Actions
Bug #5386
closeddetect/threshold: offline time handling issue
Description
Due to the TIMEVAL_DIFF_SEC calculating the delta into an unsigned
integer, it would underflow to a high positive value leading to
an incorrect result if the packet timestamp was below the timestamp
for the threshold entry.
In normal conditions, this shouldn't happen,
but in offline mode, each thread has its own concept of time which
might differ significantly based on the pcap. In this case the
overflow would be very common.
(Taken from the commit message for the fix, as seen in the WIP PR https://github.com/OISF/suricata/pull/7501 )
Updated by Juliana Fajardini Reichow almost 2 years ago
- Affected Versions 5.0.9 added
Updated by Juliana Fajardini Reichow almost 2 years ago
- Status changed from New to In Progress
Updated by Juliana Fajardini Reichow almost 2 years ago
- Label Needs backport to 5.0 added
Updated by Juliana Fajardini Reichow almost 2 years ago
Merged commit: https://github.com/OISF/suricata/pull/7511
Updated by Juliana Fajardini Reichow almost 2 years ago
- Status changed from In Progress to Resolved
Updated by Victor Julien almost 2 years ago
- Status changed from Resolved to Closed
Updated by Victor Julien almost 2 years ago
- Label deleted (
Needs backport to 5.0, Needs backport to 6.0)
Actions