From d7b5972dc60bb60673421af7ebe0e15a0e9e80d3 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 17 Nov 2025 13:27:54 +0100 Subject: [PATCH] [PATCH 1/2] datasets: explicitly errors on too long string Also avoids stack allocation Ticket: 8110 (cherry picked from commit 0eff24213763c2aa2bb0957901d5dc1e18414dbf) Origin: upstream, https://github.com/OISF/suricata/commit/32609e6896f9079c175665a94005417cec7637eb.patch Bug: https://redmine.openinfosecfoundation.org/issues/8110 Subject: Upstream fix for CVE-2026-22262 part 1 Gbp-Pq: Name CVE-2026-22262_1.patch --- src/datasets-string.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/datasets-string.c b/src/datasets-string.c index 0a8f499a..524a60ad 100644 --- a/src/datasets-string.c +++ b/src/datasets-string.c @@ -49,12 +49,13 @@ int StringAsBase64(const void *s, char *out, size_t out_size) const StringType *str = s; unsigned long len = Base64EncodeBufferSize(str->len); - uint8_t encoded_data[len]; - if (Base64Encode((unsigned char *)str->ptr, str->len, - encoded_data, &len) != SC_BASE64_OK) + if (len + 2 > out_size) { + // linefeed and final zero + return 0; + } + if (Base64Encode((unsigned char *)str->ptr, str->len, (uint8_t *)out, &len) != SC_BASE64_OK) return 0; - strlcpy(out, (const char *)encoded_data, out_size); strlcat(out, "\n", out_size); return strlen(out); } -- 2.30.2