Suricata

From reporter:

## Input
If input of the function int DecodeMPLS(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t
*pkt,uint32_t len, PacketQueue *pq) only consists of a package of source address and dest plus the correct type
field and the right number for “shim = *(uint32_t *)pkt”.
## Reason
With this network package (source,dest,type,offset of 4 byte), i can manipulate the control flow, such that the
condition to leave the loop is true. After leaving the loop the network package has a length of 2 byte.
After the you don’t proof the length of the package. Later on you try to read at a position, which is empty.
At this point the program will crash

I have verified this. If the decoder has to step into the next layer to determine if its IPv4, or IPv6, it does so without checking the packet length.