]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
projects / thirdparty / snort3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 37e769c)
Pull request #4805: dce_rpc: Checking integer overflow on data_offset + data_length
authorAshutosh Gupta (ashugup3) <ashugup3@cisco.com>
Thu, 24 Jul 2025 10:25:07 +0000 (10:25 +0000)
committerLokesh Bevinamarad (lbevinam) <lbevinam@cisco.com>
Thu, 24 Jul 2025 10:25:07 +0000 (10:25 +0000)
Merge in SNORT/snort3 from ~ASHUGUP3/snort3:bug_CSCwq01522 to master

Squashed commit of the following:

commit b4ed468b632bfd7595cbcfdb9247d81d446d56f5
Author: ashutosh <ashugup3@cisco.com>
Date:   Mon Jul 14 13:20:17 2025 +0530

    dce_rpc: Checking integer overflow on data_offset + data_length

src/service_inspectors/dce_rpc/dce_smb2_commands.cc patch | blob | blame | history

diff --git a/src/service_inspectors/dce_rpc/dce_smb2_commands.cc b/src/service_inspectors/dce_rpc/dce_smb2_commands.cc
index e8dad63fe7a342ed97a71bcaf2cf90bcc084bed1..aab9f4dd1c847c80f403a3435bf33e31958301f6 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb2_commands.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb2_commands.cc
@@ -299,7 +299,7 @@ bool DCE2_IsSmb2DurableReconnect(const Smb2CreateRequestHdr* smb_create_hdr, con
             (data_offset & 0x7) != 0 or
             (data_offset and (data_offset < name_offset + name_length)) or
             (data_offset > remaining) or
-            (data_offset + data_length > remaining))
+            (data_offset + data_length > remaining) or (data_offset + data_length < data_length))
         {
             return false;
         }
Mirror of https://github.com/snort3/snort3.git