Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dcerpc: prevent integer underflow #12532

Closed
wants to merge 1 commit into from
Closed

dcerpc: prevent integer underflow #12532

wants to merge 1 commit into from

Conversation

catenacyber
Copy link
Contributor

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7548

Describe changes:

  • dcerpc: prevent integer underflow

There may be other things to do, like setting an event, but what remains to do is not clear to me.
What is clear to me is that this small change is an improvement.

First commit of #12528 with ticket

@catenacyber
dcerpc: prevent integer underflow
05fa4e5 
in case a fragment has a length lesser than DCERPC_HDR_LEN

Fixes: 9daf852 ("dcerpc: tidy up code")

Ticket: 7548
@catenacyber catenacyber requested a review from jasonish as a code owner February 5, 2025 20:09
@catenacyber catenacyber mentioned this pull request Feb 5, 2025
Closed
@codecov Codecov
Copy link

codecov bot commented Feb 5, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 80.69%. Comparing base (d4330ef) to head (05fa4e5).
Report is 7 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #12532   +/-   ##
=======================================
  Coverage   80.68%   80.69%           
=======================================
  Files         925      925           
  Lines      258914   258914           
=======================================
+ Hits       208914   208920    +6     
+ Misses      50000    49994    -6
Flag Coverage Δ
fuzzcorpus 56.88% <100.00%> (+0.05%) ⬆️
livemode 19.41% <0.00%> (+<0.01%) ⬆️
pcap 44.19% <100.00%> (-0.01%) ⬇️
suricata-verify 63.39% <100.00%> (-0.01%) ⬇️
unittests 58.38% <100.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 24627

inashivb
inashivb approved these changes Feb 6, 2025
View reviewed changes
Copy link
Member

@inashivb inashivb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

@victorjulien victorjulien added this to the 8.0 milestone Feb 10, 2025
@victorjulien victorjulien mentioned this pull request Feb 10, 2025
Merged
@inashivb
Copy link
Member

There may be other things to do, like setting an event, but what remains to do is not clear to me. What is clear to me is that this small change is an improvement.

@catenacyber could you please tell what is unclear to you?
We need to do https://redmine.openinfosecfoundation.org/issues/7254 and the related tickets that have been added by you.

@victorjulien
Copy link
Member

Merged in #12553, thanks!

@catenacyber
Copy link
Contributor Author

could you please tell what is unclear to you? We need to do https://redmine.openinfosecfoundation.org/issues/7254 and the related tickets that have been added by you.

How to implement events for DCERPC, and for this special case where I am not sure the data belongs to a transaction

@inashivb
Copy link
Member

How to implement events for DCERPC, and for this special case where I am not sure the data belongs to a transaction

Indeed the transaction is created much later only if the data is complete. Maybe we should have something like protocol parser events to deal with such cases?

@catenacyber
Copy link
Contributor Author

Maybe we should have something like protocol parser events to deal with such cases?

Maybe, that is what is unclear to me...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien victorjulien approved these changes

@inashivb inashivb inashivb approved these changes

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
8.0
Development

Successfully merging this pull request may close these issues.
4 participants
@catenacyber @suricata-qa @inashivb @victorjulien