detect: null sanity checks for pkthdr

author Philippe Antoine <contact@catenacyber.fr>

Wed, 14 Oct 2020 19:25:40 +0000 (21:25 +0200)

committer Shivani Bhardwaj <shivanib134@gmail.com>

Thu, 3 Dec 2020 22:39:55 +0000 (04:09 +0530)
author Philippe Antoine <contact@catenacyber.fr>
Wed, 14 Oct 2020 19:25:40 +0000 (21:25 +0200)
committer Shivani Bhardwaj <shivanib134@gmail.com>
Thu, 3 Dec 2020 22:39:55 +0000 (04:09 +0530)
diff --git a/src/detect-ipv4hdr.c b/src/detect-ipv4hdr.c

index f963cd1a4876d1806460176e8204ed0426d20bd2..87b29c5aefd0e3306907909181c4f128c5348ec8 100644 (file)
--- a/src/detect-ipv4hdr.c
+++ b/src/detect-ipv4hdr.c
@@ -100,6 +100,10 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
  
      InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
      if (buffer->inspect == NULL) {
+        if (p->ip4h == NULL) {
+            // DETECT_PROTO_IPV4 does not prefilter
+            return NULL;
+        }
          uint32_t hlen = IPV4_GET_HLEN(p);
          if (((uint8_t *)p->ip4h + (ptrdiff_t)hlen) >
                  ((uint8_t *)GET_PKT_DATA(p) + (ptrdiff_t)GET_PKT_LEN(p)))
diff --git a/src/detect-ipv6hdr.c b/src/detect-ipv6hdr.c

index 4a94ffbed6246bd8142dfff8efeb98e8e0264a51..ea88b589ad3fbac1a077e443a09a4625f68a8538 100644 (file)
--- a/src/detect-ipv6hdr.c
+++ b/src/detect-ipv6hdr.c
@@ -100,6 +100,10 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
  
      InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
      if (buffer->inspect == NULL) {
+        if (p->ip6h == NULL) {
+            // DETECT_PROTO_IPV6 does not prefilter
+            return NULL;
+        }
          uint32_t hlen = IPV6_HEADER_LEN + IPV6_GET_EXTHDRS_LEN(p);
          if (((uint8_t *)p->ip6h + (ptrdiff_t)hlen) >
                  ((uint8_t *)GET_PKT_DATA(p) + (ptrdiff_t)GET_PKT_LEN(p)))
diff --git a/src/detect-tcphdr.c b/src/detect-tcphdr.c

index 30a3c828fd74020e970b482998ccb48c2390f683..3b0cde3f318a376294b922956b2399da5b944a56 100644 (file)
--- a/src/detect-tcphdr.c
+++ b/src/detect-tcphdr.c
@@ -101,6 +101,11 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
  
      InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
      if (buffer->inspect == NULL) {
+        if (p->tcph == NULL) {
+            // may happen when DecodeTCPPacket fails
+            // for instance with invalid header length
+            return NULL;
+        }
          uint32_t hlen = TCP_GET_HLEN(p);
          if (((uint8_t *)p->tcph + (ptrdiff_t)hlen) >
                  ((uint8_t *)GET_PKT_DATA(p) + (ptrdiff_t)GET_PKT_LEN(p)))
diff --git a/src/detect-udphdr.c b/src/detect-udphdr.c

index 6054193f96640f0a63029b927edd2f6186b48aec..a8900048bea4f290fe9240e58f060f935bb597f5 100644 (file)
--- a/src/detect-udphdr.c
+++ b/src/detect-udphdr.c
@@ -99,6 +99,9 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
  
      InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
      if (buffer->inspect == NULL) {
+        if (p->udph == NULL) {
+            return NULL;
+        }
          if (((uint8_t *)p->udph + (ptrdiff_t)UDP_HEADER_LEN) >
                  ((uint8_t *)GET_PKT_DATA(p) + (ptrdiff_t)GET_PKT_LEN(p)))
          {
author	Philippe Antoine <contact@catenacyber.fr>
	Wed, 14 Oct 2020 19:25:40 +0000 (21:25 +0200)
committer	Shivani Bhardwaj <shivanib134@gmail.com>
	Thu, 3 Dec 2020 22:39:55 +0000 (04:09 +0530)
src/detect-ipv4hdr.c		patch \| blob \| blame \| history
src/detect-ipv6hdr.c		patch \| blob \| blame \| history
src/detect-tcphdr.c		patch \| blob \| blame \| history
src/detect-udphdr.c		patch \| blob \| blame \| history