Project

General

Profile

Actions

Security #5027

closed

smtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input

Added by Shivani Bhardwaj almost 3 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Label:
CVE:
Git IDs:

7d30fb152afdbbea81dfa601f239254da2b786e9
7f5115395fd918417e4914ab42143f2ee91e6e28
a63133a4b6ebe4dc83298f38de50e5c73efe82f0
17ed7836a3df38c343956d8ceefd0ac3f442a243
cb3e66d6e9dabd1178693088180427cddf28b3f2

Severity:
MODERATE
Disclosure Date:

Description

The code we tend to execute is

                ptmp = SCRealloc(state->ts_db,
                                 (state->ts_db_len + state->input_len));
                if (ptmp == NULL) {
                    SCFree(state->ts_db);
                    state->ts_db = NULL;
                    state->ts_db_len = 0;
                    return -1;
                }
                state->ts_db = ptmp;

                memcpy(state->ts_db + state->ts_db_len,
                       state->input, state->input_len);
                state->ts_db_len += state->input_len;
            } /* else */
            state->input += state->input_len;
            state->input_len = 0;

indefinitely.


Related issues 1 (0 open1 closed)

Copied from Suricata - Security #5023: smtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd inputClosedShivani BhardwajActions
Actions #1

Updated by Shivani Bhardwaj almost 3 years ago

  • Copied from Security #5023: smtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input added
Actions #2

Updated by Shivani Bhardwaj over 2 years ago

  • Priority changed from Normal to Urgent
Actions #3

Updated by Shivani Bhardwaj over 2 years ago

  • Status changed from Assigned to In Review
Actions #4

Updated by Victor Julien over 2 years ago

  • Status changed from In Review to Resolved
  • Priority changed from Urgent to Normal

Fix staged.

Actions #5

Updated by Victor Julien over 2 years ago

  • Tracker changed from Bug to Security
  • Severity set to MODERATE
Actions #6

Updated by Shivani Bhardwaj over 2 years ago

  • Status changed from Resolved to Closed
  • Git IDs updated (diff)
Actions #7

Updated by Victor Julien almost 2 years ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF