buffer, buffer_len, det_ctx->buffer_offset)) { + SCLogDebug("asn1 no_match"); + goto no_match; + } + SCLogDebug("asn1 match"); + goto match; } else { SCLogDebug("sm->type %u", smd->type); #ifdef DEBUG