Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Next/20220131/v3 #6903

Merged
merged 5 commits into from
Jan 31, 2022
Merged

Next/20220131/v3 #6903

merged 5 commits into from
Jan 31, 2022

Conversation

victorjulien
Copy link
Member

#6901 w/o uricontent work as that needs some more attention

catenacyber and others added 5 commits January 31, 2022 08:54
@catenacyber @victorjulien
http2: check overflow before it happens
b86beb9 
instead of checking afterwards if value got smaller
@catenacyber @victorjulien
http2: event for variable-length integer overflow
df2cbd6 
http2_parse_var_uint can overflow the variable-length
integer it is decoding. In this case, it now returns an error
of kind LengthValue.

The new function http2_parse_headers_blocks, which factorizes
the code loop for headers, push promise, and continuation, will
check for this specific error, and instead of erroring itself,
will return the list of so far parsed headers, plus another one
with HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeIntegerOverflow

This status is then checked by process_headers to create an
app-layer event.
@catenacyber @victorjulien
mqtt: parse properties with the right buffer's length
f0e869b
@TheKharleeci @victorjulien
detect-flowbits: remove unittests
b77d1d7 
These tests are reimplemented in Suricata-Verify

Task: 4911
@victorjulien
github-ci: replace failing CentOS 8 by AlmaLinux 8.4
6c24093
@victorjulien victorjulien requested review from jasonish and a team as code owners January 31, 2022 11:34
@codecov
Copy link

codecov bot commented Jan 31, 2022

Codecov Report

Merging #6903 (6c24093) into master (f8e1430) will decrease coverage by 0.04%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #6903      +/-   ##
==========================================
- Coverage   77.72%   77.68%   -0.05%     
==========================================
  Files         628      628              
  Lines      186493   186393     -100     
==========================================
- Hits       144959   144805     -154     
- Misses      41534    41588      +54
Flag Coverage Δ
fuzzcorpus 58.39% <ø> (+<0.01%) ⬆️
suricata-verify 54.18% <ø> (+0.10%) ⬆️
unittests 63.15% <ø> (-0.06%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@victorjulien victorjulien merged commit 6c24093 into OISF:master Jan 31, 2022
This was referenced Jan 31, 2022
Closed
Closed
Closed
@victorjulien victorjulien deleted the next/20220131/v3 branch February 24, 2022 10:20
victorjulien added a commit to victorjulien/suricata that referenced this pull request Apr 17, 2024
@victorjulien
streaming/buffer: improve integer handling safety
62bb035 
Unsafe handling of buffer offset and to be inserted data's length
could lead to a integer overflow. This in turn would skip growing
the target buffer, which then would be memcpy'd into, leading to
an out of bounds write.

This issue shouldn't be reachable through any of the consumers of
the API, but to be sure some debug validation checks have been
added.

Bug: OISF#6903.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Apr 18, 2024
@victorjulien
streaming/buffer: improve integer handling safety
6c21a0e 
Unsafe handling of buffer offset and to be inserted data's length
could lead to a integer overflow. This in turn would skip growing
the target buffer, which then would be memcpy'd into, leading to
an out of bounds write.

This issue shouldn't be reachable through any of the consumers of
the API, but to be sure some debug validation checks have been
added.

Bug: OISF#6903.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Apr 19, 2024
@victorjulien
streaming/buffer: improve integer handling safety
cf6278f 
Unsafe handling of buffer offset and to be inserted data's length
could lead to a integer overflow. This in turn would skip growing
the target buffer, which then would be memcpy'd into, leading to
an out of bounds write.

This issue shouldn't be reachable through any of the consumers of
the API, but to be sure some debug validation checks have been
added.

Bug: OISF#6903.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Apr 20, 2024
@victorjulien
streaming/buffer: improve integer handling safety
8b1dcbd 
Unsafe handling of buffer offset and to be inserted data's length
could lead to a integer overflow. This in turn would skip growing
the target buffer, which then would be memcpy'd into, leading to
an out of bounds write.

This issue shouldn't be reachable through any of the consumers of
the API, but to be sure some debug validation checks have been
added.

Bug: OISF#6903.
(cherry picked from commit cf6278f)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@victorjulien @catenacyber @TheKharleeci