From b5841d0ab8d7238080ad6bb4e1220776dbf775f3 Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Wed, 28 Jul 2021 11:56:32 -0700 Subject: [PATCH] GH-1692: Add some safety to ASN's binary_to_int64 to avoid bad shifts --- src/analyzer/protocol/asn1/asn1.pac | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/analyzer/protocol/asn1/asn1.pac b/src/analyzer/protocol/asn1/asn1.pac index d28e531ad2..35a27e88ba 100644 --- a/src/analyzer/protocol/asn1/asn1.pac +++ b/src/analyzer/protocol/asn1/asn1.pac @@ -87,10 +87,18 @@ type Array = record { ############################## ASN.1 Conversion Functions +# Converts an 8-byte string into an int64. If this string is longer than +# 8 bytes, it reports a weird and returns zero. function binary_to_int64(bs: bytestring): int64 %{ int64 rval = 0; + if ( bs.length() > 8 ) + { + zeek::reporter->Weird("asn_binary_to_int64_shift_too_large", zeek::util::fmt("%d", bs.length())); + return 0; + } + for ( int i = 0; i < bs.length(); ++i ) { uint64 byte = bs[i];