aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/suricata/src/detect-engine-content-inspection.c
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/suricata/src/detect-engine-content-inspection.c')
-rw-r--r--framework/src/suricata/src/detect-engine-content-inspection.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/framework/src/suricata/src/detect-engine-content-inspection.c b/framework/src/suricata/src/detect-engine-content-inspection.c
index a434ca5a..17df02ce 100644
--- a/framework/src/suricata/src/detect-engine-content-inspection.c
+++ b/framework/src/suricata/src/detect-engine-content-inspection.c
@@ -42,6 +42,8 @@
#include "detect-uricontent.h"
#include "detect-urilen.h"
#include "detect-lua.h"
+#include "detect-base64-decode.h"
+#include "detect-base64-data.h"
#include "app-layer-dcerpc.h"
@@ -551,6 +553,16 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
SCLogDebug("lua match");
goto match;
#endif /* HAVE_LUA */
+ } else if (sm->type == DETECT_BASE64_DECODE) {
+ if (DetectBase64DecodeDoMatch(det_ctx, s, sm, buffer, buffer_len)) {
+ if (s->sm_arrays[DETECT_SM_LIST_BASE64_DATA] != NULL) {
+ KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
+ if (DetectBase64DataDoMatch(de_ctx, det_ctx, s, f)) {
+ /* Base64 is a terminal list. */
+ goto final_match;
+ }
+ }
+ }
} else {
SCLogDebug("sm->type %u", sm->type);
#ifdef DEBUG
@@ -569,8 +581,8 @@ match:
KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next, f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
SCReturnInt(r);
- } else {
- KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
- SCReturnInt(1);
}
+final_match:
+ KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
+ SCReturnInt(1);
}