util-decode-der: fix NULL dereference bug

Make sure that the length is not longer than the size of the buffer provided.
9 years ago · f9ac42b36f
parent c0dd911591
commit f9ac42b36f
1 changed files with 6 additions and 0 deletions
--- a/src/util-decode-der.c
+++ b/src/util-decode-der.c
@ -216,6 +216,12 @@ static Asn1Generic * DecodeAsn1DerGeneric(const unsigned char *buffer, uint32_t
             * sequence parsing will fail
             */
            child->length += (d_ptr - save_d_ptr);
+
+            if (child->length > max_size - (d_ptr - buffer)) {
+                SCFree(child);
+                return NULL;
+            }
+
            break;
    };
    if (child == NULL)