Bug #1843
closed
Mpm Ac: int overflow during init
Added by i3 here over 8 years ago.
Updated almost 8 years ago.
Description
SCRealloc failed: Cannot allocate memory, while trying to allocate 18446744071562067968 bytes
in fuction SCACBSInitNewState
static inline int SCACBSInitNewState(MpmCtx *mpm_ctx)
{
void *ptmp;
SCACBSCtx *ctx = (SCACBSCtx *)mpm_ctx->ctx;
int ascii_code = 0;
int size = 0;
/* reallocate space in the goto table to include a new state */
size = (ctx->state_count + 1) * ctx->single_state_size;
ptmp = SCRealloc(ctx->goto_table, size);
//==========================================================================
size is a int
but (ctx->state_count + 1) * ctx->single_state_size; is a unsigned int
when the size > 2G
size is overflow
- Description updated (diff)
What kind of rules do you use to get this issue?
Victor Julien wrote:
What kind of rules do you use to get this issue?
like this. the number of 36,000.
alert http any any -> any any (msg:"xxxxxxxxxxxxxxxx"; content:"|6F 88 6E 0D 60 69 88 66 6C 83 60 66 82 49 6E 63 68 02 60 0A 64 66 88 84 48 66 69 68 68 84 02 0C 00 06 64 60 61 6E 66 6C 06 60 61 6E 66 6C 31 04 4C 66 66 84 02 00 03 64 6F 80 02 00 06 68 69 64 84 68 02 29 06 48 66 69 68 68 84 02 29 08 64 61 62 4F 82 64 66 82 02 00 00 00 0C 64 49 64 64 43 60 43 6C 69 66 6E 84 11 41 86 84 4C 6F 68 69 6E 64 43 60 43 6C 69 66 6E 84 0D 4D 61 88 4C 69 6E|"; classtype:trojan-activity; sid:600000021; rev:1;)
- Assignee set to OISF Dev
- Target version set to TBD
- Status changed from New to Closed
- Assignee changed from OISF Dev to Sascha Steinbiss
- Target version changed from TBD to 3.2.1
- Subject changed from suricata int overflow to Mpm Ac: int overflow during init
Also available in: Atom
PDF