more guards for reporter.log madness

corelight · Apr 14, 2022 · 3b04fc2 · 3b04fc2
1 parent 51b95e4
commit 3b04fc2
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/scripts/main.zeek b/scripts/main.zeek
@@ -56,12 +56,18 @@ function correct_frag_length(data: string, regex: pattern): bool
 	local mres = match_pattern(data, regex);
 	if ( ! mres$matched )
 		return F;
-	print data[mres$off - 1:];
+
 	# mres$off - 1 is the offset to the start of the DCERPC section
 	# 8 bytes until we hit frag length
-	local frag_len = bytestring_to_count(data[mres$off - 1
-	    + 8:mres$off - 1
-	    + 10]);
+	local start = mres$off - 1 + 8;
+	local end = mres$off - 1 + 10;
+	if ( end > |data| )
+		return F;
+	local frag_len_bytes = data[start:end];
+	if ( |frag_len_bytes| == 0 )
+		return F;
+
+	local frag_len = bytestring_to_count(data[start:end]);
 
 	return frag_len == |data| - mres$off + 1;
 }