From fc01539a5650eb6e6ae4082b90303910426c50b1 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 7 Jan 2025 16:55:35 +0100 Subject: [PATCH] fuzz: use lower pcre limits to avoid timeouts instead of forbidding pcre signatures on stream Ticket: 4858 --- src/detect-content.c | 19 ------------------- src/detect-pcre.h | 5 +++++ 2 files changed, 5 insertions(+), 19 deletions(-) diff --git a/src/detect-content.c b/src/detect-content.c index 9625e7426d45..6d3852ecc56f 100644 --- a/src/detect-content.c +++ b/src/detect-content.c @@ -453,25 +453,6 @@ void SigParseRequiredContentSize( */ bool DetectContentPMATCHValidateCallback(const Signature *s) { -#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - bool has_pcre = false; - bool has_content = false; - for (SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; sm != NULL; sm = sm->next) { - if (sm->type == DETECT_PCRE) { - has_pcre = true; - } else if (sm->type == DETECT_CONTENT) { - has_content = true; - break; - } - } - if (has_pcre && !has_content) { - // Fuzzing does not allow rules with pcre and without content on payload - // as it is known to be a bad rule for performance causing possible timeouts - // Engine analysis has more generic warn_pcre_no_content about this - return false; - } -#endif - if (!(s->flags & SIG_FLAG_DSIZE)) { return true; } diff --git a/src/detect-pcre.h b/src/detect-pcre.h index 74131ba7db9a..dc20f4194c52 100644 --- a/src/detect-pcre.h +++ b/src/detect-pcre.h @@ -36,8 +36,13 @@ #define DETECT_PCRE_CAPTURE_MAX 8 +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +#define SC_MATCH_LIMIT_DEFAULT 350 +#define SC_MATCH_LIMIT_RECURSION_DEFAULT 150 +#else #define SC_MATCH_LIMIT_DEFAULT 3500 #define SC_MATCH_LIMIT_RECURSION_DEFAULT 1500 +#endif typedef struct DetectPcreData_ { DetectParseRegex parse_regex;