detect/prefilter: fix null ptr deref on invalid rule

A bad rule 'icode:<0; prefilter;' would trigger a null ptr deref
in ApplyToU8Hash.

Bug #4375.

(cherry picked from commit 7d6835958bbb6ddf2931c9e20f409eadfc8ca068)

diff --git a/src/detect-engine-prefilter-common.c b/src/detect-engine-prefilter-common.c
index 53f408f07f16826bfd93ddc2153c1ea267b4df94..39cbf04d34e1f8259a38cd671b8f070041bed719 100644 (file)
--- a/src/detect-engine-prefilter-common.c
+++ b/src/detect-engine-prefilter-common.c
@@ -211,8 +211,8 @@ SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(DetectEngineCtx *de_ctx,
     if (ctx == NULL)
         return -1;
 
-    int i;
-    for (i = 0; i < 256; i++) {
+    int set_cnt = 0;
+    for (int i = 0; i < 256; i++) {
         if (counts[i] == 0)
             continue;
         ctx->array[i] = SCCalloc(1, sizeof(SigsArray));
@@ -221,6 +221,12 @@ SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(DetectEngineCtx *de_ctx,
         ctx->array[i]->cnt = counts[i];
         ctx->array[i]->sigs = SCCalloc(ctx->array[i]->cnt, sizeof(SigIntId));
         BUG_ON(ctx->array[i]->sigs == NULL);
+        set_cnt++;
+    }
+    if (set_cnt == 0) {
+        /* not an error */
+        PrefilterPacketU8HashCtxFree(ctx);
+        return 0;
     }
 
     for (sig = 0; sig < sgh->sig_cnt; sig++) {