reject: check tcp header sooner to avoid potential leak

5 years ago · a6ed9b11d5
parent 1b042cf108
commit a6ed9b11d5
1 changed files with 8 additions and 6 deletions
--- a/src/respond-reject-libnet11.c
+++ b/src/respond-reject-libnet11.c
@ -96,14 +96,15 @@ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir)
        devname = p->livedev->dev;
        SCLogDebug("Will emit reject packet on dev %s", devname);
    }
+
+    if (p->tcph == NULL)
+        return 1;
+
    if ((c = libnet_init(LIBNET_RAW4, LIBNET_INIT_CAST devname, ebuf)) == NULL) {
        SCLogError(SC_ERR_LIBNET_INIT,"libnet_init failed: %s", ebuf);
        return 1;
    }

-    if (p->tcph == NULL)
-        return 1;
-
    /* save payload len */
    lpacket.dsize = p->payload_len;

@ -305,14 +306,15 @@ int RejectSendLibnet11L3IPv6TCP(ThreadVars *tv, Packet *p, void *data, int dir)
    if (IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) && (p->livedev)) {
        devname = p->livedev->dev;
    }
+
+    if (p->tcph == NULL)
+       return 1;
+
    if ((c = libnet_init(LIBNET_RAW6, LIBNET_INIT_CAST devname, ebuf)) == NULL) {
        SCLogError(SC_ERR_LIBNET_INIT,"libnet_init failed: %s", ebuf);
        return 1;
    }

-    if (p->tcph == NULL)
-       return 1;
-
    /* save payload len */
    lpacket.dsize = p->payload_len;