From: Victor Julien <victor@inliniac.net>
Date: Mon, 23 Nov 2015 12:30:03 +0000 (+0100)
Subject: multi-detect: validate vlan_id
X-Git-Tag: suricata-3.0RC1~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=04889f154d64e70d2b3e2e7bfc4977ecd53dacfd;p=thirdparty%2Fsuricata.git

multi-detect: validate vlan_id
---

diff --git a/src/detect-engine.c b/src/detect-engine.c
index 82d651994e..585e3f7c9f 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -2110,6 +2110,11 @@ void DetectEngineMultiTenantSetup(void)
                                 "of %s is invalid", vlan_id_node->val);
                         goto bad_mapping;
                     }
+                    if (vlan_id == 0 || vlan_id >= 4095) {
+                        SCLogError(SC_ERR_INVALID_ARGUMENT, "vlan-id  "
+                                "of %s is invalid. Valid range 1-4094.", vlan_id_node->val);
+                        goto bad_mapping;
+                    }
 
                     if (DetectEngineTentantRegisterVlanId(tenant_id, (uint32_t)vlan_id) != 0) {
                         goto error;