Actions
Bug #5168
closeddetect/iponly: non-cidr netmask settings can lead incorrect detection
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0, Needs backport to 6.0
Description
A rule like alert ip any any -> 0.0.0.5/0.0.0.5 any (sid:1;) fails to work properly, hits a DEBUG_VALIDATE_BUG_ON and leaks memory.
The engine internally only correctly handles netmasks that can be expressed through the CIDR notation as well.
(From: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
Files
Updated by Victor Julien about 2 years ago
- Related to Bug #5081: detect/iponly: rule parsing does not always apply netmask correctly added
Updated by Jeff Lucovsky about 2 years ago
- Copied to Bug #5170: detect/iponly: non-cidr netmask settings can lead incorrect radix tree added
Updated by Jeff Lucovsky about 2 years ago
- Copied to Bug #5171: detect/iponly: non-cidr netmask settings can lead incorrect radix tree added
Updated by Victor Julien about 2 years ago
- File Screenshot from 2022-03-03 08-28-05.png added
- Subject changed from detect/iponly: non-cidr netmask settings can lead incorrect radix tree to detect/iponly: non-cidr netmask settings can lead incorrect detection
- Description updated (diff)
Updated by Victor Julien about 2 years ago
- File cidr-table.png cidr-table.png added
- Description updated (diff)
Updated by Victor Julien about 2 years ago
- File deleted (
Screenshot from 2022-03-03 08-28-05.png)
Updated by Victor Julien about 2 years ago
- Status changed from In Progress to Closed
Actions