From: Anna Norokh -X (anorokh - SOFTSERVE INC at Cisco) <anorokh@cisco.com>
Date: Fri, 13 Oct 2023 14:22:06 +0000 (+0000)
Subject: Pull request #4047: tcp: do not allow duplicates in trs.alerts vector to avoid OOM... 
X-Git-Tag: 3.1.73.0~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=67c7eccdf2afb03b198f6cf89897373b4388655c;p=thirdparty%2Fsnort3.git

Pull request #4047: tcp: do not allow duplicates in trs.alerts vector to avoid OOM possibility

Merge in SNORT/snort3 from ~ANOROKH/snort3:trs_alerts_dup_fix to master

Squashed commit of the following:

commit 08cecc25c6ca5763c725ccfb0fe48e692f0cfee7
Author: Anna Norokh <anorokh@cisco.com>
Date:   Fri Sep 29 13:42:35 2023 +0300

    stream: skip duplicated alerts in TcpReassemblerState's list

    * add assert() to verify flow.trs_alerts test work

    Thanks wenhao-in-chengdu for reporting the issue and suggesting a fix.
---

diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc
index 4f19145b7..a2c7e8d7a 100644
--- a/src/stream/tcp/tcp_reassembler.cc
+++ b/src/stream/tcp/tcp_reassembler.cc
@@ -265,7 +265,12 @@ void TcpReassembler::dup_reassembly_segment(
 
 bool TcpReassembler::add_alert(TcpReassemblerState& trs, uint32_t gid, uint32_t sid)
 {
-    trs.alerts.emplace_back(gid, sid);
+    assert(trs.alerts.size() <=
+        (uint32_t)(get_ips_policy()->rules_loaded + get_ips_policy()->rules_shared));
+
+    if (!this->check_alerted(trs, gid, sid))
+        trs.alerts.emplace_back(gid, sid);
+
     return true;
 }