detct/pcre: Correct capture group count check

This commit corrects the validation check between the number of
variables used and the number of specified capture groups.

(cherry picked from commit 469d5bb214195d8939be467c66ef1e6d25ad3e1f)

diff --git a/src/detect-pcre.c b/src/detect-pcre.c
index c2ae04777dd9834da952c3d47db4d6cb7fea20b1..f0a7798c9d221e801859a3f3e089d645cbd9e366 100644 (file)
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2013 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -711,7 +711,7 @@ static int DetectPcreParseCapture(const char *regexstr, DetectEngineCtx *de_ctx,
     {
         char *ptr = NULL;
         while ((name_array[name_idx] = strtok_r(name_idx == 0 ? capture_names : NULL, " ,", &ptr))){
-            if (name_idx > capture_cnt) {
+            if (name_idx > (capture_cnt - 1)) {
                 SCLogError(SC_ERR_VAR_LIMIT, "more pkt/flow "
                         "var capture names than capturing substrings");
                 return -1;