From 7d8995b784c2c52cdccf08d51fe78a8cd0a4a4e5 Mon Sep 17 00:00:00 2001
From: "Mike Stepanek (mstepane)" <mstepane@cisco.com>
Date: Tue, 16 Jul 2019 12:09:02 -0400
Subject: [PATCH] Merge pull request #1675 in SNORT/snort3 from
 ~SMINUT/snort3:stack_size to master

Squashed commit of the following:

commit 51c4290811365b46aca3d7e5ef3b6985060c9bce
Author: Silviu Minut <sminut@cisco.com>
Date:   Mon Jul 15 09:47:03 2019 -0400

    pcre: cap the pcre_match_limit_recursion based on the stack size available.
---
 src/main/modules.cc | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/src/main/modules.cc b/src/main/modules.cc
index f4a339427..420340c07 100644
--- a/src/main/modules.cc
+++ b/src/main/modules.cc
@@ -25,6 +25,7 @@
 #include "modules.h"
 
 #include <regex>
+#include <sys/resource.h>
 
 #include "codecs/codec_module.h"
 #include "detection/fp_config.h"
@@ -156,7 +157,38 @@ bool DetectionModule::set(const char* fqn, Value& v, SnortConfig* sc)
         sc->pcre_match_limit = v.get_uint32();
 
     else if ( v.is("pcre_match_limit_recursion") )
+    {
+        // Cap the pcre recursion limit to not exceed the stack size.
+        //
+        // Note that even if we tried to call setrlimit() here, the threads
+        // will still get the stack size decided upon the start of snort3,
+        // which is 2M (for x86_64!) if snort3 started with unlimited
+        // stack size (ulimit -s). See the pthread_create() man page, or glibc
+        // source code.
+
+        // Determine the current stack size limit:
+        rlimit lim;
+        getrlimit(RLIMIT_STACK, &lim);
+        rlim_t thread_stack_size = lim.rlim_cur;
+
+        const size_t fudge_factor = 1 << 19;         // 1/2 M
+        const size_t pcre_stack_frame_size = 1024;   // pcretest -m -C
+
+        if (lim.rlim_cur == RLIM_INFINITY)
+            thread_stack_size = 1 << 21;             // 2M
+
+        long int max_rec = (thread_stack_size - fudge_factor) / pcre_stack_frame_size;
+        if (max_rec < 0)
+            max_rec = 0;
+
         sc->pcre_match_limit_recursion = v.get_uint32();
+        if (sc->pcre_match_limit_recursion > max_rec)
+        {
+            sc->pcre_match_limit_recursion = max_rec;
+            LogMessage("Capping pcre_match_limit_recursion to %ld, thread stack_size %ld.\n",
+                sc->pcre_match_limit_recursion, thread_stack_size);
+        }
+    }
 
     else if ( v.is("enable_address_anomaly_checks") )
         sc->address_anomaly_check_enabled = v.get_bool();
-- 
2.47.3