From 7bf000731cc6bc6f120f9bbb6baebb98aed73642 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Fri, 10 Jul 2020 10:42:32 +0200
Subject: [PATCH] flow: validate emergency timeout settings

Make sure they are below the regular values.
---
 src/flow.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/src/flow.c b/src/flow.c
index ca42f73be0..3459b10cfe 100644
--- a/src/flow.c
+++ b/src/flow.c
@@ -1024,6 +1024,36 @@ void FlowInitFlowProto(void)
         }
     }
 
+    /* validate and if needed update emergency timeout values */
+    for (int i = 0; i < FLOW_PROTO_MAX; i++) {
+        const FlowProtoTimeout *n = &flow_timeouts_normal[i];
+        FlowProtoTimeout *e = &flow_timeouts_emerg[i];
+
+        if (e->est_timeout > n->est_timeout) {
+            SCLogWarning(SC_WARN_FLOW_EMERGENCY, "emergency timeout value %u for \'established\' "
+                    "must be below regular value %u", e->est_timeout, n->est_timeout);
+            e->est_timeout = n->est_timeout / 10;
+        }
+
+        if (e->new_timeout > n->new_timeout) {
+            SCLogWarning(SC_WARN_FLOW_EMERGENCY, "emergency timeout value %u for \'new\' must be "
+                    "below regular value %u", e->new_timeout, n->new_timeout);
+            e->new_timeout = n->new_timeout / 10;
+        }
+
+        if (e->closed_timeout > n->closed_timeout) {
+            SCLogWarning(SC_WARN_FLOW_EMERGENCY, "emergency timeout value %u for \'closed\' must "
+                    "be below regular value %u", e->closed_timeout, n->closed_timeout);
+            e->closed_timeout = n->closed_timeout / 10;
+        }
+
+        if (e->bypassed_timeout > n->bypassed_timeout) {
+            SCLogWarning(SC_WARN_FLOW_EMERGENCY, "emergency timeout value %u for \'bypassed\' "
+                    "must be below regular value %u", e->bypassed_timeout, n->bypassed_timeout);
+            e->bypassed_timeout = n->bypassed_timeout / 10;
+        }
+    }
+
     return;
 }