From: Daniil Kolomiiets -X (dkolomii - SOFTSERVE INC at Cisco) Date: Thu, 31 Jul 2025 21:41:53 +0000 (+0000) Subject: Pull request #4842: appid: accounting for tmp offset in RPC X-Git-Tag: 3.9.3.0~8 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=32a22a30eba6550efc706a8e1bf06afb9e2cd22b;p=thirdparty%2Fsnort3.git Pull request #4842: appid: accounting for tmp offset in RPC Merge in SNORT/snort3 from ~DKOLOMII/snort3:rpc_out_of_bounds to master Squashed commit of the following: commit 6b1ebc797bafa30f4b5447b8b5bdc2a132ae6bf5 Author: Daniil Kolomiiets Date: Thu Jul 31 10:22:07 2025 -0400 appid: accounting for tmp offset in RPC --- diff --git a/src/network_inspectors/appid/service_plugins/service_rpc.cc b/src/network_inspectors/appid/service_plugins/service_rpc.cc index 19e2d78d5..293de20d7 100644 --- a/src/network_inspectors/appid/service_plugins/service_rpc.cc +++ b/src/network_inspectors/appid/service_plugins/service_rpc.cc @@ -423,7 +423,7 @@ int RpcServiceDetector::validate_packet(const uint8_t* data, uint16_t size, Appi case RPC_PROGRAM_PORTMAP: if (rd->program_version == 3 and rd->procedure == RPC_BIND_PORTMAP_GETADDR) { - if (sizeof(ServiceRPCCall) + PROGRAM_LENGTH + VERSION_LENGTH + sizeof(NetId) > size) + if ((PROGRAM_LENGTH + VERSION_LENGTH + sizeof(NetId)) > (unsigned)(end - data)) return APPID_NOT_COMPATIBLE; data += (PROGRAM_LENGTH + VERSION_LENGTH); const NetId* net_id = (const NetId*) data; @@ -483,7 +483,7 @@ int RpcServiceDetector::validate_packet(const uint8_t* data, uint16_t size, Appi case RPC_PROGRAM_PORTMAP: if (rd->program_version == 3 and rd->procedure == RPC_BIND_PORTMAP_GETADDR) { - if ((sizeof(ServiceRPCReply) + sizeof(UniversalAddress)) > size) + if (sizeof(UniversalAddress) > (unsigned)(end-data)) return APPID_NOMATCH; const UniversalAddress* u_addr = (const UniversalAddress*) data; tmp = ntohl(u_addr->length);