From: Victor Julien <vjulien@oisf.net>
Date: Thu, 28 Mar 2024 14:09:31 +0000 (+0100)
Subject: util/file: add validation check for extreme data chunk sizes
X-Git-Tag: suricata-8.0.0-beta1~1448
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9aff8afc62ae2bc6ee03fe0c1f6f9595bc6fe85f;p=thirdparty%2Fsuricata.git

util/file: add validation check for extreme data chunk sizes
---

diff --git a/src/util-file.c b/src/util-file.c
index a1c30d89ec..fdb8d740d8 100644
--- a/src/util-file.c
+++ b/src/util-file.c
@@ -662,6 +662,9 @@ static int FileStoreNoStoreCheck(File *ff)
 static int AppendData(
         const StreamingBufferConfig *sbcfg, File *file, const uint8_t *data, uint32_t data_len)
 {
+    DEBUG_VALIDATE_BUG_ON(
+            data_len > BIT_U32(26)); // 64MiB as a limit per chunk seems already excessive
+
     SCLogDebug("file %p data_len %u", file, data_len);
     if (StreamingBufferAppendNoTrack(file->sb, sbcfg, data, data_len) != 0) {
         SCLogDebug("file %p StreamingBufferAppendNoTrack failed", file);