From: Eric Leblond <el@stamus-networks.com>
Date: Sat, 7 Jun 2025 20:19:03 +0000 (+0200)
Subject: datajson: add sanity check on length
X-Git-Tag: suricata-8.0.0-rc1~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df99d29ee4e51f37f8f7b9b7f4f610cef4360396;p=thirdparty%2Fsuricata.git

datajson: add sanity check on length

Also cast to avoid compilation error.
---

diff --git a/src/datasets-context-json.c b/src/datasets-context-json.c
index 7668583793..568a75ce25 100644
--- a/src/datasets-context-json.c
+++ b/src/datasets-context-json.c
@@ -80,6 +80,11 @@ static bool IsFloat(const char *in, size_t ins)
 
 static int ParseJsonLine(const char *in, size_t ins, DataJsonType *rep_out)
 {
+    if (ins > DATAJSON_JSON_LENGTH) {
+        SCLogError("dataset: json string too long: %s", in);
+        return -1;
+    }
+
     json_error_t jerror;
     json_t *msg = json_loads(in, 0, &jerror);
     if (msg == NULL) {
@@ -92,7 +97,7 @@ static int ParseJsonLine(const char *in, size_t ins, DataJsonType *rep_out)
     } else {
         json_decref(msg);
     }
-    rep_out->len = ins;
+    rep_out->len = (uint16_t)ins;
     rep_out->value = SCStrndup(in, ins);
     if (rep_out->value == NULL) {
         return -1;