Actions
Bug #3662
closedSignature with an IP range creates one IPOnlyCIDRItem by IP address
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport, Needs backport to 4.1, Needs backport to 5.0
Description
Found by fuzzing https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21817
For example, when we want the range 41.232.107.2-43.252.37.6, it creates millions of IPOnlyCIDRItem because it gives them all a netmask of 32
Solution is to extend the net mask so that it uses
41.232.107.3/32 41.232.107.4/30 41.232.107.8/29 41.232.107.16/28 41.232.107.32/27 41.232.107.64/26 41.232.107.128/25 41.232.108.0/22 41.232.112.0/20 41.232.128.0/17 41.233.0.0/16 41.234.0.0/15 41.236.0.0/14 41.240.0.0/12 42.0.0.0/8 43.0.0.0/9 43.128.0.0/10 43.192.0.0/11 43.224.0.0/12 43.240.0.0/13 43.248.0.0/14 43.252.0.0/19 43.252.32.0/22 43.252.36.0/24 43.252.37.0/30 43.252.37.4/31 43.252.37.6/32
Updated by Philippe Antoine over 4 years ago
- Status changed from New to In Review
Updated by Philippe Antoine over 4 years ago
- Is duplicate of Bug #3568: rules: bad rule leads to memory exhaustion added
Updated by Jeff Lucovsky over 4 years ago
- Copied to Bug #3667: Signature with an IP range creates one IPOnlyCIDRItem by IP address added
Updated by Jeff Lucovsky over 4 years ago
- Copied to Bug #3668: Signature with an IP range creates one IPOnlyCIDRItem by IP address added
Updated by Victor Julien over 4 years ago
- Status changed from In Review to Closed
- Assignee set to Philippe Antoine
- Target version set to 6.0.0beta1
Updated by Jeff Lucovsky over 4 years ago
- Subject changed from Signature with an IP range creates one IPOnlyCIDRItem by signe IP address to Signature with an IP range creates one IPOnlyCIDRItem by IP address
Actions