detect/depth: reject rules with depth smaller than content

author Victor Julien <victor@inliniac.net>

Tue, 28 Nov 2017 09:28:07 +0000 (10:28 +0100)

committer Victor Julien <victor@inliniac.net>

Tue, 28 Nov 2017 09:28:07 +0000 (10:28 +0100)
author Victor Julien <victor@inliniac.net>
Tue, 28 Nov 2017 09:28:07 +0000 (10:28 +0100)
committer Victor Julien <victor@inliniac.net>
Tue, 28 Nov 2017 09:28:07 +0000 (10:28 +0100)
diff --git a/src/detect-depth.c b/src/detect-depth.c

index b65821bb412df81f83a7f2eb3d42db8d12e4ffcd..3c8af604625d7ccd9d570956f583f96e95994415 100644 (file)
--- a/src/detect-depth.c
+++ b/src/detect-depth.c
@@ -113,6 +113,12 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
                        "invalid value for depth: %s", str);
              goto end;
          }
+
+        if (cd->depth < cd->content_len) {
+            SCLogError(SC_ERR_INVALID_SIGNATURE, "depth:%u smaller than "
+                   "content of len %u", cd->depth, cd->content_len);
+            return -1;
+        }
          /* Now update the real limit, as depth is relative to the offset */
          cd->depth += cd->offset;
      }
author	Victor Julien <victor@inliniac.net>
	Tue, 28 Nov 2017 09:28:07 +0000 (10:28 +0100)
committer	Victor Julien <victor@inliniac.net>
	Tue, 28 Nov 2017 09:28:07 +0000 (10:28 +0100)