stream: improve memcap checking

author Victor Julien <victor@inliniac.net>

Wed, 22 Jan 2014 09:59:31 +0000 (10:59 +0100)

committer Victor Julien <victor@inliniac.net>

Wed, 22 Jan 2014 15:49:02 +0000 (16:49 +0100)
author Victor Julien <victor@inliniac.net>
Wed, 22 Jan 2014 09:59:31 +0000 (10:59 +0100)
committer Victor Julien <victor@inliniac.net>
Wed, 22 Jan 2014 15:49:02 +0000 (16:49 +0100)
diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c

index 65de6175f72b71e7f95bb3d8833a69a03562334d..737ec5f38e29ac01db17ab088b967832155883a3 100644 (file)
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -163,8 +163,7 @@ int StreamTcpReassembleCheckMemcap(uint32_t size) {
  /** \brief alloc a tcp segment pool entry */
  void *TcpSegmentPoolAlloc()
  {
-    if (StreamTcpReassembleCheckMemcap((uint32_t)sizeof(TcpSegment)) == 0)
-    {
+    if (StreamTcpReassembleCheckMemcap((uint32_t)sizeof(TcpSegment)) == 0) {
          return NULL;
      }
  
@@ -179,10 +178,16 @@ void *TcpSegmentPoolAlloc()
  int TcpSegmentPoolInit(void *data, void *payload_len)
  {
      TcpSegment *seg = (TcpSegment *) data;
+    uint16_t size = *((uint16_t *) payload_len);
+
+    if (StreamTcpReassembleCheckMemcap((uint32_t)size + (uint32_t)sizeof(TcpSegment)) == 0) {
+        SCFree(seg);
+        return 0;
+    }
  
      memset(seg, 0, sizeof (TcpSegment));
  
-    seg->pool_size = *((uint16_t *) payload_len);
+    seg->pool_size = size;
      seg->payload_len = seg->pool_size;
  
      seg->payload = SCMalloc(seg->payload_len);
author	Victor Julien <victor@inliniac.net>
	Wed, 22 Jan 2014 09:59:31 +0000 (10:59 +0100)
committer	Victor Julien <victor@inliniac.net>
	Wed, 22 Jan 2014 15:49:02 +0000 (16:49 +0100)