From d1c56e810b4152b62e35cc5d2dd29501ac09c16f Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Sun, 27 Nov 2011 12:28:36 +0100 Subject: [PATCH] TLS parser: add sanity check --- src/app-layer-tls-handshake.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/app-layer-tls-handshake.c b/src/app-layer-tls-handshake.c index 88282ca0a7..a7e2f7f189 100644 --- a/src/app-layer-tls-handshake.c +++ b/src/app-layer-tls-handshake.c @@ -95,6 +95,7 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin char buffer[256]; int rc; int parsed; + uint8_t *start_data; if (input_len < 3) return 1; @@ -104,6 +105,7 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin if (input_len < certificates_length + 3) return 0; + start_data = input; input += 3; parsed = 3; @@ -113,6 +115,10 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin input += 3; parsed += 3; + if (input - start_data + cur_cert_length > input_len) { + SCLogWarning(SC_ERR_ALPARSER, "ASN.1 structure contains invalid length\n"); + return -1; + } cert = DecodeDer(input, cur_cert_length); if (cert == NULL) { SCLogWarning(SC_ERR_ALPARSER, "decoding ASN.1 structure for X509 certificate failed\n");