From 402f39b4f2c0ff3b7e73e6c65cb13b0a34cce321 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 18 Apr 2024 13:36:34 +0200 Subject: [PATCH] util/mime: adds safety check Ticket: 6904 Even if there is no problem, just fortify the function, so that it is future-proof if the caller does not do the check. --- src/util-decode-mime.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/util-decode-mime.c b/src/util-decode-mime.c index 26da883632..533ae971d7 100644 --- a/src/util-decode-mime.c +++ b/src/util-decode-mime.c @@ -617,6 +617,11 @@ static uint8_t *GetFullValue(const DataValue *dv, uint32_t *olen) /* First calculate total length */ for (const DataValue *curr = dv; curr != NULL; curr = curr->next) { + if (unlikely(len > UINT32_MAX - curr->value_len)) { + // This should never happen as caller checks already against mdcfg->header_value_depth + DEBUG_VALIDATE_BUG_ON(1); + return NULL; + } len += curr->value_len; } /* Must have at least one character in the value */ -- 2.47.3