Bug #2481: integer overflow caused by casting uin32 to uint16 in detection - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #2481

closed

integer overflow caused by casting uin32 to uint16 in detection

Added by Maurizio Abba over 6 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Maurizio Abba

Target version:

4.1rc1

Affected Versions:

Effort:

Difficulty:

Label:

Description

util-mpm-* primitives take as input for Search callback a buffer length, declared as uint16. Unfortunately the buffers served (such as HttpReassembleBody members) have a buffer length declared as a uint32. This cause a potential integer overflow and misdetection whenever the buffer length is a multiple of 65536, as uint16(65536*x) == 0. Search will run on a buffer length of 0 bytes causing no detection.

Sovle the issue is simple, as we just need to move everything to uint32

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #2481

integer overflow caused by casting uin32 to uint16 in detection

Updated by Andreas Herz over 6 years ago

Updated by Victor Julien over 6 years ago