aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rust/probing: safety check for null input

Browse Source 
Ticket: 7013

Done consistently for all protocols

This may change some protocols behaviors which failed early
if they found there was not enough data...
pull/11084/head
Philippe Antoine 10 months ago committed by Victor Julien
parent 5dc8dea869
commit 37a9003736
12 changed files with 40 additions and 7 deletions
Show Stats Download Patch File Download Diff File

2
rust/src/dcerpc/dcerpc.rs
Unescape Escape View File

@ -1293,7 +1293,7 @@ pub unsafe extern "C" fn rs_dcerpc_probe_tcp(_f: *const core::Flow, direction: u
len: u32, rdir: *mut u8) -> AppProto
{
SCLogDebug!("Probing packet for DCERPC");
if len == 0 {
if len == 0 || input.is_null() {
return core::ALPROTO_UNKNOWN;
}
let slice: &[u8] = std::slice::from_raw_parts(input as *mut u8, len as usize);

2
rust/src/dcerpc/dcerpc_udp.rs
Unescape Escape View File

@ -310,7 +310,7 @@ pub unsafe extern "C" fn rs_dcerpc_probe_udp(_f: *const core::Flow, direction: u
len: u32, rdir: *mut u8) -> core::AppProto
{
SCLogDebug!("Probing the packet for DCERPC/UDP");
if len == 0 {
if len == 0 || input.is_null() {
return core::ALPROTO_UNKNOWN;
}
let slice: &[u8] = std::slice::from_raw_parts(input as *mut u8, len as usize);

2
rust/src/dhcp/dhcp.rs
Unescape Escape View File

@ -184,7 +184,7 @@ pub unsafe extern "C" fn rs_dhcp_probing_parser(_flow: *const Flow,
input_len: u32,
_rdir: *mut u8) -> AppProto
{
if input_len < DHCP_MIN_FRAME_LEN {
if input_len < DHCP_MIN_FRAME_LEN || input.is_null() {
return ALPROTO_UNKNOWN;
}

4
rust/src/dns/dns.rs
Unescape Escape View File

@ -896,7 +896,7 @@ pub extern "C" fn SCDnsTxGetResponseFlags(tx: &mut DNSTransaction) -> u16 {
unsafe extern "C" fn probe_udp(
_flow: *const core::Flow, _dir: u8, input: *const u8, len: u32, rdir: *mut u8,
) -> AppProto {
if len == 0 || len < std::mem::size_of::<DNSHeader>() as u32 {
if input.is_null() || len < std::mem::size_of::<DNSHeader>() as u32 {
return core::ALPROTO_UNKNOWN;
}
let slice: &[u8] = std::slice::from_raw_parts(input as *mut u8, len as usize);
@ -916,7 +916,7 @@ unsafe extern "C" fn probe_udp(
unsafe extern "C" fn c_probe_tcp(
_flow: *const core::Flow, direction: u8, input: *const u8, len: u32, rdir: *mut u8,
) -> AppProto {
if len == 0 || len < std::mem::size_of::<DNSHeader>() as u32 + 2 {
if input.is_null() || len < std::mem::size_of::<DNSHeader>() as u32 + 2 {
return core::ALPROTO_UNKNOWN;
}
let slice: &[u8] = std::slice::from_raw_parts(input as *mut u8, len as usize);

6
rust/src/krb/krb5.rs
Unescape Escape View File

@ -364,6 +364,9 @@ pub unsafe extern "C" fn rs_krb5_probing_parser(_flow: *const Flow,
input:*const u8, input_len: u32,
_rdir: *mut u8) -> AppProto
{
if input.is_null() {
return ALPROTO_UNKNOWN;
}
let slice = build_slice!(input,input_len as usize);
let alproto = ALPROTO_KRB5;
if slice.len() <= 10 { return ALPROTO_FAILED; }
@ -403,6 +406,9 @@ pub unsafe extern "C" fn rs_krb5_probing_parser_tcp(_flow: *const Flow,
input:*const u8, input_len: u32,
rdir: *mut u8) -> AppProto
{
if input.is_null() {
return ALPROTO_UNKNOWN;
}
let slice = build_slice!(input,input_len as usize);
if slice.len() <= 14 { return ALPROTO_FAILED; }
match be_u32(slice) as IResult<&[u8],u32> {

3
rust/src/modbus/modbus.rs
Unescape Escape View File

@ -274,6 +274,9 @@ impl ModbusState {
pub extern "C" fn rs_modbus_probe(
_flow: *const core::Flow, _direction: u8, input: *const u8, len: u32, _rdir: *mut u8,
) -> AppProto {
if input.is_null() {
return ALPROTO_UNKNOWN;
}
let slice: &[u8] = unsafe { std::slice::from_raw_parts(input as *mut u8, len as usize) };
match MODBUS_PARSER.probe(slice, Direction::Unknown) {
Status::Recognized => unsafe { ALPROTO_MODBUS },

3
rust/src/mqtt/mqtt.rs
Unescape Escape View File

@ -619,6 +619,9 @@ impl MQTTState {
pub unsafe extern "C" fn rs_mqtt_probing_parser(
_flow: *const Flow, _direction: u8, input: *const u8, input_len: u32, _rdir: *mut u8,
) -> AppProto {
if input.is_null() {
return ALPROTO_UNKNOWN;
}
let buf = build_slice!(input, input_len as usize);
match parse_fixed_header(buf) {
Ok((_, hdr)) => {

12
rust/src/nfs/nfs.rs
Unescape Escape View File

@ -1861,6 +1861,9 @@ pub unsafe extern "C" fn rs_nfs_probe_ms(
direction: u8, input: *const u8,
len: u32, rdir: *mut u8) -> AppProto
{
if input.is_null() {
return ALPROTO_UNKNOWN;
}
let slice: &[u8] = build_slice!(input, len as usize);
SCLogDebug!("rs_nfs_probe_ms: probing direction {:02x}", direction);
let mut adirection : u8 = 0;
@ -1900,6 +1903,9 @@ pub unsafe extern "C" fn rs_nfs_probe(_f: *const Flow,
_rdir: *mut u8)
-> AppProto
{
if input.is_null() {
return ALPROTO_UNKNOWN;
}
let slice: &[u8] = build_slice!(input, len as usize);
SCLogDebug!("rs_nfs_probe: running probe");
match nfs_probe(slice, direction.into()) {
@ -1918,6 +1924,9 @@ pub unsafe extern "C" fn rs_nfs_probe_udp_ts(_f: *const Flow,
_rdir: *mut u8)
-> AppProto
{
if input.is_null() {
return ALPROTO_UNKNOWN;
}
let slice: &[u8] = build_slice!(input, len as usize);
match nfs_probe_udp(slice, Direction::ToServer) {
1 => { ALPROTO_NFS },
@ -1935,6 +1944,9 @@ pub unsafe extern "C" fn rs_nfs_probe_udp_tc(_f: *const Flow,
_rdir: *mut u8)
-> AppProto
{
if input.is_null() {
return ALPROTO_UNKNOWN;
}
let slice: &[u8] = build_slice!(input, len as usize);
match nfs_probe_udp(slice, Direction::ToClient) {
1 => { ALPROTO_NFS },

3
rust/src/ntp/ntp.rs
Unescape Escape View File

@ -245,6 +245,9 @@ pub extern "C" fn ntp_probing_parser(_flow: *const Flow,
input:*const u8, input_len: u32,
_rdir: *mut u8) -> AppProto
{
if input.is_null() {
return ALPROTO_UNKNOWN;
}
let slice: &[u8] = unsafe { std::slice::from_raw_parts(input as *mut u8, input_len as usize) };
let alproto = unsafe{ ALPROTO_NTP };
match parse_ntp(slice) {

3
rust/src/quic/quic.rs
Unescape Escape View File

@ -376,6 +376,9 @@ pub unsafe extern "C" fn rs_quic_state_tx_free(state: *mut std::os::raw::c_void,
pub unsafe extern "C" fn rs_quic_probing_parser(
_flow: *const Flow, _direction: u8, input: *const u8, input_len: u32, _rdir: *mut u8,
) -> AppProto {
if input.is_null() {
return ALPROTO_UNKNOWN;
}
let slice = build_slice!(input, input_len as usize);
if QuicHeader::from_bytes(slice, DEFAULT_DCID_LEN).is_ok() {

4
rust/src/smb/smb.rs
Unescape Escape View File

@ -2115,7 +2115,7 @@ pub unsafe extern "C" fn rs_smb_probe_begins_tcp(_f: *const Flow,
flags: u8, input: *const u8, len: u32, rdir: *mut u8)
-> AppProto
{
if len < MIN_REC_SIZE as u32 {
if len < MIN_REC_SIZE as u32 || input.is_null() {
return ALPROTO_UNKNOWN;
}
let slice = build_slice!(input, len as usize);
@ -2129,7 +2129,7 @@ pub unsafe extern "C" fn rs_smb_probe_tcp(_f: *const Flow,
flags: u8, input: *const u8, len: u32, rdir: *mut u8)
-> AppProto
{
if len < MIN_REC_SIZE as u32 {
if len < MIN_REC_SIZE as u32 || input.is_null() {
return ALPROTO_UNKNOWN;
}
let slice = build_slice!(input, len as usize);

3
rust/src/snmp/snmp.rs
Unescape Escape View File

@ -357,6 +357,9 @@ pub unsafe extern "C" fn rs_snmp_probing_parser(_flow: *const Flow,
input:*const u8,
input_len: u32,
_rdir: *mut u8) -> AppProto {
if input.is_null() {
return ALPROTO_UNKNOWN;
}
let slice = build_slice!(input,input_len as usize);
let alproto = ALPROTO_SNMP;
if slice.len() < 4 { return ALPROTO_FAILED; }

Write Preview
Loading…
Cancel
Save