Pull request #4047: tcp: do not allow duplicates in trs.alerts vector to avoid OOM...

Merge in SNORT/snort3 from ~ANOROKH/snort3:trs_alerts_dup_fix to master

Squashed commit of the following:

commit 08cecc25c6ca5763c725ccfb0fe48e692f0cfee7
Author: Anna Norokh <anorokh@cisco.com>
Date:   Fri Sep 29 13:42:35 2023 +0300

    stream: skip duplicated alerts in TcpReassemblerState's list

    * add assert() to verify flow.trs_alerts test work

    Thanks wenhao-in-chengdu for reporting the issue and suggesting a fix.

diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc
index 4f19145b76d4b15719a5ade469498929f8330e82..a2c7e8d7a6176676ef4f9f4b5c1581276969ec3d 100644 (file)
--- a/src/stream/tcp/tcp_reassembler.cc
+++ b/src/stream/tcp/tcp_reassembler.cc
@@ -265,7 +265,12 @@ void TcpReassembler::dup_reassembly_segment(
 
 bool TcpReassembler::add_alert(TcpReassemblerState& trs, uint32_t gid, uint32_t sid)
 {
-    trs.alerts.emplace_back(gid, sid);
+    assert(trs.alerts.size() <=
+        (uint32_t)(get_ips_policy()->rules_loaded + get_ips_policy()->rules_shared));
+
+    if (!this->check_alerted(trs, gid, sid))
+        trs.alerts.emplace_back(gid, sid);
+
     return true;
 }