Actions
Bug #8028
closeddetect/urilen: invalid ranges silently convert to equals
Affected Versions:
Effort:
Difficulty:
Label:
Updated by Jason Ish 17 days ago
- Status changed from New to In Progress
- Assignee set to Jason Ish
- Target version changed from TBD to 9.0.0-beta1
A syntactically correct range such as 4-5 (or 4<>5) fails validation, so the uint parser continues attempting to parse it as other types which results in it being being parsed as =4. Best demonstrated with these tests that pass:
#[test]
fn test_null_range() {
// This is OK and expected.
let (_, val) = detect_parse_uint_notending::<u8>("1<>3").unwrap();
assert_eq!(val.arg1, 1);
assert_eq!(val.arg2, 3);
assert_eq!(val.mode, DetectUintMode::DetectUintModeRange);
// Is this expected?
let (_, val) = detect_parse_uint_notending::<u8>("1<>2").unwrap();
assert_eq!(val.arg1, 1);
assert_eq!(val.arg2, 0);
assert_eq!(val.mode, DetectUintMode::DetectUintModeEqual);
// Is this expected?
let (_, val) = detect_parse_uint_notending::<u8>("4-5").unwrap();
assert_eq!(val.arg1, 4);
assert_eq!(val.arg2, 0);
assert_eq!(val.mode, DetectUintMode::DetectUintModeEqual);
let(_, valeq) = detect_parse_uint_notending::<u8>("=4").unwrap();
assert_eq!(val, valeq);
}
Updated by Jason Ish 17 days ago
- Status changed from In Progress to In Review
Pull request: https://github.com/OISF/suricata/pull/14154
Updated by Philippe Antoine 17 days ago
- Subject changed from detect: invalid ranges silently convert to equals to detect/urilen: invalid ranges silently convert to equals
Updated by Philippe Antoine 14 days ago
- Status changed from In Review to Closed
Actions