From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 13 Oct 2021 19:07:27 +0000 (+0200)
Subject: range: checks that end is after start
X-Git-Tag: suricata-7.0.0-beta1~1291
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bba70607e81b8a74436348470aa1abd4e7f8a2da;p=thirdparty%2Fsuricata.git

range: checks that end is after start

Otherwise, we end up allocating too much memory
---

diff --git a/src/app-layer-htp-file.c b/src/app-layer-htp-file.c
index e73bdb524b..bde98dd0f0 100644
--- a/src/app-layer-htp-file.c
+++ b/src/app-layer-htp-file.c
@@ -196,6 +196,11 @@ static int HTPParseAndCheckContentRange(
     } else if (range->end == range->size - 1 && range->start == 0) {
         SCLogDebug("range without all information");
         return -3;
+    } else if (range->start > range->end) {
+        AppLayerDecoderEventsSetEventRaw(&htud->decoder_events, HTTP_DECODER_EVENT_RANGE_INVALID);
+        s->events++;
+        SCLogDebug("invalid range");
+        return -4;
     }
     return r;
 }