From 40b046d2d814ab6a75e218a10bc5272149362158 Mon Sep 17 00:00:00 2001 From: firnsy Date: Wed, 4 Mar 2015 18:54:31 +1100 Subject: [PATCH] fixed: mem allocation issue (ie not being done) with IPv6 extension processing in decode(). --- src/decode.c | 9 +++++++-- src/spooler.c | 3 +++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/decode.c b/src/decode.c index 4d46a4b..6970490 100644 --- a/src/decode.c +++ b/src/decode.c @@ -2192,8 +2192,13 @@ void DecodeIPV6Options(int type, const uint8_t *pkt, uint32_t len, Packet *p) exthdr = (IP6Extension *)pkt; - p->ip6_extensions[p->ip6_extension_count].type = type; - p->ip6_extensions[p->ip6_extension_count].data = pkt; + /* BY2: we only track the first extension and don't do out of order + ** assessment as it's already been done by the engine that built it. + */ + if (p->ip6_extension_count == 0) { + p->ip6_extensions[p->ip6_extension_count].type = type; + p->ip6_extensions[p->ip6_extension_count].data = pkt; + } // TBD add layers for other ip6 ext headers switch (type) diff --git a/src/spooler.c b/src/spooler.c index c92a1cb..55d3dfc 100644 --- a/src/spooler.c +++ b/src/spooler.c @@ -727,6 +727,8 @@ void spoolerProcessRecord(Spooler *spooler, int fire_output) /* allocate space for the packet and construct the packet header */ spooler->record.pkt = SnortAlloc(sizeof(Packet)); + spooler->record.pkt->ip6_extensions = SnortAlloc(sizeof(IP6Option) * 1); + pkth.caplen = ntohl(((Unified2Packet *)spooler->record.data)->packet_length); pkth.len = pkth.caplen; @@ -798,6 +800,7 @@ void spoolerProcessRecord(Spooler *spooler, int fire_output) } /* free the memory allocated in this function */ + free(spooler->record.pkt->ip6_extensions); free(spooler->record.pkt); spooler->record.pkt = NULL;