From 093263bf167692755af5447902134ea980b1a016 Mon Sep 17 00:00:00 2001
From: Anoop Saldanha <poonaatsoc@gmail.com>
Date: Wed, 11 Jul 2012 20:09:24 +0530
Subject: [PATCH] invalidate sigs if depth > content_length

---
 src/detect-depth.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/detect-depth.c b/src/detect-depth.c
index 7ab8996..85fadb6 100644
--- a/src/detect-depth.c
+++ b/src/detect-depth.c
@@ -162,9 +162,11 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
             } else {
                 cd->depth = (uint32_t)atoi(str);
                 if (cd->depth < cd->content_len) {
-                    cd->depth = cd->content_len;
-                    SCLogDebug("depth increased to %"PRIu32" to match pattern len ",
-                               cd->depth);
+                    uint32_t content_len = cd->content_len;
+                    SCLogError(SC_ERR_INVALID_SIGNATURE, "depth - %"PRIu16
+                               " smaller than content length - %"PRIu32,
+                               cd->depth, content_len);
+                    goto error;
                 }
                 /* Now update the real limit, as depth is relative to the offset */
                 cd->depth += cd->offset;
-- 
1.7.1