From: Victor Julien <victor@inliniac.net>
Date: Wed, 3 Mar 2021 12:41:26 +0000 (+0100)
Subject: detect/prefilter: fix null ptr deref on invalid rule
X-Git-Tag: suricata-6.0.3~77
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=19f383025b6eaa045c7ae6565ae96f81a8053822;p=thirdparty%2Fsuricata.git

detect/prefilter: fix null ptr deref on invalid rule

A bad rule 'icode:<0; prefilter;' would trigger a null ptr deref
in ApplyToU8Hash.

Bug #4375.

(cherry picked from commit 7d6835958bbb6ddf2931c9e20f409eadfc8ca068)
---

diff --git a/src/detect-engine-prefilter-common.c b/src/detect-engine-prefilter-common.c
index 931778976e..a0dafe2364 100644
--- a/src/detect-engine-prefilter-common.c
+++ b/src/detect-engine-prefilter-common.c
@@ -212,8 +212,8 @@ SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(DetectEngineCtx *de_ctx,
     if (ctx == NULL)
         return -1;
 
-    int i;
-    for (i = 0; i < 256; i++) {
+    int set_cnt = 0;
+    for (int i = 0; i < 256; i++) {
         if (counts[i] == 0)
             continue;
         ctx->array[i] = SCCalloc(1, sizeof(SigsArray));
@@ -222,6 +222,12 @@ SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(DetectEngineCtx *de_ctx,
         ctx->array[i]->cnt = counts[i];
         ctx->array[i]->sigs = SCCalloc(ctx->array[i]->cnt, sizeof(SigIntId));
         BUG_ON(ctx->array[i]->sigs == NULL);
+        set_cnt++;
+    }
+    if (set_cnt == 0) {
+        /* not an error */
+        PrefilterPacketU8HashCtxFree(ctx);
+        return 0;
     }
 
     for (sig = 0; sig < sgh->sig_cnt; sig++) {