From: Jason Ish Date: Tue, 15 Feb 2022 21:18:49 +0000 (-0600) Subject: smb: check correct buffer for overflow X-Git-Tag: suricata-5.0.9~53 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a829eff05866d7fdf1d414356a2afffab1c3cca0;p=thirdparty%2Fsuricata.git smb: check correct buffer for overflow Fix an error in the checking of an overflow condition. The first overflow check is only checking the size of the new data, not the new data + the size of the buffered data. This is due to the buffer on the state being emptied into a local variable just before the check. This results in overflows not being caught, but being caught a few lines down after the copy resulting in increased CPU usage for data that is just going to be thrown away. Ticket #4945 --- diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index 231be9aaa7..08ff8e51a1 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -1375,7 +1375,7 @@ impl SMBState { 0 => i, _ => { v = self.tcp_buffer_ts.split_off(0); - if self.tcp_buffer_ts.len() + i.len() > 100000 { + if v.len() + i.len() > 100000 { self.set_event(SMBEvent::RecordOverflow); return 1; };