From: Philippe Antoine Date: Tue, 7 May 2024 14:33:00 +0000 (+0200) Subject: rust/probing: safety check for null input X-Git-Tag: suricata-6.0.20~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d519f74770e0b297de512c04ece524b390e35ceb;p=thirdparty%2Fsuricata.git rust/probing: safety check for null input Ticket: 7013 Done consistently for all protocols This may change some protocols behaviors which failed early if they found there was not enough data... (cherry picked from commit 37a9003736413b0bc9704099e189fd402922df43) --- diff --git a/rust/src/dcerpc/dcerpc.rs b/rust/src/dcerpc/dcerpc.rs index f2a6a46eaf..ec2bc86cbd 100644 --- a/rust/src/dcerpc/dcerpc.rs +++ b/rust/src/dcerpc/dcerpc.rs @@ -1351,7 +1351,7 @@ pub extern "C" fn rs_dcerpc_probe_tcp(direction: u8, input: *const u8, len: u32, rdir: *mut u8) -> i32 { SCLogDebug!("Probing packet for DCERPC"); - if len == 0 { + if len == 0 || input.is_null() { return core::ALPROTO_UNKNOWN; } let slice: &[u8] = unsafe { diff --git a/rust/src/dcerpc/dcerpc_udp.rs b/rust/src/dcerpc/dcerpc_udp.rs index e39c5f14a0..224f3e1aa6 100644 --- a/rust/src/dcerpc/dcerpc_udp.rs +++ b/rust/src/dcerpc/dcerpc_udp.rs @@ -325,7 +325,7 @@ pub extern "C" fn rs_dcerpc_probe_udp(direction: u8, input: *const u8, len: u32, rdir: *mut u8) -> i32 { SCLogDebug!("Probing the packet for DCERPC/UDP"); - if len == 0 { + if len == 0 || input.is_null() { return core::ALPROTO_UNKNOWN; } let slice: &[u8] = unsafe { diff --git a/rust/src/dhcp/dhcp.rs b/rust/src/dhcp/dhcp.rs index 540c79976f..1dcd49104e 100644 --- a/rust/src/dhcp/dhcp.rs +++ b/rust/src/dhcp/dhcp.rs @@ -231,7 +231,7 @@ pub extern "C" fn rs_dhcp_probing_parser(_flow: *const Flow, input_len: u32, _rdir: *mut u8) -> AppProto { - if input_len < DHCP_MIN_FRAME_LEN { + if input_len < DHCP_MIN_FRAME_LEN || input.is_null() { return ALPROTO_UNKNOWN; } diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 6307fa091a..51d921d0ff 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -1063,7 +1063,7 @@ pub extern "C" fn rs_dns_probe( len: u32, rdir: *mut u8, ) -> AppProto { - if len == 0 || len < std::mem::size_of::() as u32 { + if input.is_null() || len < std::mem::size_of::() as u32 { return core::ALPROTO_UNKNOWN; } let slice: &[u8] = unsafe { @@ -1092,7 +1092,7 @@ pub extern "C" fn rs_dns_probe_tcp( len: u32, rdir: *mut u8 ) -> AppProto { - if len == 0 || len < std::mem::size_of::() as u32 + 2 { + if input.is_null() || len < std::mem::size_of::() as u32 + 2 { return core::ALPROTO_UNKNOWN; } let slice: &[u8] = unsafe { diff --git a/rust/src/krb/krb5.rs b/rust/src/krb/krb5.rs index e81e3e8c93..d1f566caa7 100644 --- a/rust/src/krb/krb5.rs +++ b/rust/src/krb/krb5.rs @@ -417,6 +417,9 @@ pub extern "C" fn rs_krb5_probing_parser(_flow: *const Flow, input:*const u8, input_len: u32, _rdir: *mut u8) -> AppProto { + if input.is_null() { + return ALPROTO_UNKNOWN; + } let slice = build_slice!(input,input_len as usize); let alproto = unsafe{ ALPROTO_KRB5 }; if slice.len() <= 10 { return unsafe{ALPROTO_FAILED}; } @@ -455,6 +458,9 @@ pub extern "C" fn rs_krb5_probing_parser_tcp(_flow: *const Flow, input:*const u8, input_len: u32, rdir: *mut u8) -> AppProto { + if input.is_null() { + return ALPROTO_UNKNOWN; + } let slice = build_slice!(input,input_len as usize); if slice.len() <= 14 { return unsafe{ALPROTO_FAILED}; } match be_u32(slice) as IResult<&[u8],u32> { diff --git a/rust/src/mqtt/mqtt.rs b/rust/src/mqtt/mqtt.rs index 5f210be8b9..7829574f1b 100644 --- a/rust/src/mqtt/mqtt.rs +++ b/rust/src/mqtt/mqtt.rs @@ -604,6 +604,9 @@ pub extern "C" fn rs_mqtt_probing_parser( input_len: u32, _rdir: *mut u8, ) -> AppProto { + if input.is_null() { + return ALPROTO_UNKNOWN; + } let buf = build_slice!(input, input_len as usize); match parse_fixed_header(buf) { Ok((_, hdr)) => { diff --git a/rust/src/nfs/nfs.rs b/rust/src/nfs/nfs.rs index 581b9dc2c4..7bdf620121 100644 --- a/rust/src/nfs/nfs.rs +++ b/rust/src/nfs/nfs.rs @@ -1873,6 +1873,9 @@ pub extern "C" fn rs_nfs_probe_ms( direction: u8, input: *const u8, len: u32, rdir: *mut u8) -> i8 { + if input.is_null() { + return 0; + } let slice: &[u8] = build_slice!(input, len as usize); SCLogDebug!("rs_nfs_probe_ms: probing direction {:02x}", direction); let mut adirection : u8 = 0; @@ -1907,6 +1910,9 @@ pub extern "C" fn rs_nfs_probe(direction: u8, input: *const u8, len: u32) -> i8 { + if input.is_null() { + return 0; + } let slice: &[u8] = build_slice!(input, len as usize); SCLogDebug!("rs_nfs_probe: running probe"); return nfs_probe(slice, direction); @@ -1917,6 +1923,9 @@ pub extern "C" fn rs_nfs_probe(direction: u8, pub extern "C" fn rs_nfs_probe_udp_ts(input: *const u8, len: u32) -> i8 { + if input.is_null() { + return 0; + } let slice: &[u8] = build_slice!(input, len as usize); return nfs_probe_udp(slice, STREAM_TOSERVER); } @@ -1926,6 +1935,9 @@ pub extern "C" fn rs_nfs_probe_udp_ts(input: *const u8, len: u32) pub extern "C" fn rs_nfs_probe_udp_tc(input: *const u8, len: u32) -> i8 { + if input.is_null() { + return 0; + } let slice: &[u8] = build_slice!(input, len as usize); return nfs_probe_udp(slice, STREAM_TOCLIENT); } diff --git a/rust/src/ntp/ntp.rs b/rust/src/ntp/ntp.rs index eeda47f774..97ab9d5602 100644 --- a/rust/src/ntp/ntp.rs +++ b/rust/src/ntp/ntp.rs @@ -361,6 +361,9 @@ pub extern "C" fn ntp_probing_parser(_flow: *const Flow, input:*const u8, input_len: u32, _rdir: *mut u8) -> AppProto { + if input.is_null() { + return ALPROTO_UNKNOWN; + } let slice: &[u8] = unsafe { std::slice::from_raw_parts(input as *mut u8, input_len as usize) }; let alproto = unsafe{ ALPROTO_NTP }; match parse_ntp(slice) { diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index 0096c3384a..15be61f933 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -2055,7 +2055,7 @@ fn smb_probe_tcp(direction: u8, slice: &[u8], rdir: *mut u8, begins: bool) -> i8 pub extern "C" fn rs_smb_probe_begins_tcp(direction: u8, input: *const u8, len: u32, rdir: *mut u8) -> i8 { - if len < MIN_REC_SIZE as u32 { + if len < MIN_REC_SIZE as u32 || input.is_null() { return 0; } let slice = build_slice!(input, len as usize); @@ -2068,7 +2068,7 @@ pub extern "C" fn rs_smb_probe_begins_tcp(direction: u8, input: *const u8, len: pub extern "C" fn rs_smb_probe_tcp(direction: u8, input: *const u8, len: u32, rdir: *mut u8) -> i8 { - if len < MIN_REC_SIZE as u32 { + if len < MIN_REC_SIZE as u32 || input.is_null() { return 0; } let slice = build_slice!(input, len as usize); diff --git a/rust/src/snmp/snmp.rs b/rust/src/snmp/snmp.rs index ad461311c8..7fef09d9af 100644 --- a/rust/src/snmp/snmp.rs +++ b/rust/src/snmp/snmp.rs @@ -544,6 +544,9 @@ pub extern "C" fn rs_snmp_probing_parser(_flow: *const Flow, input:*const u8, input_len: u32, _rdir: *mut u8) -> AppProto { + if input.is_null() { + return ALPROTO_UNKNOWN; + } let slice = build_slice!(input,input_len as usize); let alproto = unsafe{ ALPROTO_SNMP }; if slice.len() < 4 { return unsafe{ALPROTO_FAILED}; }