Bug #163
closedsuricata error with byte_jump and content+within after
Description
Hi,
Suricata v0.9.0 or git today have a error with this sig:
[22914] 20/5/2010 -- 17:08:17 - (detect-within.c:177) <Error> (DetectWithinSetup) -- [ERRCODE: SC_ERR_WITHIN_MISSING_CONTENT(101)] - within needs two preceeding content or uricontent options
[22914] 20/5/2010 -- 17:08:17 - (detect.c:319) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(37)] - Error parsing signature "alert tcp any 80 -> any any (msg:"suricata test"; flow:from_server,established; byte_jump:1,2; content:"|00|"; within:1; distance:2; classtype:attempted-admin; sid:98711212; rev:1;)" from file ...
Regards
Rmkml
Files
VJ Updated by Victor Julien almost 16 years ago
- Due date set to 06/04/2010
- Assignee set to OISF Dev
- Target version set to 0.9.2
- Estimated time set to 2.50 h
GS Updated by Gurvinder Singh almost 16 years ago
- File 0001-added-the-support-for-setting-up-distance-sig-when-p.patch 0001-added-the-support-for-setting-up-distance-sig-when-p.patch added
- Status changed from New to Resolved
- Assignee changed from OISF Dev to Gurvinder Singh
- % Done changed from 0 to 90
The problem wasn't reported in the within, it was fixed by previous fixes of the similar bugs. In the current master, the issue has been reported in detect-distance.c. Attached patch fixes the issue.
VJ Updated by Victor Julien almost 16 years ago
- Status changed from Resolved to Closed
- % Done changed from 90 to 100
Applied, thanks Gurvinder.