From 8770979b9898daada819de971246c2f62bca30a8 Mon Sep 17 00:00:00 2001 From: "Ashutosh Gupta (ashugup3)" Date: Wed, 17 Sep 2025 06:13:37 +0000 Subject: [PATCH] Pull request #4869: dce_rpc: Fix for Use-After-Free: Clearing rule options before freeing the buffer Merge in SNORT/snort3 from ~ASHUGUP3/snort3:bug_CSCwq75339 to master Squashed commit of the following: commit f6431e912bd6c32c207ea85be11989564d2804ea Author: ashutosh Date: Mon Sep 8 00:58:32 2025 +0530 dce_rpc: Clear rule options before freeing the buffer --- src/service_inspectors/dce_rpc/smb_message.cc | 1 + 1 file changed, 1 insertion(+) diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc index 3cbe0c147..d5b28818a 100644 --- a/src/service_inspectors/dce_rpc/smb_message.cc +++ b/src/service_inspectors/dce_rpc/smb_message.cc @@ -1790,6 +1790,7 @@ void DCE2_Smb1Process(DCE2_SmbSsnData* ssd) if (!DCE2_BufferIsEmpty(*seg_buf)) { set_file_data(nullptr, 0); + DCE2_ResetRopts(&ssd->sd, DetectionEngine::get_current_packet()); DCE2_BufferDestroy(*seg_buf); *seg_buf = nullptr; } -- 2.47.3