aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: fix fileext and filename negated match

Browse Source 
fix bug in fileext and filename preventing negated match to work
correctly. Previously, negated fileext (such as !"php") would cause a
match anyway on files that have extension php, as the last if would not
be accessed.

Using the same workflow as detect-filemagic we remove the final
isolated if and set it as a branch of the previous if.
pull/3446/head
Maurizio Abba 7 years ago committed by Victor Julien
parent 9370805af6
commit f32cc6ca9c
2 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File

4
src/detect-fileext.c
Unescape Escape View File

@ -116,9 +116,7 @@ static int DetectFileextMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
ret = 1; ret = 1;
SCLogDebug("File ext found"); SCLogDebug("File ext found");
} }
} } else if (fileext->flags & DETECT_CONTENT_NEGATED) {
if (ret == 0 && (fileext->flags & DETECT_CONTENT_NEGATED)) {
SCLogDebug("negated match"); SCLogDebug("negated match");
ret = 1; ret = 1;
} }

2
src/detect-filename.c
Unescape Escape View File

@ -156,7 +156,7 @@ static int DetectFilenameMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
} }
} }
if (ret == 0 && (filename->flags & DETECT_CONTENT_NEGATED)) { else if (filename->flags & DETECT_CONTENT_NEGATED) {
SCLogDebug("negated match"); SCLogDebug("negated match");
ret = 1; ret = 1;
} }

Write Preview
Loading…
Cancel
Save