From: Philippe Antoine <pantoine@oisf.net>
Date: Mon, 3 Feb 2025 15:20:20 +0000 (+0100)
Subject: dcerpc: prevent integer underflow
X-Git-Tag: suricata-8.0.0-beta1~467
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F12553%2Fhead;p=thirdparty%2Fsuricata.git

dcerpc: prevent integer underflow

in case a fragment has a length lesser than DCERPC_HDR_LEN

Fixes: 9daf8528b72c ("dcerpc: tidy up code")

Ticket: 7548
---

diff --git a/rust/src/dcerpc/dcerpc.rs b/rust/src/dcerpc/dcerpc.rs
index a7b18b2be7..57a57e6e1f 100644
--- a/rust/src/dcerpc/dcerpc.rs
+++ b/rust/src/dcerpc/dcerpc.rs
@@ -938,7 +938,7 @@ impl DCERPCState {
 
         let fraglen = self.get_hdr_fraglen().unwrap_or(0);
 
-        if cur_i.len() < (fraglen - frag_bytes_consumed) as usize {
+        if (cur_i.len() + frag_bytes_consumed as usize) < fraglen as usize {
             SCLogDebug!("Possibly fragmented data, waiting for more..");
             return AppLayerResult::incomplete(parsed as u32, fraglen as u32 - parsed as u32);
         }