multi-detect: validate vlan_id

diff --git a/src/detect-engine.c b/src/detect-engine.c
index 82d651994ed59693473072c7b72e0d3de5dd1746..585e3f7c9f5b659c34fd2a29ddebca69b6fb2c84 100644 (file)
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -2110,6 +2110,11 @@ void DetectEngineMultiTenantSetup(void)
                                 "of %s is invalid", vlan_id_node->val);
                         goto bad_mapping;
                     }
+                    if (vlan_id == 0 || vlan_id >= 4095) {
+                        SCLogError(SC_ERR_INVALID_ARGUMENT, "vlan-id  "
+                                "of %s is invalid. Valid range 1-4094.", vlan_id_node->val);
+                        goto bad_mapping;
+                    }
 
                     if (DetectEngineTentantRegisterVlanId(tenant_id, (uint32_t)vlan_id) != 0) {
                         goto error;