generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Reinstate the check for invalid length BIT STRINGS,

Browse Source 
which was effectively bypassed in the ASN1 changed.
This commit is contained in:
Dr. Stephen Henson 2002-08-23 00:02:11 +00:00
parent fc85ac20c7
commit 41ab00bedf
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
crypto/asn1/a_bitstr.c
View File

@ -120,6 +120,12 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
unsigned char *p,*s; unsigned char *p,*s;
int i; int i;
if (len < 1)
{
i=ASN1_R_STRING_TOO_SHORT;
goto err;
}
if ((a == NULL) || ((*a) == NULL)) if ((a == NULL) || ((*a) == NULL))
{ {
if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL); if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);

6
crypto/asn1/tasn_dec.c
View File

@ -913,10 +913,10 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *i
ctx->ptag = ptag; ctx->ptag = ptag;
ctx->hdrlen = p - q; ctx->hdrlen = p - q;
ctx->valid = 1; ctx->valid = 1;
/* If definite length, length + header can't exceed total /* If definite length, and no error, length +
* amount of data available. * header can't exceed total amount of data available.
*/ */
if(!(i & 1) && ((plen + ctx->hdrlen) > len)) { if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG); ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
asn1_tlc_clear(ctx); asn1_tlc_clear(ctx);
return 0; return 0;