From: Victor Julien <vjulien@oisf.net>
Date: Fri, 26 Nov 2021 10:05:46 +0000 (+0100)
Subject: detect/http: don't set min-inspect-depth higher than setting
X-Git-Tag: suricata-7.0.0-beta1~1128
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55202f826ade7f57bafb9292144f1092512a9f7b;p=thirdparty%2Fsuricata.git

detect/http: don't set min-inspect-depth higher than setting
---

diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c
index 28b10c21d3..46815b5f80 100644
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@@ -1862,10 +1862,12 @@ end:
             if ((uint64_t)hstate->conn->in_data_counter > hstate->last_request_data_stamp &&
                 (uint64_t)hstate->conn->in_data_counter - hstate->last_request_data_stamp < (uint64_t)UINT_MAX)
             {
-                uint32_t x = (uint32_t)((uint64_t)hstate->conn->in_data_counter - hstate->last_request_data_stamp);
+                const uint32_t data_size = (uint32_t)(
+                        (uint64_t)hstate->conn->in_data_counter - hstate->last_request_data_stamp);
+                const uint32_t depth = MIN(data_size, hstate->cfg->request.inspect_min_size);
 
                 /* body still in progress, but due to min inspect size we need to inspect now */
-                StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOSERVER, x);
+                StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOSERVER, depth);
                 AppLayerParserTriggerRawStreamReassembly(hstate->f, STREAM_TOSERVER);
             }
         /* after the start of the body, disable the depth logic */
@@ -1948,10 +1950,12 @@ static int HTPCallbackResponseBodyData(htp_tx_data_t *d)
             if ((uint64_t)hstate->conn->out_data_counter > hstate->last_response_data_stamp &&
                 (uint64_t)hstate->conn->out_data_counter - hstate->last_response_data_stamp < (uint64_t)UINT_MAX)
             {
-                uint32_t x = (uint32_t)((uint64_t)hstate->conn->out_data_counter - hstate->last_response_data_stamp);
+                const uint32_t data_size = (uint32_t)((uint64_t)hstate->conn->out_data_counter -
+                                                      hstate->last_response_data_stamp);
+                const uint32_t depth = MIN(data_size, hstate->cfg->response.inspect_min_size);
 
                 /* body still in progress, but due to min inspect size we need to inspect now */
-                StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOCLIENT, x);
+                StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOCLIENT, depth);
                 AppLayerParserTriggerRawStreamReassembly(hstate->f, STREAM_TOCLIENT);
             }
         /* after the start of the body, disable the depth logic */