From: Anoop Saldanha Date: Fri, 19 Oct 2012 09:40:14 +0000 (+0530) Subject: fix segv in hcbd and hsbd buffering. X-Git-Tag: suricata-1.4beta3~68 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2ab62920aa2585888af049721e36dc018e24f1e6;p=thirdparty%2Fsuricata.git fix segv in hcbd and hsbd buffering. Increase bufffers_list_len, only we open up a space for a new tx. --- diff --git a/src/detect-engine-hcbd.c b/src/detect-engine-hcbd.c index cf0603cb08..de1f6635f9 100644 --- a/src/detect-engine-hcbd.c +++ b/src/detect-engine-hcbd.c @@ -93,6 +93,11 @@ static uint8_t *DetectEngineHCBDGetBufferForTX(int tx_id, if (HCBDCreateSpace(det_ctx, 1) < 0) goto end; index = 0; + + if (det_ctx->hcbd_buffers_list_len == 0) { + det_ctx->hcbd_start_tx_id = tx_id; + } + det_ctx->hcbd_buffers_list_len++; } else { if ((tx_id - det_ctx->hcbd_start_tx_id) < det_ctx->hcbd_buffers_list_len) { if (det_ctx->hcbd[(tx_id - det_ctx->hcbd_start_tx_id)].buffer_len != 0) { @@ -102,15 +107,15 @@ static uint8_t *DetectEngineHCBDGetBufferForTX(int tx_id, } else { if (HCBDCreateSpace(det_ctx, (tx_id - det_ctx->hcbd_start_tx_id) + 1) < 0) goto end; + + if (det_ctx->hcbd_buffers_list_len == 0) { + det_ctx->hcbd_start_tx_id = tx_id; + } + det_ctx->hcbd_buffers_list_len++; } index = (tx_id - det_ctx->hcbd_start_tx_id); } - if (det_ctx->hcbd_buffers_list_len == 0) { - det_ctx->hcbd_start_tx_id = tx_id; - } - det_ctx->hcbd_buffers_list_len++; - htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, tx_id); if (tx == NULL) { SCLogDebug("no tx"); diff --git a/src/detect-engine-hhd.c b/src/detect-engine-hhd.c index 814a23daee..2e996e2fed 100644 --- a/src/detect-engine-hhd.c +++ b/src/detect-engine-hhd.c @@ -96,6 +96,11 @@ static uint8_t *DetectEngineHHDGetBufferForTX(int tx_id, if (HHDCreateSpace(det_ctx, 1) < 0) goto end; index = 0; + + if (det_ctx->hhd_buffers_list_len == 0) { + det_ctx->hhd_start_tx_id = tx_id; + } + det_ctx->hhd_buffers_list_len++; } else { if ((tx_id - det_ctx->hhd_start_tx_id) < det_ctx->hhd_buffers_list_len) { if (det_ctx->hhd_buffers_len[(tx_id - det_ctx->hhd_start_tx_id)] != 0) { @@ -105,15 +110,15 @@ static uint8_t *DetectEngineHHDGetBufferForTX(int tx_id, } else { if (HHDCreateSpace(det_ctx, (tx_id - det_ctx->hhd_start_tx_id) + 1) < 0) goto end; + + if (det_ctx->hhd_buffers_list_len == 0) { + det_ctx->hhd_start_tx_id = tx_id; + } + det_ctx->hhd_buffers_list_len++; } index = (tx_id - det_ctx->hhd_start_tx_id); } - if (det_ctx->hhd_buffers_list_len == 0) { - det_ctx->hhd_start_tx_id = tx_id; - } - det_ctx->hhd_buffers_list_len++; - htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, tx_id); if (tx == NULL) { SCLogDebug("no tx"); diff --git a/src/detect-engine-hsbd.c b/src/detect-engine-hsbd.c index 9adc9298bb..d1d44a5831 100644 --- a/src/detect-engine-hsbd.c +++ b/src/detect-engine-hsbd.c @@ -94,6 +94,11 @@ static uint8_t *DetectEngineHSBDGetBufferForTX(int tx_id, if (HSBDCreateSpace(det_ctx, 1) < 0) goto end; index = 0; + + if (det_ctx->hsbd_buffers_list_len == 0) { + det_ctx->hsbd_start_tx_id = tx_id; + } + det_ctx->hsbd_buffers_list_len++; } else { if ((tx_id - det_ctx->hsbd_start_tx_id) < det_ctx->hsbd_buffers_list_len) { if (det_ctx->hsbd[(tx_id - det_ctx->hsbd_start_tx_id)].buffer_len != 0) { @@ -103,15 +108,15 @@ static uint8_t *DetectEngineHSBDGetBufferForTX(int tx_id, } else { if (HSBDCreateSpace(det_ctx, (tx_id - det_ctx->hsbd_start_tx_id) + 1) < 0) goto end; + + if (det_ctx->hsbd_buffers_list_len == 0) { + det_ctx->hsbd_start_tx_id = tx_id; + } + det_ctx->hsbd_buffers_list_len++; } index = (tx_id - det_ctx->hsbd_start_tx_id); } - if (det_ctx->hsbd_buffers_list_len == 0) { - det_ctx->hsbd_start_tx_id = tx_id; - } - det_ctx->hsbd_buffers_list_len++; - htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, tx_id); if (tx == NULL) { SCLogDebug("no tx");