From: Philippe Antoine <pantoine@oisf.net>
Date: Mon, 2 Jun 2025 20:31:19 +0000 (+0200)
Subject: dcerpc: use wrapping to prevent u16 overflow
X-Git-Tag: suricata-7.0.11~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F13371%2Fhead;p=thirdparty%2Fsuricata.git

dcerpc: use wrapping to prevent u16 overflow

Otherwise, rust with debug assertion may trigger a panic

Ticket: 7730

(cherry picked from commit 261d2ad63bb3bdd00b9ce40086adc9b1bf73156a)
---

diff --git a/rust/src/smb/dcerpc_records.rs b/rust/src/smb/dcerpc_records.rs
index 0c8c17fe18..6bd051cd0b 100644
--- a/rust/src/smb/dcerpc_records.rs
+++ b/rust/src/smb/dcerpc_records.rs
@@ -176,7 +176,8 @@ pub fn parse_dcerpc_bindack_record(i: &[u8]) -> IResult<&[u8], DceRpcBindAckReco
     let (i, _assoc_group) = take(4_usize)(i)?;
     let (i, sec_addr_len) = le_u16(i)?;
     let (i, _) = take(sec_addr_len)(i)?;
-    let (i, _) = cond((sec_addr_len+2) % 4 != 0, take(4 - (sec_addr_len+2) % 4))(i)?;
+    let topad = sec_addr_len.wrapping_add(2) % 4;
+    let (i, _) = cond(topad != 0, take(4 - topad))(i)?;
     let (i, num_results) = le_u8(i)?;
     let (i, _) = take(3_usize)(i)?; // padding
     let (i, results) = count(parse_dcerpc_bindack_result, num_results as usize)(i)?;