util/mime: adds safety check

Ticket: 6904

Even if there is no problem, just fortify the function,
so that it is future-proof if the caller does not do the check.

diff --git a/src/util-decode-mime.c b/src/util-decode-mime.c
index 26da88363277ec62f56977eb22ed076870501167..533ae971d774e8f84221a03445f27348d4a55869 100644 (file)
--- a/src/util-decode-mime.c
+++ b/src/util-decode-mime.c
@@ -617,6 +617,11 @@ static uint8_t *GetFullValue(const DataValue *dv, uint32_t *olen)
 
     /* First calculate total length */
     for (const DataValue *curr = dv; curr != NULL; curr = curr->next) {
+        if (unlikely(len > UINT32_MAX - curr->value_len)) {
+            // This should never happen as caller checks already against mdcfg->header_value_depth
+            DEBUG_VALIDATE_BUG_ON(1);
+            return NULL;
+        }
         len += curr->value_len;
     }
     /* Must have at least one character in the value */