detect: fix fileext and filename negated match

fix bug in fileext and filename preventing negated match to work correctly. Previously, negated fileext (such as !"php") would cause a match anyway on files that have extension php, as the last if would not be accessed. Using the same workflow as detect-filemagic we remove the final isolated if and set it as a branch of the previous if.
7 years ago · f32cc6ca9c
parent 9370805af6
commit f32cc6ca9c
2 changed files with 2 additions and 4 deletions
--- a/src/detect-fileext.c
+++ b/src/detect-fileext.c
@ -116,9 +116,7 @@ static int DetectFileextMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
            ret = 1;
            SCLogDebug("File ext found");
        }
-    }
-
-    if (ret == 0 && (fileext->flags & DETECT_CONTENT_NEGATED)) {
+    } else if (fileext->flags & DETECT_CONTENT_NEGATED) {
        SCLogDebug("negated match");
        ret = 1;
    }
--- a/src/detect-filename.c
+++ b/src/detect-filename.c
@ -156,7 +156,7 @@ static int DetectFilenameMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
        }
    }

-    if (ret == 0 && (filename->flags & DETECT_CONTENT_NEGATED)) {
+    else if (filename->flags & DETECT_CONTENT_NEGATED) {
        SCLogDebug("negated match");
        ret = 1;
    }