← Back to branch summary

~ubuntu-branches/ubuntu/saucy/suricata/saucy-updates

« back to all changes in this revision

Viewing changes to src/detect-engine-content-inspection.c

  • Committer: Package Import Robot
  • Author(s): Pierre Chifflier
  • Date: 2013-05-29 16:24:52 UTC
  • mfrom: (1.1.20)
  • Revision ID: package-import@ubuntu.com-20130529162452-kujdwfkf24i9qdfu
Tags: 1.4.2-1
ImportedĀ UpstreamĀ versionĀ 1.4.2

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/detect-engine-content-inspection.c
78
78
 * \param f               Flow (for pcre flowvar storage)
79
79
 * \param buffer          Ptr to the buffer to inspect
80
80
 * \param buffer_len      Length of the payload
 
81
 * \param stream_start_offset Indicates the start of the current buffer in
 
82
 *                            the whole buffer stream inspected.  This
 
83
 *                            applies if the current buffer is inspected
 
84
 *                            in chunks.
81
85
 * \param inspection_mode Refers to the engine inspection mode we are currently
82
86
 *                        inspecting.  Can be payload, stream, one of the http
83
87
 *                        buffer inspection modes or dce inspection mode.
92
96
                                  Signature *s, SigMatch *sm,
93
97
                                  Flow *f,
94
98
                                  uint8_t *buffer, uint32_t buffer_len,
 
99
                                  uint32_t stream_start_offset,
95
100
                                  uint8_t inspection_mode, void *data)
96
101
{
97
102
    SCEnter();
168
173
                        SCLogDebug("cd->within %"PRIi32", det_ctx->buffer_offset %"PRIu32", depth %"PRIu32,
169
174
                                   cd->within, prev_buffer_offset, depth);
170
175
                    }
 
176
 
 
177
                    if (stream_start_offset != 0 && prev_buffer_offset == 0) {
 
178
                        if (depth <= stream_start_offset) {
 
179
                            SCReturnInt(0);
 
180
                        } else if (depth >= (stream_start_offset + buffer_len)) {
 
181
                            ;
 
182
                        } else {
 
183
                            depth = depth - stream_start_offset;
 
184
                        }
 
185
                    }
171
186
                }
172
187
 
173
188
                if (cd->flags & DETECT_CONTENT_DEPTH_BE) {
203
218
                    }
204
219
                }
205
220
 
 
221
                if (stream_start_offset != 0 && cd->flags & DETECT_CONTENT_DEPTH) {
 
222
                    if (depth <= stream_start_offset) {
 
223
                        SCReturnInt(0);
 
224
                    } else if (depth >= (stream_start_offset + buffer_len)) {
 
225
                        ;
 
226
                    } else {
 
227
                        depth = depth - stream_start_offset;
 
228
                    }
 
229
                }
 
230
 
206
231
                /* set offset */
207
232
                if (cd->flags & DETECT_CONTENT_OFFSET_BE)
208
233
                    offset = det_ctx->bj_values[cd->offset];
294
319
                /* see if the next buffer keywords match. If not, we will
295
320
                 * search for another occurence of this content and see
296
321
                 * if the others match then until we run out of matches */
297
 
                int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next, f, buffer, buffer_len, inspection_mode, data);
 
322
                int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next, f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
298
323
                if (r == 1) {
299
324
                    SCReturnInt(1);
300
325
                }
354
379
            r = DetectPcrePayloadMatch(det_ctx, s, sm, p, f,
355
380
                                       buffer, buffer_len);
356
381
            if (r == 0) {
357
 
                det_ctx->discontinue_matching = 1;
358
382
                SCReturnInt(0);
359
383
            }
360
384
 
370
394
             * search for another occurence of this pcre and see
371
395
             * if the others match, until we run out of matches */
372
396
            r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next,
373
 
                                              f, buffer, buffer_len, inspection_mode, data);
 
397
                                              f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
374
398
            if (r == 1) {
375
399
                SCReturnInt(1);
376
400
            }
517
541
    /* this sigmatch matched, inspect the next one. If it was the last,
518
542
     * the buffer portion of the signature matched. */
519
543
    if (sm->next != NULL) {
520
 
        int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next, f, buffer, buffer_len, inspection_mode, data);
 
544
        int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next, f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
521
545
        SCReturnInt(r);
522
546
    } else {
523
547
        SCReturnInt(1);