aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

der/asn1: limit recursion

Browse Source 
Limit the number of recursive calls in the DER/ASN.1 decoder to avoid
stack overflows.

Found using AFL.
pull/2822/merge
Victor Julien 8 years ago
parent 257db74f89
commit 53d8e29831
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File

5
src/util-decode-der.c
Unescape Escape View File

@ -139,6 +139,11 @@ static Asn1Generic * DecodeAsn1DerGeneric(const unsigned char *buffer,
Asn1Generic *child;
uint8_t el_type;
/* refuse excessive recursion */
if (unlikely(depth == 255)) {
return NULL;
}
el.cls = (d_ptr[0] & 0xc0) >> 6;
el.pc = (d_ptr[0] & 0x20) >> 5;
el.tag = (d_ptr[0] & 0x1f);

Write Preview
Loading…
Cancel
Save