Project

General

Profile

Actions

Bug #3783

closed

Stack overflow in DetectFlowbitsAnalyze

Added by Antti Tönkyrä about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0

Description

When doing torture tests, I discovered a stack overflow in DetectFlowbitsAnalyze. I have made a PR to github @ https://github.com/OISF/suricata/pull/5103

Overflow happens when number of flowbits is sufficiently large which in turn causes array containing FBAnalyze structs to be greater than stack size.

Changeset should apply cleanly to 5.x too.


Related issues

Copied to Bug #3790: Stack overflow in DetectFlowbitsAnalyzeClosedJeff LucovskyActions
Actions #1

Updated by Antti Tönkyrä about 1 year ago

  • Description updated (diff)
Actions #2

Updated by Antti Tönkyrä about 1 year ago

  • Description updated (diff)
Actions #3

Updated by Victor Julien about 1 year ago

  • Status changed from New to In Review
  • Assignee set to Antti Tönkyrä
  • Target version set to 6.0.0beta1
  • Label Needs backport to 5.0 added
Actions #4

Updated by Antti Tönkyrä about 1 year ago

  • Description updated (diff)
Actions #5

Updated by Jeff Lucovsky about 1 year ago

  • Copied to Bug #3790: Stack overflow in DetectFlowbitsAnalyze added
Actions #6

Updated by Victor Julien about 1 year ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF