fuzz/conf: bail out on long sequence of scalars

Ticket: 8105
7 months ago · 9d164d8794
parent 785389aa00
commit 9d164d8794
1 changed files with 12 additions and 0 deletions
--- a/src/conf-yaml-loader.c
+++ b/src/conf-yaml-loader.c
@ -256,6 +256,12 @@ static int ConfYamlParse(
                }
                // we only check if the node's list was not empty at first
                if (was_empty == 0) {
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+                    // do not fuzz quadratic-complexity overlong sequence of scalars
+                    if (seq_idx > 256) {
+                        goto fail;
+                    }
+#endif
                    seq_node = SCConfNodeLookupChild(parent, sequence_node_name);
                }
                if (seq_node != NULL) {
@ -408,6 +414,12 @@ static int ConfYamlParse(
                }
                // we only check if the node's list was not empty at first
                if (was_empty == 0) {
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+                    // do not fuzz quadratic-complexity overlong sequence of scalars
+                    if (seq_idx > 256) {
+                        goto fail;
+                    }
+#endif
                    seq_node = SCConfNodeLookupChild(node, sequence_node_name);
                }
                if (seq_node != NULL) {