tls-handshake: add sanity checks.

author Eric Leblond <eric@regit.org>

Mon, 19 Dec 2011 10:14:21 +0000 (11:14 +0100)

committer Victor Julien <victor@inliniac.net>

Mon, 19 Mar 2012 11:12:25 +0000 (12:12 +0100)
author Eric Leblond <eric@regit.org>
Mon, 19 Dec 2011 10:14:21 +0000 (11:14 +0100)
committer Victor Julien <victor@inliniac.net>
Mon, 19 Mar 2012 11:12:25 +0000 (12:12 +0100)
diff --git a/src/util-decode-der.c b/src/util-decode-der.c

index 363e6bc4db798e0e31005701d448f5ceb60d400a..e0b273a03f7c2cebf27f6a99c3b0b90d787d97e6 100644 (file)
--- a/src/util-decode-der.c
+++ b/src/util-decode-der.c
@@ -339,6 +339,8 @@ static Asn1Generic * DecodeAsn1DerNull(const unsigned char *buffer, uint32_t siz
          return NULL;
      }
      a = Asn1GenericNew();
+    if (a == NULL)
+        return NULL;
      a->type = ASN1_NULL;
      a->length = (d_ptr - buffer);
      a->value = 0;
@@ -674,6 +676,14 @@ static Asn1Generic * DecodeAsn1DerSet(const unsigned char *buffer, uint32_t max_
      }
      node->length = d_length + (d_ptr - buffer);
  
+    if (node->length > max_size) {
+        SCLogInfo("Announced message length too big: %" PRIu32 " vs %" PRIu32,
+                  node->length,
+                  max_size);
+        free(node);
+        return NULL;
+    }
+
      seq_index = 0;
  
      el_max_size = max_size - (d_ptr-buffer);
author	Eric Leblond <eric@regit.org>
	Mon, 19 Dec 2011 10:14:21 +0000 (11:14 +0100)
committer	Victor Julien <victor@inliniac.net>
	Mon, 19 Mar 2012 11:12:25 +0000 (12:12 +0100)