From: Eric Leblond <eric@regit.org>
Date: Sun, 27 Nov 2011 11:28:36 +0000 (+0100)
Subject: TLS parser: add sanity check
X-Git-Tag: suricata-1.3beta1~87
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d1c56e810b4152b62e35cc5d2dd29501ac09c16f;p=thirdparty%2Fsuricata.git

TLS parser: add sanity check
---

diff --git a/src/app-layer-tls-handshake.c b/src/app-layer-tls-handshake.c
index 88282ca0a7..a7e2f7f189 100644
--- a/src/app-layer-tls-handshake.c
+++ b/src/app-layer-tls-handshake.c
@@ -95,6 +95,7 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
     char buffer[256];
     int rc;
     int parsed;
+    uint8_t *start_data;
 
     if (input_len < 3)
         return 1;
@@ -104,6 +105,7 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
     if (input_len < certificates_length + 3)
         return 0;
 
+    start_data = input;
     input += 3;
     parsed = 3;
 
@@ -113,6 +115,10 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
         input += 3;
         parsed += 3;
 
+        if (input - start_data + cur_cert_length > input_len) {
+            SCLogWarning(SC_ERR_ALPARSER, "ASN.1 structure contains invalid length\n");
+            return -1;
+        }
         cert = DecodeDer(input, cur_cert_length);
         if (cert == NULL) {
             SCLogWarning(SC_ERR_ALPARSER, "decoding ASN.1 structure for X509 certificate failed\n");