aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/depth: reject rules with depth smaller than content

Browse Source
pull/3042/head
Victor Julien 7 years ago
parent 12c880a778
commit 14bf32c031
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File

6
src/detect-depth.c
Unescape Escape View File

@ -144,6 +144,12 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
"invalid value for depth: %s", str);
goto end;
}
if (cd->depth < cd->content_len) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "depth:%u smaller than "
"content of len %u", cd->depth, cd->content_len);
return -1;
}
/* Now update the real limit, as depth is relative to the offset */
cd->depth += cd->offset;
}

Write Preview
Loading…
Cancel
Save