From a9bb17e09760ba3951ab094101f53b2d81d68af1 Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Mon, 19 Dec 2011 11:14:21 +0100
Subject: [PATCH] tls-handshake: add sanity checks.

---
 src/util-decode-der.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/util-decode-der.c b/src/util-decode-der.c
index 363e6bc4db..e0b273a03f 100644
--- a/src/util-decode-der.c
+++ b/src/util-decode-der.c
@@ -339,6 +339,8 @@ static Asn1Generic * DecodeAsn1DerNull(const unsigned char *buffer, uint32_t siz
         return NULL;
     }
     a = Asn1GenericNew();
+    if (a == NULL)
+        return NULL;
     a->type = ASN1_NULL;
     a->length = (d_ptr - buffer);
     a->value = 0;
@@ -674,6 +676,14 @@ static Asn1Generic * DecodeAsn1DerSet(const unsigned char *buffer, uint32_t max_
     }
     node->length = d_length + (d_ptr - buffer);
 
+    if (node->length > max_size) {
+        SCLogInfo("Announced message length too big: %" PRIu32 " vs %" PRIu32,
+                  node->length,
+                  max_size);
+        free(node);
+        return NULL;
+    }
+
     seq_index = 0;
 
     el_max_size = max_size - (d_ptr-buffer);