Project

General

Profile

Actions
Copy link

Bug #78

closed

uricontent matching regression

Added by Will Metcalf about 14 years ago. Updated about 14 years ago.

Status:
Closed
Priority:
High
Assignee:
Gurvinder Singh
Target version:
0.8.1
Affected Versions:
Effort:
Difficulty:
Label:

Description

The following signature fails to fire when it should processing the attached pcap.

alert tcp any any -> any any (msg:"msg escape tests"; uricontent:"blah"; sid: 100;)

GET /blah/ HTTP/1.0

User-Agent: Wget/1.11.4

Accept: */*

Host: www.google.com

Connection: Keep-Alive

Files

Download all files
suricata27.pcap (6.14 KB) suricata27.pcap pcap with request for www.google.com/blah/ Will Metcalf, 02/04/2010 07:30 PM
0001-bug-78.patch (3.08 KB) 0001-bug-78.patch Gurvinder Singh, 02/05/2010 03:52 AM

Related issues 1 (0 open1 closed)

Related to Suricata - Task #3055: Add tests for: #78 uricontent matching regressionClosedShivani BhardwajActions
Actions
Copy link
 #1

Updated by Victor Julien about 14 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Gurvinder Singh
  • Priority changed from Normal to High
Actions
Copy link
 #2

Updated by Gurvinder Singh about 14 years ago

The issue was in the direction of stream message setting, which was causing the ALPROTO_UNKNOWN in the app-layer protocol detection. The given patch fix the issue.

Actions
Copy link
 #3

Updated by Gurvinder Singh about 14 years ago

  • Status changed from Resolved to Closed

patch applied

Actions
Copy link
 #4

Updated by Victor Julien almost 5 years ago

  • Related to Task #3055: Add tests for: #78 uricontent matching regression added
Actions
Copy link

Also available in: Atom PDF