From: Philippe Antoine <contact@catenacyber.fr>
Date: Thu, 8 Jul 2021 13:01:15 +0000 (+0200)
Subject: dnp3: adds bounds check for prefix chararray
X-Git-Tag: suricata-7.0.0-beta1~1509
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=126a7dcb4f1818a806c882c54da864992bb304d5;p=thirdparty%2Fsuricata.git

dnp3: adds bounds check for prefix chararray

Ticket: #4558
Avoids intra structure overflow
---

diff --git a/scripts/dnp3-gen/dnp3-gen.py b/scripts/dnp3-gen/dnp3-gen.py
index 75a127623c..4a308de6f9 100755
--- a/scripts/dnp3-gen/dnp3-gen.py
+++ b/scripts/dnp3-gen/dnp3-gen.py
@@ -518,6 +518,9 @@ static int DNP3DecodeObjectG{{object.group}}V{{object.variation}}(const uint8_t
         }
 {% elif field.type == "chararray" %}
 {% if field.len_from_prefix %}
+        if (prefix - (offset - *len) >= {{field.size}}) {
+            goto error;
+        }
         object->{{field.len_field}} = prefix - (offset - *len);
 {% endif %}
         if (object->{{field.len_field}} > 0) {