From: Shivani Bhardwaj <shivani@oisf.net>
Date: Tue, 23 Jul 2024 11:22:35 +0000 (+0530)
Subject: detect/base64: minor cleanups
X-Git-Tag: suricata-8.0.0-beta1~852
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6ff0f72f4d66130eea4099a73b3969bbcc35b72a;p=thirdparty%2Fsuricata.git

detect/base64: minor cleanups

1. decode_len can be u32 as it stores min of two u32s.
2. Add defensive check for payload_len calculation underflow.
---

diff --git a/src/detect-base64-decode.c b/src/detect-base64-decode.c
index db82a033b1..59796aa760 100644
--- a/src/detect-base64-decode.c
+++ b/src/detect-base64-decode.c
@@ -67,7 +67,6 @@ int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s
     const SigMatchData *smd, const uint8_t *payload, uint32_t payload_len)
 {
     DetectBase64Decode *data = (DetectBase64Decode *)smd->ctx;
-    int decode_len;
 
 #if 0
     printf("Input data:\n");
@@ -76,6 +75,7 @@ int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s
 
     if (data->relative) {
         payload += det_ctx->buffer_offset;
+        DEBUG_VALIDATE_BUG_ON(det_ctx->buffer_offset > payload_len);
         payload_len -= det_ctx->buffer_offset;
     }
 
@@ -87,9 +87,7 @@ int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s
         payload_len -= data->offset;
     }
 
-    decode_len = MIN(payload_len, data->bytes);
-
-    DEBUG_VALIDATE_BUG_ON(decode_len < 0);
+    uint32_t decode_len = MIN(payload_len, data->bytes);
 #if 0
     printf("Decoding:\n");
     PrintRawDataFp(stdout, payload, decode_len);