From c08a929de131894c544d76b3ec9d5c7e8e405fe7 Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Thu, 30 Jun 2022 16:52:44 +0200
Subject: [PATCH] detect: impose limits on pcrexform

Impose match and recursion limits on pcrexform keywords.

Based on: 585e5e0d3c4e ("detect: impose limits on pcrexform")

Bug: #5414.
---
 src/detect-pcre.c                |  3 ---
 src/detect-pcre.h                |  3 +++
 src/detect-transform-pcrexform.c | 10 ++++++++++
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/detect-pcre.c b/src/detect-pcre.c
index 5644b55231..e54e75a7b8 100644
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@@ -65,9 +65,6 @@
 #define PARSE_CAPTURE_REGEX "\\(\\?P\\<([A-z]+)\\_([A-z0-9_]+)\\>"
 #define PARSE_REGEX         "(?<!\\\\)/(.*(?<!(?<!\\\\)\\\\))/([^\"]*)"
 
-#define SC_MATCH_LIMIT_DEFAULT 3500
-#define SC_MATCH_LIMIT_RECURSION_DEFAULT 1500
-
 static int pcre_match_limit = 0;
 static int pcre_match_limit_recursion = 0;
 
diff --git a/src/detect-pcre.h b/src/detect-pcre.h
index ca1a519a8d..45e00b9cbd 100644
--- a/src/detect-pcre.h
+++ b/src/detect-pcre.h
@@ -36,6 +36,9 @@
 
 #define DETECT_PCRE_CAPTURE_MAX         8
 
+#define SC_MATCH_LIMIT_DEFAULT           3500
+#define SC_MATCH_LIMIT_RECURSION_DEFAULT 1500
+
 typedef struct DetectPcreData_ {
     /* pcre options */
     DetectParseRegex parse_regex;
diff --git a/src/detect-transform-pcrexform.c b/src/detect-transform-pcrexform.c
index 54da1b5412..bf622721a8 100644
--- a/src/detect-transform-pcrexform.c
+++ b/src/detect-transform-pcrexform.c
@@ -28,6 +28,7 @@
 #include "detect.h"
 #include "detect-engine.h"
 #include "detect-parse.h"
+#include "detect-pcre.h"
 #include "detect-transform-pcrexform.h"
 
 typedef DetectParseRegex DetectTransformPcrexformData;
@@ -89,6 +90,15 @@ static int DetectTransformPcrexformSetup (DetectEngineCtx *de_ctx, Signature *s,
         SCReturnInt(-1);
     }
 
+    if (pxd->study != NULL) {
+        pxd->study->match_limit = SC_MATCH_LIMIT_DEFAULT;
+        pxd->study->flags |= PCRE_EXTRA_MATCH_LIMIT;
+#ifndef NO_PCRE_MATCH_RLIMIT
+        pxd->study->match_limit_recursion = SC_MATCH_LIMIT_RECURSION_DEFAULT;
+        pxd->study->flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION;
+#endif
+    }
+
     int r = DetectSignatureAddTransform(s, DETECT_TRANSFORM_PCREXFORM, pxd);
     if (r != 0) {
         SCFree(pxd);
-- 
2.47.2