detect: impose limits on pcrexform

Impose match and recursion limits on pcrexform keywords. Based on: 585e5e0d3c ("detect: impose limits on pcrexform") Bug: #5414.
4 years ago · c08a929de1
parent ac93f568eb
commit c08a929de1
3 changed files with 13 additions and 3 deletions
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@ -65,9 +65,6 @@
 #define PARSE_CAPTURE_REGEX "\\(\\?P\\<([A-z]+)\\_([A-z0-9_]+)\\>"
 #define PARSE_REGEX         "(?<!\\\\)/(.*(?<!(?<!\\\\)\\\\))/([^\"]*)"

-#define SC_MATCH_LIMIT_DEFAULT 3500
-#define SC_MATCH_LIMIT_RECURSION_DEFAULT 1500
-
 static int pcre_match_limit = 0;
 static int pcre_match_limit_recursion = 0;

--- a/src/detect-pcre.h
+++ b/src/detect-pcre.h
@ -36,6 +36,9 @@

 #define DETECT_PCRE_CAPTURE_MAX         8

+#define SC_MATCH_LIMIT_DEFAULT           3500
+#define SC_MATCH_LIMIT_RECURSION_DEFAULT 1500
+
 typedef struct DetectPcreData_ {
    /* pcre options */
    DetectParseRegex parse_regex;
--- a/src/detect-transform-pcrexform.c
+++ b/src/detect-transform-pcrexform.c
@ -28,6 +28,7 @@
 #include "detect.h"
 #include "detect-engine.h"
 #include "detect-parse.h"
+#include "detect-pcre.h"
 #include "detect-transform-pcrexform.h"

 typedef DetectParseRegex DetectTransformPcrexformData;
@ -89,6 +90,15 @@ static int DetectTransformPcrexformSetup (DetectEngineCtx *de_ctx, Signature *s,
        SCReturnInt(-1);
    }

+    if (pxd->study != NULL) {
+        pxd->study->match_limit = SC_MATCH_LIMIT_DEFAULT;
+        pxd->study->flags |= PCRE_EXTRA_MATCH_LIMIT;
+#ifndef NO_PCRE_MATCH_RLIMIT
+        pxd->study->match_limit_recursion = SC_MATCH_LIMIT_RECURSION_DEFAULT;
+        pxd->study->flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION;
+#endif
+    }
+
    int r = DetectSignatureAddTransform(s, DETECT_TRANSFORM_PCREXFORM, pxd);
    if (r != 0) {
        SCFree(pxd);