From 9e0c7c4b54f4230044ee57dfc2dce464e469bacf Mon Sep 17 00:00:00 2001 From: Jeff Lucovsky Date: Fri, 27 Oct 2023 09:10:47 -0400 Subject: [PATCH] detect/bytejump: Improve end-of-buffer handling Issue: 4623 This commit addresses the issues reported in issue 4623 when the jump value points at the last byte in the buffer. (cherry picked from commit f363b99fd7592824dbcbec465f1968c6f615ccaa) --- src/detect-bytejump.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c index b4d61252c5..e632501d94 100644 --- a/src/detect-bytejump.c +++ b/src/detect-bytejump.c @@ -113,24 +113,19 @@ int DetectBytejumpDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s, /* Calculate the ptr value for the bytejump and length remaining in * the packet from that point. */ - ptr = payload; - len = payload_len; + ptr = payload + offset; + len = payload_len - offset; if (flags & DETECT_BYTEJUMP_RELATIVE) { ptr += det_ctx->buffer_offset; len -= det_ctx->buffer_offset; - ptr += offset; - len -= offset; + SCLogDebug("[relative] after: ptr %p [len %d]", ptr, len); /* No match if there is no relative base */ - if (ptr == NULL || len <= 0) { + if (ptr == NULL || (data->nbytes && len <= 0)) { SCReturnInt(0); } } - else { - ptr += offset; - len -= offset; - } /* Verify the to-be-extracted data is within the packet */ if (ptr < payload || data->nbytes > len) { @@ -193,7 +188,7 @@ int DetectBytejumpDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s, if (jumpptr < payload) { jumpptr = payload; SCLogDebug("jump location is before buffer start; resetting to buffer start"); - } else if (jumpptr >= (payload + payload_len)) { + } else if (jumpptr > (payload + payload_len)) { SCLogDebug("Jump location (%" PRIu64 ") is not within payload (%" PRIu32 ")", payload_len + val, payload_len); SCReturnInt(0); -- 2.47.2