From 4ddcd23f45f6d6ed341b844b0405b9c2553d37e0 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Wed, 17 Feb 2021 17:02:35 +0100 Subject: [PATCH] detect: fix overflows in SetupU8Hash For instance ">255" resulted in overflow (cherry picked from commit 2d765d6c686449e78e29759b07c4852ebab3c46e) --- src/detect-engine-prefilter-common.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/src/detect-engine-prefilter-common.c b/src/detect-engine-prefilter-common.c index 323f479f5b..931778976e 100644 --- a/src/detect-engine-prefilter-common.c +++ b/src/detect-engine-prefilter-common.c @@ -291,29 +291,34 @@ static void SetupU8Hash(DetectEngineCtx *de_ctx, HashListTable *hash_table, break; case PREFILTER_U8HASH_MODE_LT: { - uint8_t v = ctx->v1.u8[1] - 1; - do { + uint8_t v = ctx->v1.u8[1]; + while (v > 0) { + v--; counts[v] += ctx->cnt; - } while (v--); + } break; } case PREFILTER_U8HASH_MODE_GT: { - int v = ctx->v1.u8[1] + 1; - do { + uint8_t v = ctx->v1.u8[1]; + while (v < UINT8_MAX) { + v++; counts[v] += ctx->cnt; - } while (++v < 256); + } break; } case PREFILTER_U8HASH_MODE_RA: { - int v = ctx->v1.u8[1] + 1; - do { - counts[v] += ctx->cnt; - } while (++v < ctx->v1.u8[2]); - + if (ctx->v1.u8[1] < ctx->v1.u8[2]) { + // ctx->v1.u8[1] is not UINT8_MAX + uint8_t v = ctx->v1.u8[1] + 1; + while (v < ctx->v1.u8[2]) { + counts[v] += ctx->cnt; + v++; + } + } break; } } -- 2.47.2