Project

General

Profile

Actions

Bug #5386

closed

detect/threshold: offline time handling issue

Added by Juliana Fajardini Reichow 4 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Due to the TIMEVAL_DIFF_SEC calculating the delta into an unsigned
integer, it would underflow to a high positive value leading to
an incorrect result if the packet timestamp was below the timestamp
for the threshold entry.

In normal conditions, this shouldn't happen,
but in offline mode, each thread has its own concept of time which
might differ significantly based on the pcap. In this case the
overflow would be very common.

(Taken from the commit message for the fix, as seen in the WIP PR https://github.com/OISF/suricata/pull/7501 )


Subtasks 2 (0 open2 closed)

Bug #5387: detect/threshold: offline time handling issue (6.0.x backports)ClosedVictor JulienActions
Bug #5388: detect/threshold: offline time handling issue (5.0.x backports)ClosedJeff LucovskyActions
Actions #1

Updated by Juliana Fajardini Reichow 4 months ago

  • Affected Versions 5.0.9 added
Actions #2

Updated by Juliana Fajardini Reichow 4 months ago

  • Status changed from New to In Progress
Actions #3

Updated by Juliana Fajardini Reichow 4 months ago

  • Label Needs backport to 5.0 added
Actions #5

Updated by Juliana Fajardini Reichow 4 months ago

  • Status changed from In Progress to Resolved
Actions #6

Updated by Victor Julien 4 months ago

  • Status changed from Resolved to Closed
Actions #7

Updated by Victor Julien 3 months ago

  • Label deleted (Needs backport to 5.0, Needs backport to 6.0)
Actions

Also available in: Atom PDF