Project

General

Profile

Actions

Task #8690

open
DU CT

detect-engine-mpm: adjust transforms->cnt type to unsigned integer

Task #8690: detect-engine-mpm: adjust transforms->cnt type to unsigned integer

Added by Dmitry Uryvchikov 5 days ago. Updated 2 days ago.

Status:
Triaged
Priority:
Normal
Target version:
Effort:
low
Difficulty:
low
Label:

Description

typedef struct DetectEngineTransforms { TransformData transforms[DETECT_TRANSFORMS_MAX]; int cnt; } DetectEngineTransforms;

DetectEngineTransforms::cnt is an int, but only cnt 0 was checked:

if (transforms NULL || transforms->cnt == 0)
return;

Negative values are therefore treated as valid. When transforms->cnt is negative, the loop is skipped, leaving xforms empty. The subsequent statement

xforms[strlen(xforms) - 1] = '\0';

evaluates to xforms[-1], causing an out-of-bounds write and resulting in undefined behavior. Fix this by checking cnt <= 0 instead of cnt == 0.


Subtasks 1 (1 open0 closed)

Task #8703: detect-engine-mpm: adjust transforms->cnt type to unsigned integer (8.0.x backport)AssignedCommunity TicketActions
Actions

Also available in: PDF Atom