Actions
Bug #5905
closedinvalid bsize and distance rule being loaded by suricata
Affected Versions:
Effort:
Difficulty:
Label:
Description
Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56067&q=label%3AProj-suricata
Reproducer is drop ip :: 0 <> :: 4 ipv6.hdr;bsize:8;content:" ";disTance:-5;content:" ";disTance:-020000000000;
It gets to a signed integer overflow with detect-content.c:452:19: runtime error: signed integer overflow: -4 + -2147483647 cannot be represented in type 'int'
Somehow introduced by #2982 fix https://github.com/OISF/suricata/pull/8124 but I guess the root cause existed before
I guess one part of the fix is to use precise integer types for arguments of SigParseRequiredContentSize
Updated by Philippe Antoine over 1 year ago
- Subject changed from invalid dsize and distance rule being loaded by suricata to invalid bsize and distance rule being loaded by suricata
Updated by Philippe Antoine over 1 year ago
- Related to Bug #5740: content: within and distance lengths should be bounded added
Updated by Philippe Antoine over 1 year ago
- Related to Bug #2982: invalid dsize distance rule being loaded by suricata added
Updated by Jeff Lucovsky over 1 year ago
- Status changed from Assigned to In Review
Updated by Jeff Lucovsky over 1 year ago
- Status changed from In Review to Closed
Actions