From b56c0b524bf337edb93eefed07b3d15d85e59a62 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Thu, 19 Oct 2017 08:41:09 +0200
Subject: [PATCH] detect: error out on invalid detect.profile option

Bug #891.
---
 src/detect-engine.c | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/src/detect-engine.c b/src/detect-engine.c
index f84bba21e0..77d9b09fee 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -1029,7 +1029,9 @@ static DetectEngineCtx *DetectEngineCtxInitReal(int minimal, const char *prefix)
         goto error;
     }
 
-    DetectEngineCtxLoadConf(de_ctx);
+    if (DetectEngineCtxLoadConf(de_ctx) == -1) {
+        goto error;
+    }
 
     SigGroupHeadHashInit(de_ctx);
     MpmStoreInit(de_ctx);
@@ -1181,7 +1183,7 @@ void DetectEngineCtxFree(DetectEngineCtx *de_ctx)
  */
 static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
 {
-    uint8_t profile = ENGINE_PROFILE_UNKNOWN;
+    uint8_t profile = ENGINE_PROFILE_MEDIUM;
     const char *max_uniq_toclient_groups_str = NULL;
     const char *max_uniq_toserver_groups_str = NULL;
     const char *sgh_mpm_context = NULL;
@@ -1210,14 +1212,22 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
     }
 
     if (de_ctx_profile != NULL) {
-        if (strcmp(de_ctx_profile, "low") == 0) {
+        if (strcmp(de_ctx_profile, "low") == 0 ||
+            strcmp(de_ctx_profile, "lowest") == 0) {        // legacy
             profile = ENGINE_PROFILE_LOW;
         } else if (strcmp(de_ctx_profile, "medium") == 0) {
             profile = ENGINE_PROFILE_MEDIUM;
-        } else if (strcmp(de_ctx_profile, "high") == 0) {
+        } else if (strcmp(de_ctx_profile, "high") == 0 ||
+                   strcmp(de_ctx_profile, "highest") == 0) { // legacy
             profile = ENGINE_PROFILE_HIGH;
         } else if (strcmp(de_ctx_profile, "custom") == 0) {
             profile = ENGINE_PROFILE_CUSTOM;
+        } else {
+            SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
+                    "invalid value for detect.profile: '%s'. "
+                    "Valid options: low, medium, high and custom.",
+                    de_ctx_profile);
+            return -1;
         }
 
         SCLogDebug("Profile for detection engine groups is \"%s\"", de_ctx_profile);
@@ -1354,10 +1364,6 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
             break;
     }
 
-    if (profile == ENGINE_PROFILE_UNKNOWN) {
-        goto error;
-    }
-
     intmax_t value = 0;
     if (ConfGetInt("detect.inspection-recursion-limit", &value) == 1)
     {
@@ -1471,8 +1477,6 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
     }
 
     return 0;
-error:
-    return -1;
 }
 
 /*
-- 
2.47.2