From: Eric Leblond <eric@regit.org>
Date: Tue, 17 Jun 2014 09:19:05 +0000 (+0200)
Subject: defrag: fix reconstruction
X-Git-Tag: suricata-2.0.2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97ca02f0c5c90abe8bb2c0407090aef31d004c51;p=thirdparty%2Fsuricata.git

defrag: fix reconstruction

This patch is fixing an issue in defragmentation code. The
insertion of a fragment in the list of fragments is done with
respect to the offset of the fragment. But the code was using
the original offset of the fragment and not the one of the
new reconstructed fragment (which can be different in the
case of overlapping segment where the left part is trimmed).

This case could lead to some evasion techniques by causing
Suricata to analyse a different payload.
---

diff --git a/src/defrag.c b/src/defrag.c
index bd2c6e854b..f72435373b 100644
--- a/src/defrag.c
+++ b/src/defrag.c
@@ -697,7 +697,7 @@ insert:
 
     Frag *frag;
     TAILQ_FOREACH(frag, &tracker->frags, next) {
-        if (frag_offset < frag->offset)
+        if (new->offset < frag->offset)
             break;
     }
     if (frag == NULL) {