From: Philippe Antoine <contact@catenacyber.fr>
Date: Thu, 19 Nov 2020 13:30:27 +0000 (+0100)
Subject: dnp3: avoids DOS by too long loop over null-sized objects
X-Git-Tag: suricata-6.0.1~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15980af7de4043bf32136e7af1e98c9470f8557f;p=thirdparty%2Fsuricata.git

dnp3: avoids DOS by too long loop over null-sized objects
---

diff --git a/scripts/dnp3-gen/dnp3-gen.py b/scripts/dnp3-gen/dnp3-gen.py
index b2226c3217..447d386387 100755
--- a/scripts/dnp3-gen/dnp3-gen.py
+++ b/scripts/dnp3-gen/dnp3-gen.py
@@ -432,6 +432,9 @@ static int DNP3DecodeObjectG{{object.group}}V{{object.variation}}(const uint8_t
 {% endfor %}
 {% endif %}
 
+    if (*len < count/8) {
+        goto error;
+    }
     while (count--) {
 
         object = SCCalloc(1, sizeof(*object));