| From b3393c88c1d1f68540a3084fda0a80377ef3c1fc Mon Sep 17 00:00:00 2001 |
| From: Tobias Brunner <tobias@strongswan.org> |
| Date: Mon, 29 Jul 2013 23:45:38 +0200 |
| Subject: [PATCH] asn1: Fix handling of invalid ASN.1 length in is_asn1() |
| |
| Fixes CVE-2013-5018. |
| --- |
| src/libstrongswan/asn1/asn1.c | 5 +++++ |
| 1 file changed, 5 insertions(+) |
| |
| diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c |
| index 68f37f4..d860ad9 100644 |
| --- a/src/libstrongswan/asn1/asn1.c |
| +++ b/src/libstrongswan/asn1/asn1.c |
| @@ -642,6 +642,11 @@ bool is_asn1(chunk_t blob) |
| |
| len = asn1_length(&blob); |
| |
| + if (len == ASN1_INVALID_LENGTH) |
| + { |
| + return FALSE; |
| + } |
| + |
| /* exact match */ |
| if (len == blob.len) |
| { |
| -- |
| 1.8.3 |
| |