integer overflow caused by casting uin32 to uint16 in detection
util-mpm-* primitives take as input for Search callback a buffer length, declared as uint16. Unfortunately the buffers served (such as HttpReassembleBody members) have a buffer length declared as a uint32. This cause a potential integer overflow and misdetection whenever the buffer length is a multiple of 65536, as uint16(65536*x) == 0. Search will run on a buffer length of 0 bytes causing no detection.
Sovle the issue is simple, as we just need to move everything to uint32
Updated by Andreas Herz over 4 years ago
- Assignee set to Maurizio Abba
- Target version set to TBD
Are you interested in submitting a Pull Request for that?