Bug #7549: detect: using different sticky buffers for byte_extract and byte_jump leads to undefined value before doing the jump - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #7549

open

detect: using different sticky buffers for byte_extract and byte_jump leads to undefined value before doing the jump

Added by Philippe Antoine 17 days ago. Updated 17 days ago.

Status:

New

Priority:

Normal

Assignee:

Jeff Lucovsky

Target version:

8.0.0-beta1

Affected Versions:

Effort:

Difficulty:

Label:

Description

As found by oss-fuzz
https://issues.oss-fuzz.com/u/1/issues/394126185

Reproducer is alert ip any any -> any any (msg:"byte_jump varname test sig"; byte_extract:1,4,rpkt_len,relative; http.connection;byte_jump:rpkt_len,0,relative; isdataat:1,relative; classtype:bad-unknown; sid:1;) with suricata-verify/tests/http-connection-toclient/input.pcap

@Jeff Lucovsky I let you complete as you know more about byte_* stuff

History
Notes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #7549

detect: using different sticky buffers for byte_extract and byte_jump leads to undefined value before doing the jump

Updated by Philippe Antoine 17 days ago