Project

General

Profile

Actions

Bug #5388

closed

Bug #5386: detect/threshold: offline time handling issue

detect/threshold: offline time handling issue (5.0.x backports)

Added by Juliana Fajardini Reichow 4 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Due to the TIMEVAL_DIFF_SEC calculating the delta into an unsigned
integer, it would underflow to a high positive value leading to
an incorrect result if the packet timestamp was below the timestamp
for the threshold entry.

In normal conditions, this shouldn't happen,
but in offline mode, each thread has its own concept of time which
might differ significantly based on the pcap. In this case the
overflow would be very common.

(Taken from the commit message for the fix, as seen in the WIP PR https://github.com/OISF/suricata/pull/7501 )

Actions #1

Updated by Jeff Lucovsky 4 months ago

  • Subject changed from detect/threshold: offline time handling issue (5.0.x backports to detect/threshold: offline time handling issue (5.0.x backports)
  • Status changed from New to In Progress
  • Assignee changed from OISF Dev to Jeff Lucovsky
Actions #2

Updated by Jeff Lucovsky 4 months ago

Cherry-pick commit(s)
- df2e408d96d0e37a0599f885dc29fff4011f8899

Actions #3

Updated by Jeff Lucovsky 4 months ago

  • Status changed from In Progress to In Review
Actions

Also available in: Atom PDF