Project

General

Profile

Actions

Bug #5188

closed

SSL : over allocation for certificates

Added by Philippe Antoine 7 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport, Needs backport to 5.0, Needs backport to 6.0

Description

Found by Coverity

Untrusted allocation size (TAINTED_SCALAR)

in curr_connp->trec = SCMalloc(curr_connp->trec_len); where trec_len is a u24 read from the network, so suricata can call malloc with up to 16Mbytes even if there is no data yet to fill them...


Related issues 2 (0 open2 closed)

Copied to Bug #5192: SSL : over allocation for certificatesClosedShivani BhardwajActions
Copied to Bug #5193: SSL : over allocation for certificatesClosedJeff LucovskyActions
Actions #1

Updated by Philippe Antoine 7 months ago

Luckily for Suricata, OSes seem to prevent this malloc from being really reserved by the system until it is really used...

Actions #2

Updated by Philippe Antoine 7 months ago

  • Status changed from New to In Review
Actions #3

Updated by Shivani Bhardwaj 7 months ago

  • Copied to Bug #5192: SSL : over allocation for certificates added
Actions #4

Updated by Shivani Bhardwaj 7 months ago

  • Copied to Bug #5193: SSL : over allocation for certificates added
Actions #5

Updated by Victor Julien 6 months ago

  • Status changed from In Review to Closed

https://github.com/OISF/suricata/pull/7139

Coverity scan rerun confirms the fix.

Actions

Also available in: Atom PDF