Actions
Bug #7549
closed
PA
JL
detect: using different sticky buffers for byte_extract and byte_jump leads to undefined value before doing the jump
Bug #7549:
detect: using different sticky buffers for byte_extract and byte_jump leads to undefined value before doing the jump
Affected Versions:
Effort:
Difficulty:
Label:
Description
As found by oss-fuzz
https://issues.oss-fuzz.com/u/1/issues/394126185
Reproducer is alert ip any any -> any any (msg:"byte_jump varname test sig"; byte_extract:1,4,rpkt_len,relative; http.connection;byte_jump:rpkt_len,0,relative; isdataat:1,relative; classtype:bad-unknown; sid:1;) with suricata-verify/tests/http-connection-toclient/input.pcap
@Jeff Lucovsky I let you complete as you know more about byte_* stuff
PA Updated by Philippe Antoine about 1 year ago
Solution may be to have DetectByteRetrieveSMVar check the buffer id
VJ Updated by Victor Julien about 1 year ago
- Priority changed from Normal to High
PA Updated by Philippe Antoine about 1 year ago
- Related to Bug #1412: byte_test checks before byte_extract happens in some cases added
VJ Updated by Victor Julien about 1 year ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
JL Updated by Jeff Lucovsky about 1 year ago
- Status changed from New to In Progress
PA Updated by Philippe Antoine about 1 year ago
oss-fuzz shows this as fixed within range https://github.com/OISF/suricata/compare/834378ff887b3d6ac1903efb7a3e7164f593abd0...3a092f30278b2c6c86c4a0c0f3bca7f77d5922c8
Not sure why...
JL Updated by Jeff Lucovsky 10 months ago
- Status changed from In Progress to In Review
PA Updated by Philippe Antoine 10 months ago
- Status changed from In Review to Resolved
VJ Updated by Victor Julien 10 months ago
- Status changed from Resolved to Closed
- Priority changed from High to Normal
Actions