From 18d3c87947316ec27d455e0e2edaad9a0a09fbc6 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Wed, 1 Dec 2010 08:07:58 +0100
Subject: [PATCH] Add check to fast pattern keyword to make sure that the
 offset and length don't exceed the actual pattern length.

---
 src/detect-fast-pattern.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/detect-fast-pattern.c b/src/detect-fast-pattern.c
index 1c84b683fe..fd65c1646e 100644
--- a/src/detect-fast-pattern.c
+++ b/src/detect-fast-pattern.c
@@ -291,6 +291,13 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, char *a
             goto error;
         }
 
+        if (offset + length > cd->content_len) {
+            SCLogError(SC_ERR_INVALID_SIGNATURE, "Fast pattern (length + "
+                    "offset (%u)) exceeds pattern length (%u)",
+                    offset + length, cd->content_len);
+            goto error;
+        }
+
         cd->fp_chop_offset = offset;
         cd->fp_chop_len = length;
         cd->flags |= DETECT_CONTENT_FAST_PATTERN_CHOP;