Bug #562
closed
normal pattern and "chopped" pattern share id, leading to possible FP
Added by Victor Julien about 12 years ago.
Updated about 12 years ago.
Description
detect validation trusts mpm, but due to shared id match of pattern may actually be a partial match
Please create a patch for 1.3.x and master branches.
Please also add a unit test to make sure a normal and a fp chop pattern won't get the same id.
- Priority changed from Normal to High
- Status changed from Assigned to Resolved
There are 2 ways to fix this -
1. Update the pattern id retrieval.
2. Disable inspection bypass.
Solution (1) requires changes which not be advisable going into 1.3.2. - https://github.com/inliniac/suricata/pull/114
Solution (2) is the suggested and supplied solution for 1.3.x.
1.4beta, i.e. bug #574 will solve this using (1)
- Status changed from Resolved to Closed
- % Done changed from 0 to 100
Also available in: Atom
PDF