From c91974e24adefc44a6a321b037cc8ef9713d178e Mon Sep 17 00:00:00 2001
From: Jason Ish <ish@unx.ca>
Date: Thu, 24 Nov 2016 11:21:48 -0600
Subject: [PATCH] issue 1961: depth: fail if numeric value has trailing text

Catches the case where the depth is not terminated with a
semicolon (eg: "depth:17 classtype:trojan-activity") which
is usually a sign the rule has a missing semi-colon.
---
 src/detect-depth.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/detect-depth.c b/src/detect-depth.c
index e2b098c1ca..03d7d5bfa2 100644
--- a/src/detect-depth.c
+++ b/src/detect-depth.c
@@ -37,6 +37,7 @@
 #include "flow-var.h"
 #include "app-layer.h"
 
+#include "util-byte.h"
 #include "util-debug.h"
 
 static int DetectDepthSetup (DetectEngineCtx *, Signature *, char *);
@@ -137,11 +138,10 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
         cd->depth = ((DetectByteExtractData *)bed_sm->ctx)->local_id;
         cd->flags |= DETECT_CONTENT_DEPTH_BE;
     } else {
-        cd->depth = (uint32_t)atoi(str);
-        if (cd->depth < cd->content_len) {
-            SCLogError(SC_ERR_INVALID_SIGNATURE, "depth - %"PRIu16
-                       " smaller than content length - %"PRIu32,
-                       cd->depth, cd->content_len);
+        if (ByteExtractStringUint16(&cd->depth, 0, 0, str) != (int)strlen(str))
+        {
+            SCLogError(SC_ERR_INVALID_SIGNATURE,
+                      "invalid value for depth: %s", str);
             goto end;
         }
         /* Now update the real limit, as depth is relative to the offset */