TLS parser: add sanity check

author Eric Leblond <eric@regit.org>

Sun, 27 Nov 2011 11:28:36 +0000 (12:28 +0100)

committer Victor Julien <victor@inliniac.net>

Mon, 19 Mar 2012 11:12:25 +0000 (12:12 +0100)
author Eric Leblond <eric@regit.org>
Sun, 27 Nov 2011 11:28:36 +0000 (12:28 +0100)
committer Victor Julien <victor@inliniac.net>
Mon, 19 Mar 2012 11:12:25 +0000 (12:12 +0100)
diff --git a/src/app-layer-tls-handshake.c b/src/app-layer-tls-handshake.c

index 88282ca0a77150048c2af536fb8d0673f5deb52f..a7e2f7f1893b031408251808143dc85d9cfb90c7 100644 (file)
--- a/src/app-layer-tls-handshake.c
+++ b/src/app-layer-tls-handshake.c
@@ -95,6 +95,7 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
      char buffer[256];
      int rc;
      int parsed;
+    uint8_t *start_data;
  
      if (input_len < 3)
          return 1;
@@ -104,6 +105,7 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
      if (input_len < certificates_length + 3)
          return 0;
  
+    start_data = input;
      input += 3;
      parsed = 3;
  
@@ -113,6 +115,10 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
          input += 3;
          parsed += 3;
  
+        if (input - start_data + cur_cert_length > input_len) {
+            SCLogWarning(SC_ERR_ALPARSER, "ASN.1 structure contains invalid length\n");
+            return -1;
+        }
          cert = DecodeDer(input, cur_cert_length);
          if (cert == NULL) {
              SCLogWarning(SC_ERR_ALPARSER, "decoding ASN.1 structure for X509 certificate failed\n");
author	Eric Leblond <eric@regit.org>
	Sun, 27 Nov 2011 11:28:36 +0000 (12:28 +0100)
committer	Victor Julien <victor@inliniac.net>
	Mon, 19 Mar 2012 11:12:25 +0000 (12:12 +0100)