Pull request #3480: Fix SEGFAULT in suppress module

Merge in SNORT/snort3 from ~VHORBAN/snort3:fix_segfauld_in_suppress_module to master

Squashed commit of the following:

commit a28a35b361421fc8287c1cd896545076a35216c6
Author: Volodymyr Horban <vhorban@cisco.com>
Date:   Fri Jun 17 14:46:03 2022 +0300

    filters: check if a configured gid value is supported by filter's implementation

diff --git a/src/filters/sfthd.cc b/src/filters/sfthd.cc
index 6e9191cdb23c80d9b31dd12361d868e6fad55193..00ce082f459cc5e88f897fcb084211db4a5f29af 100644 (file)
--- a/src/filters/sfthd.cc
+++ b/src/filters/sfthd.cc
@@ -470,6 +470,9 @@ static int sfthd_create_threshold_global(
     if (thd_objs == nullptr)
         return -1;
 
+    if (config->gen_id >= THD_MAX_GENID)
+        return -1;
+
     if (thd_objs->sfthd_garray[policy_id] == nullptr)
     {
         thd_objs->sfthd_garray[policy_id] =

diff --git a/src/main/modules.cc b/src/main/modules.cc
index 91d86f838721af15ef1e41f6c4c328c9fdbc13e6..2a10a81827b615261350818ec17f7cc8c5589712 100644 (file)
--- a/src/main/modules.cc
+++ b/src/main/modules.cc
@@ -1551,19 +1551,19 @@ bool SuppressModule::end(const char*, int idx, SnortConfig* sc)
 
     if ( thdx.gen_id == 0 and thdx.sig_id >= 1 )
     {
-        ParseError("bad or incomplete gid:sid pair [%d]", idx);
+        ParseError("bad or incomplete gid:sid pair");
         return false;
     }
 
     if ( ( thdx.tracking == 0 and thdx.ip_address ) or ( thdx.tracking > 0 and !thdx.ip_address ) )
     {
-        ParseError("incomplete pair of track and IP [%d]", idx);
+        ParseError("incomplete pair of track and IP");
         return false;
     }
 
     if ( sfthreshold_create(sc, sc->threshold_config, &thdx, get_network_policy()->policy_id) )
     {
-        ParseError("threshold object cannot be created from the given parameters [%d]", idx);
+        ParseError("threshold object cannot be created from the given parameters");
         return false;
     }