Feature #257
closedadding negation support to isdataat
Description
[ERRCODE: SC_ERR_PCRE_MATCH(2)] - pcre_exec parse error, ret -1, string !9,relative
Example:
[9838] 20/12/2010 -- 11:50:18 - (detect-isdataat.c:146) <Error> (DetectIsdataatParse) -- [ERRCODE: SC_ERR_PCRE_MATCH(2)] - pcre_exec parse error, ret -1, string !9,relative
[9838] 20/12/2010 -- 11:50:18 - (detect.c:526) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "alert udp $EXTERNAL_NET any -> $DNS_SERVERS 53 (msg:"SPECIFIC-THREATS ISC BIND DNSSEC Validation Multiple RRsets DoS"; flow:to_server; content:"|01 10|"; depth:2; offset:2; content:"|00 80 01 00 01 00 00 29|"; isdataat:!9,relative; content:"|03|com"; content:"|03|com"; within:4; distance:4; metadata:policy balanced-ips drop, policy security-ips drop; reference:bugtraq,22231; reference:cve,2007-0494; classtype:attempted-dos; sid:17680; rev:1;)" from file /etc/suricata/rules/specific-threats.rules at line 540
Files
Updated by Victor Julien almost 14 years ago
- Due date set to 01/07/2011
- Status changed from New to Assigned
- Assignee set to Anoop Saldanha
- Target version set to 1.1beta2
- Estimated time set to 5.00 h
Updated by Victor Julien almost 14 years ago
Thanks Anoop. Why did you disable this code?
//if (idad != NULL)
// DetectIsdataatFree(idad);
//if (sm != NULL)
// SCFree(sm);
Updated by Anoop Saldanha almost 14 years ago
Victor Julien wrote:
Thanks Anoop. Why did you disable this code?
[...]
It would lead to a double cleanup on setup() error().
Updated by Victor Julien almost 14 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Applied and pushed out. Thanks Anoop.