From: Victor Julien <victor@inliniac.net>
Date: Fri, 17 Jan 2014 09:18:32 +0000 (+0100)
Subject: Fix crash in AppLayer Proto Detect
X-Git-Tag: suricata-2.0rc1~194
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F778%2Fhead;p=thirdparty%2Fsuricata.git

Fix crash in AppLayer Proto Detect

The App Proto Detect code would use the wrong pattern count to
index a results array, leading to SEGVs.

Bug #1080.
---

diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c
index 9e6079d768..d190abfefa 100644
--- a/src/app-layer-detect-proto.c
+++ b/src/app-layer-detect-proto.c
@@ -244,7 +244,10 @@ static uint16_t AppLayerProtoDetectPMGetProto(AppLayerProtoDetectThreadCtx *tctx
     uint8_t pm_results_bf[(ALPROTO_MAX / 8) + 1];
     memset(pm_results_bf, 0, sizeof(pm_results_bf));
 
-    for (cnt = 0; cnt < search_cnt; cnt++) {
+    /* loop through unique pattern id's. Can't use search_cnt here,
+     * as that contains all matches, tctx->pmq.pattern_id_array_cnt
+     * contains only *unique* matches. */
+    for (cnt = 0; cnt < tctx->pmq.pattern_id_array_cnt; cnt++) {
         AppLayerProtoDetectPMSignature *s = pm_ctx->map[tctx->pmq.pattern_id_array[cnt]];
         while (s != NULL) {
             uint16_t proto = AppLayerProtoDetectPMMatchSignature(s, buf, searchlen, ipproto);