Open Information Security Foundation: Issueshttps://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022014-01-04T02:27:38ZOpen Information Security Foundation
Redmine Suricata - Bug #1076 (Closed): Tcp assembly sliding window left_edge could be unexpected value.https://redmine.openinfosecfoundation.org/issues/10762014-01-04T02:27:38ZSong Liuvan20052005@hotmail.com
<p>In stream-tcp-reassemble.c, the function StreamTcpReassembleInlineRaw() has the following code:</p>
<blockquote>
<p>/* determine the left edge and right edge */<br />uint32_t right_edge = TCP_GET_SEQ(p) + p->payload_len;<br />uint32_t left_edge = right_edge - chunk_size;<br />......<br />......<br />left_edge = (ra_base_seq + 1) - chunk_size;</p>
</blockquote>
<p>In theory, (right_edge - chunk_size) could be less than zero. This will cause uint32_t left_edge to be an unexpected value.</p>
<p>Therefore, it will be necessary to compare right_edge and chunk_size before doing (right_edge - chunk_size).</p>