From: Philippe Antoine <pantoine@oisf.net>
Date: Tue, 26 Nov 2024 21:34:13 +0000 (+0100)
Subject: detect/transform: handle overlapping dotprefix
X-Git-Tag: suricata-7.0.8~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c3a6abf60134c2993ee3802ee52206e9fdbf55ba;p=thirdparty%2Fsuricata.git

detect/transform: handle overlapping dotprefix

If there is a transform before dotprefix, it operates in place
in a single buffer, and must therefore use memmove instead of memcpy
to avoid UB.

Ticket: 7229
---

diff --git a/src/detect-transform-dotprefix.c b/src/detect-transform-dotprefix.c
index 295a149f89..d58e1d4ad1 100644
--- a/src/detect-transform-dotprefix.c
+++ b/src/detect-transform-dotprefix.c
@@ -116,8 +116,8 @@ static void TransformDotPrefix(InspectionBuffer *buffer, void *options)
             return;
         }
 
+        memmove(&output[1], buffer->inspect, input_len);
         output[0] = '.';
-        memcpy(&output[1], buffer->inspect, input_len);
         InspectionBufferTruncate(buffer, input_len + 1);
     }
 }