reject: check tcp header sooner to avoid potential leak

author Victor Julien <victor@inliniac.net>

Thu, 11 Jun 2020 09:31:21 +0000 (11:31 +0200)

committer Victor Julien <victor@inliniac.net>

Sun, 28 Jun 2020 13:20:56 +0000 (15:20 +0200)
author Victor Julien <victor@inliniac.net>
Thu, 11 Jun 2020 09:31:21 +0000 (11:31 +0200)
committer Victor Julien <victor@inliniac.net>
Sun, 28 Jun 2020 13:20:56 +0000 (15:20 +0200)
diff --git a/src/respond-reject-libnet11.c b/src/respond-reject-libnet11.c

index c74e0f46887ca46e45dfa31b7d8f0ce4251f227a..0e15fe47fe36771a41174a2d25d6defa84cb0649 100644 (file)
--- a/src/respond-reject-libnet11.c
+++ b/src/respond-reject-libnet11.c
@@ -96,14 +96,15 @@ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir)
          devname = p->livedev->dev;
          SCLogDebug("Will emit reject packet on dev %s", devname);
      }
+
+    if (p->tcph == NULL)
+        return 1;
+
      if ((c = libnet_init(LIBNET_RAW4, LIBNET_INIT_CAST devname, ebuf)) == NULL) {
          SCLogError(SC_ERR_LIBNET_INIT,"libnet_init failed: %s", ebuf);
          return 1;
      }
  
-    if (p->tcph == NULL)
-        return 1;
-
      /* save payload len */
      lpacket.dsize = p->payload_len;
  
@@ -305,14 +306,15 @@ int RejectSendLibnet11L3IPv6TCP(ThreadVars *tv, Packet *p, void *data, int dir)
      if (IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) && (p->livedev)) {
          devname = p->livedev->dev;
      }
+
+    if (p->tcph == NULL)
+       return 1;
+
      if ((c = libnet_init(LIBNET_RAW6, LIBNET_INIT_CAST devname, ebuf)) == NULL) {
          SCLogError(SC_ERR_LIBNET_INIT,"libnet_init failed: %s", ebuf);
          return 1;
      }
  
-    if (p->tcph == NULL)
-       return 1;
-
      /* save payload len */
      lpacket.dsize = p->payload_len;
author	Victor Julien <victor@inliniac.net>
	Thu, 11 Jun 2020 09:31:21 +0000 (11:31 +0200)
committer	Victor Julien <victor@inliniac.net>
	Sun, 28 Jun 2020 13:20:56 +0000 (15:20 +0200)