]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3ca1a29)
http: fix body tracking corner case 2629/head
authorVictor Julien <victor@inliniac.net>
Wed, 29 Mar 2017 09:15:51 +0000 (11:15 +0200)
committerVictor Julien <victor@inliniac.net>
Wed, 29 Mar 2017 16:06:25 +0000 (18:06 +0200)
In some cases, observed with inspect limits 0, the body tracking could
get confused. When all chunks were already freed, a new chunk would
be considered to be the start of the body. This would overwrite the
bodies 'content_len_so_far' tracker, instead of adding to it. This in
turn could lead to a assertion abort in the inspection code.

This patch redoes the append code to always add the current lenght. It
cleans up the code to remove redundant logic.

Issue: https://redmine.openinfosecfoundation.org/issues/2078
Reported-By: Jørgen Bøhnsdalen
src/app-layer-htp-body.c patch | blob | blame | history

diff --git a/src/app-layer-htp-body.c b/src/app-layer-htp-body.c
index dfda083b6befcd9738be3b5b30d0bbde0cc3da70..3520182a6395138be019fa9aee6664d4466c7a67 100644 (file)
--- a/src/app-layer-htp-body.c
+++ b/src/app-layer-htp-body.c
@@ -93,37 +93,25 @@ int HtpBodyAppendChunk(const HTPCfgDir *hcfg, HtpBody *body,
             SCReturnInt(-1);
     }
 
-    if (body->first == NULL) {
-        /* New chunk */
-        bd = (HtpBodyChunk *)HTPCalloc(1, sizeof(HtpBodyChunk));
-        if (bd == NULL) {
-            SCReturnInt(-1);
-        }
+    /* New chunk */
+    bd = (HtpBodyChunk *)HTPCalloc(1, sizeof(HtpBodyChunk));
+    if (bd == NULL) {
+        SCReturnInt(-1);
+    }
 
-        if (StreamingBufferAppend(body->sb, &bd->sbseg, data, len) != 0) {
-            HTPFree(bd, sizeof(HtpBodyChunk));
-            SCReturnInt(-1);
-        }
+    if (StreamingBufferAppend(body->sb, &bd->sbseg, data, len) != 0) {
+        HTPFree(bd, sizeof(HtpBodyChunk));
+        SCReturnInt(-1);
+    }
 
+    if (body->first == NULL) {
         body->first = body->last = bd;
-
-        body->content_len_so_far = len;
     } else {
-        bd = (HtpBodyChunk *)HTPCalloc(1, sizeof(HtpBodyChunk));
-        if (bd == NULL) {
-            SCReturnInt(-1);
-        }
-
-        if (StreamingBufferAppend(body->sb, &bd->sbseg, data, len) != 0) {
-            HTPFree(bd, sizeof(HtpBodyChunk));
-            SCReturnInt(-1);
-        }
-
         body->last->next = bd;
         body->last = bd;
-
-        body->content_len_so_far += len;
     }
+    body->content_len_so_far += len;
+
     SCLogDebug("body %p", body);
 
     SCReturnInt(0);
Mirror of https://github.com/OISF/suricata.git