From 0b39cf06f89878aa6b942bea6fc8a3e9f45fe1e9 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 20 Feb 2025 23:40:08 +0100 Subject: [PATCH] detect: non infinite default value for inspection-recursion-limit So that empty config are protected by this setting as was intended. Set to unlimited for fuzz testing. (cherry picked from commit b9b797f1f4fcea02da5b051281e6f7d8d7786260) --- src/detect-engine.c | 4 +--- src/tests/fuzz/confyaml.c | 2 ++ suricata.yaml.in | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/detect-engine.c b/src/detect-engine.c index a7b6ee1f26..f71e0f92e4 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -2870,6 +2870,7 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx) } intmax_t value = 0; + de_ctx->inspection_recursion_limit = DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT; if (ConfGetInt("detect.inspection-recursion-limit", &value) == 1) { if (value >= 0 && value <= INT_MAX) { @@ -2909,9 +2910,6 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx) de_ctx->inspection_recursion_limit = DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT; } - } else { - de_ctx->inspection_recursion_limit = - DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT; } } } diff --git a/src/tests/fuzz/confyaml.c b/src/tests/fuzz/confyaml.c index f538f32871..1945528599 100644 --- a/src/tests/fuzz/confyaml.c +++ b/src/tests/fuzz/confyaml.c @@ -110,4 +110,6 @@ app-layer:\n\ enabled: yes\n\ quic:\n\ enabled: yes\n\ +detect:\n\ + inspection-recursion-limit: 0\n\ "; diff --git a/suricata.yaml.in b/suricata.yaml.in index c329cc2be3..02e5865eff 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -1672,15 +1672,15 @@ decoder: # The option inspection-recursion-limit is used to limit the recursive calls # in the content inspection code. For certain payload-sig combinations, we # might end up taking too much time in the content inspection code. -# If the argument specified is 0, the engine uses an internally defined -# default limit. When a value is not specified, there are no limits on the recursion. +# If the argument specified is 0, there are no limits on the recursion. +# When a value is not specified, the default is 3000 detect: profile: medium custom-values: toclient-groups: 3 toserver-groups: 25 sgh-mpm-context: auto - inspection-recursion-limit: 3000 + #inspection-recursion-limit: 3000 # try to tie an app-layer transaction for rules without app-layer keywords # if there is only one live transaction for the flow # allows to log app-layer metadata in alert -- 2.47.2