Project

General

Profile

Actions

Bug #5144

closed

Failed assert DeStateSearchState

Added by Philippe Antoine over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0, Needs backport to 6.0

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44203

Minimized reproducer with rules

alert http any any -> any any (filestore; file.name; content:!"2008.mp4"; sid:2; rev:1;)
alert http any any -> any any (filestore; file.name; content:!"tar.gz"; sid:3; rev:1;)
alert http any any -> any any (file.name; content:"/a/expl/2008.mp4"; startswith; endswith; sid:4; rev:1;)

and attached pcap (which has HTTP with /a/expl/2008.mp4 by the way)

Victor, you added this debug validation code.
Is this a real problem ?


Files

fuzzed2.pcap (1.48 KB) fuzzed2.pcap Philippe Antoine, 02/22/2022 09:33 AM

Related issues 3 (0 open3 closed)

Related to Suricata - Bug #5419: Failed assert DeStateSearchStateClosedVictor JulienActions
Copied to Suricata - Bug #5302: Failed assert DeStateSearchStateClosedVictor JulienActions
Copied to Suricata - Bug #5303: Failed assert DeStateSearchStateClosedVictor JulienActions
Actions

Also available in: Atom PDF