| From 4609d5384c187aef2e58f91f53f5889f25faeaeb Mon Sep 17 00:00:00 2001 |
| From: Tobias Brunner <tobias@strongswan.org> |
| Date: Thu, 24 Apr 2014 17:04:10 +0200 |
| Subject: [PATCH] asn1: Properly check length in asn1_unwrap() |
| |
| --- |
| src/libstrongswan/asn1/asn1.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c |
| index d860ad9..9a5f5c5 100644 |
| --- a/src/libstrongswan/asn1/asn1.c |
| +++ b/src/libstrongswan/asn1/asn1.c |
| @@ -296,7 +296,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner) |
| else |
| { /* composite length, determine number of length octets */ |
| len &= 0x7f; |
| - if (len == 0 || len > sizeof(res.len)) |
| + if (len == 0 || len > blob->len || len > sizeof(res.len)) |
| { |
| return ASN1_INVALID; |
| } |
| -- |
| 1.7.10.4 |
| |