From: Victor Julien <victor@inliniac.net>
Date: Sat, 13 Feb 2021 15:54:56 +0000 (+0100)
Subject: detect/iprep: fix loading of mixed ipv4/ipv6 lists
X-Git-Tag: suricata-5.0.6~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=efe7a65eadf682858b522d173119322dfd29a4c0;p=thirdparty%2Fsuricata.git

detect/iprep: fix loading of mixed ipv4/ipv6 lists

Improper reuse of the address data structure between loading
different lines in the iprep file would lead to the host using
a malformed address.

(cherry picked from commit 7b03e6837e5a7366f546e7a2b681d2921ded1ab1)
---

diff --git a/src/reputation.c b/src/reputation.c
index eaba62119c..95f56532d6 100644
--- a/src/reputation.c
+++ b/src/reputation.c
@@ -435,9 +435,6 @@ static int SRepLoadFile(SRepCIDRTree *cidr_ctx, char *filename)
 int SRepLoadFileFromFD(SRepCIDRTree *cidr_ctx, FILE *fp)
 {
     char line[8192] = "";
-    Address a;
-    memset(&a, 0x00, sizeof(a));
-    a.family = AF_INET;
 
     while(fgets(line, (int)sizeof(line), fp) != NULL) {
         size_t len = strlen(line);
@@ -459,6 +456,10 @@ int SRepLoadFileFromFD(SRepCIDRTree *cidr_ctx, FILE *fp)
             line[len - 1] = '\0';
         }
 
+        Address a;
+        memset(&a, 0x00, sizeof(a));
+        a.family = AF_INET;
+
         uint8_t cat = 0, value = 0;
         int r = SRepSplitLine(cidr_ctx, line, &a, &cat, &value);
         if (r < 0) {