tls-handshake: DecodeAsn1BuildValue should return -1 for error

This patch modifies DecodeAsn1BuildValue to have it return -1 when
there is a too big number of bytes announced in the ASN.1 message.

diff --git a/src/util-decode-der.c b/src/util-decode-der.c
index 75a1ed3b009d6c21a87b13146209fa943b3bd227..a076263657a1757e549a8768486d2947467aa796 100644 (file)
--- a/src/util-decode-der.c
+++ b/src/util-decode-der.c
@@ -291,6 +291,8 @@ static int DecodeAsn1BuildValue(const unsigned char **d_ptr, uint32_t *val, uint
         SCLogDebug("Invalid ASN.1 num bytes: %d", numbytes);
         /* too big won't fit: set it to 0xffffffff by convention */
         value = 0xffffffff;
+        *val = value;
+        return -1;
     } else {
         for (i=0; i<numbytes; i++) {
             value = value<<8 | (*d_ptr)[0];