content: Constrain distance/within values

author Jeff Lucovsky <jlucovsky@oisf.net>

Wed, 7 Dec 2022 15:20:06 +0000 (10:20 -0500)

committer Victor Julien <vjulien@oisf.net>

Mon, 27 Mar 2023 13:53:59 +0000 (15:53 +0200)
author Jeff Lucovsky <jlucovsky@oisf.net>
Wed, 7 Dec 2022 15:20:06 +0000 (10:20 -0500)
committer Victor Julien <vjulien@oisf.net>
Mon, 27 Mar 2023 13:53:59 +0000 (15:53 +0200)
diff --git a/src/detect-content.c b/src/detect-content.c

index aec5f631f8f814296555c42b9edcb3af9c6ad975..891eee523a24a56571c6a904759da15c4c8b036d 100644 (file)
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -863,7 +863,7 @@ static int DetectContentDepthTest01(void)
      TEST_RUN("content:\"=\"; offset:4; depth:9; content:\"=&\"; distance:55; within:2;", 60, 70);
  
      // distance value is too high so we bail and not set anything on this content
-    TEST_RUN("content:\"0123456789\"; content:\"abcdef\"; distance:2147483647;", 0, 0);
+    TEST_RUN("content:\"0123456789\"; content:\"abcdef\"; distance:1048576;", 0, 0);
  
      // Bug #5162.
      TEST_RUN("content:\"SMB\"; depth:8; content:\"|09 00|\"; distance:8; within:2;", 11, 18);
diff --git a/src/detect-content.h b/src/detect-content.h

index 3f1fc35e00a43c6f5db4d4545d9ebd68caf8eca9..ae179ad076d4695be232663ab252cb7b06e5b3ef 100644 (file)
--- a/src/detect-content.h
+++ b/src/detect-content.h
@@ -82,6 +82,11 @@
                                         ((c)->flags & DETECT_CONTENT_OFFSET)   || \
                                         ((c)->flags & DETECT_CONTENT_FAST_PATTERN_CHOP))
  
+/*
+ * Values for distance, and within must be less than or equal
+ * to this value (absolute value where required).
+ */
+#define DETECT_CONTENT_VALUE_MAX 1024 * 1024
  
  #include "util-spm.h"
  
diff --git a/src/detect-distance.c b/src/detect-distance.c

index 748a0fe1e2f4f1770d573612472e7f4404d5b83e..51027d1f1a234aa8b92ee905ec92ec090742d30c 100644 (file)
--- a/src/detect-distance.c
+++ b/src/detect-distance.c
@@ -117,7 +117,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
          cd->distance = index;
          cd->flags |= DETECT_CONTENT_DISTANCE_VAR;
      } else {
-        if (StringParseInt32(&cd->distance, 0, 0, str) < 0) {
+        if ((StringParseI32RangeCheck(&cd->distance, 0, 0, str, -DETECT_CONTENT_VALUE_MAX,
+                     DETECT_CONTENT_VALUE_MAX) < 0)) {
              SCLogError("invalid value for distance: %s", str);
              return -1;
          }
diff --git a/src/detect-within.c b/src/detect-within.c

index 799f1ed2a67dfbf3f4409af87e404246adf3b459..91662e070fde755bf08726313030730540832747 100644 (file)
--- a/src/detect-within.c
+++ b/src/detect-within.c
@@ -113,7 +113,8 @@ static int DetectWithinSetup(DetectEngineCtx *de_ctx, Signature *s, const char *
          cd->within = index;
          cd->flags |= DETECT_CONTENT_WITHIN_VAR;
      } else {
-        if (StringParseInt32(&cd->within, 0, 0, str) < 0) {
+        if ((StringParseI32RangeCheck(&cd->within, 0, 0, str, -DETECT_CONTENT_VALUE_MAX,
+                     DETECT_CONTENT_VALUE_MAX) < 0)) {
              SCLogError("invalid value for within: %s", str);
              return -1;
          }
author	Jeff Lucovsky <jlucovsky@oisf.net>
	Wed, 7 Dec 2022 15:20:06 +0000 (10:20 -0500)
committer	Victor Julien <vjulien@oisf.net>
	Mon, 27 Mar 2023 13:53:59 +0000 (15:53 +0200)
src/detect-content.c		patch \| blob \| blame \| history
src/detect-content.h		patch \| blob \| blame \| history
src/detect-distance.c		patch \| blob \| blame \| history
src/detect-within.c		patch \| blob \| blame \| history