1 files changed, 44 insertions, 0 deletions

diff --git a/meta-security/recipes-ids/suricata/files/CVE-2024-38534.patch b/meta-security/recipes-ids/suricata/files/CVE-2024-38534.patch
new file mode 100644
index 0000000000..14a958cb11
--- /dev/null
+++ b/meta-security/recipes-ids/suricata/files/CVE-2024-38534.patch
@@ -0,0 +1,44 @@
+From f1645ea911d4e90b1be8ee5863e8e1a665079cce Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <pantoine@oisf.net>
+Date: Thu, 25 Apr 2024 21:24:33 +0200
+Subject: [PATCH 2/4] modbus: abort flow parsing on flood
+
+Ticket: 6987
+
+Let's not spend more resources for a flow which is trying to
+make us do it...
+
+(cherry picked from commit 37509e8e0ed097f8e0174df754835ac60584fc72)
+
+Upstream-Status: Backport from [https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae]
+CVE: CVE-2024-38534
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ rust/src/modbus/modbus.rs | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/rust/src/modbus/modbus.rs b/rust/src/modbus/modbus.rs
+index 246e9ca..d2f7c6b 100644
+--- a/rust/src/modbus/modbus.rs
++++ b/rust/src/modbus/modbus.rs
+@@ -189,7 +189,7 @@ impl ModbusState {
+                                 None => {
+                                     let mut tx = match self.new_tx() {
+                                         Some(tx) => tx,
+-                                        None => return AppLayerResult::ok(),
++                                        None => return AppLayerResult::err(),
+                                     };
+                                     tx.set_events_from_flags(&msg.error_flags);
+                                     tx.request = Some(msg);
+@@ -215,7 +215,7 @@ impl ModbusState {
+                             None => {
+                                 let mut tx = match self.new_tx() {
+                                     Some(tx) => tx,
+-                                    None => return AppLayerResult::ok(),
++                                    None => return AppLayerResult::err(),
+                                 };
+                                 if msg
+                                     .access_type
+-- 
+2.44.0
+