Project

General

Custom queries

Profile

Actions
Copy link

Bug #5145

closed

nfs: Integer underflow in NFS

Added by Philippe Antoine about 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
7.0.0-beta1
Affected Versions:
6.0.4
Effort:
Difficulty:
Label:
Needs backport, Needs backport to 5.0, Needs backport to 6.0

Description

Found by ClusterFuzzLite, then oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44185

The whole NFSv3 logic for writes seems wrong (like ts_chunk_left should always be 0, we do not know the final size of the file)
This is not about the full filesize, but only about the current chunk that we're processing.

Related issues 3 (0 open3 closed)

Related to Suricata - Bug #5280: nfs: ASSERT: attempt to subtract with overflow (compound)ClosedPhilippe AntoineActions
Copied to Suricata - Bug #5149: nfs: Integer underflow in NFSClosedShivani BhardwajActions
Copied to Suricata - Bug #5150: nfs: Integer underflow in NFSClosedJason IshActions
Actions
Copy link
 #4

Updated by Victor Julien about 3 years ago

  • Status changed from In Progress to Closed
Actions
Copy link
 #6

Updated by Philippe Antoine almost 3 years ago

  • Status changed from Closed to Assigned
Actions
Copy link
 #7

Updated by Victor Julien almost 3 years ago

Closing in favor of a new ticket #5280 to not confuse the backports process.

Actions
Copy link

Also available in: Atom PDF