From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 21 Nov 2024 14:20:44 +0000 (+0100)
Subject: util/streaming-buffer: add extra safety check
X-Git-Tag: suricata-8.0.0-beta1~648
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9a53ec43b13f0039a083950511a18bf6f408e432;p=thirdparty%2Fsuricata.git

util/streaming-buffer: add extra safety check

Ticket: 7393

Check if GrowRegionToSize is called with an argument
trying to shrink the region size, and if so do nothing,
ie do not try to shrink, and just return ok.

This way, we avoid a buffer overflow from memeset using an
unsigned having underflowed.
---

diff --git a/src/util-streaming-buffer.c b/src/util-streaming-buffer.c
index a62bbf8956..9ae3039087 100644
--- a/src/util-streaming-buffer.c
+++ b/src/util-streaming-buffer.c
@@ -717,6 +717,10 @@ static inline int WARN_UNUSED GrowRegionToSize(StreamingBuffer *sb,
     /* try to grow in multiples of cfg->buf_size */
     const uint32_t grow = ToNextMultipleOf(size, cfg->buf_size);
     SCLogDebug("grow %u", grow);
+    if (grow <= region->buf_size) {
+        // do not try to shrink, and do not memset with diff having unsigned underflow
+        return SC_OK;
+    }
 
     void *ptr = REALLOC(cfg, region->buf, region->buf_size, grow);
     if (ptr == NULL) {