]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 82ecf64)
detect/iprep: fix loading of mixed ipv4/ipv6 lists
authorVictor Julien <victor@inliniac.net>
Sat, 13 Feb 2021 15:54:56 +0000 (16:54 +0100)
committerVictor Julien <victor@inliniac.net>
Sat, 13 Feb 2021 15:55:06 +0000 (16:55 +0100)
Improper reuse of the address data structure between loading
different lines in the iprep file would lead to the host using
a malformed address.

src/reputation.c patch | blob | blame | history

diff --git a/src/reputation.c b/src/reputation.c
index 36949b1a42438f5d86c7f5a77abda0cc1af520ad..663f573e9f669ea20f5cf3a335a9de5851a23e05 100644 (file)
--- a/src/reputation.c
+++ b/src/reputation.c
@@ -431,9 +431,6 @@ static int SRepLoadFile(SRepCIDRTree *cidr_ctx, char *filename)
 int SRepLoadFileFromFD(SRepCIDRTree *cidr_ctx, FILE *fp)
 {
     char line[8192] = "";
-    Address a;
-    memset(&a, 0x00, sizeof(a));
-    a.family = AF_INET;
 
     while(fgets(line, (int)sizeof(line), fp) != NULL) {
         size_t len = strlen(line);
@@ -455,6 +452,10 @@ int SRepLoadFileFromFD(SRepCIDRTree *cidr_ctx, FILE *fp)
             line[len - 1] = '\0';
         }
 
+        Address a;
+        memset(&a, 0x00, sizeof(a));
+        a.family = AF_INET;
+
         uint8_t cat = 0, value = 0;
         int r = SRepSplitLine(cidr_ctx, line, &a, &cat, &value);
         if (r < 0) {
Mirror of https://github.com/OISF/suricata.git