detct/pcre: Correct capture group count check

This commit corrects the validation check between the number of
variables used and the number of specified capture groups.

(cherry picked from commit 469d5bb214195d8939be467c66ef1e6d25ad3e1f)

diff --git a/src/detect-pcre.c b/src/detect-pcre.c
index c6588ba6ab171f7bde2a92703cace6a9f20cb5fb..2d4a4dc7668c57ea6ec4201343b8271eafb33624 100644 (file)
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2020 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -723,7 +723,7 @@ static int DetectPcreParseCapture(const char *regexstr, DetectEngineCtx *de_ctx,
     {
         char *ptr = NULL;
         while ((name_array[name_idx] = strtok_r(name_idx == 0 ? capture_names : NULL, " ,", &ptr))){
-            if (name_idx > capture_cnt) {
+            if (name_idx > (capture_cnt - 1)) {
                 SCLogError(SC_ERR_VAR_LIMIT, "more pkt/flow "
                         "var capture names than capturing substrings");
                 return -1;