Project

General

Profile

Actions

Bug #5193

closed

SSL : over allocation for certificates

Added by Shivani Bhardwaj 7 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Found by Coverity

Untrusted allocation size (TAINTED_SCALAR)

in curr_connp->trec = SCMalloc(curr_connp->trec_len); where trec_len is a u24 read from the network, so suricata can call malloc with up to 16Mbytes even if there is no data yet to fill them...


Related issues 1 (0 open1 closed)

Copied from Bug #5188: SSL : over allocation for certificatesClosedPhilippe AntoineActions
Actions #1

Updated by Shivani Bhardwaj 7 months ago

  • Copied from Bug #5188: SSL : over allocation for certificates added
Actions #2

Updated by Shivani Bhardwaj 7 months ago

  • Label deleted (Needs backport, Needs backport to 5.0, Needs backport to 6.0)
Actions #3

Updated by Jeff Lucovsky 6 months ago

  • Status changed from Assigned to In Progress

Cherry-pick commit(s):
- 862e84877ff262cd4b8c4b191a8710f94f63fcf7
- 3ed188e0bc Validation macros only
- d1ada2e13c207e0937f8a4818d5731d319f5fa07

Actions #4

Updated by Jeff Lucovsky 6 months ago

  • Status changed from In Progress to In Review
Actions #6

Updated by Victor Julien 6 months ago

  • Status changed from In Review to Resolved

Fix staged.

Actions #7

Updated by Jeff Lucovsky 6 months ago

  • Status changed from Resolved to Closed

Commit(s)
- e0c8dba7ac6eaa757daf80245688f9f2b2496eff
- 4ee374a3bbd4d1a645584742103311bae66bbda1
- c71fb2d3cff567002fa0badf178d1739841037cc

Actions

Also available in: Atom PDF