Skip to content

next/1186/70x/20260120/v1 #14662

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
victorjulien merged 2 commits into from
Jan 22, 2026
Merged

next/1186/70x/20260120/v1 #14662

victorjulien merged 2 commits into from
Jan 22, 2026

Conversation

@victorjulien
Copy link
Member

@victorjulien victorjulien commented Jan 21, 2026

@victorjulien
doc/userguide: endswith can be mixed with offset/distance/within
7759e52 
Bug: OISF#5030.
(cherry picked from commit 73a873e)
@victorjulien
detect/base64_data: reset buffer offset
96f7549 
When in a `base64_decode`-`base64_data` pair the decode was depending
on another match through the relative option, the `buffer_offset` would
be updated to the relative position of the previous match. During the
`base64_data` phase, a relative match would use that offset even though
the match happened in a new buffer.

Example::

        http.request_body; content:"|27|";                              \
                base64_decode:relative;                                 \
                base64_data; content:"|ff ff ff ff|"; within:16;

This use of the `buffer_offset` is incorrect as that value is relative
to a buffer and the `base64_data` points to a new buffer.

This patch addresses this by resetting DetectEngineThreadCtx::buffer_offset
before inspecting `base64_data`.

Bug: OISF#7842.
(cherry picked from commit 5f92a6c)
@suricata-qa
Copy link

suricata-qa commented Jan 22, 2026

WARNING:

field baseline test %
SURI_TLPR1_stats_chk
.uptime 650 625 96.15%

Pipeline = 29237

@OISF OISF deleted a comment from suricata-qa Jan 22, 2026
@OISF OISF deleted a comment from suricata-qa Jan 22, 2026
@victorjulien victorjulien merged commit 96f7549 into OISF:main-7.0.x Jan 22, 2026
136 of 137 checks passed
@victorjulien victorjulien mentioned this pull request Jan 22, 2026
Merged
@victorjulien victorjulien deleted the next/1186/70x/20260120/v1 branch January 22, 2026 08:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish jasonish approved these changes

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@victorjulien @suricata-qa @jasonish