From: Victor Julien <victor@inliniac.net>
Date: Wed, 2 Oct 2019 08:30:48 +0000 (+0200)
Subject: detect/classtype: check size of rule input
X-Git-Tag: suricata-5.0.0~67
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=523e91b231602419f6f7ba62be959ade82bd978b;p=thirdparty%2Fsuricata.git

detect/classtype: check size of rule input
---

diff --git a/src/detect-classtype.c b/src/detect-classtype.c
index aadf8f9c9d..35a9be2ead 100644
--- a/src/detect-classtype.c
+++ b/src/detect-classtype.c
@@ -71,18 +71,28 @@ static int DetectClasstypeParseRawString(const char *rawstr, char *out, size_t o
     int ov[MAX_SUBSTRINGS];
     size_t len = strlen(rawstr);
 
+    const size_t esize = CLASSTYPE_NAME_MAX_LEN + 8;
+    char e[esize];
+
     int ret = pcre_exec(regex, regex_study, rawstr, len, 0, 0, ov, 30);
     if (ret < 0) {
         SCLogError(SC_ERR_PCRE_MATCH, "Invalid Classtype in Signature");
         return -1;
     }
 
-    ret = pcre_copy_substring((char *)rawstr, ov, 30, 1, out, outsize);
+    ret = pcre_copy_substring((char *)rawstr, ov, 30, 1, e, esize);
     if (ret < 0) {
         SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
         return -1;
     }
 
+    if (strlen(e) >= CLASSTYPE_NAME_MAX_LEN) {
+        SCLogError(SC_ERR_INVALID_VALUE, "classtype '%s' is too big: max %d",
+                rawstr, CLASSTYPE_NAME_MAX_LEN - 1);
+        return -1;
+    }
+    (void)strlcpy(out, e, outsize);
+
     return 0;
 }