Project

General

Profile

Actions

Bug #5386

closed

detect/threshold: offline time handling issue

Added by Juliana Fajardini Reichow over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Due to the TIMEVAL_DIFF_SEC calculating the delta into an unsigned
integer, it would underflow to a high positive value leading to
an incorrect result if the packet timestamp was below the timestamp
for the threshold entry.

In normal conditions, this shouldn't happen,
but in offline mode, each thread has its own concept of time which
might differ significantly based on the pcap. In this case the
overflow would be very common.

(Taken from the commit message for the fix, as seen in the WIP PR https://github.com/OISF/suricata/pull/7501 )


Subtasks 2 (0 open2 closed)

Bug #5387: detect/threshold: offline time handling issue (6.0.x backports)ClosedVictor JulienActions
Bug #5388: detect/threshold: offline time handling issue (5.0.x backports)ClosedJeff LucovskyActions
Actions #1

Updated by Juliana Fajardini Reichow over 2 years ago

  • Affected Versions 5.0.9 added
Actions #2

Updated by Juliana Fajardini Reichow over 2 years ago

  • Status changed from New to In Progress
Actions #3

Updated by Juliana Fajardini Reichow over 2 years ago

  • Label Needs backport to 5.0 added
Actions #5

Updated by Juliana Fajardini Reichow over 2 years ago

  • Status changed from In Progress to Resolved
Actions #6

Updated by Victor Julien over 2 years ago

  • Status changed from Resolved to Closed
Actions #7

Updated by Victor Julien over 2 years ago

  • Label deleted (Needs backport to 5.0, Needs backport to 6.0)
Actions

Also available in: Atom PDF