Bug #6104: detect/multi-buffer: Heap-buffer-overflow in SigMatchAppendSMToList - Suricata - Open Information Security Foundation

drop ip :: 6 <> :: 3 filEext:uext;file.name:;content:" ";filename:Q;base64_decode;content:" ";filename:n;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:" ";filename:Qn;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:" ";filename:n;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:" ";filename:n;file.name:;content:" ";filename:Qn;base64_decode;content:" ";filename:n;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:" ";filename:Qn;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:" ";filename:o;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:" ";filename:n;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:" ";filename: an;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:" ";filename:n;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:"( ";filename:n;file.name:;base64_decode;content:" ";filename:t9;base64_decode;content:" ";filename:n;file.name:;base64_decode;content:" ";filename:Q;base64_decode;content:" ";filename:n;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:" ";filename:n;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:" ";filename:n;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:" ";filename:n;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:"( ";filename:n;file.name:;base64_decode;content:" ";filename:th I;base64_decode;content:" ";filename:n;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:" ";filename:n;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:" ";filename:Qt: an;file.name:;base64_decode;content:" ";filename:Q9;base64_decode;content:" ";filename:1;

Actions

Copy link

Updated by Philippe Antoine almost 2 years ago

cf code

// return -1; TODO error handle

Actions

Copy link

Updated by Philippe Antoine almost 2 years ago

Target version changed from TBD to 7.0.0-rc2

Actions

Copy link

Updated by Victor Julien almost 2 years ago

Assignee changed from Victor Julien to OISF Dev
Priority changed from Normal to High

Actions

Copy link

Updated by Victor Julien almost 2 years ago

Target version changed from 7.0.0-rc2 to 7.0.0

Actions

Copy link

Updated by Philippe Antoine over 1 year ago

Related to Optimization #6194: detect: modernize filename fileext filemagic added

Actions

Copy link

Updated by Victor Julien over 1 year ago

Status changed from New to Closed
Assignee deleted (~~OISF Dev~~)
Priority changed from High to Normal
Target version deleted (~~7.0.0~~)

Possibly fixed unintentionally. We can reopen if oss-fuzz finds another vector.

Actions

Copy link

Updated by Philippe Antoine over 1 year ago

Assignee set to Philippe Antoine
Target version set to 7.0.2

Reopening as oss-fuzz found https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61147&q=label%3AProj-suricata

Actions

Copy link

Updated by Philippe Antoine over 1 year ago

Status changed from Closed to Assigned

Reproducer is

alert tcp any any <> any 0  uricontenT:"!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdqOp _tsebisfL;filestore:ive;metadata:s:oOdrOpstring,relative 0  uricontenT:"!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTterncp>any any <> any 0  uricontenT:+!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp i:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdqOp _tsebisfL;filestore:ive;metadata:s:oOdrOpstring,relative 0  uricontenT:"!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTterncp>any any <> any 0  uricontenT:+!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtefn*onlny <> any 0  uricontefL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp Op^Mip :iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s 0:: 3 gerprOp iaTterncp any any <> any 0  uricontenT:"!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:sXoOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdqOp _tseb*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebi ip 0::binly:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOpnly:r;byte_extract:2,5,pict,string,relative;metadata:s:oOd^Mip :OdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTt,2335,150!1,150!0erncp any any <> aoy 0  uricontefL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdqO,relative;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOd^Mip :OdrOp _tsebisfL{filestore:ive;metadata:s:oOdrOp ipict,string,relative;metadata:s:oOd^Mip :OdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTterncp any any <> any 0  uricontenT:"!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:sXoOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pit,string,relative;metadata:s:oOdqOp _tseb*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebi ip 0::binly:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOpnly:r;byte_extract:2,5,pict,string,relative;metadata:s:oOd^Mip :OdrOp _tsebisfL;filestore:ive;metadata:s:;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTterncp>any any <> any 0  uricontenT:+!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0stream_sizep iaTtefn*onlny <> any 0  uricontefL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s 0:: 3 gerprOp iaTterncp any any <> any 0  uricontenT:"!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:sXoOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOpy:r;byte_extract:2,5,pict,string,relative;metadata:s 0:: 3 gerprOp iaTterncp any any <> any 0  uricontenT:"!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:sXoOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdqOp _tseb*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebi ip 0::binly:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOpnly:r;byte_extract:2,5,pict,string,relative;metadata:s:oOd^Mip :OdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTt,2335,150!1,150!0erncp any any <> aoy 0  uricontefL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdqO,relative;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOd^Mip :OdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ipict,string,relative;metadata:s:oOd^Mip :OdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTterncp any any <> any 0  uricontenT:"!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:sXoOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pit,string,relative;metadata:s:oOdqOp _tseb*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebi ip 0::binly:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOpnly:r;byte_extract:2,5,pict,string,relative;metadata:s:oOd^Mip :OdrOp _tsebisfL;filestore:ive;metadata:s:;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOdnp3_indncp>any any <> any 0  uricontenT:+!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp relative;metadata:s:oOdrOp _tsebi ip 0::binly:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOpnl <> any sebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdqOp _tsebisfL;filestore:ive;metadata:s:oOdrOpstring,relative 0  uricontenT:"!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTterncp>any any <> any 0  uricontenT:+!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp i:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdqOp _tsebisfL;filestore:ive;metadata:s:oOdrOpstring,relative 0  uricontenT:"!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: t,string,relative;metadata:s:oOd^Mip :OdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTterncp any any <> any 0  uricontenT:"!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:sXoOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pit,string,relative;metadata:s:oOdqOp _tseb*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebi ip 0::binly:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOpnly:r;byte_extract:2,5,pict,string,relative;metadata:s:oOd^Mip :OdrOp _tsebisfL;filestore:ive;metadata:s:;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTterncp>any any <> any 0  uricontenT:+!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtefn*onlny <> any 0  uricontefL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s 0:: 3 gerprOp iaTterncp any any <> any 0  uricontenT:"!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:sXoOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOpy:r;byte_extract:2,5,pict,string,relative;metadata:s 0:: 3 gerprOp iaTterncp any any <> any 0  uricontenT:"!";faSt_paTtern:only:r;byte_extract:2,5,pict,string,relative;metadata:sXoOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdqOp _tseb*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOp _tsebi ip 0::binly:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdrOpnly:r;byte_extract:2,5,pict,string,relative;metadata:s:oOd^Mip :OdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTt,2335,150!1,150!0erncp any any <> aoy 0  uricontefL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOdqO,relative;metadata:s:oOdrOp _tsebisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTtern*only:r;byte_extract:2,5,pict,string,relative;metadata:s:oOd^Mip :OdrOp _tsebisfL;filestore:ive;meOdrOpnly:;metadata:slestore:ive;metadata:s:oOdrOpstring,relative;metadata:s:oOdrOp _tsebisfL;filestore^@dve;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTterncp any any <> any 0  uricontenT:"!";faSt_paTtern:only:r;byte_extract:2,5,pict,stringp _tsebisfL;filestore:ive;metadata:s:oOdrOpstri<B5>g,relative;metadata:slestore:ive;metadata:s:oOdrOpstring,relative;metadata:s:oOdrOp ^@^T^U<A4>bisfL;filestore:ive;metadata:s:oOdrOp ip 0:: 3 gerprOp iaTterncp any any <> any 0  uricontenT:"!";

With lots or uricontent

Actions

Copy link

#10