From 2861569c9dd892b9833ca7166085c122ccbe3396 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Thu, 19 Nov 2020 14:30:27 +0100
Subject: [PATCH] dnp3: avoids DOS by too long loop over null-sized objects

---
 scripts/dnp3-gen/dnp3-gen.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/dnp3-gen/dnp3-gen.py b/scripts/dnp3-gen/dnp3-gen.py
index ae2fef7baa..0396b6d5c6 100755
--- a/scripts/dnp3-gen/dnp3-gen.py
+++ b/scripts/dnp3-gen/dnp3-gen.py
@@ -437,6 +437,9 @@ static int DNP3DecodeObjectG{{object.group}}V{{object.variation}}(const uint8_t
 {% endfor %}
 {% endif %}
 
+    if (*len < count/8) {
+        goto error;
+    }
     while (count--) {
 
         object = SCCalloc(1, sizeof(*object));
-- 
2.47.2