-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Next/20220131/v3 #6903
Merged
Merged
Next/20220131/v3 #6903
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
instead of checking afterwards if value got smaller
http2_parse_var_uint can overflow the variable-length integer it is decoding. In this case, it now returns an error of kind LengthValue. The new function http2_parse_headers_blocks, which factorizes the code loop for headers, push promise, and continuation, will check for this specific error, and instead of erroring itself, will return the list of so far parsed headers, plus another one with HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeIntegerOverflow This status is then checked by process_headers to create an app-layer event.
These tests are reimplemented in Suricata-Verify Task: 4911
Codecov Report
@@ Coverage Diff @@
## master #6903 +/- ##
==========================================
- Coverage 77.72% 77.68% -0.05%
==========================================
Files 628 628
Lines 186493 186393 -100
==========================================
- Hits 144959 144805 -154
- Misses 41534 41588 +54
Flags with carried forward coverage won't be shown. Click here to find out more. |
This was referenced Jan 31, 2022
Closed
Closed
victorjulien
added a commit
to victorjulien/suricata
that referenced
this pull request
Apr 17, 2024
Unsafe handling of buffer offset and to be inserted data's length could lead to a integer overflow. This in turn would skip growing the target buffer, which then would be memcpy'd into, leading to an out of bounds write. This issue shouldn't be reachable through any of the consumers of the API, but to be sure some debug validation checks have been added. Bug: OISF#6903.
victorjulien
added a commit
to victorjulien/suricata
that referenced
this pull request
Apr 18, 2024
Unsafe handling of buffer offset and to be inserted data's length could lead to a integer overflow. This in turn would skip growing the target buffer, which then would be memcpy'd into, leading to an out of bounds write. This issue shouldn't be reachable through any of the consumers of the API, but to be sure some debug validation checks have been added. Bug: OISF#6903.
victorjulien
added a commit
to victorjulien/suricata
that referenced
this pull request
Apr 19, 2024
Unsafe handling of buffer offset and to be inserted data's length could lead to a integer overflow. This in turn would skip growing the target buffer, which then would be memcpy'd into, leading to an out of bounds write. This issue shouldn't be reachable through any of the consumers of the API, but to be sure some debug validation checks have been added. Bug: OISF#6903.
victorjulien
added a commit
to victorjulien/suricata
that referenced
this pull request
Apr 20, 2024
Unsafe handling of buffer offset and to be inserted data's length could lead to a integer overflow. This in turn would skip growing the target buffer, which then would be memcpy'd into, leading to an out of bounds write. This issue shouldn't be reachable through any of the consumers of the API, but to be sure some debug validation checks have been added. Bug: OISF#6903. (cherry picked from commit cf6278f)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#6901 w/o uricontent work as that needs some more attention