content: Constrain distance/within values

Ticket: 5740 This commit constrains the values for distance and limit to 1MB. The constraint is enforced while parsing the keyword values.
3 years ago · f57c11df3f
parent 35bbdf4124
commit f57c11df3f
4 changed files with 10 additions and 3 deletions
--- a/src/detect-content.c
+++ b/src/detect-content.c
@ -863,7 +863,7 @@ static int DetectContentDepthTest01(void)
    TEST_RUN("content:\"=\"; offset:4; depth:9; content:\"=&\"; distance:55; within:2;", 60, 70);

    // distance value is too high so we bail and not set anything on this content
-    TEST_RUN("content:\"0123456789\"; content:\"abcdef\"; distance:2147483647;", 0, 0);
+    TEST_RUN("content:\"0123456789\"; content:\"abcdef\"; distance:1048576;", 0, 0);

    // Bug #5162.
    TEST_RUN("content:\"SMB\"; depth:8; content:\"|09 00|\"; distance:8; within:2;", 11, 18);
--- a/src/detect-content.h
+++ b/src/detect-content.h
@ -82,6 +82,11 @@
                                       ((c)->flags & DETECT_CONTENT_OFFSET)   || \
                                       ((c)->flags & DETECT_CONTENT_FAST_PATTERN_CHOP))

+/*
+ * Values for distance, and within must be less than or equal
+ * to this value (absolute value where required).
+ */
+#define DETECT_CONTENT_VALUE_MAX 1024 * 1024

 #include "util-spm.h"

--- a/src/detect-distance.c
+++ b/src/detect-distance.c
@ -117,7 +117,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
        cd->distance = index;
        cd->flags |= DETECT_CONTENT_DISTANCE_VAR;
    } else {
-        if (StringParseInt32(&cd->distance, 0, 0, str) < 0) {
+        if ((StringParseI32RangeCheck(&cd->distance, 0, 0, str, -DETECT_CONTENT_VALUE_MAX,
+                     DETECT_CONTENT_VALUE_MAX) < 0)) {
            SCLogError("invalid value for distance: %s", str);
            return -1;
        }
--- a/src/detect-within.c
+++ b/src/detect-within.c
@ -113,7 +113,8 @@ static int DetectWithinSetup(DetectEngineCtx *de_ctx, Signature *s, const char *
        cd->within = index;
        cd->flags |= DETECT_CONTENT_WITHIN_VAR;
    } else {
-        if (StringParseInt32(&cd->within, 0, 0, str) < 0) {
+        if ((StringParseI32RangeCheck(&cd->within, 0, 0, str, -DETECT_CONTENT_VALUE_MAX,
+                     DETECT_CONTENT_VALUE_MAX) < 0)) {
            SCLogError("invalid value for within: %s", str);
            return -1;
        }