From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Thu, 31 Mar 2016 14:15:26 +0000 (+0200)
Subject: util-decode-der: fix NULL dereference bug
X-Git-Tag: suricata-3.0.1~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f9ac42b36f0dab7cf9325202425f20ef4ca0ebfe;p=thirdparty%2Fsuricata.git

util-decode-der: fix NULL dereference bug

Make sure that the length is not longer than the size of the buffer
provided.
---

diff --git a/src/util-decode-der.c b/src/util-decode-der.c
index 67e7b0dda9..040e214b40 100644
--- a/src/util-decode-der.c
+++ b/src/util-decode-der.c
@@ -216,6 +216,12 @@ static Asn1Generic * DecodeAsn1DerGeneric(const unsigned char *buffer, uint32_t
              * sequence parsing will fail
              */
             child->length += (d_ptr - save_d_ptr);
+
+            if (child->length > max_size - (d_ptr - buffer)) {
+                SCFree(child);
+                return NULL;
+            }
+
             break;
     };
     if (child == NULL)