From: Jeff Lucovsky Date: Fri, 27 Oct 2023 13:10:47 +0000 (-0400) Subject: detect/bytejump: Improve end-of-buffer handling X-Git-Tag: suricata-7.0.3~95 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f363b99fd7592824dbcbec465f1968c6f615ccaa;p=thirdparty%2Fsuricata.git detect/bytejump: Improve end-of-buffer handling Issue: 4623 This commit addresses the issues reported in issue 4623 when the jump value points at the last byte in the buffer. --- diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c index 21bbc3209b..1c851b7192 100644 --- a/src/detect-bytejump.c +++ b/src/detect-bytejump.c @@ -166,24 +166,19 @@ bool DetectBytejumpDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s, /* Calculate the ptr value for the bytejump and length remaining in * the packet from that point. */ - ptr = payload; - len = payload_len; + ptr = payload + offset; + len = payload_len - offset; if (flags & DETECT_BYTEJUMP_RELATIVE) { ptr += det_ctx->buffer_offset; len -= det_ctx->buffer_offset; - ptr += offset; - len -= offset; + SCLogDebug("[relative] after: ptr %p [len %d]", ptr, len); /* No match if there is no relative base */ - if (ptr == NULL || len <= 0) { + if (ptr == NULL || (nbytes && len <= 0)) { SCReturnBool(false); } } - else { - ptr += offset; - len -= offset; - } /* Verify the to-be-extracted data is within the packet */ if (ptr < payload || nbytes > len) { @@ -243,7 +238,7 @@ bool DetectBytejumpDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s, if (jumpptr < payload) { jumpptr = payload; SCLogDebug("jump location is before buffer start; resetting to buffer start"); - } else if (jumpptr >= (payload + payload_len)) { + } else if (jumpptr > (payload + payload_len)) { SCLogDebug("Jump location (%" PRIu64 ") is not within payload (%" PRIu32 ")", payload_len + val, payload_len); SCReturnBool(false);