Project

General

Profile

Actions
Copy link

Bug #5905

closed

invalid bsize and distance rule being loaded by suricata

Added by Philippe Antoine over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Jeff Lucovsky
Target version:
7.0.0-rc2
Affected Versions:
Effort:
Difficulty:
Label:

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56067&q=label%3AProj-suricata

Reproducer is drop ip :: 0 <> :: 4 ipv6.hdr;bsize:8;content:" ";disTance:-5;content:" ";disTance:-020000000000;

It gets to a signed integer overflow with detect-content.c:452:19: runtime error: signed integer overflow: -4 + -2147483647 cannot be represented in type 'int'

Somehow introduced by #2982 fix https://github.com/OISF/suricata/pull/8124 but I guess the root cause existed before

I guess one part of the fix is to use precise integer types for arguments of SigParseRequiredContentSize

Related issues 2 (0 open2 closed)

Related to Suricata - Bug #5740: content: within and distance lengths should be boundedClosedJeff LucovskyActions
Related to Suricata - Bug #2982: invalid dsize distance rule being loaded by suricataClosedJeff LucovskyActions
Actions
Copy link

Also available in: Atom PDF