From: Philippe Antoine <contact@catenacyber.fr>
Date: Sat, 16 Apr 2022 14:51:42 +0000 (+0200)
Subject: detect: parsing avoiding infinite loop
X-Git-Tag: suricata-6.0.6~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=249a3b56779599f4fe120112caafd53344473b9d;p=thirdparty%2Fsuricata.git

detect: parsing avoiding infinite loop

by comparing size_t to strlen result
Instead of uint16_t which would loop

Ticket: #5310
(cherry picked from commit ced96a8aadd8a9a4ce3d8d689ac53f7eedbbe8e9)
---

diff --git a/src/detect-content.c b/src/detect-content.c
index b3210c55f5..6d0041bbe7 100644
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -99,7 +99,7 @@ int DetectContentDataParse(const char *keyword, const char *contentstr,
     char converted = 0;
 
     {
-        uint16_t i, x;
+        size_t i, x;
         uint8_t bin = 0;
         uint8_t escape = 0;
         uint8_t binstr[3] = "";
diff --git a/src/detect-detection-filter.c b/src/detect-detection-filter.c
index b4f57d1c4a..c953251439 100644
--- a/src/detect-detection-filter.c
+++ b/src/detect-detection-filter.c
@@ -103,7 +103,7 @@ static DetectThresholdData *DetectDetectionFilterParse (const char *rawstr)
     char *copy_str = NULL, *df_opt = NULL;
     int seconds_found = 0, count_found = 0, track_found = 0;
     int seconds_pos = 0, count_pos = 0;
-    uint16_t pos = 0;
+    size_t pos = 0;
     int i = 0;
     char *saveptr = NULL;
 
diff --git a/src/detect-engine-prefilter.c b/src/detect-engine-prefilter.c
index 11cb3c878f..67ac7725f3 100644
--- a/src/detect-engine-prefilter.c
+++ b/src/detect-engine-prefilter.c
@@ -522,9 +522,8 @@ static uint32_t PrefilterStoreHashFunc(HashListTable *ht, void *data, uint16_t d
     PrefilterStore *ctx = data;
 
     uint32_t hash = strlen(ctx->name);
-    uint16_t u;
 
-    for (u = 0; u < strlen(ctx->name); u++) {
+    for (size_t u = 0; u < strlen(ctx->name); u++) {
         hash += ctx->name[u];
     }
 
diff --git a/src/detect-msg.c b/src/detect-msg.c
index cf8cb7f378..c6a9da0679 100644
--- a/src/detect-msg.c
+++ b/src/detect-msg.c
@@ -65,7 +65,7 @@ static int DetectMsgSetup (DetectEngineCtx *de_ctx, Signature *s, const char *ms
     char converted = 0;
 
     {
-        uint16_t i, x;
+        size_t i, x;
         uint8_t escape = 0;
 
         /* it doesn't matter if we need to escape or not we remove the extra "\" to mimic snort */
@@ -219,4 +219,4 @@ void DetectMsgRegisterTests(void)
     UtRegisterTest("DetectMsgParseTest02", DetectMsgParseTest02);
     UtRegisterTest("DetectMsgParseTest03", DetectMsgParseTest03);
 }
-#endif /* UNITTESTS */
\ No newline at end of file
+#endif /* UNITTESTS */
diff --git a/src/detect-threshold.c b/src/detect-threshold.c
index baf8aea550..1fd21da893 100644
--- a/src/detect-threshold.c
+++ b/src/detect-threshold.c
@@ -118,7 +118,7 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr)
     int second_found = 0, count_found = 0;
     int type_found = 0, track_found = 0;
     int second_pos = 0, count_pos = 0;
-    uint16_t pos = 0;
+    size_t pos = 0;
     int i = 0;
 
     copy_str = SCStrdup(rawstr);