From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 18 Apr 2024 11:36:34 +0000 (+0200)
Subject: util/mime: adds safety check
X-Git-Tag: suricata-8.0.0-beta1~1443
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=402f39b4f2c0ff3b7e73e6c65cb13b0a34cce321;p=thirdparty%2Fsuricata.git

util/mime: adds safety check

Ticket: 6904

Even if there is no problem, just fortify the function,
so that it is future-proof if the caller does not do the check.
---

diff --git a/src/util-decode-mime.c b/src/util-decode-mime.c
index 26da883632..533ae971d7 100644
--- a/src/util-decode-mime.c
+++ b/src/util-decode-mime.c
@@ -617,6 +617,11 @@ static uint8_t *GetFullValue(const DataValue *dv, uint32_t *olen)
 
     /* First calculate total length */
     for (const DataValue *curr = dv; curr != NULL; curr = curr->next) {
+        if (unlikely(len > UINT32_MAX - curr->value_len)) {
+            // This should never happen as caller checks already against mdcfg->header_value_depth
+            DEBUG_VALIDATE_BUG_ON(1);
+            return NULL;
+        }
         len += curr->value_len;
     }
     /* Must have at least one character in the value */