Optimization #7769: detect/file: remove redundant de_ctx->rule_file != NULL check - Suricata - Open Information Security Foundation

Actions

Copy link

Optimization #7769

closed

BT BT

detect/file: remove redundant de_ctx->rule_file != NULL check

Optimization #7769: detect/file: remove redundant de_ctx->rule_file != NULL check

Added by Boris Tonofa 11 months ago. Updated 8 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Boris Tonofa

Target version:

8.0.1

Effort:

medium

Difficulty:

Label:

Description

When Suricata parses rules it invokes DetectFileHashParse() to turn a filemd5/sha1/sha256 keyword into an in-memory hash table. If the rules are supplied from memory, the parser context field de_ctx->rule_file is NULL; nevertheless the code still executes SCStrdup(de_ctx->rule_file). Because strdup(NULL) dereferences a null pointer inside strlen(), Suricata crashes with SIGSEGV during the rule-loading phase.

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries