Project

General

Profile

Actions

Bug #5168

closed

detect/iponly: non-cidr netmask settings can lead incorrect detection

Added by Victor Julien almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0, Needs backport to 6.0

Description

A rule like alert ip any any -> 0.0.0.5/0.0.0.5 any (sid:1;) fails to work properly, hits a DEBUG_VALIDATE_BUG_ON and leaks memory.

The engine internally only correctly handles netmasks that can be expressed through the CIDR notation as well.

(From: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)


Files

cidr-table.png (146 KB) cidr-table.png Victor Julien, 03/03/2022 07:33 AM

Related issues 3 (0 open3 closed)

Related to Suricata - Bug #5081: detect/iponly: rule parsing does not always apply netmask correctlyClosedVictor JulienActions
Copied to Suricata - Bug #5170: detect/iponly: non-cidr netmask settings can lead incorrect radix treeClosedShivani BhardwajActions
Copied to Suricata - Bug #5171: detect/iponly: non-cidr netmask settings can lead incorrect radix treeClosedJeff LucovskyActions
Actions

Also available in: Atom PDF