Project

General

Profile

Actions

Bug #1076

closed

Tcp assembly sliding window left_edge could be unexpected value.

Added by Song Liu about 10 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

In stream-tcp-reassemble.c, the function StreamTcpReassembleInlineRaw() has the following code:

/* determine the left edge and right edge */
uint32_t right_edge = TCP_GET_SEQ(p) + p->payload_len;
uint32_t left_edge = right_edge - chunk_size;
......
......
left_edge = (ra_base_seq + 1) - chunk_size;

In theory, (right_edge - chunk_size) could be less than zero. This will cause uint32_t left_edge to be an unexpected value.

Therefore, it will be necessary to compare right_edge and chunk_size before doing (right_edge - chunk_size).

Actions #1

Updated by Song Liu about 10 years ago

I debugged it, and it's like SEG_GT and SEG_LEQ already convert unsigned integer to signed integer and handle this case and would not cause problem.

Actions #2

Updated by Song Liu about 10 years ago

  • Status changed from New to Closed
Actions #3

Updated by Victor Julien about 10 years ago

  • Target version deleted (1.4.8)
Actions

Also available in: Atom PDF