detect: errors on 65k filestore signatures

author Philippe Antoine <contact@catenacyber.fr>

Mon, 9 Oct 2023 12:49:54 +0000 (14:49 +0200)

committer Victor Julien <victor@inliniac.net>

Tue, 6 Feb 2024 09:15:50 +0000 (10:15 +0100)
author Philippe Antoine <contact@catenacyber.fr>
Mon, 9 Oct 2023 12:49:54 +0000 (14:49 +0200)
committer Victor Julien <victor@inliniac.net>
Tue, 6 Feb 2024 09:15:50 +0000 (10:15 +0100)
diff --git a/src/detect-engine-siggroup.c b/src/detect-engine-siggroup.c

index 9bc992cb894a5e0f8e1e3a5ad76e591f436e59b2..52073cf0bfdad951fe6d405a0683364803a5d06d 100644 (file)
--- a/src/detect-engine-siggroup.c
+++ b/src/detect-engine-siggroup.c
@@ -48,6 +48,7 @@
  
  #include "util-error.h"
  #include "util-debug.h"
+#include "util-validate.h"
  #include "util-cidr.h"
  #include "util-unittest.h"
  #include "util-unittest-helper.h"
@@ -552,6 +553,8 @@ void SigGroupHeadSetupFiles(const DetectEngineCtx *de_ctx, SigGroupHead *sgh)
          }
  #endif
          if (SignatureIsFilestoring(s)) {
+            // should be insured by caller that we do not overflow
+            DEBUG_VALIDATE_BUG_ON(sgh->filestore_cnt == UINT16_MAX);
              sgh->filestore_cnt++;
          }
      }
diff --git a/src/detect-filestore.c b/src/detect-filestore.c

index 07bbd91ff19982ca1b0016c48f5fb011f48152d8..c510544469aab2ff1d86a32a74249fc0f020daa0 100644 (file)
--- a/src/detect-filestore.c
+++ b/src/detect-filestore.c
@@ -333,6 +333,11 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
      static bool warn_not_configured = false;
      static uint32_t de_version = 0;
  
+    if (de_ctx->filestore_cnt == UINT16_MAX) {
+        SCLogError("Cannot have more than 65535 filestore signatures");
+        return -1;
+    }
+
      /* Check on first-time loads (includes following a reload) */
      if (!warn_not_configured || (de_ctx->version != de_version)) {
          if (de_version != de_ctx->version) {
@@ -466,6 +471,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
      }
  
      s->flags |= SIG_FLAG_FILESTORE;
+    de_ctx->filestore_cnt++;
  
      if (match)
          pcre2_match_data_free(match);
diff --git a/src/detect.h b/src/detect.h

index 0707d8a5b2111304a2f52719257fc0a7e3f6c44c..76c6d2b66f036261d2e1d058fa35fbce086c1864 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -1040,6 +1040,9 @@ typedef struct DetectEngineCtx_ {
  
      /* Track rule requirements for reporting after loading rules. */
      SCDetectRequiresStatus *requirements;
+
+    /* number of signatures using filestore, limited as u16 */
+    uint16_t filestore_cnt;
  } DetectEngineCtx;
  
  /* Engine groups profiles (low, medium, high, custom) */
author	Philippe Antoine <contact@catenacyber.fr>
	Mon, 9 Oct 2023 12:49:54 +0000 (14:49 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 6 Feb 2024 09:15:50 +0000 (10:15 +0100)
src/detect-engine-siggroup.c		patch \| blob \| blame \| history
src/detect-filestore.c		patch \| blob \| blame \| history
src/detect.h		patch \| blob \| blame \| history