From ef044b208c01bba69ddd1b1ab4f1e35bb1570709 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Mon, 3 Feb 2025 16:20:20 +0100
Subject: [PATCH] dcerpc: prevent integer underflow

in case a fragment has a length lesser than DCERPC_HDR_LEN

Fixes: 9daf8528b72c ("dcerpc: tidy up code")

Ticket: 7548
---
 rust/src/dcerpc/dcerpc.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rust/src/dcerpc/dcerpc.rs b/rust/src/dcerpc/dcerpc.rs
index a7b18b2be7..57a57e6e1f 100644
--- a/rust/src/dcerpc/dcerpc.rs
+++ b/rust/src/dcerpc/dcerpc.rs
@@ -938,7 +938,7 @@ impl DCERPCState {
 
         let fraglen = self.get_hdr_fraglen().unwrap_or(0);
 
-        if cur_i.len() < (fraglen - frag_bytes_consumed) as usize {
+        if (cur_i.len() + frag_bytes_consumed as usize) < fraglen as usize {
             SCLogDebug!("Possibly fragmented data, waiting for more..");
             return AppLayerResult::incomplete(parsed as u32, fraglen as u32 - parsed as u32);
         }
-- 
2.47.2