Project

General

Profile

Actions

Bug #1843

closed

Mpm Ac: int overflow during init

Added by i3 here over 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

SCRealloc failed: Cannot allocate memory, while trying to allocate 18446744071562067968 bytes

in fuction SCACBSInitNewState

static inline int SCACBSInitNewState(MpmCtx *mpm_ctx)
{
    void *ptmp;
    SCACBSCtx *ctx = (SCACBSCtx *)mpm_ctx->ctx;
    int ascii_code = 0;
    int size = 0;

    /* reallocate space in the goto table to include a new state */
    size = (ctx->state_count + 1) * ctx->single_state_size;
    ptmp = SCRealloc(ctx->goto_table, size);

//==========================================================================

size is a int
but (ctx->state_count + 1) * ctx->single_state_size; is a unsigned int
when the size > 2G
size is overflow
Actions #1

Updated by Victor Julien over 8 years ago

  • Description updated (diff)
Actions #2

Updated by Victor Julien over 8 years ago

What kind of rules do you use to get this issue?

Actions #3

Updated by i3 here over 8 years ago

Victor Julien wrote:

What kind of rules do you use to get this issue?

like this. the number of 36,000.
alert http any any -> any any (msg:"xxxxxxxxxxxxxxxx"; content:"|6F 88 6E 0D 60 69 88 66 6C 83 60 66 82 49 6E 63 68 02 60 0A 64 66 88 84 48 66 69 68 68 84 02 0C 00 06 64 60 61 6E 66 6C 06 60 61 6E 66 6C 31 04 4C 66 66 84 02 00 03 64 6F 80 02 00 06 68 69 64 84 68 02 29 06 48 66 69 68 68 84 02 29 08 64 61 62 4F 82 64 66 82 02 00 00 00 0C 64 49 64 64 43 60 43 6C 69 66 6E 84 11 41 86 84 4C 6F 68 69 6E 64 43 60 43 6C 69 66 6E 84 0D 4D 61 88 4C 69 6E|"; classtype:trojan-activity; sid:600000021; rev:1;)

Actions #4

Updated by Peter Manev over 8 years ago

The err msg is the same as reported in - https://redmine.openinfosecfoundation.org/issues/1827. Would it be related?

Actions #5

Updated by Andreas Herz over 8 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions #6

Updated by Victor Julien almost 8 years ago

  • Status changed from New to Closed
  • Assignee changed from OISF Dev to Sascha Steinbiss
  • Target version changed from TBD to 3.2.1
Actions #7

Updated by Victor Julien almost 8 years ago

  • Subject changed from suricata int overflow to Mpm Ac: int overflow during init
Actions

Also available in: Atom PDF