]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0e9d05b)
dcerpc: use wrapping to prevent u16 overflow 13371/head
authorPhilippe Antoine <pantoine@oisf.net>
Mon, 2 Jun 2025 20:31:19 +0000 (22:31 +0200)
committerPhilippe Antoine <pantoine@oisf.net>
Thu, 5 Jun 2025 06:38:59 +0000 (08:38 +0200)
Otherwise, rust with debug assertion may trigger a panic

Ticket: 7730

(cherry picked from commit 261d2ad63bb3bdd00b9ce40086adc9b1bf73156a)

rust/src/smb/dcerpc_records.rs patch | blob | blame | history

diff --git a/rust/src/smb/dcerpc_records.rs b/rust/src/smb/dcerpc_records.rs
index 0c8c17fe18c4dcbdf588ecb9f045a73a302e7ca9..6bd051cd0b48ed66f46a08a4cdcbe2ba5443f939 100644 (file)
--- a/rust/src/smb/dcerpc_records.rs
+++ b/rust/src/smb/dcerpc_records.rs
@@ -176,7 +176,8 @@ pub fn parse_dcerpc_bindack_record(i: &[u8]) -> IResult<&[u8], DceRpcBindAckReco
     let (i, _assoc_group) = take(4_usize)(i)?;
     let (i, sec_addr_len) = le_u16(i)?;
     let (i, _) = take(sec_addr_len)(i)?;
-    let (i, _) = cond((sec_addr_len+2) % 4 != 0, take(4 - (sec_addr_len+2) % 4))(i)?;
+    let topad = sec_addr_len.wrapping_add(2) % 4;
+    let (i, _) = cond(topad != 0, take(4 - topad))(i)?;
     let (i, num_results) = le_u8(i)?;
     let (i, _) = take(3_usize)(i)?; // padding
     let (i, results) = count(parse_dcerpc_bindack_result, num_results as usize)(i)?;
Mirror of https://github.com/OISF/suricata.git