Pull request #3872: libasan: fix out-of-bounds issues
Merge in SNORT/snort3 from ~ANOROKH/snort3:asan_invest to master
Squashed commit of the following:
commit
10d928de831b99b2fc6063cf5dc640dc83c4f5b6
Author: Anna Norokh <anorokh@cisco.com>
Date: Mon May 29 11:31:43 2023 +0300
analyzer: poison memory segment after msg->data
This will work only for regtests, memory will be poisoned for 16 bytes
to provide libasan possibility to sanitize memory that was allocated in DAQ.
commit
11e64eabf0d8fe3845f8cc3e85d040537ddf9103
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed May 24 22:31:03 2023 +0300
log: fix out-of-bounds read access
The source structure is over the packet raw data.
The structure declares an array of maximum possible size.
The default assign/copy operator may go out of bounds if underlying raw data is shorter.
commit
dc558bab687ffc779af2ca285240aa34ceb8c2a2
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed May 24 15:39:19 2023 +0300
codecs: fix tcp options parsing
commit
bda86b5636c95909ed151c013adc481edde815f8
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed May 24 14:51:25 2023 +0300
codecs: fix ipv6_mobility parsing
Check data availability before accessing the structure.
commit
d3d9b96e273c130e53637246d07ae367912719ff
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed May 24 14:39:33 2023 +0300
appid: fix FTP parsing
Prevent offset going beyond the buffer.
commit
6bbb52ff4333c6f0222d6fb05e6ac736d93b5a86
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed May 24 13:12:55 2023 +0300
rna: fix icmpv6 decoding
IPv6 payload length may include extenstion headers,
which should be accounted when looking for the end of ICMPv6.
commit
91f70f976963b9229259f11fabd561fcf5c5c269
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed May 24 09:22:29 2023 +0300
netflow: fix raw data conversion
Netflow dedicates 4 bytes for a time record.
Field size is better to be compared to the type size directly rather than
to an external variable size.
commit
761afb8d664b7314c4225a3699f1b0bfe95bde3f
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri May 19 15:58:56 2023 +0300
utils: fix out-of-bound access
Before the change the function accepted a limit for the destination buffer,
which may cause out-of-bounds reading from the source buffer.
commit
e936d5b47d672e7ac7f6c03afdd55af0d34e04a7
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Thu May 4 13:54:05 2023 +0300
appid: check size boundaries before header validation
commit
3708040ec8e130a365cff68b25fb2776db3ae98c
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed May 3 14:56:40 2023 +0300
protocols: remove of unnecessary old_opt check