detect/icmp: reject invalid rules for icode/itype

OISF · Mar 3, 2021 · 68f8b2f · 68f8b2f
1 parent 7d68359
commit 68f8b2f
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 6 deletions.
diff --git a/src/detect-icode.c b/src/detect-icode.c
@@ -191,8 +191,25 @@ static DetectICodeData *DetectICodeParse(DetectEngineCtx *de_ctx, const char *ic
                                         "valid", args[1]);
             goto error;
         }
-        if ((strcmp(args[0], ">")) == 0) icd->mode = DETECT_ICODE_GT;
-        else icd->mode = DETECT_ICODE_LT;
+        if ((strcmp(args[0], ">")) == 0) {
+            if (icd->code1 == 255) {
+                SCLogError(SC_ERR_INVALID_ARGUMENT,
+                        "specified icmp code >%s is not "
+                        "valid",
+                        args[1]);
+                goto error;
+            }
+            icd->mode = DETECT_ICODE_GT;
+        } else {
+            if (icd->code1 == 0) {
+                SCLogError(SC_ERR_INVALID_ARGUMENT,
+                        "specified icmp code <%s is not "
+                        "valid",
+                        args[1]);
+                goto error;
+            }
+            icd->mode = DETECT_ICODE_LT;
+        }
     } else { /* no "<", ">" */
         /* we have a range ("<>") */
         if (args[2] != NULL) {
@@ -590,4 +607,4 @@ void DetectICodeRegisterTests(void)
     UtRegisterTest("DetectICodeParseTest08", DetectICodeParseTest08);
     UtRegisterTest("DetectICodeMatchTest01", DetectICodeMatchTest01);
 }
-#endif /* UNITTESTS */
+#endif /* UNITTESTS */
diff --git a/src/detect-itype.c b/src/detect-itype.c
@@ -191,8 +191,25 @@ static DetectITypeData *DetectITypeParse(DetectEngineCtx *de_ctx, const char *it
                                                 "valid", args[1]);
             goto error;
         }
-        if ((strcmp(args[0], ">")) == 0) itd->mode = DETECT_ITYPE_GT;
-        else itd->mode = DETECT_ITYPE_LT;
+        if ((strcmp(args[0], ">")) == 0) {
+            if (itd->type1 == 255) {
+                SCLogError(SC_ERR_INVALID_ARGUMENT,
+                        "specified icmp type >%s is not "
+                        "valid",
+                        args[1]);
+                goto error;
+            }
+            itd->mode = DETECT_ITYPE_GT;
+        } else {
+            if (itd->type1 == 0) {
+                SCLogError(SC_ERR_INVALID_ARGUMENT,
+                        "specified icmp type <%s is not "
+                        "valid",
+                        args[1]);
+                goto error;
+            }
+            itd->mode = DETECT_ITYPE_LT;
+        }
     } else { /* no "<", ">" */
         /* we have a range ("<>") */
         if (args[2] != NULL) {
@@ -595,4 +612,4 @@ void DetectITypeRegisterTests(void)
     UtRegisterTest("DetectITypeParseTest08", DetectITypeParseTest08);
     UtRegisterTest("DetectITypeMatchTest01", DetectITypeMatchTest01);
 }
-#endif /* UNITTESTS */
+#endif /* UNITTESTS */