From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 21 Nov 2024 14:20:44 +0000 (+0100)
Subject: util/streaming-buffer: add extra safety check
X-Git-Tag: suricata-7.0.8~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7d47fcf7f7fefacd2b0d8f482534a83b35a3c45e;p=thirdparty%2Fsuricata.git

util/streaming-buffer: add extra safety check

Ticket: 7393

Check if GrowRegionToSize is called with an argument
trying to shrink the region size, and if so do nothing,
ie do not try to shrink, and just return ok.

This way, we avoid a buffer overflow from memeset using an
unsigned having underflowed.

(cherry picked from commit 9a53ec43b13f0039a083950511a18bf6f408e432)
---

diff --git a/src/util-streaming-buffer.c b/src/util-streaming-buffer.c
index 9dbaa5f33d..773a4e7572 100644
--- a/src/util-streaming-buffer.c
+++ b/src/util-streaming-buffer.c
@@ -719,6 +719,10 @@ static inline int WARN_UNUSED GrowRegionToSize(StreamingBuffer *sb,
     /* try to grow in multiples of cfg->buf_size */
     const uint32_t grow = ToNextMultipleOf(size, cfg->buf_size);
     SCLogDebug("grow %u", grow);
+    if (grow <= region->buf_size) {
+        // do not try to shrink, and do not memset with diff having unsigned underflow
+        return SC_OK;
+    }
 
     void *ptr = REALLOC(cfg, region->buf, region->buf_size, grow);
     if (ptr == NULL) {