Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

transform/base64: check for 0-sized buffer #11869

Closed
wants to merge 1 commit into from
Closed

transform/base64: check for 0-sized buffer #11869

wants to merge 1 commit into from

Conversation

catenacyber
Copy link
Contributor

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7296

Describe changes:

  • transform/base64: check for 0-sized buffer

As done already by other transforms

SV_BRANCH=OISF/suricata-verify#2075

#11866 with SV test and better check : wait after computation of offset...

@catenacyber
transform/base64: check for 0-sized buffer
85d566c 
So as to avoid undefined behavior with a 0-sized variable length
array

Ticket: OISF#7296
@catenacyber catenacyber mentioned this pull request Oct 3, 2024
Closed
@codecov Codecov
Copy link

codecov bot commented Oct 3, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.57%. Comparing base (45eb7e4) to head (85d566c).
Report is 24 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11869      +/-   ##
==========================================
- Coverage   82.60%   82.57%   -0.03%     
==========================================
  Files         912      912              
  Lines      249351   249356       +5     
==========================================
- Hits       205965   205914      -51     
- Misses      43386    43442      +56
Flag Coverage Δ
fuzzcorpus 60.46% <50.00%> (-0.14%) ⬇️
livemode 18.72% <0.00%> (-0.01%) ⬇️
pcap 44.10% <0.00%> (+0.03%) ⬆️
suricata-verify 62.15% <100.00%> (+0.11%) ⬆️
unittests 58.94% <50.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 22972

@victorjulien victorjulien added this to the 8.0 milestone Oct 4, 2024
victorjulien
victorjulien reviewed Oct 4, 2024
View reviewed changes
src/detect-transform-base64.c
@@ -141,6 +141,9 @@ static void TransformFromBase64Decode(InspectionBuffer *buffer, void *options)
}
decode_length = nbytes;
}
if (decode_length == 0) {
return;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this would leave the original buffer as-is, right? Is that the desired behavior, or should the 0 decoded bytes be the buffer so bsize:0 would match?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

decoding behavior below is also pass-through in case of error, so perhaps it makes sense this way

@jlucovsky any thoughts on how it should behave?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This transform only updates the buffer when bytes are successfully decoded.

That fact might be important for some rules (no buffer if the input buffer isn't b64-encoded) and bsize: 0 would be one way to tell.

Suggestion: we always update the buffer with the number of decoded bytes -- either 0 or the actual value.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so, should we create another ticket for it ?
I guess other transforms should be updated to like pcrexform
Or we should even return a NULL buffer when the transform "fails"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://redmine.openinfosecfoundation.org/issues/7313

@victorjulien victorjulien mentioned this pull request Oct 8, 2024
Merged
@victorjulien
Copy link
Member

Merged in #11905, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien victorjulien approved these changes

@jlucovsky jlucovsky jlucovsky left review comments

Assignees
No one assigned
Labels
None yet
Milestone
8.0
Development

Successfully merging this pull request may close these issues.
4 participants
@catenacyber @suricata-qa @victorjulien @jlucovsky