From 4bc8ad5a9c20ad62e216a3fee03b966fd333762c Mon Sep 17 00:00:00 2001
From: Anoop Saldanha <poonaatsoc@gmail.com>
Date: Wed, 3 Mar 2010 17:28:55 +0530
Subject: [PATCH] fix for bug 113

---
 src/detect-content.c |   28 ++++++++++++++++++++++++++++
 src/detect-engine.c  |    5 +++++
 src/detect-within.c  |    6 ++++++
 src/detect.c         |    8 ++++----
 4 files changed, 43 insertions(+), 4 deletions(-)

diff --git a/src/detect-content.c b/src/detect-content.c
index c924679..4512ae4 100644
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -2712,6 +2712,33 @@ int DetectContentParseNegTest16(void) {
     return result;
 }
 
+/**
+ * \test Test cases where if within specified is < content lenggth we invalidate
+ *       the sig.
+ */
+int DetectContentParseTest17(void)
+{
+    int result = 0;
+    char *sigstr = "alert tcp any any -> any any (msg:\"Dummy\"; "
+        "content:one; content:two; within:2; sid:1;)";
+
+    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+    if (de_ctx == NULL)
+        goto end;
+
+    de_ctx->sig_list = SigInit(de_ctx, sigstr);
+    if (de_ctx->sig_list != NULL)
+        goto end;
+
+    result = 1;
+
+end:
+    SigCleanSignatures(de_ctx);
+    if (de_ctx != NULL)
+        DetectEngineCtxFree(de_ctx);
+    return result;
+}
+
 static int SigTestPositiveTestContent(char *rule, uint8_t *buf)
 {
     uint16_t buflen = strlen((char *)buf);
@@ -3100,6 +3127,7 @@ void DetectContentRegisterTests(void)
     UtRegisterTest("DetectContentParseTest14", DetectContentParseNegTest14, 1);
     UtRegisterTest("DetectContentParseTest15", DetectContentParseNegTest15, 1);
     UtRegisterTest("DetectContentParseTest16", DetectContentParseNegTest16, 1);
+    UtRegisterTest("DetectContentParseTest17", DetectContentParseTest17, 1);
 
     UtRegisterTest("DetectContentChunkTestB2G01 l=32", DetectContentChunkTestB2G01, 1);
     UtRegisterTest("DetectContentChunkTestB3G01 l=32", DetectContentChunkTestB3G01, 1);
diff --git a/src/detect-engine.c b/src/detect-engine.c
index 6c46789..16f4848 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -483,6 +483,11 @@ TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data) {
 TmEcode DetectEngineThreadCtxDeinit(ThreadVars *tv, void *data) {
     DetectEngineThreadCtx *det_ctx = (DetectEngineThreadCtx *)data;
 
+    if (det_ctx == NULL) {
+        SCLogWarning(SC_ERR_INVALID_ARGUMENTS, "argument \"data\" NULL");
+        return TM_ECODE_OK;
+    }
+
     DetectEngineIPOnlyThreadDeinit(&det_ctx->io_ctx);
 
     /** \todo get rid of this static */
diff --git a/src/detect-within.c b/src/detect-within.c
index 620e02f..25f1b88 100644
--- a/src/detect-within.c
+++ b/src/detect-within.c
@@ -60,6 +60,12 @@ int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
     }
 
     cd->within = strtol(str, NULL, 10);
+    if (cd->within < cd->content_len) {
+        SCLogError(SC_ERR_INVALID_SIGNATURE, "within argument \"%d\" is less "
+                   "than the content length \"%s\" which is invalid, since this "
+                   "will never match.  Invalidating signature", cd->within, cd->content);
+        goto error;
+    }
     cd->flags |= DETECT_CONTENT_WITHIN;
 
     /** Propagate the modifiers through the first chunk
diff --git a/src/detect.c b/src/detect.c
index c4bb56b..2f35556 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -7977,11 +7977,11 @@ static int SigTestContent04Wm (void) {
 }
 
 static int SigTestContent05Real (int mpm_type) {
-    uint8_t *buf = (uint8_t *)"01234567890123456789012345678901abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+    uint8_t *buf = (uint8_t *)"01234567890123456789012345678901PADabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
     uint16_t buflen = strlen((char *)buf);
     Packet p;
     ThreadVars th_v;
-    DetectEngineThreadCtx *det_ctx;
+    DetectEngineThreadCtx *det_ctx = NULL;
     int result = 0;
 
     memset(&th_v, 0, sizeof(th_v));
@@ -8000,11 +8000,11 @@ static int SigTestContent05Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; within:31; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; within:32; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         goto end;
     }
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:1; within:33; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:1; within:32; sid:2;)");
     if (de_ctx->sig_list->next == NULL) {
         goto end;
     }
-- 
1.5.5