fuzz: use lower pcre limits

to avoid timeouts

instead of forbidding pcre signatures on stream

Ticket: 4858

diff --git a/src/detect-content.c b/src/detect-content.c
index 9625e7426d455c1f6f10d70a7f0fe9b6f215f812..6d3852ecc56f3c4872cd89118a0b55811d893c86 100644 (file)
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -453,25 +453,6 @@ void SigParseRequiredContentSize(
  */
 bool DetectContentPMATCHValidateCallback(const Signature *s)
 {
-#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-    bool has_pcre = false;
-    bool has_content = false;
-    for (SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; sm != NULL; sm = sm->next) {
-        if (sm->type == DETECT_PCRE) {
-            has_pcre = true;
-        } else if (sm->type == DETECT_CONTENT) {
-            has_content = true;
-            break;
-        }
-    }
-    if (has_pcre && !has_content) {
-        // Fuzzing does not allow rules with pcre and without content on payload
-        // as it is known to be a bad rule for performance causing possible timeouts
-        // Engine analysis has more generic warn_pcre_no_content about this
-        return false;
-    }
-#endif
-
     if (!(s->flags & SIG_FLAG_DSIZE)) {
         return true;
     }

diff --git a/src/detect-pcre.h b/src/detect-pcre.h
index 74131ba7db9a2e0718040fbca10ba0c0af49c693..dc20f4194c52fe0ae208d4e9acc0303b39c5397b 100644 (file)
--- a/src/detect-pcre.h
+++ b/src/detect-pcre.h
@@ -36,8 +36,13 @@
 
 #define DETECT_PCRE_CAPTURE_MAX         8
 
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+#define SC_MATCH_LIMIT_DEFAULT           350
+#define SC_MATCH_LIMIT_RECURSION_DEFAULT 150
+#else
 #define SC_MATCH_LIMIT_DEFAULT           3500
 #define SC_MATCH_LIMIT_RECURSION_DEFAULT 1500
+#endif
 
 typedef struct DetectPcreData_ {
     DetectParseRegex parse_regex;