1 files changed, 40 insertions, 0 deletions

diff --git a/meta-security/recipes-ids/suricata/files/CVE-2024-38536.patch b/meta-security/recipes-ids/suricata/files/CVE-2024-38536.patch
new file mode 100644
index 0000000000..2d4b3d78cf
--- /dev/null
+++ b/meta-security/recipes-ids/suricata/files/CVE-2024-38536.patch
@@ -0,0 +1,40 @@
+From 4026bca7f04c419dd3f3ba17a1af17bbcbcf18bc Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <pantoine@oisf.net>
+Date: Fri, 17 May 2024 09:39:52 +0200
+Subject: [PATCH 4/4] http: fix nul deref on memcap reached
+
+HttpRangeOpenFileAux may return NULL in different cases, including
+when memcap is reached.
+But is only caller did not check it before calling HttpRangeAppendData
+which would dereference the NULL value.
+
+Ticket: 7029
+(cherry picked from commit fd262df457f67f2174752dd6505ba2ed5911fd96)
+
+Upstream-Status: Backport from [https://github.com/OISF/suricata/commit/2bd3bd0e318f19008e9fe068ab17277c530ffb92]
+CVE: CVE-2024-38536
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ src/app-layer-htp-range.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/app-layer-htp-range.c b/src/app-layer-htp-range.c
+index 3cdde35..f0d75a9 100644
+--- a/src/app-layer-htp-range.c
++++ b/src/app-layer-htp-range.c
+@@ -351,8 +351,10 @@ static HttpRangeContainerBlock *HttpRangeOpenFile(HttpRangeContainerFile *c, uin
+ {
+     HttpRangeContainerBlock *r =
+             HttpRangeOpenFileAux(c, start, end, total, sbcfg, name, name_len, flags);
+-    if (HttpRangeAppendData(sbcfg, r, data, len) < 0) {
+-        SCLogDebug("Failed to append data while opening");
++    if (r) {
++        if (HttpRangeAppendData(sbcfg, r, data, len) < 0) {
++            SCLogDebug("Failed to append data while opening");
++        }
+     }
+     return r;
+ }
+-- 
+2.44.0
+