onos commit hash c2999f30c69e50df905a9d175ef80b3f23a98514

Change-Id: I2bb8562c4942b6d6a6d60b663db2e17540477b81
Signed-off-by: Ashlee Young <ashlee@wildernessvoice.com>

1 files changed, 15 insertions, 3 deletions

diff --git a/framework/src/suricata/src/detect-engine-content-inspection.c b/framework/src/suricata/src/detect-engine-content-inspection.c
index a434ca5a..17df02ce 100644
--- a/framework/src/suricata/src/detect-engine-content-inspection.c
+++ b/framework/src/suricata/src/detect-engine-content-inspection.c
@@ -42,6 +42,8 @@
 #include "detect-uricontent.h"
 #include "detect-urilen.h"
 #include "detect-lua.h"
+#include "detect-base64-decode.h"
+#include "detect-base64-data.h"
 
 #include "app-layer-dcerpc.h"
 
@@ -551,6 +553,16 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
         SCLogDebug("lua match");
         goto match;
 #endif /* HAVE_LUA */
+    } else if (sm->type == DETECT_BASE64_DECODE) {
+        if (DetectBase64DecodeDoMatch(det_ctx, s, sm, buffer, buffer_len)) {
+            if (s->sm_arrays[DETECT_SM_LIST_BASE64_DATA] != NULL) {
+                KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
+                if (DetectBase64DataDoMatch(de_ctx, det_ctx, s, f)) {
+                    /* Base64 is a terminal list. */
+                    goto final_match;
+                }
+            }
+        }
     } else {
         SCLogDebug("sm->type %u", sm->type);
 #ifdef DEBUG
@@ -569,8 +581,8 @@ match:
         KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
         int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next, f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
         SCReturnInt(r);
-    } else {
-        KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
-        SCReturnInt(1);
     }
+final_match:
+    KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
+    SCReturnInt(1);
 }