detect/prefilter: fix null ptr deref on invalid rule

author Victor Julien <victor@inliniac.net>

Wed, 3 Mar 2021 12:41:26 +0000 (13:41 +0100)

committer Victor Julien <victor@inliniac.net>

Fri, 5 Mar 2021 10:42:01 +0000 (11:42 +0100)
author Victor Julien <victor@inliniac.net>
Wed, 3 Mar 2021 12:41:26 +0000 (13:41 +0100)
committer Victor Julien <victor@inliniac.net>
Fri, 5 Mar 2021 10:42:01 +0000 (11:42 +0100)
diff --git a/src/detect-engine-prefilter-common.c b/src/detect-engine-prefilter-common.c

index 931778976ee304f53d6348a331ca321a9e1e617a..a0dafe23649e749f8948b028a99277178b6784a7 100644 (file)
--- a/src/detect-engine-prefilter-common.c
+++ b/src/detect-engine-prefilter-common.c
@@ -212,8 +212,8 @@ SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(DetectEngineCtx *de_ctx,
      if (ctx == NULL)
          return -1;
  
-    int i;
-    for (i = 0; i < 256; i++) {
+    int set_cnt = 0;
+    for (int i = 0; i < 256; i++) {
          if (counts[i] == 0)
              continue;
          ctx->array[i] = SCCalloc(1, sizeof(SigsArray));
@@ -222,6 +222,12 @@ SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(DetectEngineCtx *de_ctx,
          ctx->array[i]->cnt = counts[i];
          ctx->array[i]->sigs = SCCalloc(ctx->array[i]->cnt, sizeof(SigIntId));
          BUG_ON(ctx->array[i]->sigs == NULL);
+        set_cnt++;
+    }
+    if (set_cnt == 0) {
+        /* not an error */
+        PrefilterPacketU8HashCtxFree(ctx);
+        return 0;
      }
  
      for (sig = 0; sig < sgh->sig_cnt; sig++) {
author	Victor Julien <victor@inliniac.net>
	Wed, 3 Mar 2021 12:41:26 +0000 (13:41 +0100)
committer	Victor Julien <victor@inliniac.net>
	Fri, 5 Mar 2021 10:42:01 +0000 (11:42 +0100)