Fix crash in AppLayer Proto Detect

The App Proto Detect code would use the wrong pattern count to index a results array, leading to SEGVs. Bug #1080.
OISF · Jan 17, 2014 · 9952db6 · 9952db6
1 parent 06f9b0a
commit 9952db6
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c
@@ -244,7 +244,10 @@ static uint16_t AppLayerProtoDetectPMGetProto(AppLayerProtoDetectThreadCtx *tctx
     uint8_t pm_results_bf[(ALPROTO_MAX / 8) + 1];
     memset(pm_results_bf, 0, sizeof(pm_results_bf));
 
-    for (cnt = 0; cnt < search_cnt; cnt++) {
+    /* loop through unique pattern id's. Can't use search_cnt here,
+     * as that contains all matches, tctx->pmq.pattern_id_array_cnt
+     * contains only *unique* matches. */
+    for (cnt = 0; cnt < tctx->pmq.pattern_id_array_cnt; cnt++) {
         AppLayerProtoDetectPMSignature *s = pm_ctx->map[tctx->pmq.pattern_id_array[cnt]];
         while (s != NULL) {
             uint16_t proto = AppLayerProtoDetectPMMatchSignature(s, buf, searchlen, ipproto);