Project

General

Profile

Actions

Bug #4071

closed

Null dereference in ipv4hdr GetData

Added by Philippe Antoine about 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
High
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24288

Reproducer is
./src/suricata -r fail.pcap -S ip4hdr.rule
with ip4hdr.rule being a rule using ipv4.hdr alert ip any any -> any any (ipv4.hdr; content:"|00 00|"; offset:4; depth:2; sid:1234;)

The bug seems to be present for tcphdr as well


Files

fail.pcap (138 Bytes) fail.pcap Philippe Antoine, 10/14/2020 07:41 PM
tcp0.pcap (250 Bytes) tcp0.pcap Philippe Antoine, 10/14/2020 07:55 PM

Related issues 1 (0 open1 closed)

Copied to Suricata - Bug #4132: Null dereference in ipv4hdr GetDataClosedJeff LucovskyActions
Actions #1

Updated by Philippe Antoine about 4 years ago

Pcap reproducer for tcp.hdr rule

Actions #2

Updated by Philippe Antoine about 4 years ago

  • Status changed from Assigned to In Review

Gitlab

Actions #3

Updated by Philippe Antoine about 4 years ago

The fact that oss-fuzz produced unreproducible crashes seems to tell that DetectEngineReload does not reset everything.
I guess it does not somehow reset the call to DetectBufferSetActiveList(s, g_ipv4hdr_buffer_id)

Actions #4

Updated by Victor Julien about 4 years ago

  • Priority changed from Normal to High
  • Label Needs backport to 5.0 added
Actions #5

Updated by Philippe Antoine about 4 years ago

Should I create private S-V tests for these ?

Actions #6

Updated by Jeff Lucovsky about 4 years ago

  • Copied to Bug #4132: Null dereference in ipv4hdr GetData added
Actions #7

Updated by Victor Julien almost 4 years ago

  • Status changed from In Review to Closed
Actions #8

Updated by Jeff Lucovsky almost 4 years ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF