detect/asn1: fix offset bounds checking

diff --git a/src/detect-asn1.c b/src/detect-asn1.c
index 524bd97868664bb6a3f6e508839c4a71adc179f9..c4f0cb1f18d7edf7dd379b275960b936b4e8d022 100644 (file)
--- a/src/detect-asn1.c
+++ b/src/detect-asn1.c
@@ -148,21 +148,23 @@ static int DetectAsn1Match(DetectEngineThreadCtx *det_ctx, Packet *p,
     }
 
     const DetectAsn1Data *ad = (const DetectAsn1Data *)ctx;
-
-    Asn1Ctx *ac = SCAsn1CtxNew();
-    if (ac == NULL)
-        return 0;
-
+    int32_t offset;
     if (ad->flags & ASN1_ABSOLUTE_OFFSET) {
-        SCAsn1CtxInit(ac, p->payload + ad->absolute_offset,
-                      p->payload_len - ad->absolute_offset);
+        offset = ad->absolute_offset;
     } else if (ad->flags & ASN1_RELATIVE_OFFSET) {
-        SCAsn1CtxInit(ac, p->payload + ad->relative_offset,
-                      p->payload_len - ad->relative_offset);
+        offset = ad->relative_offset;
     } else {
-        SCAsn1CtxInit(ac, p->payload, p->payload_len);
+        offset = 0;
     }
+    if (offset >= (int32_t)p->payload_len) {
+        return 0;
+    }
+
+    Asn1Ctx *ac = SCAsn1CtxNew();
+    if (ac == NULL)
+        return 0;
 
+    SCAsn1CtxInit(ac, p->payload + offset, p->payload_len - offset);
     SCAsn1Decode(ac, ac->cur_frame);
 
     /* Ok, now we have all the data. Let's check the nodes */