From df3a3c785734792da484d3f5547bdfcd20cc4f26 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 10 Jul 2017 10:15:54 +0200 Subject: [PATCH] der/asn1: limit recursion Limit the number of recursive calls in the DER/ASN.1 decoder to avoid stack overflows. Found using AFL. --- src/util-decode-der.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/util-decode-der.c b/src/util-decode-der.c index d3fb3237f3..3153361d7b 100644 --- a/src/util-decode-der.c +++ b/src/util-decode-der.c @@ -139,6 +139,11 @@ static Asn1Generic * DecodeAsn1DerGeneric(const unsigned char *buffer, Asn1Generic *child; uint8_t el_type; + /* refuse excessive recursion */ + if (unlikely(depth == 255)) { + return NULL; + } + el.cls = (d_ptr[0] & 0xc0) >> 6; el.pc = (d_ptr[0] & 0x20) >> 5; el.tag = (d_ptr[0] & 0x1f); -- 2.47.2