From: Victor Julien <victor@inliniac.net>
Date: Mon, 18 Mar 2019 09:34:03 +0000 (+0100)
Subject: detect: fix match array reset
X-Git-Tag: suricata-5.0.0-beta1~142
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=042f8063623e205d194e9367f23472eb77c985b6;p=thirdparty%2Fsuricata.git

detect: fix match array reset

Fix match array reset depending on prefilter matches for the
current run. If there were none, the match array of the previous
packet was used. This could lead to inspection of rules from the
wrong rule group.
---

diff --git a/src/detect.c b/src/detect.c
index c83d318dbf..427e7f87d2 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -237,7 +237,6 @@ static inline void DetectPrefilterMergeSort(DetectEngineCtx *de_ctx,
                                             DetectEngineThreadCtx *det_ctx)
 {
     SigIntId mpm, nonmpm;
-    det_ctx->match_array_cnt = 0;
     SigIntId *mpm_ptr = det_ctx->pmq.rule_id_array;
     SigIntId *nonmpm_ptr = det_ctx->non_pf_id_array;
     uint32_t m_cnt = det_ctx->pmq.rule_id_array_cnt;
@@ -922,6 +921,7 @@ static DetectRunScratchpad DetectRunSetup(
     det_ctx->filestore_cnt = 0;
     det_ctx->base64_decoded_len = 0;
     det_ctx->raw_stream_progress = 0;
+    det_ctx->match_array_cnt = 0;
 
 #ifdef DEBUG
     if (p->flags & PKT_STREAM_ADD) {