From: Anoop Saldanha <poonaatsoc@gmail.com>
Date: Wed, 11 Jul 2012 14:39:24 +0000 (+0530)
Subject: invalidate sigs if depth > content_length
X-Git-Tag: suricata-1.3.1~18
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1c41672f5e6df36f10f78c08914698addd613e3f;p=thirdparty%2Fsuricata.git

invalidate sigs if depth > content_length
---

diff --git a/src/detect-depth.c b/src/detect-depth.c
index 7ab89966b7..85fadb69e8 100644
--- a/src/detect-depth.c
+++ b/src/detect-depth.c
@@ -162,9 +162,11 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
             } else {
                 cd->depth = (uint32_t)atoi(str);
                 if (cd->depth < cd->content_len) {
-                    cd->depth = cd->content_len;
-                    SCLogDebug("depth increased to %"PRIu32" to match pattern len ",
-                               cd->depth);
+                    uint32_t content_len = cd->content_len;
+                    SCLogError(SC_ERR_INVALID_SIGNATURE, "depth - %"PRIu16
+                               " smaller than content length - %"PRIu32,
+                               cd->depth, content_len);
+                    goto error;
                 }
                 /* Now update the real limit, as depth is relative to the offset */
                 cd->depth += cd->offset;