From 1099eec3ddd2c0a1be9db088ce1604573cdda5db Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Sun, 24 Mar 2024 21:12:15 +0100
Subject: [PATCH] detect/parse: set limits for pcre2

Ticket: 6889

To avoid regexp dos with too much backtracking.
This is already done on pcre keyword, and pcrexform transform.
We use the same default limits for rules parsing.

(cherry picked from commit 316cc528f784c86339d05907a4d6084cbe4d44e6)

Using pcre1 in master6
---
 src/detect-parse.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/detect-parse.c b/src/detect-parse.c
index 020917e663..bc581b5f54 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -2497,7 +2497,14 @@ bool DetectSetupParseRegexesOpts(const char *parse_str, DetectParseRegex *detect
         SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
         return false;
     }
-
+    if (detect_parse->study != NULL) {
+        detect_parse->study->match_limit = SC_MATCH_LIMIT_DEFAULT;
+        detect_parse->study->flags |= PCRE_EXTRA_MATCH_LIMIT;
+#ifndef NO_PCRE_MATCH_RLIMIT
+        detect_parse->study->match_limit_recursion = SC_MATCH_LIMIT_RECURSION_DEFAULT;
+        detect_parse->study->flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION;
+#endif /* NO_PCRE_MATCH_RLIMIT */
+    }
 
     DetectParseRegexAddToFreeList(detect_parse);
 
-- 
2.47.2