Add type checking for signature 'eval' condition functions.

Otherwise functions could be called with a mismatching argument list
and cause a crash at run-time.  The incorrect function type is now
reported at parse-time.

src/RuleCondition.cc

@@ -126,6 +126,23 @@ RuleConditionEval::RuleConditionEval(const char* func)
 		rules_error("unknown identifier", func);
 		return;
 		}
+
+	if ( id->Type()->Tag() == TYPE_FUNC )
+		{
+		// validate argument quantity and type
+		FuncType* f = id->Type()->AsFuncType();
+
+		if ( f->YieldType()->Tag() != TYPE_BOOL )
+			rules_error("eval function type must yield a 'bool'", func);
+
+		TypeList tl;
+		tl.Append(internal_type("signature_state")->Ref());
+		tl.Append(base_type(TYPE_STRING));
+
+		if ( ! f->CheckArgs(tl.Types()) )
+			rules_error("eval function parameters must be a 'signature_state' "
+			            "and a 'string' type", func);
+		}
 	}
 
 bool RuleConditionEval::DoMatch(Rule* rule, RuleEndpointState* state,

testing/btest/Baseline/signatures.bad-eval-condition/.stderr

@@ -0,0 +1,2 @@
+error: Error in signature (./blah.sig:6): eval function parameters must be a 'signature_state' and a 'string' type (mark_conn)
+

testing/btest/Baseline/signatures.eval-condition/conn.log

@@ -0,0 +1,14 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open	2012-08-23-16-41-23
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count	table[string]
+1329843175.736107	arKYeMETxOg	141.142.220.235	37604	199.233.217.249	56666	tcp	ftp-data	0.112432	0	342	SF	-	0	ShAdfFa	4	216	4	562	(empty)
+1329843179.871641	k6kgXLOoSKl	141.142.220.235	59378	199.233.217.249	56667	tcp	ftp-data	0.111218	0	77	SF	-	0	ShAdfFa	4	216	4	297	(empty)
+1329843194.151526	nQcgTWjvg4c	199.233.217.249	61920	141.142.220.235	33582	tcp	ftp-data	0.056211	342	0	SF	-	0	ShADaFf	5	614	3	164	(empty)
+1329843197.783443	j4u32Pc5bif	199.233.217.249	61918	141.142.220.235	37835	tcp	ftp-data	0.056005	77	0	SF	-	0	ShADaFf	5	349	3	164	(empty)
+1329843161.968492	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	tcp	ftp,blah	38.055625	180	3146	SF	-	0	ShAdDfFa	38	2164	25	4458	(empty)
+#close	2012-08-23-16-41-23

testing/btest/btest.cfg

@@ -1,5 +1,5 @@
 [btest]
-TestDirs    = doc bifs language core scripts istate coverage
+TestDirs    = doc bifs language core scripts istate coverage signatures
 TmpDir      = %(testbase)s/.tmp
 BaselineDir = %(testbase)s/Baseline
 IgnoreDirs  = .svn CVS .tmp

testing/btest/signatures/bad-eval-condition.bro

@@ -0,0 +1,22 @@
+# @TEST-EXEC-FAIL: bro -r $TRACES/ftp-ipv4.trace %INPUT
+# @TEST-EXEC: btest-diff .stderr
+
+@load-sigs blah.sig
+
+@TEST-START-FILE blah.sig
+signature blah
+	{
+	ip-proto == tcp
+	src-port == 21
+	payload /.*/
+	eval mark_conn
+	}
+@TEST-END-FILE
+
+# wrong function signature for use with signature 'eval' conditions
+# needs to be reported
+function mark_conn(state: signature_state): bool
+	{
+	add state$conn$service["blah"];
+	return T;
+	}

testing/btest/signatures/eval-condition.bro

@@ -0,0 +1,20 @@
+# @TEST-EXEC: bro -r $TRACES/ftp-ipv4.trace %INPUT
+# @TEST-EXEC: btest-diff conn.log
+
+@load-sigs blah.sig
+
+@TEST-START-FILE blah.sig
+signature blah
+	{
+	ip-proto == tcp
+	src-port == 21
+	payload /.*/
+	eval mark_conn
+	}
+@TEST-END-FILE
+
+function mark_conn(state: signature_state, data: string): bool
+	{
+	add state$conn$service["blah"];
+	return T;
+	}