decode: enforce layer limit through tunnel layers

author Victor Julien <vjulien@oisf.net>

Thu, 20 Oct 2022 13:14:26 +0000 (15:14 +0200)

committer Victor Julien <vjulien@oisf.net>

Tue, 29 Nov 2022 09:33:15 +0000 (10:33 +0100)
author Victor Julien <vjulien@oisf.net>
Thu, 20 Oct 2022 13:14:26 +0000 (15:14 +0200)
committer Victor Julien <vjulien@oisf.net>
Tue, 29 Nov 2022 09:33:15 +0000 (10:33 +0100)
diff --git a/src/decode.c b/src/decode.c

index a4e7e2a16a0f06a21c7889b599c840da93c918c8..fec718c64ce94935b7d181dfea5b50636eba1f99 100644 (file)
--- a/src/decode.c
+++ b/src/decode.c
@@ -312,6 +312,11 @@ Packet *PacketTunnelPktSetup(ThreadVars *tv, DecodeThreadVars *dtv, Packet *pare
  
      SCEnter();
  
+    if (parent->nb_decoded_layers + 1 >= decoder_max_layers) {
+        ENGINE_SET_INVALID_EVENT(parent, GENERIC_TOO_MANY_LAYERS);
+        SCReturnPtr(NULL, "Packet");
+    }
+
      /* get us a packet */
      Packet *p = PacketGetFromQueueOrAlloc();
      if (unlikely(p == NULL)) {
@@ -320,7 +325,10 @@ Packet *PacketTunnelPktSetup(ThreadVars *tv, DecodeThreadVars *dtv, Packet *pare
  
      /* copy packet and set length, proto */
      PacketCopyData(p, pkt, len);
+    DEBUG_VALIDATE_BUG_ON(parent->recursion_level == 255);
      p->recursion_level = parent->recursion_level + 1;
+    DEBUG_VALIDATE_BUG_ON(parent->nb_decoded_layers >= decoder_max_layers);
+    p->nb_decoded_layers = parent->nb_decoded_layers + 1;
      p->ts.tv_sec = parent->ts.tv_sec;
      p->ts.tv_usec = parent->ts.tv_usec;
      p->datalink = DLT_RAW;
author	Victor Julien <vjulien@oisf.net>
	Thu, 20 Oct 2022 13:14:26 +0000 (15:14 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Tue, 29 Nov 2022 09:33:15 +0000 (10:33 +0100)