Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integer overflow 4527 v5 #6778

Closed
wants to merge 6 commits into from
Closed

Integer overflow 4527 v5 #6778

wants to merge 6 commits into from

Conversation

catenacyber
Copy link
Contributor

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/4527

Describe changes:

  • Fix integer warnings in all files beginning with a (like app)

libhtp-pr: 339

There remains one warning about the use of StreamTcpUpdateAppLayerProgress
cf discussion in #6649

Changes #6690 with needed rebase and fixed conflicts

@catenacyber
ftp: fix int warnings
1d02b0c 
Explicitly truncate a file name if it is longer
than UINT16_MAX
@catenacyber
http: : fix int warnings
3995da6 
Explicitly truncate file names to UINT16_MAX

Before, they got implicitly truncated, meaning a UINT16_MAX + 1
file name, went to 0 file name (because of modulo 65536)
@catenacyber
app: fix int warnings in generic app files
01a08a6
@catenacyber
smtp: fix int warnings
0e8e6aa 
and explicitly truncating filename's length
@catenacyber
ssl: fix int warnings
1be41a9 
especially increasing padding_len size
@catenacyber
file: define own variable instead of PATH_MAX
b2ad55a 
to be used for maximum size of file names,
and not depend on the OS
@catenacyber catenacyber requested a review from a team as a code owner January 13, 2022 07:48
@catenacyber catenacyber mentioned this pull request Jan 13, 2022
Closed
@codecov
Copy link

codecov bot commented Jan 13, 2022

Codecov Report

Merging #6778 (b2ad55a) into master (ddf14e5) will decrease coverage by 2.60%.
The diff coverage is 74.13%.

@@            Coverage Diff             @@
##           master    #6778      +/-   ##
==========================================
- Coverage   77.12%   74.52%   -2.61%     
==========================================
  Files         615      615              
  Lines      185613   185621       +8     
==========================================
- Hits       143161   138328    -4833     
- Misses      42452    47293    +4841
Flag Coverage Δ
fuzzcorpus 47.79% <53.44%> (-5.20%) ⬇️
suricata-verify 52.67% <66.66%> (-0.02%) ⬇️
unittests 63.08% <63.63%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@victorjulien victorjulien mentioned this pull request Jan 13, 2022
Merged
@victorjulien
Copy link
Member

Merged in #6779, thanks!

victorjulien added a commit to victorjulien/suricata that referenced this pull request Feb 13, 2024
@victorjulien
detect/tls.certs: fix direction handling
e333922 
Direction flag was checked against wrong field, leading to undefined behavior.

Bug: OISF#6778.
@victorjulien victorjulien mentioned this pull request Feb 13, 2024
Closed
victorjulien added a commit to victorjulien/suricata that referenced this pull request Feb 14, 2024
@victorjulien
detect/tls.certs: fix direction handling
3c06457 
Direction flag was checked against wrong field, leading to undefined behavior.

Bug: OISF#6778.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Feb 15, 2024
@victorjulien
detect/tls.certs: fix direction handling
3a72de1 
Direction flag was checked against wrong field, leading to undefined behavior.

Bug: OISF#6778.
(cherry picked from commit 3c06457)
victorjulien added a commit to victorjulien/suricata that referenced this pull request Feb 15, 2024
@victorjulien
detect/tls.certs: fix direction handling
0cd1cd1 
Direction flag was checked against wrong field, leading to undefined behavior.

Bug: OISF#6778.
(cherry picked from commit 3c06457)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catenacyber @victorjulien