]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c0dd911)
util-decode-der: fix NULL dereference bug 1975/head
authorMats Klepsland <mats.klepsland@gmail.com>
Thu, 31 Mar 2016 14:15:26 +0000 (16:15 +0200)
committerMats Klepsland <mats.klepsland@gmail.com>
Thu, 31 Mar 2016 14:15:26 +0000 (16:15 +0200)
Make sure that the length is not longer than the size of the buffer
provided.

src/util-decode-der.c patch | blob | blame | history

diff --git a/src/util-decode-der.c b/src/util-decode-der.c
index 67e7b0dda97345c6d2b1d945ad2000cd341a6678..040e214b405c03b82f4d3a07c9275f623ae5e1dd 100644 (file)
--- a/src/util-decode-der.c
+++ b/src/util-decode-der.c
@@ -216,6 +216,12 @@ static Asn1Generic * DecodeAsn1DerGeneric(const unsigned char *buffer, uint32_t
              * sequence parsing will fail
              */
             child->length += (d_ptr - save_d_ptr);
+
+            if (child->length > max_size - (d_ptr - buffer)) {
+                SCFree(child);
+                return NULL;
+            }
+
             break;
     };
     if (child == NULL)
Mirror of https://github.com/OISF/suricata.git