Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect/bytejump: Restrict post_offset to buffer #9474

Closed
wants to merge 2 commits into from
Closed

detect/bytejump: Restrict post_offset to buffer #9474

wants to merge 2 commits into from

Conversation

jlucovsky
Copy link
Contributor

Restrict post_offset to remain in the buffer. When a negative post_offset value would point before the buffer beginning, treat it as though it points to the beginning of the buffer

Link to redmine ticket: 4624

Describe changes:

  • Changed "domatch" signature to return a bool to disambiguate return values
  • Restrict post_offset to buffer.

Provide values to any of the below to override the defaults.

To use a pull request use a branch name like pr/N where N is the
pull request number.

Alternatively, SV_BRANCH may also be a link to an
OISF/suricata-verify pull-request.

SV_REPO=
SV_BRANCH=pr/1384
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

@jlucovsky
detect/bytejump: Change DoMatch signature to return bool
2cfbd34 
Issue: 4624

Change the function signature of byte-jump's domatch from an int to a
bool to avoid ambiguity handling return values.
@jlucovsky
detect/bytejump: Improve negative post_offset handling.
f43600b 
Issue: 4624

Handle negative post_offset values that jump before the buffer as though
they refer to the buffer start.
@jlucovsky jlucovsky changed the title 4624/1 detect/bytejump: Restrict post_offset to buffer Sep 11, 2023
@suricata-qa
Copy link

ERROR:

ERROR: QA failed on SURI_TLPR1_alerts_cmp.

Pipeline 15897

@catenacyber catenacyber mentioned this pull request Sep 18, 2023
Closed
@jlucovsky jlucovsky mentioned this pull request Sep 19, 2023
Closed
@jlucovsky
Copy link
Contributor Author

Continued in #9506

@jlucovsky jlucovsky closed this Sep 19, 2023
@jlucovsky jlucovsky deleted the 4624/1 branch October 21, 2023 13:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
2 participants
@jlucovsky @suricata-qa