[PATCH 1/2] datasets: explicitly errors on too long string

Also avoids stack allocation

Ticket: 8110
(cherry picked from commit 0eff24213763c2aa2bb0957901d5dc1e18414dbf)

Origin: upstream, https://github.com/OISF/suricata/commit/32609e6896f9079c175665a94005417cec7637eb.patch
Bug: https://redmine.openinfosecfoundation.org/issues/8110
Subject: Upstream fix for CVE-2026-22262 part 1

Gbp-Pq: Name CVE-2026-22262_1.patch

diff --git a/src/datasets-string.c b/src/datasets-string.c
index 0a8f499ae33353b60064e7c7cf4bd9954a5098c3..524a60ad9af1910fbff904fe7431bb9f696b904f 100644 (file)
--- a/src/datasets-string.c
+++ b/src/datasets-string.c
@@ -49,12 +49,13 @@ int StringAsBase64(const void *s, char *out, size_t out_size)
     const StringType *str = s;
 
     unsigned long len = Base64EncodeBufferSize(str->len);
-    uint8_t encoded_data[len];
-    if (Base64Encode((unsigned char *)str->ptr, str->len,
-        encoded_data, &len) != SC_BASE64_OK)
+    if (len + 2 > out_size) {
+        // linefeed and final zero
+        return 0;
+    }
+    if (Base64Encode((unsigned char *)str->ptr, str->len, (uint8_t *)out, &len) != SC_BASE64_OK)
         return 0;
 
-    strlcpy(out, (const char *)encoded_data, out_size);
     strlcat(out, "\n", out_size);
     return strlen(out);
 }