From: Philippe Antoine <contact@catenacyber.fr>
Date: Thu, 19 Nov 2020 13:30:27 +0000 (+0100)
Subject: dnp3: avoids DOS by too long loop over null-sized objects
X-Git-Tag: suricata-5.0.5~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2861569c9dd892b9833ca7166085c122ccbe3396;p=thirdparty%2Fsuricata.git

dnp3: avoids DOS by too long loop over null-sized objects
---

diff --git a/scripts/dnp3-gen/dnp3-gen.py b/scripts/dnp3-gen/dnp3-gen.py
index ae2fef7baa..0396b6d5c6 100755
--- a/scripts/dnp3-gen/dnp3-gen.py
+++ b/scripts/dnp3-gen/dnp3-gen.py
@@ -437,6 +437,9 @@ static int DNP3DecodeObjectG{{object.group}}V{{object.variation}}(const uint8_t
 {% endfor %}
 {% endif %}
 
+    if (*len < count/8) {
+        goto error;
+    }
     while (count--) {
 
         object = SCCalloc(1, sizeof(*object));