Actions
Bug #7549
opendetect: using different sticky buffers for byte_extract and byte_jump leads to undefined value before doing the jump
Affected Versions:
Effort:
Difficulty:
Label:
Description
As found by oss-fuzz
https://issues.oss-fuzz.com/u/1/issues/394126185
Reproducer is alert ip any any -> any any (msg:"byte_jump varname test sig"; byte_extract:1,4,rpkt_len,relative; http.connection;byte_jump:rpkt_len,0,relative; isdataat:1,relative; classtype:bad-unknown; sid:1;)
with suricata-verify/tests/http-connection-toclient/input.pcap
@Jeff Lucovsky I let you complete as you know more about byte_* stuff
Updated by Philippe Antoine about 2 months ago
Solution may be to have DetectByteRetrieveSMVar
check the buffer id
Updated by Philippe Antoine 30 days ago
- Related to Bug #1412: byte_test checks before byte_extract happens in some cases added
Updated by Victor Julien 3 days ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Updated by Philippe Antoine about 19 hours ago
oss-fuzz shows this as fixed within range https://github.com/OISF/suricata/compare/834378ff887b3d6ac1903efb7a3e7164f593abd0...3a092f30278b2c6c86c4a0c0f3bca7f77d5922c8
Not sure why...
Actions