Actions
Bug #4071
closed
PA
PA
Null dereference in ipv4hdr GetData
Bug #4071:
Null dereference in ipv4hdr GetData
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0
Description
Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24288
Reproducer is./src/suricata -r fail.pcap -S ip4hdr.rule
with ip4hdr.rule being a rule using ipv4.hdr alert ip any any -> any any (ipv4.hdr; content:"|00 00|"; offset:4; depth:2; sid:1234;)
The bug seems to be present for tcphdr as well
Files
PA Updated by Philippe Antoine over 5 years ago
PA Updated by Philippe Antoine over 5 years ago
- Status changed from Assigned to In Review
Gitlab
PA Updated by Philippe Antoine over 5 years ago
The fact that oss-fuzz produced unreproducible crashes seems to tell that DetectEngineReload does not reset everything.
I guess it does not somehow reset the call to DetectBufferSetActiveList(s, g_ipv4hdr_buffer_id)
VJ Updated by Victor Julien over 5 years ago
- Priority changed from Normal to High
- Label Needs backport to 5.0 added
PA Updated by Philippe Antoine over 5 years ago
Should I create private S-V tests for these ?
JL Updated by Jeff Lucovsky over 5 years ago
- Copied to Bug #4132: Null dereference in ipv4hdr GetData added
VJ Updated by Victor Julien over 5 years ago
- Status changed from In Review to Closed
JL Updated by Jeff Lucovsky over 5 years ago
- Private changed from Yes to No
Actions