]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
projects / thirdparty / snort3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3e357b6)
Pull request #4869: dce_rpc: Fix for Use-After-Free: Clearing rule options before...
authorAshutosh Gupta (ashugup3) <ashugup3@cisco.com>
Wed, 17 Sep 2025 06:13:37 +0000 (06:13 +0000)
committerLokesh Bevinamarad (lbevinam) <lbevinam@cisco.com>
Wed, 17 Sep 2025 06:13:37 +0000 (06:13 +0000)
Merge in SNORT/snort3 from ~ASHUGUP3/snort3:bug_CSCwq75339 to master

Squashed commit of the following:

commit f6431e912bd6c32c207ea85be11989564d2804ea
Author: ashutosh <ashugup3@cisco.com>
Date:   Mon Sep 8 00:58:32 2025 +0530

    dce_rpc: Clear rule options before freeing the buffer

src/service_inspectors/dce_rpc/smb_message.cc patch | blob | blame | history

diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc
index 3cbe0c147c4e4a7dda7875cb4aec7b275a61e221..d5b28818aa60b09999058af31689c387d0855f9e 100644 (file)
--- a/src/service_inspectors/dce_rpc/smb_message.cc
+++ b/src/service_inspectors/dce_rpc/smb_message.cc
@@ -1790,6 +1790,7 @@ void DCE2_Smb1Process(DCE2_SmbSsnData* ssd)
             if (!DCE2_BufferIsEmpty(*seg_buf))
             {
                 set_file_data(nullptr, 0);
+                DCE2_ResetRopts(&ssd->sd, DetectionEngine::get_current_packet());
                 DCE2_BufferDestroy(*seg_buf);
                 *seg_buf = nullptr;
             }
Mirror of https://github.com/snort3/snort3.git