detect: non infinite default value for inspection-recursion-limit

So that empty config are protected by this setting as was intended.

Set to unlimited for fuzz testing.

(cherry picked from commit b9b797f1f4fcea02da5b051281e6f7d8d7786260)

diff --git a/src/detect-engine.c b/src/detect-engine.c
index a7b6ee1f26c4a3168b80b4bcc08b1296f1e66444..f71e0f92e41d011cbda9d1c50c013a21b8183dfc 100644 (file)
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -2870,6 +2870,7 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
     }
 
     intmax_t value = 0;
+    de_ctx->inspection_recursion_limit = DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT;
     if (ConfGetInt("detect.inspection-recursion-limit", &value) == 1)
     {
         if (value >= 0 && value <= INT_MAX) {
@@ -2909,9 +2910,6 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
                     de_ctx->inspection_recursion_limit =
                         DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT;
                 }
-            } else {
-                de_ctx->inspection_recursion_limit =
-                    DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT;
             }
         }
     }

diff --git a/src/tests/fuzz/confyaml.c b/src/tests/fuzz/confyaml.c
index f538f32871f7c29546a95667300f8d5ef1bb5d5e..194552859909014c1b0853b8d7176ec9deaa558b 100644 (file)
--- a/src/tests/fuzz/confyaml.c
+++ b/src/tests/fuzz/confyaml.c
@@ -110,4 +110,6 @@ app-layer:\n\
       enabled: yes\n\
     quic:\n\
       enabled: yes\n\
+detect:\n\
+  inspection-recursion-limit: 0\n\
 ";

diff --git a/suricata.yaml.in b/suricata.yaml.in
index c329cc2be30745f7c82988a8c8be92d6020a6dba..02e5865effd538b44f37788e463e8f832ea52bb6 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1672,15 +1672,15 @@ decoder:
 # The option inspection-recursion-limit is used to limit the recursive calls
 # in the content inspection code.  For certain payload-sig combinations, we
 # might end up taking too much time in the content inspection code.
-# If the argument specified is 0, the engine uses an internally defined
-# default limit.  When a value is not specified, there are no limits on the recursion.
+# If the argument specified is 0, there are no limits on the recursion.
+# When a value is not specified, the default is 3000
 detect:
   profile: medium
   custom-values:
     toclient-groups: 3
     toserver-groups: 25
   sgh-mpm-context: auto
-  inspection-recursion-limit: 3000
+  #inspection-recursion-limit: 3000
   # try to tie an app-layer transaction for rules without app-layer keywords
   # if there is only one live transaction for the flow
   # allows to log app-layer metadata in alert