Bug #8543: decode/tcp: avoid unaligned access in TCP option parsing - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #8543

open

UK UK

decode/tcp: avoid unaligned access in TCP option parsing

Bug #8543: decode/tcp: avoid unaligned access in TCP option parsing

Added by Urval Kheni 4 days ago. Updated 4 days ago.

Status:

In Review

Priority:

Normal

Assignee:

Urval Kheni

Target version:

9.0.0-beta1

Affected Versions:

git main

Effort:

Difficulty:

Label:

C, Hardening, Protocol

Description

TCP option parsing in decode-tcp.c currently performs direct uint16_t pointer casts on byte-packed TCP option data.

Since TCP options are not guaranteed to be naturally aligned, this can cause unaligned memory access on strict-alignment architectures and also relies on undefined behavior in C.

Affected parsing paths include MSS and EXP/TFO option handling.

The proposed fix replaces direct casts with explicit byte-wise 16-bit extraction while preserving existing parsing behavior.

A pull request with the fix is already available:
https://github.com/OISF/suricata/pull/15207

History
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Bug #8543

decode/tcp: avoid unaligned access in TCP option parsing

PA Updated by Philippe Antoine 4 days ago Actions
Copy link
#1

Project

General

Profile

Suricata

Custom queries

Bug #8543

decode/tcp: avoid unaligned access in TCP option parsing

PA Updated by Philippe Antoine 4 days ago ActionsCopy link #1

PA Updated by Philippe Antoine 4 days ago Actions
Copy link
#1