Actions
Bug #5388
closedBug #5386: detect/threshold: offline time handling issue
detect/threshold: offline time handling issue (5.0.x backports)
Affected Versions:
Effort:
Difficulty:
Label:
Description
Due to the TIMEVAL_DIFF_SEC calculating the delta into an unsigned
integer, it would underflow to a high positive value leading to
an incorrect result if the packet timestamp was below the timestamp
for the threshold entry.
In normal conditions, this shouldn't happen,
but in offline mode, each thread has its own concept of time which
might differ significantly based on the pcap. In this case the
overflow would be very common.
(Taken from the commit message for the fix, as seen in the WIP PR https://github.com/OISF/suricata/pull/7501 )
Updated by Jeff Lucovsky over 2 years ago
- Subject changed from detect/threshold: offline time handling issue (5.0.x backports to detect/threshold: offline time handling issue (5.0.x backports)
- Status changed from New to In Progress
- Assignee changed from OISF Dev to Jeff Lucovsky
Updated by Jeff Lucovsky over 2 years ago
Cherry-pick commit(s)
- df2e408d96d0e37a0599f885dc29fff4011f8899
Updated by Jeff Lucovsky over 2 years ago
- Status changed from In Progress to In Review
Updated by Victor Julien over 2 years ago
- Status changed from In Review to Closed
Actions