Project

General

Profile

Download (2.78 KB)

Bug #316 ยป 0001-Actually-limit-recursion-and-backtracking-and-stack-.patch

actually limit pcre recursion and suricata.yaml examples. - Will Metcalf, 08/22/2011 12:35 PM

View differences:

src/detect-pcre.c
#define DEFAULT_MATCH_LIMIT 10000000
#define DEFAULT_MATCH_LIMIT_RECURSION 10000000
#define MATCH_LIMIT_DEFAULT 1500
#define SC_MATCH_LIMIT_DEFAULT 1500
#define SC_MATCH_LIMIT_RECURSION_DEFAULT 1500
static int pcre_match_limit = 0;
static int pcre_match_limit_recursion = 0;
......
intmax_t val = 0;
if (!ConfGetInt("pcre.match-limit", &val)) {
pcre_match_limit = DEFAULT_MATCH_LIMIT;
pcre_match_limit = SC_MATCH_LIMIT_DEFAULT;
}
else {
pcre_match_limit = val;
}
SCLogInfo("Using PCRE match-limit setting of: %i", pcre_match_limit);
val = 0;
if (!ConfGetInt("pcre.match-limit-recursion", &val)) {
pcre_match_limit_recursion = DEFAULT_MATCH_LIMIT_RECURSION;
pcre_match_limit_recursion = SC_MATCH_LIMIT_RECURSION_DEFAULT;
}
else {
pcre_match_limit_recursion = val;
}
SCLogInfo("Using PCRE match-limit-recursion setting of: %i", pcre_match_limit_recursion);
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if(parse_regex == NULL)
......
}
else {
pd->sd->match_limit = MATCH_LIMIT_DEFAULT;
pd->sd->match_limit = SC_MATCH_LIMIT_DEFAULT;
pd->sd->flags |= PCRE_EXTRA_MATCH_LIMIT;
#ifndef NO_PCRE_MATCH_RLIMIT
pd->sd->match_limit_recursion = MATCH_LIMIT_DEFAULT;
pd->sd->match_limit_recursion = SC_MATCH_LIMIT_RECURSION_DEFAULT;
pd->sd->flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION;
#endif /* NO_PCRE_MATCH_RLIMIT */
}
suricata.yaml
# enables printing reports for fast-pattern for every rule.
rules-fast-pattern: yes
#recursion and match limits for PCRE where supported
pcre:
match-limit: 3500
match-limit-recursion: 1500
# You can specify a threshold config file by setting "threshold-file"
# to the path of the threshold config file:
# threshold-file: /etc/suricata/threshold.config
    (1-1/1)