aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/frames: fix crash when parsing bad rule

Browse Source 
Indexing of Signature::init_data::smlists would fail for a rule that
used a frame and fast_pattern w/o content, as the array would only be
expanded when adding a content.
Adding a check to see if there list id is in bounds
is an implicit check for the "no content" case.

Ticket: #5530
pull/8360/head
Philippe Antoine 4 years ago committed by Victor Julien
parent 8bebc2390d
commit 8c3107472b
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File

3
src/detect-parse.c
Unescape Escape View File

@ -438,7 +438,8 @@ SigMatch *DetectGetLastSMFromMpmLists(const DetectEngineCtx *de_ctx, const Signa
uint32_t sm_type; uint32_t sm_type;
/* if we have a sticky buffer, use that */ /* if we have a sticky buffer, use that */
if (s->init_data->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET &&
s->init_data->list < (int)s->init_data->smlists_array_size) {
if (!(DetectEngineBufferTypeSupportsMpmGetById(de_ctx, s->init_data->list))) { if (!(DetectEngineBufferTypeSupportsMpmGetById(de_ctx, s->init_data->list))) {
return NULL; return NULL;
} }

Write Preview
Loading…
Cancel
Save