Project

General

Profile

Actions
Copy link

Bug #5145

closed
PA VJ

nfs: Integer underflow in NFS

Bug #5145: nfs: Integer underflow in NFS

Added by Philippe Antoine about 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
7.0.0-beta1
Affected Versions:
6.0.4
Effort:
Difficulty:
Label:
Needs backport, Needs backport to 5.0, Needs backport to 6.0

Description

Found by ClusterFuzzLite, then oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44185

The whole NFSv3 logic for writes seems wrong (like ts_chunk_left should always be 0, we do not know the final size of the file)
This is not about the full filesize, but only about the current chunk that we're processing.

Related issues 3 (0 open3 closed)

Related to Suricata - Bug #5280: nfs: ASSERT: attempt to subtract with overflow (compound)ClosedPhilippe AntoineActions
Copied to Suricata - Bug #5149: nfs: Integer underflow in NFSClosedShivani BhardwajActions
Copied to Suricata - Bug #5150: nfs: Integer underflow in NFSClosedJason IshActions
Actions
Copy link

Also available in: PDF Atom