mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
713c379427
Addresses #3570 by extra checking of calculated size requests. With the given input, the parser eventually arrived at parser::parse_failure_reason() which parsed from the remaining four bytes (describing the string length) that the failure string to follow would be 4294967295 bytes long. While calculating the total size of the data to request via AppLayerResult::incomplete(), adding the four bytes for the parsed but not consumed string length caused the u32 length to overflow, resulting in a much smaller value triggering the bug condition. This problem was addressed by more careful checking of values in each step that could overflow: one subtraction, one addition (which could overflow the usize length values), and a final check to determine whether the result still fit into the u32 values required by AppLayerResult::incomplete(). If so, we would safely convert the values and pass them to the result type. If not, we simply return AppLayerResult::err() but do not erroneously and silently request the wrong amount. |
5 years ago | |
|---|---|---|
| .. | ||
| .cargo | ||
| src | 5 years ago | |
| .gitignore | ||
| Cargo.toml.in | 5 years ago | |
| Makefile.am | ||
| cbindgen.toml | 5 years ago | |
| rustfmt.toml | ||