aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/depth: reject rules with depth smaller than content

Browse Source
pull/3024/head
Victor Julien 7 years ago
parent d0846cc561
commit 83f220a6b0
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File

6
src/detect-depth.c
Unescape Escape View File

@ -113,6 +113,12 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
"invalid value for depth: %s", str);
goto end;
}
if (cd->depth < cd->content_len) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "depth:%u smaller than "
"content of len %u", cd->depth, cd->content_len);
return -1;
}
/* Now update the real limit, as depth is relative to the offset */
cd->depth += cd->offset;
}

Write Preview
Loading…
Cancel
Save