Pull request #4829: appid: fix out-of-bounds caused by strncat in identify_user_agent

Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_user_agent_out_of_bound to master

Squashed commit of the following:

commit d47746bb6f35558637d3bac4f3de466c259f511f
Author: Bohdan Hryniv <bhryniv@cisco>
Date:   Thu Jul 17 14:04:53 2025 -0400

    appid: fix out-of-bounds caused by strncat in identify_user_agent

diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc
index 222a10082feeacb85d283864dfbfaeab5f7fe58a..bb89d5637116a02c434e705c8cafe130bee87561 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc
+++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc
@@ -1035,9 +1035,9 @@ void HttpPatternMatchers::identify_user_agent(const char* start, int size, AppId
                 if (match->client_id == APP_ID_INTERNET_EXPLORER
                     && strstr((const char*)buffPtr, "SLCC2"))
                 {
-                    if ((MAX_VERSION_SIZE-i) >= (sizeof(COMPATIBLE_BROWSER_STRING) - 1))
+                    if ((MAX_VERSION_SIZE-i-1) >= (sizeof(COMPATIBLE_BROWSER_STRING) - 1))
                     {
-                        strncat(temp_ver, COMPATIBLE_BROWSER_STRING, MAX_VERSION_SIZE - i);
+                        strncat(temp_ver, COMPATIBLE_BROWSER_STRING, MAX_VERSION_SIZE - i - 1);
                     }
                 }
                 // Pick firefox over some things, but pick a misc app over Firefox.
@@ -1697,4 +1697,3 @@ uint32_t HttpPatternMatchers::parse_multiple_http_patterns(const char* pattern,
 
     return partNum;
 }
-