From: Philippe Antoine Date: Thu, 21 Nov 2024 13:55:32 +0000 (+0100) Subject: util/streaming-buffer: fix regions intersection X-Git-Tag: suricata-8.0.0-beta1~650 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=282509f70c4ce805098e59535af445362e3e9ebd;p=thirdparty%2Fsuricata.git util/streaming-buffer: fix regions intersection This was not a problem for current callers in Suricata, as RegionsIntersect is only called through StreamingBufferInsertAt which is only used by TCP... And TCP uses default region gap = 256kb, and only calls StreamingBufferInsertAt with a u16, so TCP never inserts a new data that will strictly contain an existing region augmented with region gap, which was the only case where RegionsIntersect returned the wrong result, which could later lead to a buffer overflow. Ticket: 7393 --- diff --git a/src/util-streaming-buffer.c b/src/util-streaming-buffer.c index 3b56d8e0d6..aea6934634 100644 --- a/src/util-streaming-buffer.c +++ b/src/util-streaming-buffer.c @@ -137,17 +137,14 @@ static inline bool RegionsIntersect(const StreamingBufferConfig *cfg, SCLogDebug("r %p: %" PRIu64 "/%" PRIu64 " - adjusted %" PRIu64 "/%" PRIu64, r, r->stream_offset, r->stream_offset + r->buf_size, reg_o, reg_re); /* check if data range intersects with region range */ - if (offset >= reg_o && offset <= reg_re) { - SCLogDebug("r %p is in-scope", r); - return true; - } - if (re >= reg_o && re <= reg_re) { - SCLogDebug("r %p is in-scope: %" PRIu64 " >= %" PRIu64 " && %" PRIu64 " <= %" PRIu64, r, re, - reg_o, re, reg_re); - return true; - } - SCLogDebug("r %p is out of scope: %" PRIu64 "/%" PRIu64, r, offset, re); - return false; + /* [offset:re] and [reg_o:reg_re] do not intersect if and only if + * re < reg_o or if reg_re < offset (one segment is strictly before the other) + * trusting that offset<=re and reg_o<=reg_re + */ + if (re < reg_o || reg_re < offset) { + return false; + } + return true; } /** \internal