From: Philippe Antoine <contact@catenacyber.fr>
Date: Sat, 16 Apr 2022 14:51:42 +0000 (+0200)
Subject: detect: parsing avoiding infinite loop
X-Git-Tag: suricata-5.0.10~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc237f9735a0e9870c504b3068ab24dff935676e;p=thirdparty%2Fsuricata.git

detect: parsing avoiding infinite loop

by comparing size_t to strlen result
Instead of uint16_t which would loop

Ticket: #5310
(cherry picked from commit ced96a8aadd8a9a4ce3d8d689ac53f7eedbbe8e9)
---

diff --git a/src/detect-content.c b/src/detect-content.c
index b88399681c..52f6897adf 100644
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -95,7 +95,7 @@ int DetectContentDataParse(const char *keyword, const char *contentstr,
     char converted = 0;
 
     {
-        uint16_t i, x;
+        size_t i, x;
         uint8_t bin = 0;
         uint8_t escape = 0;
         uint8_t binstr[3] = "";
diff --git a/src/detect-detection-filter.c b/src/detect-detection-filter.c
index 571d699ee6..71127c10b3 100644
--- a/src/detect-detection-filter.c
+++ b/src/detect-detection-filter.c
@@ -101,7 +101,7 @@ static DetectThresholdData *DetectDetectionFilterParse (const char *rawstr)
     char *copy_str = NULL, *df_opt = NULL;
     int seconds_found = 0, count_found = 0, track_found = 0;
     int seconds_pos = 0, count_pos = 0;
-    uint16_t pos = 0;
+    size_t pos = 0;
     int i = 0;
     char *saveptr = NULL;
 
diff --git a/src/detect-engine-prefilter.c b/src/detect-engine-prefilter.c
index 98477243ec..ad231dca8e 100644
--- a/src/detect-engine-prefilter.c
+++ b/src/detect-engine-prefilter.c
@@ -468,9 +468,8 @@ static uint32_t PrefilterStoreHashFunc(HashListTable *ht, void *data, uint16_t d
     PrefilterStore *ctx = data;
 
     uint32_t hash = strlen(ctx->name);
-    uint16_t u;
 
-    for (u = 0; u < strlen(ctx->name); u++) {
+    for (size_t u = 0; u < strlen(ctx->name); u++) {
         hash += ctx->name[u];
     }
 
diff --git a/src/detect-msg.c b/src/detect-msg.c
index 302f74501d..68ba9ca83b 100644
--- a/src/detect-msg.c
+++ b/src/detect-msg.c
@@ -61,7 +61,7 @@ static int DetectMsgSetup (DetectEngineCtx *de_ctx, Signature *s, const char *ms
     char converted = 0;
 
     {
-        uint16_t i, x;
+        size_t i, x;
         uint8_t escape = 0;
 
         /* it doesn't matter if we need to escape or not we remove the extra "\" to mimic snort */
@@ -219,4 +219,3 @@ void DetectMsgRegisterTests(void)
     UtRegisterTest("DetectMsgParseTest03", DetectMsgParseTest03);
 #endif /* UNITTESTS */
 }
-
diff --git a/src/detect-threshold.c b/src/detect-threshold.c
index 2567453af9..4c9cb50fcc 100644
--- a/src/detect-threshold.c
+++ b/src/detect-threshold.c
@@ -115,7 +115,7 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr)
     int second_found = 0, count_found = 0;
     int type_found = 0, track_found = 0;
     int second_pos = 0, count_pos = 0;
-    uint16_t pos = 0;
+    size_t pos = 0;
     int i = 0;
 
     copy_str = SCStrdup(rawstr);