Project

General

Profile

Actions
Copy link

Bug #2481

closed

integer overflow caused by casting uin32 to uint16 in detection

Added by Maurizio Abba over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Maurizio Abba
Target version:
4.1rc1
Affected Versions:
Effort:
Difficulty:
Label:

Description

util-mpm-* primitives take as input for Search callback a buffer length, declared as uint16. Unfortunately the buffers served (such as HttpReassembleBody members) have a buffer length declared as a uint32. This cause a potential integer overflow and misdetection whenever the buffer length is a multiple of 65536, as uint16(65536*x) == 0. Search will run on a buffer length of 0 bytes causing no detection.

Sovle the issue is simple, as we just need to move everything to uint32

Actions
Copy link
 #1

Updated by Andreas Herz over 6 years ago

  • Assignee set to Maurizio Abba
  • Target version set to TBD

Are you interested in submitting a Pull Request for that?

See https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing

Actions
Copy link
 #2

Updated by Victor Julien over 6 years ago

  • Status changed from New to Closed
  • Target version changed from TBD to 4.1rc1
Actions
Copy link

Also available in: Atom PDF