Actions
Bug #445
closedByte extract/jump/test doesn't handle negative offsets
Affected Versions:
Effort:
Difficulty:
Label:
Description
/* reported by rmkml */
alert tcp any 80 -> any any (msg:"test byte_extract"; flow:to_client,established; file_data; content:"abc"; distance:0;
byte_extract:1,-1,ici,relative,big; classtype:web-application-activity; sid:94230265; rev:1;)
suricata output error results:
5/4/2012 -- 01:54:10 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any 80 -> any any (msg:"test
byte_extract"; flow:to_client,established; file_data; content:"abc"; distance:0; byte_extract:1,-1,ici,relative,big;
classtype:web-application-activity; sid:94230265; rev:1;)" from file testsuricata.rules at line 3
At the same time fix negative handling during matching inside extract/test/jump
Files
Actions