From e73aec150b165285d51425356c4d3b03b83781de Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Wed, 19 Feb 2020 09:16:36 -0500
Subject: [PATCH] pcre: Sticky buffer check

This commit adds logic checking if the sticky buffer in effect provides
the required content.

If the sticky buffer doesn't, the rule will not load and a diagnostic
message with follow-on steps is displayed.
---
 src/detect-pcre.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/detect-pcre.c b/src/detect-pcre.c
index 4e8f9cdb76..7ca3c9c5a7 100644
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@@ -842,6 +842,13 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, const char *r
 
     int sm_list = -1;
     if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
+        if (parsed_sm_list != DETECT_SM_LIST_NOTSET && parsed_sm_list != s->init_data->list) {
+            SCLogError(SC_ERR_INVALID_SIGNATURE,
+                    "Expression seen with a sticky buffer still set; either (1) reset sticky "
+                    "buffer with pkt_data or (2) use a sticky buffer providing \"%s\".",
+                    DetectBufferTypeGetDescriptionById(de_ctx, parsed_sm_list));
+            goto error;
+        }
         if (DetectBufferGetActiveList(de_ctx, s) == -1)
             goto error;
 
-- 
2.47.2