Don't test the several packet detection checks against pseudo packets as the matches would not be meaningful anyway. Prevents a segv in the csum detection.

15 years ago · addab7b5ee
parent a2465ffc1c
commit addab7b5ee
9 changed files with 22 additions and 11 deletions
--- a/src/decode.h
+++ b/src/decode.h
@ -750,5 +750,8 @@ void AddressDebugPrint(Address *);
 #define PKT_PSEUDO_STREAM_END           0x0100    /**< Pseudo packet to end the stream */
 #define PKT_STREAM_MODIFIED             0x0200    /**< Packet is modified by the stream engine, we need to recalc the csum and reinject/replace */

+/** \brief return 1 if the packet is a pseudo packet */
+#define PKT_IS_PSEUDOPKT(p) ((p)->flags & PKT_PSEUDO_STREAM_END)
+
 #endif /* __DECODE_H__ */

--- a/src/detect-ack.c
+++ b/src/detect-ack.c
@ -72,7 +72,7 @@ static int DetectAckMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
    DetectAckData *data = (DetectAckData *)m->ctx;

    /* This is only needed on TCP packets */
-    if (!(PKT_IS_TCP(p))) {
+    if (!(PKT_IS_TCP(p)) || PKT_IS_PSEUDOPKT(p)) {
        return 0;
    }

--- a/src/detect-csum.c
+++ b/src/detect-csum.c
@ -320,7 +320,7 @@ int DetectTCPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
 {
    DetectCsumData *cd = (DetectCsumData *)m->ctx;

-    if (p->ip4h == NULL || p->proto != IPPROTO_TCP)
+    if (p->ip4h == NULL || p->proto != IPPROTO_TCP || PKT_IS_PSEUDOPKT(p))
        return 0;

    if (p->tcpc.comp_csum == -1)
@ -412,7 +412,7 @@ int DetectTCPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
 {
    DetectCsumData *cd = (DetectCsumData *)m->ctx;

-    if (p->ip6h == NULL || p->proto != IPPROTO_TCP)
+    if (p->ip6h == NULL || p->proto != IPPROTO_TCP || PKT_IS_PSEUDOPKT(p))
        return 0;

    if (p->tcpc.comp_csum == -1)
@ -504,7 +504,7 @@ int DetectUDPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
 {
    DetectCsumData *cd = (DetectCsumData *)m->ctx;

-    if (p->ip4h == NULL || p->proto != IPPROTO_UDP)
+    if (p->ip4h == NULL || p->proto != IPPROTO_UDP || PKT_IS_PSEUDOPKT(p))
        return 0;

    if (p->udpc.comp_csum == -1)
@ -596,7 +596,7 @@ int DetectUDPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
 {
    DetectCsumData *cd = (DetectCsumData *)m->ctx;

-    if (p->ip6h == NULL || p->proto != IPPROTO_UDP)
+    if (p->ip6h == NULL || p->proto != IPPROTO_UDP || PKT_IS_PSEUDOPKT(p))
        return 0;

    if (p->udpc.comp_csum == -1)
@ -688,7 +688,7 @@ int DetectICMPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
 {
    DetectCsumData *cd = (DetectCsumData *)m->ctx;

-    if (p->ip4h == NULL || p->proto != IPPROTO_ICMP)
+    if (p->ip4h == NULL || p->proto != IPPROTO_ICMP || PKT_IS_PSEUDOPKT(p))
        return 0;

    if (p->icmpv4c.comp_csum == -1)
@ -779,7 +779,7 @@ int DetectICMPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
 {
    DetectCsumData *cd = (DetectCsumData *)m->ctx;

-    if (p->ip6h == NULL || p->proto != IPPROTO_ICMPV6)
+    if (p->ip6h == NULL || p->proto != IPPROTO_ICMPV6 || PKT_IS_PSEUDOPKT(p))
        return 0;

    if (p->icmpv6c.comp_csum == -1)
--- a/src/detect-dsize.c
+++ b/src/detect-dsize.c
@ -101,6 +101,10 @@ int DetectDsizeMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p,
    SCEnter();
    int ret = 0;

+    if (PKT_IS_PSEUDOPKT(p)) {
+        SCReturnInt(0);
+    }
+
    DetectDsizeData *dd = (DetectDsizeData *)m->ctx;

    SCLogDebug("p->payload_len %"PRIu16"", p->payload_len);
--- a/src/detect-id.c
+++ b/src/detect-id.c
@ -107,7 +107,7 @@ int DetectIdMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p,
    /**
     * To match a ipv4 packet with a "id" rule
     */
-    if (!PKT_IS_IPV4(p)) {
+    if (!PKT_IS_IPV4(p) || PKT_IS_PSEUDOPKT(p)) {
        return 0;
    }

--- a/src/detect-ipopts.c
+++ b/src/detect-ipopts.c
@ -104,7 +104,7 @@ int DetectIpOptsMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p,
    int ipopt = 0;
    DetectIpOptsData *de = (DetectIpOptsData *)m->ctx;

-    if(!de || !PKT_IS_IPV4(p) || !p)
+    if (!de || !PKT_IS_IPV4(p) || PKT_IS_PSEUDOPKT(p))
        return ret;

    /* IPV4_OPT_ANY matches on any options */
--- a/src/detect-seq.c
+++ b/src/detect-seq.c
@ -72,7 +72,7 @@ static int DetectSeqMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
    DetectSeqData *data = (DetectSeqData *)m->ctx;

    /* This is only needed on TCP packets */
-    if (!(PKT_IS_TCP(p))) {
+    if (!(PKT_IS_TCP(p)) || PKT_IS_PSEUDOPKT(p)) {
        return 0;
    }

--- a/src/detect-ttl.c
+++ b/src/detect-ttl.c
@ -98,6 +98,9 @@ int DetectTtlMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Si
    uint8_t pttl;
    DetectTtlData *ttld = (DetectTtlData *) m->ctx;

+    if (PKT_IS_PSEUDOPKT(p))
+        return 0;
+
    if (PKT_IS_IPV4(p)) {
        pttl = IPV4_GET_IPTTL(p);
    } else if (PKT_IS_IPV6(p)) {
--- a/src/detect-window.c
+++ b/src/detect-window.c
@ -103,7 +103,8 @@ error:
 */
 int DetectWindowMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m) {
    DetectWindowData *wd = (DetectWindowData *)m->ctx;
-    if ( !(PKT_IS_TCP(p)) || wd == NULL) {
+
+    if ( !(PKT_IS_TCP(p)) || wd == NULL || PKT_IS_PSEUDOPKT(p)) {
        return 0;
    }