From 0dc364aef2dec122fc0e7ee4c190864f4cc5f1bd Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 21 Nov 2024 14:55:32 +0100 Subject: [PATCH] util/streaming-buffer: fix regions intersection This was not a problem for current callers in Suricata, as RegionsIntersect is only called through StreamingBufferInsertAt which is only used by TCP... And TCP uses default region gap = 256kb, and only calls StreamingBufferInsertAt with a u16, so TCP never inserts a new data that will strictly contain an existing region augmented with region gap, which was the only case where RegionsIntersect returned the wrong result, which could later lead to a buffer overflow. Ticket: 7393 (cherry picked from commit 282509f70c4ce805098e59535af445362e3e9ebd) --- src/util-streaming-buffer.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/src/util-streaming-buffer.c b/src/util-streaming-buffer.c index c678279dd4..b3f5d5d753 100644 --- a/src/util-streaming-buffer.c +++ b/src/util-streaming-buffer.c @@ -137,17 +137,14 @@ static inline bool RegionsIntersect(const StreamingBuffer *sb, const StreamingBu SCLogDebug("r %p: %" PRIu64 "/%" PRIu64 " - adjusted %" PRIu64 "/%" PRIu64, r, r->stream_offset, r->stream_offset + r->buf_size, reg_o, reg_re); /* check if data range intersects with region range */ - if (offset >= reg_o && offset <= reg_re) { - SCLogDebug("r %p is in-scope", r); - return true; - } - if (re >= reg_o && re <= reg_re) { - SCLogDebug("r %p is in-scope: %" PRIu64 " >= %" PRIu64 " && %" PRIu64 " <= %" PRIu64, r, re, - reg_o, re, reg_re); - return true; - } - SCLogDebug("r %p is out of scope: %" PRIu64 "/%" PRIu64, r, offset, re); - return false; + /* [offset:re] and [reg_o:reg_re] do not intersect if and only if + * re < reg_o or if reg_re < offset (one segment is strictly before the other) + * trusting that offset<=re and reg_o<=reg_re + */ + if (re < reg_o || reg_re < offset) { + return false; + } + return true; } /** \internal -- 2.47.2