0001-change-behavior-when-http-log-pcre-sigs-fail.patch - Suricata - Open Information Security Foundation

Bug #55 » 0001-change-behavior-when-http-log-pcre-sigs-fail.patch

proper error handling when static sig parsing fails - Will Metcalf, 01/11/2010 12:08 PM

         /* http_uri -- for uricontent */
         sig = SigInit(de_ctx, "alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP GET URI cap\"; flow:to_server,established; content:\"GET \"; depth:4; pcre:\"/^GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; noalert; sid:1;)");
         if (sig == NULL)
             ret = -1;
         if (sig == NULL){
             SCLogError(SC_ERR_INVALID_SIGNATURE,"Failed to parse http logging capture sig possible missing or invalid configuration file.");
             exit(EXIT_FAILURE);
+        }
         prevsig = sig;
         de_ctx->sig_list = sig;
         sig = SigInit(de_ctx, "alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP POST URI cap\"; flow:to_server,established; content:\"POST \"; depth:5; pcre:\"/^POST (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; noalert; sid:2;)");
         if (sig == NULL)
             ret = -1;
         if (sig == NULL){
             SCLogError(SC_ERR_INVALID_SIGNATURE,"Failed to parse http logging capture sig possible missing or invalid configuration file.");
             exit(EXIT_FAILURE);
+        }
         prevsig->next = sig;
         prevsig = sig;
         /* http_host -- for the log-httplog module */
         sig = SigInit(de_ctx, "alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP host cap\"; flow:to_server,established; content:\"|0d 0a|Host:\"; pcre:\"/^Host: (?P<pkt_http_host>.*)\\r\\n/m\"; noalert; sid:3;)");
         if (sig == NULL)
             ret = -1;
         if (sig == NULL){
             SCLogError(SC_ERR_INVALID_SIGNATURE,"Failed to parse http logging capture sig possible missing or invalid configuration file.");
             exit(EXIT_FAILURE);
+        }
         prevsig->next = sig;
         prevsig = sig;
         /* http_ua -- for the log-httplog module */
         sig = SigInit(de_ctx, "alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP UA cap\"; flow:to_server,established; content:\"|0d 0a|User-Agent:\"; pcre:\"/^User-Agent: (?P<pkt_http_ua>.*)\\r\\n/m\"; noalert; sid:4;)");
         if (sig == NULL)
             ret = -1;
         if (sig == NULL){
             SCLogError(SC_ERR_INVALID_SIGNATURE,"Failed to parse http logging capture sig possible missing or invalid configuration file.");
             exit(EXIT_FAILURE);
+        }
         prevsig->next = sig;

« Previous
1
2
3
Next »

(1-1/3)

Project

General

Profile

Suricata

Bug #55 » 0001-change-behavior-when-http-log-pcre-sigs-fail.patch