From: Philippe Antoine <pantoine@oisf.net>
Date: Fri, 4 Nov 2022 14:17:19 +0000 (+0100)
Subject: detect/frames: fix crash when parsing bad rule
X-Git-Tag: suricata-7.0.0-rc1~171
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c3107472b09261461814168d38385cce1fe6535;p=thirdparty%2Fsuricata.git

detect/frames: fix crash when parsing bad rule

Indexing of Signature::init_data::smlists would fail for a rule that
used a frame and fast_pattern w/o content, as the array would only be
expanded when adding a content.
Adding a check to see if there list id is in bounds
is an implicit check for the "no content" case.

Ticket: #5530
---

diff --git a/src/detect-parse.c b/src/detect-parse.c
index 431ae37b62..04169cfdc1 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -438,7 +438,8 @@ SigMatch *DetectGetLastSMFromMpmLists(const DetectEngineCtx *de_ctx, const Signa
     uint32_t sm_type;
 
     /* if we have a sticky buffer, use that */
-    if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
+    if (s->init_data->list != DETECT_SM_LIST_NOTSET &&
+            s->init_data->list < (int)s->init_data->smlists_array_size) {
         if (!(DetectEngineBufferTypeSupportsMpmGetById(de_ctx, s->init_data->list))) {
             return NULL;
         }