detect: fix match array reset

Fix match array reset depending on prefilter matches for the current run. If there were none, the match array of the previous packet was used. This could lead to inspection of rules from the wrong rule group.
6 years ago · 042f806362
parent 05d9527d01
commit 042f806362
1 changed files with 1 additions and 1 deletions
--- a/src/detect.c
+++ b/src/detect.c
@ -237,7 +237,6 @@ static inline void DetectPrefilterMergeSort(DetectEngineCtx *de_ctx,
                                            DetectEngineThreadCtx *det_ctx)
 {
    SigIntId mpm, nonmpm;
-    det_ctx->match_array_cnt = 0;
    SigIntId *mpm_ptr = det_ctx->pmq.rule_id_array;
    SigIntId *nonmpm_ptr = det_ctx->non_pf_id_array;
    uint32_t m_cnt = det_ctx->pmq.rule_id_array_cnt;
@ -922,6 +921,7 @@ static DetectRunScratchpad DetectRunSetup(
    det_ctx->filestore_cnt = 0;
    det_ctx->base64_decoded_len = 0;
    det_ctx->raw_stream_progress = 0;
+    det_ctx->match_array_cnt = 0;

 #ifdef DEBUG
    if (p->flags & PKT_STREAM_ADD) {