Bug #5193
closed
SSL : over allocation for certificates
Added by Shivani Bhardwaj almost 3 years ago.
Updated over 2 years ago.
Description
Found by Coverity
Untrusted allocation size (TAINTED_SCALAR)
in curr_connp->trec = SCMalloc(curr_connp->trec_len);
where trec_len is a u24 read from the network, so suricata can call malloc with up to 16Mbytes even if there is no data yet to fill them...
- Copied from Bug #5188: SSL : over allocation for certificates added
- Label deleted (
Needs backport, Needs backport to 5.0, Needs backport to 6.0)
- Status changed from Assigned to In Progress
Cherry-pick commit(s):
- 862e84877ff262cd4b8c4b191a8710f94f63fcf7
- 3ed188e0bc
Validation macros only
- d1ada2e13c207e0937f8a4818d5731d319f5fa07
- Status changed from In Progress to In Review
- Status changed from In Review to Resolved
- Status changed from Resolved to Closed
Commit(s)
- e0c8dba7ac6eaa757daf80245688f9f2b2496eff
- 4ee374a3bbd4d1a645584742103311bae66bbda1
- c71fb2d3cff567002fa0badf178d1739841037cc
Also available in: Atom
PDF