From: Pierre Chifflier <pollux@debian.org>
Date: Sun, 30 Mar 2025 10:03:02 +0000 (+0200)
Subject: CVE-2024-45796
X-Git-Tag: archive/raspbian/1%6.0.1-3+rpi1+deb11u1^2~3
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=82dfb9632aaadaf5d10eb47b3f40e5098eb0f182;p=suricata.git

CVE-2024-45796

commit 9203656496c4081260817cce018a0d8fd57869b5
Author: Philippe Antoine <pantoine@oisf.net>
Date:   Mon Jul 15 09:52:00 2024 +0200

    defrag: fix off by one

    Ticket: 7067

    This off by one could lead to an empty fragment being inserted
    in the rb tree, which led to integer underflow


Gbp-Pq: Name CVE-2024-45796.patch
---

diff --git a/src/defrag.c b/src/defrag.c
index 0051eaa3..ee68345b 100644
--- a/src/defrag.c
+++ b/src/defrag.c
@@ -818,7 +818,7 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragTracker *tracker,
         }
     }
 
-    if (ltrim > data_len) {
+    if (ltrim >= data_len) {
         /* Full packet has been trimmed due to the overlap policy. Overlap
          * already set. */
         goto done;