Project

General

Profile

Actions

Bug #163

closed

suricata error with byte_jump and content+within after

Added by rmkml rmkml about 14 years ago. Updated almost 14 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hi,
Suricata v0.9.0 or git today have a error with this sig:
[22914] 20/5/2010 -- 17:08:17 - (detect-within.c:177) <Error> (DetectWithinSetup) -- [ERRCODE: SC_ERR_WITHIN_MISSING_CONTENT(101)] - within needs two preceeding content or uricontent options
[22914] 20/5/2010 -- 17:08:17 - (detect.c:319) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(37)] - Error parsing signature "alert tcp any 80 -> any any (msg:"suricata test"; flow:from_server,established; byte_jump:1,2; content:"|00|"; within:1; distance:2; classtype:attempted-admin; sid:98711212; rev:1;)" from file ...
Regards
Rmkml


Files

Actions #1

Updated by Victor Julien almost 14 years ago

  • Due date set to 06/04/2010
  • Assignee set to OISF Dev
  • Target version set to 0.9.2
  • Estimated time set to 2.50 h
Actions #2

Updated by Gurvinder Singh almost 14 years ago

The problem wasn't reported in the within, it was fixed by previous fixes of the similar bugs. In the current master, the issue has been reported in detect-distance.c. Attached patch fixes the issue.

Actions #3

Updated by Victor Julien almost 14 years ago

  • Status changed from Resolved to Closed
  • % Done changed from 90 to 100

Applied, thanks Gurvinder.

Actions

Also available in: Atom PDF