Bug #6271: libhtp: double free in multipart processing - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #6271

closed

libhtp: double free in multipart processing

Added by Juliana Fajardini Reichow 9 months ago. Updated 8 months ago.

Status:

Rejected

Priority:

Normal

Assignee:

OISF Dev

Target version:

7.0.1

Affected Versions:

Effort:

Difficulty:

Label:

Description

In function htp_ch_multipart_callback_request_body_data at htp_content_handlers.c,
if an error occurs while adding newly allocated params to tx->request_params, the
func just returns without setting tx->request_mpartp->gave_up_data, thus there's a
risk of double-free in htp_tx_destroy_incomplete.

To keep better track of https://github.com/OISF/libhtp/issues/402

Actions

Copy link

Updated by Juliana Fajardini Reichow 9 months ago

Set target version as 7.0.1 as I figured 8 would be too far.

Actions

Copy link

Updated by Philippe Antoine 8 months ago

Status changed from New to Rejected

Not affecting Suricata, as htp_ch_multipart_callback_request_body_data is only reachable by public htp_config_register_multipart_parser which is not used by Suricata

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #6271

libhtp: double free in multipart processing

Updated by Juliana Fajardini Reichow 9 months ago

Updated by Philippe Antoine 8 months ago