1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
From 4026bca7f04c419dd3f3ba17a1af17bbcbcf18bc Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Fri, 17 May 2024 09:39:52 +0200
Subject: [PATCH 4/4] http: fix nul deref on memcap reached
HttpRangeOpenFileAux may return NULL in different cases, including
when memcap is reached.
But is only caller did not check it before calling HttpRangeAppendData
which would dereference the NULL value.
Ticket: 7029
(cherry picked from commit fd262df457f67f2174752dd6505ba2ed5911fd96)
Upstream-Status: Backport from [https://github.com/OISF/suricata/commit/2bd3bd0e318f19008e9fe068ab17277c530ffb92]
CVE: CVE-2024-38536
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
src/app-layer-htp-range.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/app-layer-htp-range.c b/src/app-layer-htp-range.c
index 3cdde35..f0d75a9 100644
--- a/src/app-layer-htp-range.c
+++ b/src/app-layer-htp-range.c
@@ -351,8 +351,10 @@ static HttpRangeContainerBlock *HttpRangeOpenFile(HttpRangeContainerFile *c, uin
{
HttpRangeContainerBlock *r =
HttpRangeOpenFileAux(c, start, end, total, sbcfg, name, name_len, flags);
- if (HttpRangeAppendData(sbcfg, r, data, len) < 0) {
- SCLogDebug("Failed to append data while opening");
+ if (r) {
+ if (HttpRangeAppendData(sbcfg, r, data, len) < 0) {
+ SCLogDebug("Failed to append data while opening");
+ }
}
return r;
}
--
2.44.0
|
