From: Bohdan Hryniv -X (bhryniv - SOFTSERVE INC at Cisco) <bhryniv@cisco.com>
Date: Thu, 24 Jul 2025 12:45:27 +0000 (+0000)
Subject: Pull request #4829: appid: fix out-of-bounds caused by strncat in identify_user_agent
X-Git-Tag: 3.9.3.0~23
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=475cd1949b021edd17367c2aa213914444f069a6;p=thirdparty%2Fsnort3.git

Pull request #4829: appid: fix out-of-bounds caused by strncat in identify_user_agent

Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_user_agent_out_of_bound to master

Squashed commit of the following:

commit d47746bb6f35558637d3bac4f3de466c259f511f
Author: Bohdan Hryniv <bhryniv@cisco>
Date:   Thu Jul 17 14:04:53 2025 -0400

    appid: fix out-of-bounds caused by strncat in identify_user_agent
---

diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc
index 222a10082..bb89d5637 100644
--- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc
+++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc
@@ -1035,9 +1035,9 @@ void HttpPatternMatchers::identify_user_agent(const char* start, int size, AppId
                 if (match->client_id == APP_ID_INTERNET_EXPLORER
                     && strstr((const char*)buffPtr, "SLCC2"))
                 {
-                    if ((MAX_VERSION_SIZE-i) >= (sizeof(COMPATIBLE_BROWSER_STRING) - 1))
+                    if ((MAX_VERSION_SIZE-i-1) >= (sizeof(COMPATIBLE_BROWSER_STRING) - 1))
                     {
-                        strncat(temp_ver, COMPATIBLE_BROWSER_STRING, MAX_VERSION_SIZE - i);
+                        strncat(temp_ver, COMPATIBLE_BROWSER_STRING, MAX_VERSION_SIZE - i - 1);
                     }
                 }
                 // Pick firefox over some things, but pick a misc app over Firefox.
@@ -1697,4 +1697,3 @@ uint32_t HttpPatternMatchers::parse_multiple_http_patterns(const char* pattern,
 
     return partNum;
 }
-