Project

General

Profile

Actions

Feature #257

closed

adding negation support to isdataat

Added by Peter Manev over 13 years ago. Updated about 13 years ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

[ERRCODE: SC_ERR_PCRE_MATCH(2)] - pcre_exec parse error, ret -1, string !9,relative

Example:

[9838] 20/12/2010 -- 11:50:18 - (detect-isdataat.c:146) <Error> (DetectIsdataatParse) -- [ERRCODE: SC_ERR_PCRE_MATCH(2)] - pcre_exec parse error, ret -1, string !9,relative

[9838] 20/12/2010 -- 11:50:18 - (detect.c:526) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "alert udp $EXTERNAL_NET any -> $DNS_SERVERS 53 (msg:"SPECIFIC-THREATS ISC BIND DNSSEC Validation Multiple RRsets DoS"; flow:to_server; content:"|01 10|"; depth:2; offset:2; content:"|00 80 01 00 01 00 00 29|"; isdataat:!9,relative; content:"|03|com"; content:"|03|com"; within:4; distance:4; metadata:policy balanced-ips drop, policy security-ips drop; reference:bugtraq,22231; reference:cve,2007-0494; classtype:attempted-dos; sid:17680; rev:1;)" from file /etc/suricata/rules/specific-threats.rules at line 540


Files

Actions #1

Updated by Victor Julien over 13 years ago

  • Due date set to 01/07/2011
  • Status changed from New to Assigned
  • Assignee set to Anoop Saldanha
  • Target version set to 1.1beta2
  • Estimated time set to 5.00 h
Actions #3

Updated by Victor Julien about 13 years ago

Thanks Anoop. Why did you disable this code?

    //if (idad != NULL)
    //    DetectIsdataatFree(idad);
    //if (sm != NULL)
    //    SCFree(sm);
Actions #4

Updated by Anoop Saldanha about 13 years ago

Victor Julien wrote:

Thanks Anoop. Why did you disable this code?

[...]

It would lead to a double cleanup on setup() error().

Actions #5

Updated by Victor Julien about 13 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Applied and pushed out. Thanks Anoop.

Actions

Also available in: Atom PDF