Project

General

Profile

Actions
Copy link

Bug #445

closed

Byte extract/jump/test doesn't handle negative offsets

Added by Anoop Saldanha about 12 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Anoop Saldanha
Target version:
1.3beta2
Affected Versions:
Effort:
Difficulty:
Label:

Description

/* reported by rmkml */

alert tcp any 80 -> any any (msg:"test byte_extract"; flow:to_client,established; file_data; content:"abc"; distance:0;
byte_extract:1,-1,ici,relative,big; classtype:web-application-activity; sid:94230265; rev:1;)

suricata output error results:
5/4/2012 -- 01:54:10 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any 80 -> any any (msg:"test
byte_extract"; flow:to_client,established; file_data; content:"abc"; distance:0; byte_extract:1,-1,ici,relative,big;
classtype:web-application-activity; sid:94230265; rev:1;)" from file testsuricata.rules at line 3

At the same time fix negative handling during matching inside extract/test/jump

Files

0001-update-handling-negative-offsets-in-byte_extract.-Al.patch (5.04 KB) 0001-update-handling-negative-offsets-in-byte_extract.-Al.patch Anoop Saldanha, 04/05/2012 02:08 PM
Actions
Copy link
 #2

Updated by Anoop Saldanha about 12 years ago

  • Status changed from New to Resolved
Actions
Copy link
 #3

Updated by Victor Julien about 12 years ago

  • Status changed from Resolved to Closed
  • Target version set to 1.3beta2

Applied, thanks Anoop.

Actions
Copy link

Also available in: Atom PDF