der/asn1: limit recursion

author Victor Julien <victor@inliniac.net>

Mon, 10 Jul 2017 08:15:54 +0000 (10:15 +0200)

committer Victor Julien <victor@inliniac.net>

Thu, 13 Jul 2017 12:41:38 +0000 (14:41 +0200)
author Victor Julien <victor@inliniac.net>
Mon, 10 Jul 2017 08:15:54 +0000 (10:15 +0200)
committer Victor Julien <victor@inliniac.net>
Thu, 13 Jul 2017 12:41:38 +0000 (14:41 +0200)
diff --git a/src/util-decode-der.c b/src/util-decode-der.c

index d3fb3237f3640a3c91f9e94e841a1b793b0a58c7..3153361d7bce7c886d77a450714cf986e5e7f5d1 100644 (file)
--- a/src/util-decode-der.c
+++ b/src/util-decode-der.c
@@ -139,6 +139,11 @@ static Asn1Generic * DecodeAsn1DerGeneric(const unsigned char *buffer,
      Asn1Generic *child;
      uint8_t el_type;
  
+    /* refuse excessive recursion */
+    if (unlikely(depth == 255)) {
+        return NULL;
+    }
+
      el.cls = (d_ptr[0] & 0xc0) >> 6;
      el.pc = (d_ptr[0] & 0x20) >> 5;
      el.tag = (d_ptr[0] & 0x1f);
author	Victor Julien <victor@inliniac.net>
	Mon, 10 Jul 2017 08:15:54 +0000 (10:15 +0200)
committer	Victor Julien <victor@inliniac.net>
	Thu, 13 Jul 2017 12:41:38 +0000 (14:41 +0200)