Project

General

Profile

Bug #3783

Stack overflow in DetectFlowbitsAnalyze

Added by Antti Tönkyrä 11 months ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0

Description

When doing torture tests, I discovered a stack overflow in DetectFlowbitsAnalyze. I have made a PR to github @ https://github.com/OISF/suricata/pull/5103

Overflow happens when number of flowbits is sufficiently large which in turn causes array containing FBAnalyze structs to be greater than stack size.

Changeset should apply cleanly to 5.x too.


Related issues

Copied to Bug #3790: Stack overflow in DetectFlowbitsAnalyzeClosedJeff LucovskyActions
#1

Updated by Antti Tönkyrä 11 months ago

  • Description updated (diff)
#2

Updated by Antti Tönkyrä 11 months ago

  • Description updated (diff)
#3

Updated by Victor Julien 11 months ago

  • Status changed from New to In Review
  • Assignee set to Antti Tönkyrä
  • Target version set to 6.0.0beta1
  • Label Needs backport to 5.0 added
#4

Updated by Antti Tönkyrä 11 months ago

  • Description updated (diff)
#5

Updated by Jeff Lucovsky 11 months ago

  • Copied to Bug #3790: Stack overflow in DetectFlowbitsAnalyze added
#6

Updated by Victor Julien 10 months ago

  • Status changed from In Review to Closed

Also available in: Atom PDF