Project

General

Profile

Actions
Copy link

Bug #1843

closed
IH SS

Mpm Ac: int overflow during init

Bug #1843: Mpm Ac: int overflow during init

Added by i3 here almost 10 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Sascha Steinbiss
Target version:
3.2.1
Affected Versions:
Effort:
Difficulty:
Label:

Description

SCRealloc failed: Cannot allocate memory, while trying to allocate 18446744071562067968 bytes

in fuction SCACBSInitNewState

static inline int SCACBSInitNewState(MpmCtx *mpm_ctx)
{
    void *ptmp;
    SCACBSCtx *ctx = (SCACBSCtx *)mpm_ctx->ctx;
    int ascii_code = 0;
    int size = 0;

    /* reallocate space in the goto table to include a new state */
    size = (ctx->state_count + 1) * ctx->single_state_size;
    ptmp = SCRealloc(ctx->goto_table, size);

//==========================================================================

size is a int
but (ctx->state_count + 1) * ctx->single_state_size; is a unsigned int
when the size > 2G
size is overflow

VJ Updated by Victor Julien almost 10 years ago Actions
Copy link
 #1

  • Description updated (diff)

VJ Updated by Victor Julien almost 10 years ago Actions
Copy link
 #2

What kind of rules do you use to get this issue?

IH Updated by i3 here almost 10 years ago Actions
Copy link
 #3

Victor Julien wrote:

What kind of rules do you use to get this issue?

like this. the number of 36,000.
alert http any any -> any any (msg:"xxxxxxxxxxxxxxxx"; content:"|6F 88 6E 0D 60 69 88 66 6C 83 60 66 82 49 6E 63 68 02 60 0A 64 66 88 84 48 66 69 68 68 84 02 0C 00 06 64 60 61 6E 66 6C 06 60 61 6E 66 6C 31 04 4C 66 66 84 02 00 03 64 6F 80 02 00 06 68 69 64 84 68 02 29 06 48 66 69 68 68 84 02 29 08 64 61 62 4F 82 64 66 82 02 00 00 00 0C 64 49 64 64 43 60 43 6C 69 66 6E 84 11 41 86 84 4C 6F 68 69 6E 64 43 60 43 6C 69 66 6E 84 0D 4D 61 88 4C 69 6E|"; classtype:trojan-activity; sid:600000021; rev:1;)

PM Updated by Peter Manev almost 10 years ago Actions
Copy link
 #4

The err msg is the same as reported in - https://redmine.openinfosecfoundation.org/issues/1827. Would it be related?

AH Updated by Andreas Herz almost 10 years ago Actions
Copy link
 #5

  • Assignee set to OISF Dev
  • Target version set to TBD

VJ Updated by Victor Julien about 9 years ago Actions
Copy link
 #6

  • Status changed from New to Closed
  • Assignee changed from OISF Dev to Sascha Steinbiss
  • Target version changed from TBD to 3.2.1

VJ Updated by Victor Julien about 9 years ago Actions
Copy link
 #7

  • Subject changed from suricata int overflow to Mpm Ac: int overflow during init
Actions
Copy link

Also available in: PDF Atom