suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

6.0.x: content: don't error out on incomplete hex - v2

Open jasonish opened this issue 1 year ago • 1 comments

Before 6.0.6 if hex content was incomplete, Suricata didn't error out. With 6.0.6 incomplete hex was detected and errored on which is a breaking change in a release branch. Instead, only emit a warning unless strict content checking has been requested.

To enable strict behaviour on incomplete content hex in a rule, "--strict-rule-keywords=content" can be used on the command line.

Issue: https://redmine.openinfosecfoundation.org/issues/5546

For now there is no accompanying master commit, as the change in behaviour for a major version is OK.

Previous PR: https://github.com/OISF/suricata/pull/7885

Changes from last PR:

  • Better error handing. In non-strict mode an error with context will be displayed, but not result in a test failure unless strict mode is requested.
  • Log error if strict mode is enabled, not a warning.
  • Add this warn/error checking to all users of content parsing.

suricata-verify-pr: 942

jasonish avatar Sep 20 '22 18:09 jasonish

Information: QA ran without warnings.

Pipeline 9372

suricata-qa avatar Sep 21 '22 02:09 suricata-qa