From: Victor Julien <victor@inliniac.net>
Date: Thu, 11 Jun 2020 09:31:21 +0000 (+0200)
Subject: reject: check tcp header sooner to avoid potential leak
X-Git-Tag: suricata-6.0.0-beta1~313
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a6ed9b11d5df89f522454211e1216d77d1d8fa87;p=thirdparty%2Fsuricata.git

reject: check tcp header sooner to avoid potential leak
---

diff --git a/src/respond-reject-libnet11.c b/src/respond-reject-libnet11.c
index c74e0f4688..0e15fe47fe 100644
--- a/src/respond-reject-libnet11.c
+++ b/src/respond-reject-libnet11.c
@@ -96,14 +96,15 @@ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir)
         devname = p->livedev->dev;
         SCLogDebug("Will emit reject packet on dev %s", devname);
     }
+
+    if (p->tcph == NULL)
+        return 1;
+
     if ((c = libnet_init(LIBNET_RAW4, LIBNET_INIT_CAST devname, ebuf)) == NULL) {
         SCLogError(SC_ERR_LIBNET_INIT,"libnet_init failed: %s", ebuf);
         return 1;
     }
 
-    if (p->tcph == NULL)
-        return 1;
-
     /* save payload len */
     lpacket.dsize = p->payload_len;
 
@@ -305,14 +306,15 @@ int RejectSendLibnet11L3IPv6TCP(ThreadVars *tv, Packet *p, void *data, int dir)
     if (IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) && (p->livedev)) {
         devname = p->livedev->dev;
     }
+
+    if (p->tcph == NULL)
+       return 1;
+
     if ((c = libnet_init(LIBNET_RAW6, LIBNET_INIT_CAST devname, ebuf)) == NULL) {
         SCLogError(SC_ERR_LIBNET_INIT,"libnet_init failed: %s", ebuf);
         return 1;
     }
 
-    if (p->tcph == NULL)
-       return 1;
-
     /* save payload len */
     lpacket.dsize = p->payload_len;