aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/flowbits: fix stack overflow in analyzer

Browse Source 
Fix stack overflow in DetectFlowbitsAnalyze.

Use dynamically allocated array instead of stack and free
it after it is no longer needed.
pull/5133/head
Antti Tönkyrä 6 years ago committed by Victor Julien
parent c09235e327
commit 57d0f4bb6f
3 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File

4
src/detect-engine-build.c
Unescape Escape View File

@ -1418,7 +1418,9 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx)
SCLogConfig("building signature grouping structure, stage 1: "
"preprocessing rules... complete");
}
DetectFlowbitsAnalyze(de_ctx);
if (DetectFlowbitsAnalyze(de_ctx) != 0)
goto error;
return 0;

15
src/detect-flowbits.c
Unescape Escape View File

@ -400,16 +400,20 @@ static void DetectFlowbitsAnalyzeDump(const DetectEngineCtx *de_ctx,
struct FBAnalyze *array, uint32_t elements);
#endif
void DetectFlowbitsAnalyze(DetectEngineCtx *de_ctx)
int DetectFlowbitsAnalyze(DetectEngineCtx *de_ctx)
{
const uint32_t max_fb_id = de_ctx->max_fb_id;
if (max_fb_id == 0)
return;
return 0;
#define MAX_SIDS 8
uint32_t array_size = max_fb_id + 1;
struct FBAnalyze array[array_size];
memset(&array, 0, array_size * sizeof(struct FBAnalyze));
struct FBAnalyze *array = SCCalloc(array_size, sizeof(struct FBAnalyze));
if (array == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Unable to allocate flowbit analyze array");
return -1;
}
SCLogDebug("fb analyzer array size: %"PRIu64,
(uint64_t)(array_size * sizeof(struct FBAnalyze)));
@ -633,6 +637,9 @@ end:
SCFree(array[i].isnotset_sids);
SCFree(array[i].toggle_sids);
}
SCFree(array);
return 0;
}
#ifdef PROFILING

2
src/detect.h
Unescape Escape View File

@ -1494,7 +1494,7 @@ void DetectSignatureApplyActions(Packet *p, const Signature *s, const uint8_t);
void RuleMatchCandidateTxArrayInit(DetectEngineThreadCtx *det_ctx, uint32_t size);
void RuleMatchCandidateTxArrayFree(DetectEngineThreadCtx *det_ctx);
void DetectFlowbitsAnalyze(DetectEngineCtx *de_ctx);
int DetectFlowbitsAnalyze(DetectEngineCtx *de_ctx);
int DetectMetadataHashInit(DetectEngineCtx *de_ctx);
void DetectMetadataHashFree(DetectEngineCtx *de_ctx);

Write Preview
Loading…
Cancel
Save