http: http_decap_udp_payload_datagram fix

Properly handle incomplete capsule.

Type: fix

Change-Id: Ied7fca861f02e401451beaff09e612bcf471d8e0
Signed-off-by: Matus Fabian <matfabia@cisco.com>

1 files changed, 11 insertions, 0 deletions

diff --git a/src/plugins/http/http.h b/src/plugins/http/http.h
index 844235cbdbb..f54b4a040a2 100644
--- a/src/plugins/http/http.h
+++ b/src/plugins/http/http.h
@@ -1340,6 +1340,12 @@ _http_parse_capsule (u8 *data, u64 len, u64 *type, u8 *value_offset,
       return -1;
     }
 
+  if (p == end)
+    {
+      clib_warning ("capsule length missing");
+      return -1;
+    }
+
   capsule_value_len = _http_decode_varint (&p, end);
   if (capsule_value_len == HTTP_INVALID_VARINT)
     {
@@ -1389,6 +1395,11 @@ http_decap_udp_payload_datagram (u8 *data, u64 len, u8 *payload_offset,
     }
 
   p += value_offset;
+  if (p == end)
+    {
+      clib_warning ("context ID missing");
+      return -1;
+    }
 
   /* context ID field should be zero (RFC9298 section 4) */
   context_id = _http_decode_varint (&p, end);