detect/parse: set limits for pcre2

Ticket: 6889

To avoid regexp dos with too much backtracking.
This is already done on pcre keyword, and pcrexform transform.
We use the same default limits for rules parsing.

(cherry picked from commit 316cc528f784c86339d05907a4d6084cbe4d44e6)

diff --git a/src/detect-parse.c b/src/detect-parse.c
index c3232b97daac01ad9fd7afaef4a3e057eb1fc9ff..5dee7e6bc2c70310eec2c26d0d793fb1f1e3e896 100644 (file)
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -2701,7 +2701,7 @@ int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match,
     *match = pcre2_match_data_create_from_pattern(parse_regex->regex, NULL);
     if (*match)
         return pcre2_match(parse_regex->regex, (PCRE2_SPTR8)str, strlen(str), options, start_offset,
-                *match, NULL);
+                *match, parse_regex->context);
     return -1;
 }
 
@@ -2761,8 +2761,16 @@ bool DetectSetupParseRegexesOpts(const char *parse_str, DetectParseRegex *detect
                 parse_str, en, errbuffer);
         return false;
     }
-    detect_parse->match = pcre2_match_data_create_from_pattern(detect_parse->regex, NULL);
 
+    detect_parse->context = pcre2_match_context_create(NULL);
+    if (detect_parse->context == NULL) {
+        SCLogError("pcre2 could not create match context");
+        pcre2_code_free(detect_parse->regex);
+        detect_parse->regex = NULL;
+        return false;
+    }
+    pcre2_set_match_limit(detect_parse->context, SC_MATCH_LIMIT_DEFAULT);
+    pcre2_set_recursion_limit(detect_parse->context, SC_MATCH_LIMIT_RECURSION_DEFAULT);
     DetectParseRegexAddToFreeList(detect_parse);
 
     return true;